General parameters

Configuration files

To configure Self Service Password, you need to create a local configuration file named in self-service-password/conf. For example :

// Override parameters below

Self Service Password default configuration file is self-service-password/conf/ It includes Consequently, you can override all parameters in This prevents you to be disturbed by an upgrade.


Available language are:

  • Brazilian (pt-BR)
  • Catalonia (ca)
  • Chinese (cn and zh-CN)
  • Czech (cs)
  • Dutch (nl)
  • English (en)
  • Estonian (ee)
  • French (fr)
  • German (de)
  • Greek (el)
  • Hungarian (hu)
  • Italian (it)
  • Japanese (ja)
  • Polish (pl)
  • Portuguese (pt-PT)
  • Russian (ru)
  • Slovak (sk)
  • Slovenian (sl)
  • Spanish (es)
  • Swedish (sv)
  • Turkish (tr)
  • Ukranian (uk)

Set one of them in $lang:

$lang = "en";

To display a top menu, activate the option:

$show_menu = true;

If menu is not shown, the default application title will be displayed.


Help messages provide information to users on how use the interface. They can be disabled with $show_help:

$show_help = false;

You can add extra messages by setting values in these parameters:

$messages['passwordchangedextramessage'] = "Congratulations!";
$messages['changehelpextramessage'] = "Contact us if you are lost...";

You change the default logo with your own. Set the path to your logo in $logo:

$logo = "images/ltb-logo.png";
Comment this parameter to hide logo


You change the background image with your own. Set the path to image in $background_image:

$background_image = "images/unsplash-space.jpeg";
Comment this parameter to falll back to default background color


You can turn on debug mode with $debug:

$debug = true;


You need a key phrase if you use ciphered tokens (see Reset by mail tokens)

$keyphrase = "secret";

There is also a protection on login to avoid LDAP injections. Some characters are forbidden, you can change the list of forbidden characters in login with $login_forbidden_chars:

$login_forbidden_chars = "*()&|";
If no characters are configured in $login_forbidden_chars, only alphanumeric characters are allowed.

You can configure “obscure” messages, so that some errors are not displayed and replaced by a generic “bad credentials” error:

$obscure_failure_messages = array("mailnomatch");

Default action

By default, the password change page is displayed. You can configure which page should be displayed when no action is defined:

$default_action = "change";

Possibles values are:

  • change
  • sendtoken
  • sendsms

You can disable the standard password change if you don't need it:

$use_change = false;

In this case, be sure to also remove “change” from default action, else the change page will still be displayed.