Environmental Settings

These settings define the generic configurations for the myDBR installation, establishing an instance connected to a defined database.

Report Database Setup

These settings define the connection information for the myDBR installation and are stored in mydbr_config.php on the server. To modify these settings, rerun the installation. During this process, the installation will verify the existence of the required objects in the selected database.

Database type: MySQL is accessed through mysqli, MS SQL Server can be accessed through Microsoft's sqlsrv driver or through FreeTDS. Sybase ASE and Sybase Anywhere are accessed through FreeTDS
Host: The computer where the reporting database is located. This can be a hostname or an IP address.
Port: If the connection is using a TCP/IP port, it is defined here.
Database: Name of the database containing the mydbr objects.
User: Admin user's username. This user must have privileges to the mydbr database object, including the right to execute stored routines. In the example installation, we created the user mydbr for this purpose.
Password: Password for the admin user.

Authentication

Determines which authentication module is used.

myDBR user authentication: User logins and passwords are defined inside myDBR. See Users.
Single Sign-On (SSO): The user is authenticated by an external website which then redirects the user back to myDBR. See SSO for more information.
Active Directory: The user is authenticated using Active directory.
Custom: Custom authentication allows using external authentication, while still keeping the simplicity of the login process. See Custom authentication for more information.
Session lifetime: Session duration allowing the user to stay connected even when the browser is closed. When returning to myDBR a previous session is restored. Please note that you may need to change PHP's gc_maxlifetime-directive in order to have a longer lifetime.
Two-factor authentication: As an OEM version feature, Two-factor authentication protects the logins via Google Authenticator (TOTP).

Password Settings when Using myDBR Authentication

Defines password rules.

myDBR Passkeys allows users to log in without a password, providing seamless integration with strong authenticators found in devices like Windows Hello or Apple's Touch ID/Face ID. Instead of relying on passwords, this system generates a private-public key pair, referred to as a credential, for myDBR. The private key is securely stored on the user's device, while the public key and a randomly generated credential ID are sent to the myDBR system for storage. With this setup, the myDBR system can use the public key to effectively verify the user's identity. To use Passkeys, the server needs to employ a secure (HTTPS) connection.

Single Sign-On (SSO) Settings

SSO secret token: The token used to verify that SSO redirects are coming from the authenticated SSO server. This token is known only to the myDBR server and SSO server
SSO Server URL: The URL to which the user is redirected for login. myDBR will add a random token and a return URL as parameters to this URL. See SSO for more information.

Google SSO Settings

SSO Server URL: Endpoint for myDBR Google SSO. https://yourserver.com/mydbr/lib/sso/google/index.php
OAuth 2 Client ID, OAuth 2 Client Secret: Google settings
Hosted domain: Domain name. Comma separated if multiple.

Active Directory Settings

Domain Controller: List of Domain Controllers. If you want to balance the queries over multiple controllers, you can specify multiple controllers by separating them with a comma. Example: `dc01.mydomain.local`
Account Suffix: The full account suffix for your domain. Example mydomain.local
Base DN: The base dn for your domain. This is generally the same as your account suffix, but broken up and prefixed with DC=. Your base dn can be located in the extended attributes in Active Directory Users and Computers MMC.
Username / Password: An AD username with access rights to read the AD structure.

Session Handling

myDBR session duration for inactive users is defined by the 'Session lifetime' value. If this value is set to zero, myDBR will use PHP's gc_maxlifetime. When the session expires, the user is redirected to the login screen. You can enable and customize the notification about the expired session shown to the user. The following entries in user/defaults.php can be used:

// Turn on the session logout notice. Default "Your session has expired"
$mydbr_defaults['login']['show_session_expiration_notice'] = true;

// Use custom notification
$mydbr_defaults['login']['custom_session_expiration_notice'] = 'Pleaase log in after the session has expired';

If you want to use localized text, use the #{} notation. For more information, refer to Localization.

Password Reset

Password reset allows users to reset their own password via an email request when using myDBR authentication. Users request a password reset and receive a password reset link via email. The link is valid for a defined period. To use this functionality, the mail settings need to be configured, and the user's myDBR account must have a valid email address. A new reset link request invalidates the old ones, and each link can be used only once.

Enabled: Defines if the feature is enabled
Username / Email / Username or email: Defines which information is requested from the user when they request a password reset link.
Admin user's password can be changed: If this is set, the user can request a password reset link for the admin user. If unchecked, admin logins are protected from password change.
Reset link valid for XX minutes: The user can use the link sent only for XX minutes. After that, the link expires and cannot be used.
Show reset link only after a login failure: If this is set, the link to the password reset functionality is shown only after an unsuccessful login attempt. If the option is not set, the link is always visible.

Customizing the Password Reset Email

You can customize the password reset email templates defined in the mydbr/interface/languages/templates folder. By creating a template with the same name in mydbr/user/templates folder. A template can contain HTML code and supports the following predefined template variables:

#{name} User name
#{hostname} The server URL
#{reset_link} Password reset link
#{link_valid_minutes} How many minutes the password reset link is active
#{page_title} Page title defined in Environment settings

Automatic Login

With automatic login enabled, no individual user login is required. All users accessing the reports will use the same login information. This option is used in cases where myDBR is utilized as a public reporting source (intranets, public extranets). The username and password here should, in normal cases, be set to the non-admin username (not allowing everyone to change the content). Admin access can be gained by pointing the browser to login.php instead of the usual index.php.

Username: The username to be used as a shared username
Password: The password to be used as a shared password

Formatting Defaults

These settings are shared between the users.

Date: Default date format
Time: Default time format
Thousand separator: Default thousand separator
Decimal separator: Default decimal separator
Sum prefix, Min prefix, Max prefix, Average prefix, Count prefix: Prefixes to be used in summary rows when aggregate functions are used in reports
myDBR report prefix: By default, myDBR will search for unused reports based on this prefix. Any stored procedure that starts with this prefix is offered to be added into the myDBR reporting structure.
Theme: The UI style to be used in the application
Language: Languages available under myDBR installation. This selection will allow the admin to translate the system to selected languages and users to set these languages as default

Mail

Mail is used by dbr.mail extension and the password reset feature.

Method: Chosen mail delivery method
Host: SMTP mail hostname
Port: TCP/IP port used by the SMTP mail server (25 is the default for non-encrypted mail)
Encryption: Chosen encryption: none/TLS/SSL
Authentication: When SMTP server is chosen, the authentication can be done via username/password or with XOAUTH2 when using Google mail
Username/Password: Username/password for protected mail server access
Username/Password: Username/password for protected mail server access
OAuth 2 Client ID, OAuth 2 Client Secret: Defaults to be used for "From:"
RefreshToken: Value from Google. Click the link to generate one. See also The League of Extraordinary Packages / Google Provider for OAuth 2.0 Client.
ReplyTo Name/Email: Defaults to be used for "ReplyTo:". Optional. If not set, no separate ReplyTo header is used in mail.

If you want separate "From Name/Email" and "ReplyTo Name/Email" for password resets, you can set these by overriding the values in the defaults.php's 'password_reset' section in .

The password reset instructions are sent to the user's email address. The mail templates are stored in mydbr/interface/languages/templates. If your language template is not there, you can create one by copying the existing templates and modifying them. If you want to override the existing templates and create your own, you can place one with the same name into mydbr/user/templates.

Google XOAUTH2

Settings for Google XOAUTH2:

Host: smtp.gmail.com
Port: 465
Encryption: SSL

OEM

OEM customization options are shown if you have an OEM license.

Licensee: The OEM license holder. Shown in the About-dialog.
Application name: When defined, replaces the 'myDBR'-text in the upper left corner in non-report screens.
Disable header: When selected, no header is shown. Suitable for installations where myDBR is used just for the reports, navigation is done elsewhere.
Disable footer: When selected, no footer is shown.
Footer: When defined, replaces the standard footer text
About info: Additional info to the About-dialog
Login image CSS: An example of the CSS which defines the logo shown in the login screen. Place the definition into user/userstyle.css
Redis enabled: Use the Redis cache to speed up the reports
Redis host: Hostname for the server running the Redis
Redis port: TCP port used by the Redis
Redis username: If you use Redis with a defined username, otherwise leave this field empty
Redis password: The Redis password used for setups where the Redis server is password protected via the requirepass option in redis.conf. By default Redis is accessible only from the machine that it is installed in and by default has no password.
Key ID: If you have multiple myDBR installations using the same Redis, you can differentiate the key being used. The Redis keys used by myDBR use format "myDBR:"+report_id+":"+md5(query) if no key is set and "myDBR:"+redis_key+";"+report_id+":"+md5(query) if the key is set to "mydbr1")
Base directory: Base directory where the file download is performed.
Download method: The default download method.
URL: Determines if the URL's generated are generates as dynamic (unique URL for each user's session) or static (unique to the user).
Hash seed: Hash seed value for generated URL's. Create a value by pressing the Randomize-button for security.

Installed Modules

myDBR supports multiple charting modules. In order to take advantage of image charts and Graphviz-charts, you need to install the support for these. See Optional installations on how to install these modules. wkhtmltopdf allows you to export myDBR reports at full quality.

Image-charts: ChartDirector image support. ChartDirector is an optional install to myDBR. ChartDirector is a commercial application whose license is included with myDBR.
Graphviz-charts: Graphviz support is enabled in the environment.
wkhtmltopdf: wkhtmltopdf support for better PDF output
Default chart format: Choose between SVG and PNG charts. SVG charts are rendered in the client and make full use of client browsers native font subsystem producing crisp charts. PNG charts are images generated in the server.
Use embedded charts: When checked, the chart data is embedded in the report.

Miscellaneous Settings

PHP include path: Enables you to specify the PHP include path in environments where some of the modules are not in the default path.
Proxy server: If your server is behind a proxy, the automatic update may not work until the proxy server is defined. Format is host:port (no http:// prefix).