From LimeSurvey Manual
- maxLoginAttempt: This is the number of attempts a user has to enter the correct password before he or she gets her or his IP address blocked/locked out. The default value is 3 and it can be modified from config.php.
- timeOutTime: If the user enters the password incorrectly for <maxLoginAttempt>, she or he gets locked out for <timeOutTime> seconds. The default value is 10 minutes and it can be modified from config.php.
- surveyPreview_require_Auth: Set to true by default. If you set this to 'false', any person can test your survey using the survey URL, without logging in to the administration panel and without having to activate the survey first. This setting is a default value and can be overridden in the global settings dialog or edited in config.php.
- usercontrolSameGroupPolicy: Set to true by default. By default, non-admin users defined in the LimeSurvey management interface will only be able to see users they create or users that belong to at least one same group. The default value can be overridden in the global settings dialog or edited in config.php.
- demoMode: If this option is set to 'true' in config.php, then LimeSurvey will go into demo mode. The demo mode changes the following things:
- Disables admin user's details and password changing;
- Disables the upload of files on the template editor;
- Disables sending email invitations and reminders;
- Disables the creation of a database dump;
- Disables the ability to modify the following global settings: site name, default language, default HTML editor mode, XSS filter.
- forcedsuperadmin: Array of user id whith all rights on all LimeSurvey. This settings can only be updated in config.php file. This user's rights can not be edited in global permissions for a user even by other forced super administrator. By default : user with this rights is user with id : 1. The first user created just after installation.
- force_ssl: forces LimeSurvey to run through HTTPS or to block HTTPS. See Force HTTPS in global settings admin GUI.
- ssl_emergency_override: This setting forces SSL off. If You've turned HTTPS/SSL on in the global settings but your server doesn't have HTTPS enabled, the only way to turn it off is by changing a value in the database directly. This allows you to force HTTPS off while you change the global settings for Force Secure. This should always be false except in emergencies where you change it to true until you fix the problem. This setting can be only set via config.php file.
- ssl_disable_alert: Disable alert for super-admin about unforced SSL, if you really can not or don't want to force ssl. This setting can be only set via config.php file.