Moodle: config.php, for debugging and flexible control

updated 2018-06-19

If you do not hard-code anything that is not necessary, you can avoid having multiple copies of files.

If you have a test copy of moodle in a different folder (ex: mdl-test), add an if statement to handle it.

if (stripos(dirname(__file__), 'mdl-test') )
{$CFG->dbname = 'mdl_backup'; }
else
{$CFG->dbname = 'mdl_production'; }


I broke wwwroot up into 2 steps:

$wwwroot = 'http://' . $_SERVER['HTTP_HOST'] .
str_replace($_SERVER['DOCUMENT_ROOT'], "", dirname(__file__) ) ;
$CFG->wwwroot = $wwwroot ; # OR
#$CFG->wwwroot = str_replace('www.', '', $wwwroot ) ;
(if you want to be sure your site is always accessed without (or with) the www prefix for search engine optimization, SEO)


$CFG->dataroot = dirname(__file__).'/moodledata/';
$CFG->dataroot = dirname(dirname(dirname(__file__))).'/moodledata/';

The 2nd line (. . . dirname(dirname(dirname( . . .) if used instead of the first, will put moodledata one level below your website if moodle is in a root folder of your website.
moodledata belongs inside. Putting moodledata outside your moodle folder is a hassle and adds nothing to security. (the .htaccess file in it takes care of that)
the moodle install page says:
Securing moodledata in a web directory
If you are using a hosted site and you have no option but to place ‘moodledata’ in a web accessible directory. You may be able to secure it by creating an [using the included] .htaccess file in the ‘moodledata’ directory. This does not work on all systems [it does using Apache] – see your host/administrator. Create a file called .htaccess containing only the following lines:
.htaccess:
Order Deny,Allow
Deny from All
AllowOverride None
if it does not already exist.
See https://docs.moodle.org/33/en/Installing_Moodle & scroll down to “Create the (moodledata) data directory”
With this, no one can access moodledata. Period.
[alternately, consider the readable and unprotected config.php file containing the user-id and password to your database!]

At the bottom,
even moodle does not hard code the path to the next program:

require_once(dirname(__FILE__) . '/lib/setup.php');


At the bottom of the report/security/lang/en/report_security.php program
you can add this code to replace moodle’s error message strings:

$string['check_unsecuredataroot_details'] = '';
$string['check_unsecuredataroot_error'] = '';
$string['check_unsecuredataroot_name'] = '';
$string['check_unsecuredataroot_ok'] = '';
$string['check_unsecuredataroot_warning'] = '';

and 2 stings are also in lang/en/admin.php to replace at the bottom:

$string['datarootsecurityerror'] = '';
$string['datarootsecuritywarning'] = '';