Forum Configuration

Flatboard Team • 22/12/2025 • 10 min de lecture

Forum Configuration

After installing Flatboard 5, configure your forum settings to match your needs. This guide covers all configuration options available in the admin panel and configuration files.

Configuration File

Flatboard 5 stores its main configuration in /stockage/json/config.json.

Important Warning

Never edit config.json manually while the forum is running. Always use the admin panel or ensure the forum is in maintenance mode.

Configuration Structure

{
  "site_name": "My Forum",
  "site_url": "https://example.com",
  "base_url": "",
  "default_language": "fr",
  "timezone": "Europe/Paris",
  "storage_type": "json",
  "debug": false,
  "maintenance_mode": false,
  "registration_enabled": true,
  "email_verification": false,
  "pagination_type": "classic",
  "smtp": {
    "enabled": false,
    "host": "",
    "port": 587,
    "username": "",
    "password": "",
    "from_email": "",
    "from_name": ""
  },
  "assets": {
    "minify_css": true,
    "minify_js": false,
    "cache_enabled": true
  }
}

General Settings

Site Information

Access: Admin Panel > Settings > General

Site Name - Your forum's display name
- Appears in page titles, headers, and emails
- Maximum 100 characters
Site URL - Full URL including protocol
- Format: https://example.com or http://example.com
- Used for email links and redirects
Site Description - Brief description for SEO
- Appears in meta tags
- Recommended: 150-160 characters
Base URL - Subdirectory path if installed in subfolder
- Leave empty if installed in root
- Example: /forum if installed at https://example.com/forum

Keep your site description under 160 characters for optimal display in search results.

Display Options

Compact number display (since 5.2.4) — When enabled, large integers are formatted as compact notation throughout the forum (e.g. 1 413 → 1.4K, 25 000 → 25K, 1 800 000 → 1.8M). Applies to view counts in discussion lists, search results, FlatBlog, and FlatHome. Disabled by default.
Homepage view (since 5.5.1) — The homepage_view setting controls what visitors see at /:
- discussions (default) — latest discussions list (legacy behaviour)
- categories — categories grid
Whatever you pick, /forums always displays the categories grid and /discussions always displays the full discussion list. Both URLs are permanent regardless of the homepage choice, and the navigation links ("Forums" / "All discussions") always match their destination. Switching is covered for the premium, ClassicForum and IPB themes.

Language and Timezone

Configure localization settings:

Default Language - Choose from available languages
- Available: French (fr), English (en), German (de), Portuguese (pt), Simplified Chinese (zh), Polish (pl)
- Users can override in their profile
Timezone - Set your server's timezone for correct timestamps
- Examples: Europe/Paris, America/New_York, Asia/Tokyo
- See PHP timezone list

Storage Configuration

Storage Type:

JSON - File-based storage (default, all editions)
SQLite - Database storage (Pro Edition only)

You can migrate between storage types using the StorageMigrator plugin. This requires a full data migration.

User Settings

Registration

Enable Registration - Allow new users to register
- When disabled, only admins can create accounts
Email Verification - Require email verification
- Users must verify email before account activation
- Requires SMTP to be configured
Default User Group - Group assigned to new users
- Typically: "Member" or "Guest"

Profile Settings

Allow Avatar Upload - Enable user avatar uploads
Avatar Max Size - Maximum file size (e.g., 2MB)
Avatar Dimensions - Maximum width/height (e.g., 200x200)
Allow Signature - Enable user signatures in posts
Signature Max Length - Maximum characters (e.g., 500)
Presence history size (since 5.4.2) — Number of distinct recent pages remembered per logged-in user (presence_history_size, range 0–20; default 5). Each heartbeat appends the current page to a most-recent-first list, deduplicating consecutive visits to the same URL. A value of 0 disables history entirely; only the current page is kept. Recommended ranges depend on storage:
- JSON storage — 3 to 7 pages (each entry is a few hundred bytes on disk per user)
- SQLite (Pro) — 5 to 15 pages
The data is consumed by Pro plugins such as Forum Monitoring (renders each member's recent page list with type-aware icons in the "Active today" section) and by anything that hooks into PresenceController::writePresence().

Content Time Limits (since 5.6.0)

The Contenu tab of the admin config panel (or config.json keys directly) exposes five settings that govern how long members can edit or delete their own discussions and replies. Moderators are never subject to these limits.

Key	Default	Effect
`discussion.edit_time_limit`	`60` (minutes)	Window during which the author can edit their discussion. `0` = unlimited.
`discussion.delete_time_limit`	`30` (minutes)	Window during which the author can delete their discussion.
`discussion.delete_requires_no_replies`	`true`	Block deletion of a discussion that already has replies, even within the time window.
`discussion.edit_requires_no_replies`	`true`	Lock the discussion (uneditable by author) as soon as any reply arrives, even within the time window.
`post.edit_time_limit`	`60` (minutes)	Window during which the author can edit their reply.
`post.delete_time_limit`	`30` (minutes)	Window during which the author can delete their reply.
`post.edit_requires_no_replies`	`true`	Lock a reply for editing once a newer one has been posted in the same thread — only the most recent reply stays editable (NodeBB-style behaviour).

The two *_requires_no_replies flags pair with the minute-based windows. The logic is additive: while no reply exists, the time limit governs; the instant one arrives, editing locks regardless of any configured window.

Permission denials carry specific translation keys so members see a precise message rather than a generic 403:

permission.discussionEditTimeLimit / permission.discussionDeleteTimeLimit
permission.discussionEditRequiresNoReplies / permission.discussionDeleteRequiresNoReplies
permission.postEditTimeLimit / permission.postDeleteTimeLimit
permission.postEditRequiresNoReplies

All seven keys default to true / 60 / 30 on fresh installs and on update via Config::getDefaults() — no migration needed.

For comparison: Discourse defaults to 1,440 minutes (24 h) for editing; XenForo and phpBB ship with no time limit; vBulletin uses 30–60 minutes.

Email Configuration

SMTP Settings

Access: Admin Panel > Settings > Email

Configure SMTP for reliable email delivery:

Enable SMTP - Turn on SMTP sending
SMTP Host - Your mail server (e.g., smtp.gmail.com)
SMTP Port - Usually 587 (TLS) or 465 (SSL)
Username - SMTP authentication username
Password - SMTP authentication password
From Email - Sender email address
From Name - Sender display name

SMTP passwords are automatically encrypted at rest using the internal `EncryptionHelper`. The value stored in `config.json` is always the encrypted form, never the plain-text password.

Sensitive SMTP credentials can also be supplied via environment variables, which take precedence over config.json values:

export FLATBOARD_SMTP_HOST="smtp.example.com"
export FLATBOARD_SMTP_USERNAME="user@example.com"
export FLATBOARD_SMTP_PASSWORD="secret"

Common SMTP Providers

Gmail:

Host: smtp.gmail.com
Port: 587
Encryption: tls
Username: your-email@gmail.com
Password: (App Password, not regular password)

Outlook/Office 365:

Host: smtp.office365.com
Port: 587
Encryption: tls

SendGrid:

Host: smtp.sendgrid.net
Port: 587
Encryption: tls
Username: apikey
Password: (Your SendGrid API key)

For Gmail, you must use an "App Password" instead of your regular password. Enable 2-Step Verification and generate an app password in your Google Account settings.

Test Email

Use the "Send Test Email" button to verify your SMTP configuration.

Email MX DNS Validation (since 5.4.2)

email_mx_validation (enabled by default) verifies at registration time that the email domain has at least one MX record. Addresses whose domain has no mail server (e.g. demo@demo.com) are rejected with a localized error message before any database write.

Toggle from Admin → Settings → Email. Disable only in air-gapped or test environments where outbound DNS is unavailable. See the Security guide for details.

Security Settings

CSRF Protection

Enabled by default - Protects against Cross-Site Request Forgery
No configuration needed - automatically handled

Rate Limiting

Configure request rate limits:

Login Attempts - Max attempts per IP (default: 5)
Registration Attempts - Max registrations per IP (default: 3)
Password Reset - Max requests per hour (default: 3)

Password Requirements

Minimum Length - Minimum password characters. security.password_min_length, default 10 since 5.7.1 (was 8).
Require Uppercase - Require uppercase letters
Require Lowercase - Require lowercase letters
Require Numbers - Require numeric characters
Require Special Characters - Require special chars (!@#$% etc.)

Since 5.7.1 all four complexity rules are enforced together (one lowercase, one uppercase, one digit and one special character), on both the installer's admin account and member registration. See the Security guide for the full policy.

Performance Settings

Caching

Enable Cache - Enable Markdown and template caching
Cache Duration - Cache lifetime in seconds (default: 3600)

Asset Optimization

Minify CSS (assets.minify_css) - Configuration key only. File-level CSS minification is currently forced off in AssetLoader (the minifier broke some ES-style rules), so CSS is served as source regardless of this setting.
Minify JavaScript (assets.minify_js) - When enabled, non-.min.js source files are minified on the fly. A .min.js shipped alongside an asset is always used as-is.
Pre-minified files - If a theme/plugin ships a .min.css / .min.js next to the source, AssetLoader serves it directly.

Cache busting

Whether or not a file is minified, every asset URL carries a ?v=<filemtime> query (since 5.7.2) so the one-year immutable browser cache picks up changes immediately. See the Performance guide.

Maintenance Mode

Access: Admin Panel > Settings > Maintenance

Enable maintenance mode to perform updates or maintenance:

Maintenance Mode - Enable/disable
Maintenance Message - Message shown to visitors
Allow Admin Access - Admins can still access during maintenance

Maintenance mode disables public access to the forum. Only administrators can log in.

Advanced Settings

Debug Mode

Debug Mode - Enable detailed error messages
- Never enable in production - Security risk
- Use only for development/troubleshooting
- When enabled, HTML assets (CSS/JS) are not minified - Assets are served in their original, readable format for easier debugging
- When enabled, the Maintenance Tools section becomes visible in the Admin Dashboard — All rebuild, cleanup, and file-permission actions (Admin → Dashboard → Maintenance) are hidden in production and only appear when debug is true. A warning notice is displayed inside the section to remind administrators that these tools are exposed because debug mode is active.

Logging

Enable Logging - Log errors and events
Log Level - error, warning, info, debug
Log File - Location: /stockage/logs/

SEO Settings

Meta Title - Default page title
Meta Description - Default meta description
Meta Keywords - Default keywords (comma-separated)
Enable Sitemap - Generate sitemap.xml
Enable Robots.txt - Generate robots.txt

Configuration via Admin Panel

Most settings can be configured through the admin panel:

Navigate to Admin Panel - /admin
Go to Settings - Click "Settings" in the menu
Select Category - General, Users, Email, Security, etc.
Modify Settings - Change values as needed
Save Changes - Click "Save" button

Editing configuration directly

Configuration is normally managed from Admin → Settings. For headless/automated setups you can also edit config.json directly (under stockage/json/ or the active data backend) — Flatboard reads it on the next request. Validate your JSON before saving; a malformed file will prevent the app from booting.

A few maintenance commands relevant to configuration are available via the CLI (full catalogue in the Developer guide):

# Purge unverified accounts older than N days (since 5.5.0)
php app/Cli/console.php cleanup:unverified-users 7

# Force-refresh the bundled Mozilla CA bundle (since 5.3.7)
php app/Cli/console.php update:renew-cacert

Backup Configuration

Always backup your configuration before making changes:

# Backup config.json
cp stockage/json/config.json stockage/json/config.json.backup

# Restore from backup
cp stockage/json/config.json.backup stockage/json/config.json

Troubleshooting Configuration

Settings Not Saving

Possible causes:

Insufficient file permissions
Configuration file locked
Disk space full

Solution:

chmod 600 stockage/json/config.json
chown www-data:www-data stockage/json/config.json

Email Not Sending

Check:

SMTP settings are correct
Firewall allows outbound connections on SMTP port
Credentials are valid
Test email function works

Timezone Issues

Solution: Use proper timezone identifier:

Correct: Europe/Paris
Incorrect: Paris, GMT+1, UTC+1

Resources

Installation Guide - Initial setup
Admin Panel Guide - Administration interface
Email and SMTP - Detailed email configuration
Security Guide - Security best practices
Troubleshooting - Common issues

Last updated: May 31, 2026