docker/config/security.php

<?php

$sessionGrants = (bool)$_ENV['SECURITY_SESSION_GRANTS']
$unregisteredSubmissions = (bool)$_ENV['SECURITY_UNREGISTERED_SUBMISSIONS']
$preactivateAccounts = (bool)$_ENV['SECURITY_PREACTIVATE_ACCOUNTS']

$enableCaptcha = (bool)$_ENV['HCAPTCHA_ENABLED']
$hCaptchaKey = $_ENV['HCAPTCHA_KEY']
$hCaptchaSecret = $_ENV['HCAPTCHA_SECRET']
// $sessionGrants = true; //false = GJP check is done every time; true = GJP check is done once per hour; significantly improves performance, slightly descreases security
// $unregisteredSubmissions = false; //false = green accounts can't upload levels, appear on the leaderboards etc; true = green accounts can do everything
// $preactivateAccounts = true; //false = acounts need to be activated at tools/account/activateAccount.php; true = accounts can log in immediately
//
// /*
// 	Captcha settings
// 	Currently the only supported provider is hCaptcha
// 	https://www.hcaptcha.com/
// */
// $enableCaptcha = false;
// $hCaptchaKey = "";
// $hCaptchaSecret = "";