Use an INI-style configuration file

Replace web/lib/config.inc.php with an INI-style configuration file. This allows us to get rid of several globals and makes it easier to use the same configuration file in external scripts. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2025-02-03 10:43:03 +01:00 · 2014-10-24 08:31:47 +02:00 · 2014-10-24 08:31:47 +02:00 · 76343fb915
commit 76343fb915
parent a0a5230708
24 changed files with 200 additions and 216 deletions
--- a/conf/config.proto
+++ b/conf/config.proto
@ -0,0 +1,29 @@
 [database]
 dsn_prefix = mysql
 host = localhost
 socket = /var/run/mysqld/mysqld.sock
 name = AUR
 user = aur
 password = aur
 [paths]
 storage = /srv/aur/unsupported/
 [options]
 username_min_len = 3
 username_max_len = 16
 passwd_min_len = 4
 default_lang = en
 sql_debug = 0
 max_sessions_per_user = 8
 login_timeout = 7200
 persistent_cookie_timeout = 2592000
 max_filesize_uncompressed = 8388608
 disable_http_login = 1
 aur_location = http://localhost
 package_url = /packages/
 use_virtual_urls = 1
 max_rpc_results = 5000
 aur_request_ml = aur-requests@archlinux.org
 request_idle_time = 1209600
 auto_orphan_age = 15552000
--- a/scripts/aurblup/aurblup-wrapper
+++ b/scripts/aurblup/aurblup-wrapper
@ -8,10 +8,14 @@ if (empty($dir)) {
 }
 set_include_path(get_include_path() . PATH_SEPARATOR . "$dir/lib");
-include("config.inc.php");
+include("confparser.inc.php");
 $user = config_get('database', 'user');
 $password = config_get('database', 'password');
 $name = config_get('database', 'name');
 exec($dir . "/../scripts/aurblup/aurblup " .
 	"-S /var/run/mysqld/mysqld.sock " .
-	"-u " . escapeshellarg(AUR_db_user) . " " .
+	"-u " . escapeshellarg($user) . " " .
-	"-p " . escapeshellarg(AUR_db_pass) . " " .
+	"-p " . escapeshellarg($password) . " " .
-	"-D " . escapeshellarg(AUR_db_name));
+	"-D " . escapeshellarg($name));
--- a/scripts/cleanup
+++ b/scripts/cleanup
@ -16,24 +16,25 @@ if (empty($dir)) {
 }
 set_include_path(get_include_path() . PATH_SEPARATOR . "$dir/lib");
-include("config.inc.php");
+include("confparser.inc.php");
 include("aur.inc.php");
 include("pkgfuncs.inc.php");
 $count = 0;
-$buckets = scandir(INCOMING_DIR);
+$incoming_dir = config_get('paths', 'storage');
 $buckets = scandir($incoming_dir);
 foreach ($buckets as $bucket) {
-	$bucketpath = INCOMING_DIR . $bucket;
+	$bucketpath = $incoming_dir . $bucket;
 	if ($bucket == '.' || $bucket == '..' || !is_dir($bucketpath)) {
 		continue;
 	}
-	$files = scandir(INCOMING_DIR . $bucket);
+	$files = scandir($incoming_dir . $bucket);
 	foreach ($files as $pkgname) {
 		if ($pkgname == '.' || $pkgname == '..') {
 			continue;
 		}
-		$fullpath = INCOMING_DIR . $bucket . "/" . $pkgname;
+		$fullpath = $incoming_dir . $bucket . "/" . $pkgname;
 		if (!pkg_from_name($pkgname) && is_dir($fullpath)) {
 			echo 'Removing ' . $fullpath . "\n";
 			rm_tree($fullpath);
--- a/upgrading/3.5.0.txt
+++ b/upgrading/3.5.0.txt
@ -17,3 +17,7 @@ ALTER TABLE PackageVotes ADD COLUMN VoteTS BIGINT NULL DEFAULT NULL;
 ----
 INSERT INTO PackageCategories (Category) VALUES ('wayland');
 ----
 4. The configuration file format has been changed. Make sure you convert
 web/lib/config.inc.php to the new format (see conf/config.proto for an example
 configuration) and put the resulting file in conf/config.
--- a/web/html/login.php
+++ b/web/html/login.php
@ -5,7 +5,8 @@ include_once("aur.inc.php");
 set_lang();
 check_sid();
-if (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
+$disable_http_login = config_get_bool('options', 'disable_http_login');
 if (!$disable_http_login || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
 	$login = try_login();
 	$login_error = $login['error'];
 }
@ -19,7 +20,7 @@ html_header('AUR ' . __("Login"));
 		<?= __("Logged-in as: %s", '<strong>' . username_from_sid($_COOKIE["AURSID"]) . '</strong>'); ?>
 		<a href="<?= get_uri('/logout/'); ?>">[<?= __("Logout"); ?>]</a>
 	</p>
-	<?php elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])): ?>
+	<?php elseif (!$disable_http_login || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])): ?>
 	<form method="post" action="<?= get_uri('/login') ?>">
 		<fieldset>
 			<legend><?= __('Enter login credentials') ?></legend>
@ -28,7 +29,7 @@ html_header('AUR ' . __("Login"));
 			<?php endif; ?>
 			<p>
 				<label for="id_username"><?= __('Username') . ':'; ?></label>
-				<input id="id_username" type="text" name="user" size="30" maxlength="<?= USERNAME_MAX_LEN; ?>" value="<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>" />
+				<input id="id_username" type="text" name="user" size="30" maxlength="<?= config_get_int('options', 'username_max_len'); ?>" value="<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>" />
 			</p>
 			<p>
 				<label for="id_password"><?= __('Password') . ':'; ?></label>
@ -47,7 +48,7 @@ html_header('AUR ' . __("Login"));
 	<?php else: ?>
 	<p>
 		<?php printf(__("HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."),
-			'<a href="' . $AUR_LOCATION . get_uri('/login') . '">', '</a>'); ?>
+			'<a href="' . aur_location() . get_uri('/login') . '">', '</a>'); ?>
 	</p>
 	<?php endif; ?>
 </div>
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@ -1,7 +1,6 @@
 <?php
 set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
 include_once("config.inc.php");
 require_once('Archive/Tar.php');
@ -64,11 +63,12 @@ if ($uid):
 		}
 		# Check uncompressed file size (ZIP bomb protection)
-		if (!$error && $MAX_FILESIZE_UNCOMPRESSED) {
+		$max_filesize_uncompressed = config_get_int('options', 'max_filesize_uncompressed');
 		if (!$error && $max_filesize_uncompressed) {
 			fseek($fh, -4, SEEK_END);
 			list(, $filesize_uncompressed) = unpack('V', fread($fh, 4));
-			if ($filesize_uncompressed > $MAX_FILESIZE_UNCOMPRESSED) {
+			if ($filesize_uncompressed > $max_filesize_uncompressed) {
 				$error = __("Error - uncompressed file size too large.");
 			}
 		}
@ -273,7 +273,7 @@ if ($uid):
 		}
 		if (isset($pkgbase_name)) {
-			$incoming_pkgdir = INCOMING_DIR . substr($pkgbase_name, 0, 2) . "/" . $pkgbase_name;
+			$incoming_pkgdir = config_get('paths', 'storage') . substr($pkgbase_name, 0, 2) . "/" . $pkgbase_name;
 		}
 		/* Upload PKGBUILD and tarball. */
--- a/web/lib/DB.class.php
+++ b/web/lib/DB.class.php
@ -1,5 +1,7 @@
 <?php
 include_once("confparser.inc.php");
 class DB {
 	/**
@ -15,8 +17,19 @@ class DB {
 	public static function connect() {
 		if (self::$dbh === null) {
 			try {
-				self::$dbh = new PDO(AUR_db_DSN_prefix . ":" . AUR_db_host
+				$dsn_prefix = config_get('database', 'dsn_prefix');
-					. ";dbname=" . AUR_db_name, AUR_db_user, AUR_db_pass);
+				$host = config_get('database', 'host');
 				$socket = config_get('database', 'socket');
 				$name = config_get('database', 'name');
 				$user = config_get('database', 'user');
 				$password = config_get('database', 'password');
 				$dsn = $dsn_prefix .
 				       ':host=' . $host .
 				       ';unix_socket=' . $socket .
 				       ';dbname=' . $name;
 				self::$dbh = new PDO($dsn, $user, $password);
 				self::$dbh->exec("SET NAMES 'utf8' COLLATE 'utf8_general_ci';");
 			} catch (PDOException $e) {
 				die('Error - Could not connect to AUR database');
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@ -89,7 +89,7 @@ function display_account_form($A,$U="",$T="",$S="",
 */
 function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 			$P="",$C="",$R="",$L="",$I="",$K="",$J="",$UID=0) {
-	global $SUPPORTED_LANGS, $AUR_LOCATION;
+	global $SUPPORTED_LANGS;
 	$error = '';
@ -118,9 +118,11 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 	}
 	if (!$error && !valid_username($U)) {
 		$length_min = config_get_int('options', 'username_min_len');
 		$length_max = config_get_int('options', 'username_max_len');
 		$error = __("The username is invalid.") . "<ul>\n"
-			."<li>" . __("It must be between %s and %s characters long",
+			. "<li>" . __("It must be between %s and %s characters long", $length_min, $length_max)
 			USERNAME_MIN_LEN,  USERNAME_MAX_LEN )
 			. "</li>"
 			. "<li>" . __("Start and end with a letter or number") . "</li>"
 			. "<li>" . __("Can contain only one period, underscore or hyphen.")
@ -130,8 +132,11 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 	if (!$error && $P && $C && ($P != $C)) {
 		$error = __("Password fields do not match.");
 	}
-	if (!$error && $P != '' && !good_passwd($P))
+	if (!$error && $P != '' && !good_passwd($P)) {
-		$error = __("Your password must be at least %s characters.",PASSWD_MIN_LEN);
+		$length_min = config_get_int('options', 'passwd_min_len');
 		$error = __("Your password must be at least %s characters.",
 			$length_min);
 	}
 	if (!$error && !valid_email($E)) {
 		$error = __("The email address is invalid.");
@ -244,7 +249,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 			'not work try copying and ' .
 			'pasting it into your ' .
 			'browser.',
-			$AUR_LOCATION);
+			aur_location());
 		send_resetkey($email, $subject, $body);
 		print __("A password reset key has been sent to your e-mail address.");
@ -406,14 +411,9 @@ function search_results_page($O=0,$SB="",$U="",$T="",
 /**
 * Attempt to login and generate a session
 *
 * @global int $MAX_SESSIONS_PER_USER Maximum sessions a single user may have open
 * @global int $PERSISTENT_COOKIE_TIMEOUT Time until cookie expires
 *
 * @return array Session ID for user, error message if applicable
 */
 function try_login() {
 	global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT;
 	$login_error = "";
 	$new_sid = "";
 	$userID = null;
@ -456,16 +456,17 @@ function try_login() {
 	/* Generate a session ID and store it. */
 	while (!$logged_in && $num_tries < 5) {
-		if ($MAX_SESSIONS_PER_USER) {
+		$session_limit = config_get_int('options', 'max_sessions_per_user');
 		if ($session_limit) {
 			/*
 			 * Delete all user sessions except the
-			 * last ($MAX_SESSIONS_PER_USER - 1).
+			 * last ($session_limit - 1).
 			 */
 			$q = "DELETE s.* FROM Sessions s ";
 			$q.= "LEFT JOIN (SELECT SessionID FROM Sessions ";
 			$q.= "WHERE UsersId = " . $userID . " ";
 			$q.= "ORDER BY LastUpdateTS DESC ";
-			$q.= "LIMIT " . ($MAX_SESSIONS_PER_USER - 1) . ") q ";
+			$q.= "LIMIT " . ($session_limit - 1) . ") q ";
 			$q.= "ON s.SessionID = q.SessionID ";
 			$q.= "WHERE s.UsersId = " . $userID . " ";
 			$q.= "AND q.SessionID IS NULL;";
@ -499,7 +500,8 @@ function try_login() {
 	/* Set the SID cookie. */
 	if (isset($_POST['remember_me']) && $_POST['remember_me'] == "on") {
 		/* Set cookies for 30 days. */
-		$cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT;
+		$timeout = config_get_int('options', 'persistent_cookie_timeout');
 		$cookie_time = time() + $timeout;
 		/* Set session for 30 days. */
 		$q = "UPDATE Sessions SET LastUpdateTS = $cookie_time ";
@ -531,18 +533,20 @@ function is_ipbanned() {
 /**
 * Validate a username against a collection of rules
 *
- * The username must be longer or equal to USERNAME_MIN_LEN. It must be shorter
+ * The username must be longer or equal to the configured minimum length. It
- * or equal to USERNAME_MAX_LEN. It must start and end with either a letter or
+ * must be shorter or equal to the configured maximum length. It must start and
- * a number. It can contain one period, hypen, or underscore. Returns boolean
+ * end with either a letter or a number. It can contain one period, hypen, or
- * of whether name is valid.
+ * underscore. Returns boolean of whether name is valid.
 *
 * @param string $user Username to validate
 *
 * @return bool True if username meets criteria, otherwise false
 */
 function valid_username($user) {
-	if (strlen($user) < USERNAME_MIN_LEN ||
+	$length_min = config_get_int('options', 'username_min_len');
-	    strlen($user) > USERNAME_MAX_LEN) {
+	$length_max = config_get_int('options', 'username_max_len');
 	if (strlen($user) < $length_min || strlen($user) > $length_max) {
 		return false;
 	} else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/Di", $user)) {
 		return false;
@ -645,8 +649,6 @@ function create_resetkey($resetkey, $uid) {
 * @return void
 */
 function send_resetkey($email, $subject, $body) {
 	global $AUR_LOCATION;
 	$uid = uid_from_email($email);
 	if ($uid == null) {
 		return;
@ -658,9 +660,8 @@ function send_resetkey($email, $subject, $body) {
 	/* Send e-mail with confirmation link. */
 	$body = wordwrap($body, 70);
-	$body .=  "\n\n".
+	$body .=  "\n\n". aur_location() . "/" .  get_uri('/passreset/') .
-		  "{$AUR_LOCATION}/" . get_uri('/passreset/') . "?".
+		  "?resetkey={$resetkey}";
 		  "resetkey={$resetkey}";
 	$headers = "MIME-Version: 1.0\r\n" .
 		   "Content-type: text/plain; charset=UTF-8\r\n" .
 		   "Reply-to: noreply@aur.archlinux.org\r\n" .
@ -708,10 +709,8 @@ function password_reset($hash, $salt, $resetkey, $email) {
 * @return bool True if longer than minimum length, otherwise false
 */
 function good_passwd($passwd) {
-	if ( strlen($passwd) >= PASSWD_MIN_LEN ) {
+	$length_min = config_get_int('options', 'passwd_min_len');
-		return true;
+	return (strlen($passwd) >= $length_min);
 	}
 	return false;
 }
 /**
@ -903,16 +902,13 @@ function delete_user_sessions($uid) {
 /**
 * Remove sessions from the database that have exceed the timeout
 *
 * @global int $LOGIN_TIMEOUT Time until session expires
 *
 * @return void
 */
 function clear_expired_sessions() {
 	global $LOGIN_TIMEOUT;
 	$dbh = DB::connect();
-	$q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)";
+	$timeout = config_get_int('options', 'login_timeout');
 	$q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - " . $timeout . ")";
 	$dbh->query($q);
 	return;
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@ -10,12 +10,12 @@ date_default_timezone_set('UTC');
 include_once('translator.inc.php');
 set_lang();
 include_once("config.inc.php");
 include_once("DB.class.php");
 include_once("routing.inc.php");
 include_once("version.inc.php");
 include_once("acctfuncs.inc.php");
 include_once("cachefuncs.inc.php");
 include_once("confparser.inc.php");
 include_once("credentials.inc.php");
 /**
@ -26,16 +26,15 @@ include_once("credentials.inc.php");
 * session timeout if it is still valid.
 *
 * @global array $_COOKIE User cookie values
 * @global string $LOGIN_TIMEOUT Time until session times out
 *
 * @return void
 */
 function check_sid() {
 	global $_COOKIE;
 	global $LOGIN_TIMEOUT;
 	if (isset($_COOKIE["AURSID"])) {
 		$failed = 0;
 		$timeout = config_get_int('options', 'login_timeout');
 		# the visitor is logged in, try and update the session
 		#
 		$dbh = DB::connect();
@ -50,7 +49,7 @@ function check_sid() {
 			$failed = 1;
 		} else {
 			$last_update = $row[0];
-			if ($last_update + $LOGIN_TIMEOUT <= $row[1]) {
+			if ($last_update + $timeout <= $row[1]) {
 				$failed = 2;
 			}
 		}
@ -73,11 +72,11 @@ function check_sid() {
 			# and update the idle timestamp
 			# Only update the timestamp if it is less than the
-			# current time plus $LOGIN_TIMEOUT.
+			# current time plus $timeout.
 			#
 			# This keeps 'remembered' sessions from being
 			# overwritten.
-			if ($last_update < time() + $LOGIN_TIMEOUT) {
+			if ($last_update < time() + $timeout) {
 				$q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() ";
 				$q.= "WHERE SessionID = " . $dbh->quote($_COOKIE["AURSID"]);
 				$dbh->exec($q);
@ -274,8 +273,6 @@ function uid_from_sid($sid="") {
 * @return void
 */
 function html_header($title="", $details=array()) {
 	global $AUR_LOCATION;
 	global $DISABLE_HTTP_LOGIN;
 	global $LANG;
 	global $SUPPORTED_LANGS;
@ -588,3 +585,16 @@ function array_pkgbuild_merge($pkgbase_info, $section_info) {
 function bound($n, $min, $max) {
 	return min(max($n, $min), $max);
 }
 /**
 * Return the URL of the AUR root
 *
 * @return string The URL of the AUR root
 */
 function aur_location() {
 	$location = config_get('options', 'aur_location');
 	if (substr($location, -1) != '/') {
 		$location .= '/';
 	}
 	return $location;
 }
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@ -192,7 +192,8 @@ class AurJSON {
 	}
 	private function process_query($type, $where_condition) {
-		global $MAX_RPC_RESULTS;
+		$max_results = config_get_int('options', 'max_rpc_results');
 		$package_url = config_get('options', 'package_url');
 		if ($this->version == 1) {
 			$fields = implode(',', self::$fields_v1);
@ -207,7 +208,7 @@ class AurJSON {
 				"ON Licenses.ID = PackageLicenses.LicenseID " .
 				"WHERE ${where_condition} " .
 				"GROUP BY Packages.ID " .
-				"LIMIT $MAX_RPC_RESULTS";
+				"LIMIT $max_results";
 		} elseif ($this->version >= 2) {
 			$fields = implode(',', self::$fields_v2);
 			$query = "SELECT {$fields} " .
@ -216,7 +217,7 @@ class AurJSON {
 				"LEFT JOIN Users " .
 				"ON PackageBases.MaintainerUID = Users.ID " .
 				"WHERE ${where_condition} " .
-				"LIMIT $MAX_RPC_RESULTS";
+				"LIMIT $max_results";
 		}
 		$result = $this->dbh->query($query);
@ -226,7 +227,7 @@ class AurJSON {
 			while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
 				$resultcount++;
 				$pkgbase_name = $row['PackageBase'];
-				$row['URLPath'] = URL_DIR . substr($pkgbase_name, 0, 2) . "/" . $pkgbase_name . "/" . $pkgbase_name . ".tar.gz";
+				$row['URLPath'] = $package_url . substr($pkgbase_name, 0, 2) . "/" . $pkgbase_name . "/" . $pkgbase_name . ".tar.gz";
 				/*
 				 * Unfortunately, mysql_fetch_assoc() returns
@ -254,7 +255,7 @@ class AurJSON {
 				}
 			}
-			if ($resultcount === $MAX_RPC_RESULTS) {
+			if ($resultcount === $max_results) {
 				return $this->json_error('Too many package results.');
 			}
@ -303,8 +304,6 @@ class AurJSON {
 	 * @return mixed Returns an array of package matches.
 	 */
 	private function search($keyword_string) {
 		global $MAX_RPC_RESULTS;
 		if (strlen($keyword_string) < 2) {
 			return $this->json_error('Query arg too small');
 		}
--- a/web/lib/config.inc.php.proto
+++ b/web/lib/config.inc.php.proto
@ -1,72 +0,0 @@
 <?php
 # NOTE: modify these variables if your MySQL setup is different
 define( "AUR_db_DSN_prefix", "mysql" );
 define( "AUR_db_host", "unix_socket=/var/run/mysqld/mysqld.sock" );
 define( "AUR_db_name", "AUR" );
 define( "AUR_db_user", "aur" );
 define( "AUR_db_pass", "aur" );
 # Configuration of directories where things live
 define( "INCOMING_DIR", "/srv/aur/unsupported/" );
 define( "URL_DIR", "/packages/" );
 define( "USERNAME_MIN_LEN", 3 );
 define( "USERNAME_MAX_LEN", 16 );
 define( "PASSWD_MIN_LEN", 4 );
 # Default language for displayed messages in the web interface.
 define("DEFAULT_LANG", "en");
 # Enable debug sql output. This sends each query to error_log. Useful for
 # development. Should not be enabled in production. Default to 0 (off).
 define("SQL_DEBUG", 0);
 # Set cache type. Either "APC", "MEMCACHE", or "NONE". Defaults to NONE.
 #define("CACHE_TYPE", "APC");
 #define("CACHE_TYPE", "MEMCACHE");
 # If using memcache cache_type, list servers. You can separate multiple servers
 # with a comma, ex: '127.0.0.1:11211,127.0.0.1:11212'. If undefined, defaults
 # to '127.0.0.1:11211'.
 #define("MEMCACHE_SERVERS", '127.0.0.1:11211');
 # Session limit per user
 $MAX_SESSIONS_PER_USER = 8;
 # Idle seconds before timeout
 $LOGIN_TIMEOUT = 7200;
 # Session timeout when using "Remember me" cookies
 $PERSISTENT_COOKIE_TIMEOUT = 60 * 60 * 24 * 30;
 # Uncompressed file size limit for submitted tarballs (ZIP bomb protection) -
 # please ensure "upload_max_filesize" is additionally set to no more than 3M,
 # otherwise this check might be easy to bypass (FS#22991 for details)
 $MAX_FILESIZE_UNCOMPRESSED = 1024 * 1024 * 8;
 # Allow HTTPs logins only
 $DISABLE_HTTP_LOGIN = true;
 # Web URL used in email links and absolute redirects, no trailing slash
 $AUR_LOCATION = "http://localhost";
 # Use virtual URLs -- to enable this feature, you also need to tell your web
 # server to redirect all requests to "/index.php/$uri".
 $USE_VIRTUAL_URLS = true;
 # Maximum number of package results to return through an RPC connection.
 # Avoid setting this too high and having a PHP too much memory error.
 $MAX_RPC_RESULTS = 5000;
 # Mailing list to send package request notifications to.
 $AUR_REQUEST_ML = "aur-requests@archlinux.org";
 # Time to wait until a package request is due.
 $REQUEST_IDLE_TIME = 60 * 60 * 24 * 14;
 # When an orphan request is filed for a package that has been flagged
 # out-of-date for the following number of seconds, it is disowned
 # automatically.
 $AUTO_ORPHAN_AGE = 60 * 60 * 24 * 180;
--- a/web/lib/confparser.inc.php
+++ b/web/lib/confparser.inc.php
@ -0,0 +1,20 @@
 <?php
 function config_get($section, $key) {
 	global $AUR_CONFIG;
 	if (!isset($AUR_CONFIG)) {
 		$AUR_CONFIG = parse_ini_file("../../conf/config", true);
 	}
 	return $AUR_CONFIG[$section][$key];
 }
 function config_get_int($section, $key) {
 	return intval(config_get($section, $key));
 }
 function config_get_bool($section, $key) {
 	$val = strtolower(config_get($section, $key));
 	return ($val == 'yes' || $val == 'true' || $val == '1');
 }
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@ -1,5 +1,4 @@
 <?php
 include_once("config.inc.php");
 define("CRED_ACCOUNT_CHANGE_TYPE", 1);
 define("CRED_ACCOUNT_EDIT", 2);
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@ -1,5 +1,5 @@
 <?php
-include_once("config.inc.php");
+
 include_once("pkgreqfuncs.inc.php");
 /**
@ -88,7 +88,6 @@ function pkgbase_comments($base_id, $limit, $include_deleted) {
 /**
 * Add a comment to a package page and send out appropriate notifications
 *
 * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
 * @param string $base_id The package base ID to add the comment on
 * @param string $uid The user ID of the individual who left the comment
 * @param string $comment The comment left on a package page
@ -96,8 +95,6 @@ function pkgbase_comments($base_id, $limit, $include_deleted) {
 * @return void
 */
 function pkgbase_add_comment($base_id, $uid, $comment) {
 	global $AUR_LOCATION;
 	$dbh = DB::connect();
 	$q = "INSERT INTO PackageComments ";
@ -135,7 +132,7 @@ function pkgbase_add_comment($base_id, $uid, $comment) {
 		 * user who posted the comment was in.
 		 */
 		$body =
-		'from ' . $AUR_LOCATION . get_pkgbase_uri($row['Name']) . "\n"
+		'from ' . aur_location() . get_pkgbase_uri($row['Name']) . "\n"
 		. username_from_sid($_COOKIE['AURSID']) . " wrote:\n\n"
 		. $comment
 		. "\n\n---\nIf you no longer wish to receive notifications about this package, please go the the above package page and click the UnNotify button.";
@ -221,8 +218,6 @@ function pkgbase_get_details($base_id) {
 /**
 * Display the package base details page
 *
 * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
 * @global bool $USE_VIRTUAL_URLS True if using URL rewriting, otherwise false
 * @param string $id The package base ID to get details page for
 * @param array $row Package base details retrieved by pkgbase_get_details()
 * @param string $SID The session ID of the visitor
@ -230,9 +225,6 @@ function pkgbase_get_details($base_id) {
 * @return void
 */
 function pkgbase_display_details($base_id, $row, $SID="") {
 	global $AUR_LOCATION;
 	global $USE_VIRTUAL_URLS;
 	$dbh = DB::connect();
 	if (isset($row['error'])) {
@ -353,14 +345,11 @@ function pkgbase_maintainer_uid($base_id) {
 /**
 * Flag package(s) as out-of-date
 *
 * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
 * @param array $base_ids Array of package base IDs to flag/unflag
 *
 * @return array Tuple of success/failure indicator and error message
 */
 function pkgbase_flag($base_ids) {
 	global $AUR_LOCATION;
 	if (!has_credential(CRED_PKGBASE_FLAG)) {
 		return array(false, __("You must be logged in before you can flag packages."));
 	}
@ -392,7 +381,7 @@ function pkgbase_flag($base_ids) {
 		$result = $dbh->query($q);
 		if ($result) {
 			while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
-				$body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . " [1]. You may view your package at:\n" . $AUR_LOCATION . get_pkgbase_uri($row['Name']) . "\n\n[1] - " . $AUR_LOCATION . get_user_uri($f_name);
+				$body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . " [1]. You may view your package at:\n" . aur_location() . get_pkgbase_uri($row['Name']) . "\n\n[1] - " . aur_location() . get_user_uri($f_name);
 				$body = wordwrap($body, 70);
 				$headers = "MIME-Version: 1.0\r\n" .
 					   "Content-type: text/plain; charset=UTF-8\r\n" .
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@ -1,5 +1,5 @@
 <?php
-include_once("config.inc.php");
+
 include_once("pkgbasefuncs.inc.php");
 /**
@ -462,8 +462,6 @@ function pkg_get_details($id=0) {
 /**
 * Display the package details page
 *
 * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
 * @global bool $USE_VIRTUAL_URLS True if using URL rewriting, otherwise false
 * @param string $id The package ID to get details page for
 * @param array $row Package details retrieved by pkg_get_details()
 * @param string $SID The session ID of the visitor
@ -471,9 +469,6 @@ function pkg_get_details($id=0) {
 * @return void
 */
 function pkg_display_details($id=0, $row, $SID="") {
 	global $AUR_LOCATION;
 	global $USE_VIRTUAL_URLS;
 	$dbh = DB::connect();
 	if (isset($row['error'])) {
--- a/web/lib/pkgreqfuncs.inc.php
+++ b/web/lib/pkgreqfuncs.inc.php
@ -1,5 +1,6 @@
 <?php
-include_once("config.inc.php");
+
 include_once("confparser.inc.php");
 include_once("pkgbasefuncs.inc.php");
 /**
@ -76,9 +77,6 @@ function pkgreq_get_creator_email($id) {
 /**
 * File a deletion/orphan request against a package base
 *
 * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
 * @global string $AUR_REQUEST_ML The request notification mailing list
 * @global int $AUTO_ORPHAN_AGE The time to wait until auto-closing a request
 * @param string $ids The package base IDs to file the request against
 * @param string $type The type of the request
 * @param string $merge_into The target of a merge operation
@ -87,10 +85,6 @@ function pkgreq_get_creator_email($id) {
 * @return array Tuple of success/failure indicator and error message
 */
 function pkgreq_file($ids, $type, $merge_into, $comments) {
 	global $AUR_LOCATION;
 	global $AUR_REQUEST_ML;
 	global $AUTO_ORPHAN_AGE;
 	if (!has_credential(CRED_PKGREQ_FILE)) {
 		return array(false, __("You must be logged in to file package requests."));
 	}
@ -166,15 +160,15 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 			$username . " [1] filed a request to merge " .
 			$row['Name'] . " [2] into " . $merge_into .
 			" [3]:\n\n" .  $comments . "\n\n" .
-			"[1] " . $AUR_LOCATION . get_user_uri($username) . "\n" .
+			"[1] " . aur_location() . get_user_uri($username) . "\n" .
-			"[2] " . $AUR_LOCATION . get_pkgbase_uri($row['Name']) . "\n" .
+			"[2] " . aur_location() . get_pkgbase_uri($row['Name']) . "\n" .
-			"[3] " . $AUR_LOCATION . get_pkgbase_uri($merge_into) . "\n";
+			"[3] " . aur_location() . get_pkgbase_uri($merge_into) . "\n";
 	} else {
 		$body =
 			$username . " [1] filed a " . $type . " request for " .
 			$row['Name'] . " [2]:\n\n" . $comments . "\n\n" .
-			"[1] " . $AUR_LOCATION . get_user_uri($username) . "\n" .
+			"[1] " . aur_location() . get_user_uri($username) . "\n" .
-			"[2] " . $AUR_LOCATION . get_pkgbase_uri($row['Name']) . "\n";
+			"[2] " . aur_location() . get_pkgbase_uri($row['Name']) . "\n";
 	}
 	$body = wordwrap($body, 70);
 	$cc = array_unique($cc);
@ -185,14 +179,15 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 	$headers .= "From: notify@aur.archlinux.org\r\n" .
 		    "Message-ID: $thread_id\r\n" .
 		    "X-Mailer: AUR";
-	@mail($AUR_REQUEST_ML, "[PRQ#" . $request_id . "] " . ucfirst($type) .
+	$ml = config_get('options', 'aur_request_ml');
-			       " Request for " .  $row['Name'], $body,
+	@mail($ml, "[PRQ#" . $request_id . "] " . ucfirst($type) .
-			       $headers);
+		   " Request for " .  $row['Name'], $body, $headers);
 	$auto_orphan_age = config_get('options', 'auto_orphan_age');
 	$details = pkgbase_get_details($base_id);
 	if ($type == 'orphan' && $details['OutOfDateTS'] > 0 &&
-	    time() - $details['OutOfDateTS'] >= $AUTO_ORPHAN_AGE &&
+	    time() - $details['OutOfDateTS'] >= $auto_orphan_age &&
-	    $AUTO_ORPHAN_AGE > 0) {
+	    $auto_orphan_age > 0) {
 		/*
 		 * Close package request. NOTE: This needs to happen *before*
 		 * the actual disown operation. Otherwise, the former
@ -214,8 +209,6 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 /**
 * Close a deletion/orphan request
 *
 * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
 * @global string $AUR_REQUEST_ML The request notification mailing list
 * @param int $id The package request to close
 * @param string $reason Whether the request was accepted or rejected
 * @param string $comments Comments to be added to the notification email
@ -224,9 +217,6 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 * @return array Tuple of success/failure indicator and error message
 */
 function pkgreq_close($id, $reason, $comments, $auto_close=false) {
 	global $AUR_LOCATION;
 	global $AUR_REQUEST_ML;
 	switch ($reason) {
 	case 'accepted':
 		$status = 2;
@ -288,7 +278,7 @@ function pkgreq_close($id, $reason, $comments, $auto_close=false) {
 	}
 	if (!$auto_close) {
 		$body .= "\n";
-		$body .= "[1] " . $AUR_LOCATION .  get_user_uri($username);
+		$body .= "[1] " . aur_location() .  get_user_uri($username);
 		$body .= "\n";
 	}
 	$body = wordwrap($body, 70);
@ -301,7 +291,8 @@ function pkgreq_close($id, $reason, $comments, $auto_close=false) {
 		    "In-Reply-To: $thread_id\r\n" .
 		    "References: $thread_id\r\n" .
 		    "X-Mailer: AUR";
-	@mail($AUR_REQUEST_ML, "[PRQ#" . $id . "] Request " . ucfirst($reason),
+	$ml = config_get('options', 'aur_request_ml');
 	@mail($ml, "[PRQ#" . $id . "] Request " . ucfirst($reason),
 	      $body, $headers);
 	return array(true, __("Request closed successfully."));
--- a/web/lib/routing.inc.php
+++ b/web/lib/routing.inc.php
@ -1,5 +1,7 @@
 <?php
 include_once("confparser.inc.php");
 $ROUTES = array(
 	'' => 'home.php',
 	'/index.php' => 'home.php',
@ -24,6 +26,10 @@ $PKGBASE_PATH = '/pkgbase';
 $PKGREQ_PATH = '/requests';
 $USER_PATH = '/account';
 function use_virtual_urls() {
 	return config_get_bool('options', 'use_virtual_urls');
 }
 function get_route($path) {
 	global $ROUTES;
@ -36,10 +42,9 @@ function get_route($path) {
 }
 function get_uri($path) {
 	global $USE_VIRTUAL_URLS;
 	global $ROUTES;
-	if ($USE_VIRTUAL_URLS) {
+	if (use_virtual_urls()) {
 		return $path;
 	} else {
 		return get_route($path);
@ -62,10 +67,9 @@ function get_pkgreq_route() {
 }
 function get_pkg_uri($pkgname) {
 	global $USE_VIRTUAL_URLS;
 	global $PKG_PATH;
-	if ($USE_VIRTUAL_URLS) {
+	if (use_virtual_urls()) {
 		return $PKG_PATH . '/' . urlencode($pkgname) . '/';
 	} else {
 		return '/' . get_route($PKG_PATH) . '?N=' . urlencode($pkgname);
@ -73,10 +77,9 @@ function get_pkg_uri($pkgname) {
 }
 function get_pkgbase_uri($pkgbase_name) {
 	global $USE_VIRTUAL_URLS;
 	global $PKGBASE_PATH;
-	if ($USE_VIRTUAL_URLS) {
+	if (use_virtual_urls()) {
 		return $PKGBASE_PATH . '/' . urlencode($pkgbase_name) . '/';
 	} else {
 		return '/' . get_route($PKGBASE_PATH) . '?N=' . urlencode($pkgbase_name);
@ -89,10 +92,9 @@ function get_user_route() {
 }
 function get_user_uri($username) {
 	global $USE_VIRTUAL_URLS;
 	global $USER_PATH;
-	if ($USE_VIRTUAL_URLS) {
+	if (use_virtual_urls()) {
 		return $USER_PATH . '/' . urlencode($username) . '/';
 	} else {
 		return '/' . get_route($USER_PATH) . '?U=' . urlencode($username);
--- a/web/lib/translator.inc.php
+++ b/web/lib/translator.inc.php
@ -11,7 +11,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR
 #	print __("%s has %s apples.", "Bill", "5");
 #	print __("This is a %smajor%s problem!", "<strong>", "</strong>");
-include_once('config.inc.php');
+include_once("confparser.inc.php");
 include_once('DB.class.php');
 include_once('gettext.php');
 include_once('streams.php');
@ -82,7 +82,6 @@ function _n($msgid1, $msgid2, $n) {
 function set_lang() {
 	global $LANG;
 	global $SUPPORTED_LANGS;
 	global $PERSISTENT_COOKIE_TIMEOUT;
 	global $streamer, $l10n;
 	$update_cookie = 0;
@ -116,11 +115,12 @@ function set_lang() {
 	# Set $LANG to default if nothing is valid.
 	if (!array_key_exists($LANG, $SUPPORTED_LANGS)) {
-		$LANG = DEFAULT_LANG;
+		$LANG = config_get('options', 'default_lang');
 	}
 	if ($update_cookie) {
-		$cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT;
+		$timeout = intval(config_get('options', 'persistent_cookie_timeout'));
 		$cookie_time = time() + $timeout;
 		setcookie("AURLANG", $LANG, $cookie_time, "/");
 	}
--- a/web/template/actions_form.php
+++ b/web/template/actions_form.php
@ -1,4 +1,4 @@
-<?php if (!$USE_VIRTUAL_URLS): ?>
+<?php if (!use_virtual_urls()): ?>
 <div class="box">
 	<form action="<?= htmlspecialchars(get_pkg_uri($row['Name']), ENT_QUOTES); ?>" method="post">
 		<fieldset>
--- a/web/template/header.php
+++ b/web/template/header.php
@ -69,7 +69,7 @@
 						<li><a href="<?= get_uri('/logout/'); ?>"><?= __("Logout"); ?></a></li>
 					<?php else: ?>
 						<li><a href="<?= get_uri('/register/'); ?>"><?= __("Register"); ?></a></li>
-						<?php if ($DISABLE_HTTP_LOGIN && empty($_SERVER['HTTPS'])): ?>
+						<?php if (config_get_bool('options', 'disable_http_login') && empty($_SERVER['HTTPS'])): ?>
 						<li><a href="<?= $AUR_LOCATION . get_uri('/login/'); ?>"><?= __("Login"); ?></a></li>
 						<?php else: ?>
 						<li><a href="<?= get_uri('/login/'); ?>"><?= __("Login"); ?></a></li>
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@ -21,7 +21,8 @@ $updated_time = ($row["ModifiedTS"] == 0) ? $msg : gmdate("Y-m-d H:i", intval($r
 $submitted_time = ($row["SubmittedTS"] == 0) ? $msg : gmdate("Y-m-d H:i", intval($row["SubmittedTS"]));
 $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("Y-m-d", intval($row["OutOfDateTS"]));
-$urlpath = URL_DIR . substr($row['BaseName'], 0, 2) . "/" . $row['BaseName'];
+$package_url = config_get('options', 'package_url');
 $urlpath = $package_url . substr($row['BaseName'], 0, 2) . "/" . $row['BaseName'];
 $lics = pkg_licenses($row["ID"]);
 $grps = pkg_groups($row["ID"]);
@ -82,7 +83,7 @@ $sources = pkg_sources($row["ID"]);
 				<li><a href="<?= $urlpath . '/' . $row['BaseName'] ?>.tar.gz"><?= __('Download tarball') ?></a></li>
 				<li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
 				<li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li>
-				<?php if ($USE_VIRTUAL_URLS && $uid): ?>
+				<?php if (use_virtual_urls() && $uid): ?>
 				<?php if ($row["OutOfDateTS"] === NULL): ?>
 				<li>
 					<form action="<?= get_pkgbase_uri($row['BaseName']) . 'flag/'; ?>" method="post">
@ -281,7 +282,7 @@ if (has_credential(CRED_PKGBASE_CHANGE_CATEGORY, array($row["MaintainerUID"]))):
 <?php
 if ($row["SubmitterUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($submitter) ?>"><?= html_format_username($submitter) ?></a></td>
 		<?php else: ?>
@ -299,7 +300,7 @@ if ($row["SubmitterUID"]):
 <?php
 if ($row["MaintainerUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($maintainer) ?>"><?= html_format_username($maintainer) ?></a></td>
 		<?php else: ?>
@ -317,7 +318,7 @@ if ($row["MaintainerUID"]):
 <?php
 if ($row["PackagerUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($packager) ?>"><?= html_format_username($packager) ?></a></td>
 		<?php else: ?>
@ -333,7 +334,7 @@ if ($row["PackagerUID"]):
 		<tr>
 			<th><?= __('Votes') . ': ' ?></th>
 <?php if (has_credential(CRED_PKGBASE_LIST_VOTERS)): ?>
-<?php if ($USE_VIRTUAL_URLS): ?>
+<?php if (use_virtual_urls()): ?>
 			<td><a href="<?= get_pkgbase_uri($row['BaseName']); ?>voters/"><?= $votes ?></a></td>
 <?php else: ?>
 			<td><a href="<?= get_uri('/voters/'); ?>?N=<?= htmlspecialchars($row['BaseName'], ENT_QUOTES) ?>"><?= $votes ?></a></td>
--- a/web/template/pkgbase_details.php
+++ b/web/template/pkgbase_details.php
@ -19,7 +19,8 @@ $updated_time = ($row["ModifiedTS"] == 0) ? $msg : gmdate("Y-m-d H:i", intval($r
 $submitted_time = ($row["SubmittedTS"] == 0) ? $msg : gmdate("Y-m-d H:i", intval($row["SubmittedTS"]));
 $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("Y-m-d", intval($row["OutOfDateTS"]));
-$urlpath = URL_DIR . substr($row['Name'], 0, 2) . "/" . $row['Name'];
+$package_url = config_get('options', 'package_url');
 $urlpath = $package_url . substr($row['Name'], 0, 2) . "/" . $row['Name'];
 $pkgs = pkgbase_get_pkgnames($base_id);
 ?>
@ -33,7 +34,7 @@ $pkgs = pkgbase_get_pkgnames($base_id);
 				<li><a href="<?= $urlpath . '/' . $row['Name'] ?>.tar.gz"><?= __('Download tarball') ?></a></li>
 				<li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
 				<li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li>
-				<?php if ($USE_VIRTUAL_URLS && $uid): ?>
+				<?php if (use_virtual_urls() && $uid): ?>
 				<?php if ($row["OutOfDateTS"] === NULL): ?>
 				<li>
 					<form action="<?= get_pkgbase_uri($row['Name']) . 'flag/'; ?>" method="post">
@ -140,7 +141,7 @@ if (has_credential(CRED_PKGBASE_CHANGE_CATEGORY, array($row["MaintainerUID"]))):
 <?php
 if ($row["SubmitterUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($submitter) ?>"><?= html_format_username($submitter) ?></a></td>
 		<?php else: ?>
@ -158,7 +159,7 @@ if ($row["SubmitterUID"]):
 <?php
 if ($row["MaintainerUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($maintainer) ?>"><?= html_format_username($maintainer) ?></a></td>
 		<?php else: ?>
@ -176,7 +177,7 @@ if ($row["MaintainerUID"]):
 <?php
 if ($row["PackagerUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($packager) ?>"><?= html_format_username($packager) ?></a></td>
 		<?php else: ?>
@ -192,7 +193,7 @@ if ($row["PackagerUID"]):
 		<tr>
 			<th><?= __('Votes') . ': ' ?></th>
 <?php if (has_credential(CRED_PKGBASE_LIST_VOTERS)): ?>
-<?php if ($USE_VIRTUAL_URLS): ?>
+<?php if (use_virtual_urls()): ?>
 			<td><a href="<?= get_pkgbase_uri($row['Name']); ?>voters/"><?= $votes ?></a></td>
 <?php else: ?>
 			<td><a href="<?= get_uri('/voters/'); ?>?N=<?= htmlspecialchars($row['Name'], ENT_QUOTES) ?>"><?= $votes ?></a></td>
--- a/web/template/pkgreq_results.php
+++ b/web/template/pkgreq_results.php
@ -34,9 +34,10 @@
 		<?php while (list($indx, $row) = each($results)): ?>
 		<?php
-		$due = ($row['Open'] && time() - intval($row['RequestTS']) > $REQUEST_IDLE_TIME);
+		$idle_time = config_get_int('options', 'request_idle_time');
 		$due = ($row['Open'] && time() - intval($row['RequestTS']) > $idle_time);
 		if (!$due) {
-			$time_left = $REQUEST_IDLE_TIME - (time() - intval($row['RequestTS']));
+			$time_left = $idle_time - (time() - intval($row['RequestTS']));
 			if ($time_left > 48 * 3600) {
 				$time_left_fmt = __("~%d days left", round($time_left / (24 * 3600)));
 			} elseif ($time_left > 3600) {
--- a/web/template/tu_last_votes_list.php
+++ b/web/template/tu_last_votes_list.php
@ -21,7 +21,7 @@
 			?>
 			<tr class="<?= $c ?>">
 				<td>
-					<?php if (!$USE_VIRTUAL_URLS): ?>
+					<?php if (!use_virtual_urls()): ?>
 					<a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['UserID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($username) ?>"><?= html_format_username($username) ?></a></td>
 					<?php else: ?>
 					<a href="<?= get_uri('/account/') . html_format_username($username) ?>" title="<?= __('View account information for %s', html_format_username($username)) ?>"><?= html_format_username($username) ?></a>