Configuration file

Database connection


The built-in Doctrine DBAL driver implementation to use. Default is “pdo_mysql”: A MySQL driver that uses the pdo_mysql PDO extension.

$this->dbType = 'pdo_mysql';


We cannot guarantee all shop functionality will work if this value is changed.


The charset used when connecting to the database. It is highly related with dbType used.

$this->dbCharset = 'utf8';


We cannot guarantee all shop functionality will work if this value is changed.

Other database connection variables

$this->dbHost = 'localhost'; // database host name
$this->dbPort  = 3306; // tcp port to which the database is bound
$this->dbName = 'oxid'; // database name
$this->dbUser = 'oxid'; // database user name
$this->dbPwd  = 'oxid'; // database user password



$this->sLogLevel = 'warning';

You can set the log level to one of the levels defined by PsrLogLevel. This level will be used by the default PSR-3 logging implementation of OXID eShop.


Keep in mind that this is the minimum level to be logged and lower levels would not be logged, even if those log levels are used in the code.

The message in the following code example will not be logged to any logging channel, if sLogLevel is set to warning. You would have to set sLogLevel to debug to see something in the error log file.

$logger->debug('Some debug message', [__CLASS__, __FUNCTION__]);

Like this you are able to change the log level temporarily even in productive environments to see more information in your log file.


 * Enable debug mode for template development or bug fixing
 * -1 = Log more messages and throw exceptions on errors (not recommended for production)
 * 0 = off
 * 5 = Delivery Cost calculation info
 * 6 = SMTP Debug Messages
$this->iDebug = 0; // default setting 0

The different values do not reflect log levels but rather, which part of the OXID eShop functionality should be logged.


This setting is for debugging purposes during development ONLY. It prints out a lot of information directly to the front page and is not suitable for a productive environment.


Configure if requests, coming via stdurl and not redirected to seo url be logged to seologs db table.

$this->blSeoLogging = false;


This is only active in productive mode, as the eShop in non productive more will always log such urls

Timezone configuration

Shop timezone can be set with date_default_timezone_set. Europe/Berlin is default value.



Force admin email. Offline warnings are sent with high priority to this address.

$this->sAdminEmail = '';


Defines the time interval in seconds warnings are sent during the shop is offline. 5 minutes is default interval.

$this->offlineWarningInterval = 60 * 5;


Shop will be checked for version in admin home page only if this option is checked


define ‘Auth_OpenID_RAND_SOURCE’ (filename for a source of random bytes)

$this->sAuthOpenIdRandSource  = '/dev/urandom';


Additionally checks if “oxactivefrom > current date < oxactiveto”


If value is TRUE checks stock state “( oxstock > 0 or ( oxstock <= 0 and ( oxstockflag = 1 or oxstockflag = 4 ) )”


Is a global config parameter which activates a template override system for an easier design customization and defines custom theme directory name in ‘views’ folder. The structure of this custom theme has to be the same as main theme. The shop will look up if there is an adapted file in your custom folder; if not it will return to the main folder.


Log all modifications performed in Admin (to oxadmin.log in shop log dir)

$this->blLogChangesInAdmin = false;


Common cart for subshops use together with option in main shop configurations (Mall tab): “Allow users from other shops”


Switch off SEO URLs

$this->blSeoMode = false;


Enables or disables the use of cron jobs in

Implemented with OXID eShop version 4.6.0

$this->blUseCron = true;


Sets the default value of credit rating

Implemented with OXID eShop version 4.7.3

$this->iCreditRating = 1000;


Prices will be entered without tax


Enables shop demo mode

$this->blDemoShop= true;


Works only if basket reservations feature is enabled in admin.

The number specifies how many expired basket reservations are cleaned per one request (to the eShop). Cleaning a reservation basically means returning the reserved stock to the articles.

$this->iBasketReservationCleanPerRequest = 200;


Keeping this number too low may cause article stock being returned too slowly, while too high value may have spiking impact on the performance.


To override FrontendController::$_aUserComponentNames use this array option: array keys are component(class) names and array values defines if component is cacheable (true/false) E.g. array(‘user_class’ => false);


Additional multi language tables list.


Control removal of the Setup directory. It will be removed right after the setup is completed, if configuration is true.

$this->blDelSetupDir = false;

PHP handling in Smarty

If you use Smarty, avoid using PHP, if possible.

If PHP is enabled in Smarty, anyone with admin rights can do anything, and can, for example, bypass security measures.

To disable PHP in Smarty, you have the following options:

  • Recommended: To achieve maximum security, disable Smarty with the deactivateSmartyForCmsContent parameter (see deactivateSmartyForCmsContent.

    With this option, Smarty is applied only in templates, not in content blocks.

  • Disable PHP execution with the iSmartyPhpHandling parameter (see iSmartyPhpHandling.

    With this option, Smarty is applied, but PHP code cannot be executed in content blocks.

    The remaining risks that a content editor would be able to display variables and values and to modify data.


If possible, deactivate Smarty for CMS content.

To deactivate Smarty and make sure that CMS content (descriptions of products and categories, CMS pages, for example) is not processed by Smarty, set the deactivateSmartyForCmsContent parameter to true.

By default, Smarty is active (parameter value = false).


$this->deactivateSmartyForCmsContent = true;


Deactivate PHP execution in Smarty without deactivating Smarty.

By default, PHP code is executed in Smarty (in the following options, value = 3).

To deactivate PHP execution, choose one of the following options:

  • Value = 0: Recommended: Output code in HTML source (not displayed)

  • Value = 1: Display code with PHP tags

  • Value = 2: Display code without PHP tags

$this->iSmartyPhpHandling = <value>;


$this->iSmartyPhpHandling = 0;



Disable module auto deactivation

Implemented with OXID eShop versions 5.1.2/4.8.2 and 5.0.11/4.7.11

$this->blDoNotDisableModuleOnError = false;


Some classes can be overloaded, but only by setting up this information in directly

$this->aModules = array(
    'oxutilsobject' => 'my_oxutilsobject'

Uploads and images


File type whitelist for file uploads

$this->aAllowedUploadTypes = array('jpg', 'gif', 'png', 'pdf', 'mp3', 'avi', 'mpg', 'mpeg', 'doc', 'xls', 'ppt');


Change number of item pictures

$this->iPicCount = 12;

sAltImageDir / sSSLAltImageUrl

Use external CDN to deliver images.

$this->sSSLAltImageUrl = "https://[path_to_images_dir_on_server]/"; //for HTTPS URLS
$this->sAltImageDir = "http://[path_to_images_dir_on_server]/"; //for HTTP URLS

If value set, affected images (for Products, Categories, Promotions, Vendors, Manufacturers, etc.) will build their paths relative to path_to_images_dir_on_server.

For example:

$this->sSSLAltImageUrl = '';
// Resulting product URL:

instead of:

$this->sSSLAltImageUrl = '';
// Resulting product URL:


You will require additional OXID component to be able to upload images affected by this setting from the Admin area to a remote storage (see OXID eShop Cloud Storage component for configuring Amazon Simple Storage Service, or similar).



Separator for Import/Export


Encloser for Import/Export



List of all Search-Engine Robots

$this->aRobots = [


Deactivate Static URL’s for the Robots listed in this array

$this->aRobotsExcept = array();

Session and cookies


Force session start on first page view and for users whose browsers do not accept cookies, append sid parameter to URLs. By default it is turned off.

$this->blForceSessionStart = false;


Use browser cookies to store session id (no sid parameter in URL)

$this->blSessionUseCookies = true;


In case you setup different subdomain for SSL/non-SSL pages cookies may not be shared between them. This setting allows to define the domain that the cookie is available in format: array(_SHOP_ID_ => _DOMAIN_);

$this->aCookieDomains = [
    1 => ''


Check setcookie() documentation for more details:


The path on the server in which the cookie will be available on: array(_SHOP_ID_ => _PATH_);

possibility to define path on the server in which the cookie will be available on.

$this->aCookiePaths = [
    1 => '/dev/urandom'


Check setcookie() documentation for more details:


Defines IP addresses, for which session + cookie id match and user agent change checks are off.


This configuration array specifies additional request parameters, which, if received, forces a new session being started.

This is the default array with the request parameters and their values, which forces a new session:

    'cl' => array(
        'register' => true,
        'account'  => true,
    'fnc' => array(
        'tobasket' => true,
        'login_noredirect' => true,
        'tocomparelist'    => true,
    '_artperpage' => true,
    'ldtype'      => true,
    'listorderby' => true,

If you want to extend this array include in file this option:

$this->aRequireSessionWithParams = array(
    'parameter_name' => array(
        'parameter_value' => true,

The keys of the array are the names of parameters and the values of the arrays are the parameter values that lead to the session being started, e.g:

$this->aRequireSessionWithParams = array(
    'fnc' => array(
        'login_noredirect' => true,
    'new_sid' => true



If you can’t log in to the admin panel, try setting the parameter blSkipViewUsage temporarily to “true”.

Implemented with OXID eShop version 4.7

$this->blSkipViewUsage = false;


We cannot guarantee all shop functionality will work if this value is changed and we strongly recommend to use this parameter only for accessing the admin panel, in case the View tables are broken.


Show “Update Views” button in admin

$this->blShowUpdateViews = true;

Password hashing


Supported values are the strings PASSWORD_BCRYPT, PASSWORD_ARGON2I and PASSWORD_ARGON2ID. Some of the hashing algorithms may not be available on your system depending on your PHP version.

$this->passwordHashingAlgorithm = 'PASSWORD_BCRYPT';

Algorithm configuration

See for options and values


$this->passwordHashingBcryptCost =  10; // Minimum cost is 4, maximum cost is 31
$this->passwordHashingArgon2MemoryCost =  1024;
$this->passwordHashingArgon2TimeCost =  2;
$this->passwordHashingArgon2Threads =  2;

Enterprise Edition options

Enterprise Edition related config options. These options have no effect on Community/Professional Editions.


Time limit in ms to be notified about slow queries

$this->iDebugSlowQueryTime = 20;


Enables Rights and Roles engine. Possible values:

  • 0 - off,

  • 1 - only in admin,

  • 2 - only in shop,

  • 3 - both

$this->blUseRightsRoles = 3;


Define oxarticles fields which could be edited individually in subshops.



Do not forget to add these fields to oxfield2shop table.


The field names are case sensitive here


Database master-slave configuration. Variable contains the list of slave hosts.

$this->aSlaveHosts = array('localhost', '');