class CMSSecurity extends Security (View source)

Provides a security interface functionality within the cms

Traits

Allows an object to have extensions applied to it.

A class that can be instantiated or replaced via DI

Provides extensions to this object to integrate it with standard config API methods.

Allows an object to declare a set of custom methods

Config options

extensions array

An array of extension names and parameters to be applied to this object upon construction.

from  Extensible
unextendable_classes array

Classes that cannot be extended

from  Extensible
casting array

An array of objects to cast certain fields to. This is set up as an array in the format:

from  ViewableData
default_cast string

The default object to cast scalar fields to if casting information is not specified, and casting to an object is required.

from  ViewableData
casting_cache array from  ViewableData
url_segment string|null

Optional url_segment for this request handler

from  RequestHandler
url_handlers array

Default URL handlers.

from  Controller
allowed_actions
strict_path_checking bool

If set to TRUE to prevent sharing of the session across several sites in the domain.

from  Security
password_encryption_algorithm string

The password encryption algorithm to use by default.

from  Security
autologin_enabled bool

Showing "Remember me"-checkbox on loginform, and saving encrypted credentials to a cookie.

from  Security
remember_username bool

Determine if login username may be remembered between login sessions If set to false this will disable auto-complete and prevent username persisting in the session

from  Security
word_list string

Location of word list to use for generating passwords

from  Security
template string from  Security
template_main string

Template that is used to render the pages.

from  Security
page_class string

Class to use for page rendering

from  Security
default_message_set array|string

Default message set used in permission failures.

from  Security
login_url string

The default login URL

from  Security
logout_url string

The default logout URL

from  Security
lost_password_url string

The default lost password URL

from  Security
frame_options string

Value of X-Frame-Options header

from  Security
robots_tag string

Value of the X-Robots-Tag header (for the Security section)

from  Security
login_recording bool

Enable or disable recording of login attempts through the LoginAttempt object.

from  Security
default_login_dest string from  Security
default_reset_password_dest string from  Security
reauth_enabled bool

Enable in-cms reauthentication

Properties

protected static array $extra_methods

Custom method sources

from  CustomMethods
protected array $extra_method_registers

Name of methods to invoke by defineMethods for this instance

from  CustomMethods
protected static array $built_in_methods

Non-custom methods

from  CustomMethods
protected Extension[] $extension_instances from  Extensible
protected callable[][] $beforeExtendCallbacks

List of callbacks to call prior to extensions having extend called on them, each grouped by methodName.

from  Extensible
protected callable[][] $afterExtendCallbacks

List of callbacks to call after extensions having extend called on them, each grouped by methodName.

from  Extensible
protected ViewableData $failover

A failover object to attempt to get data from if it is not present on this object.

from  ViewableData
protected ViewableData $customisedObject from  ViewableData
protected HTTPRequest $request from  RequestHandler
protected $model

The DataModel for this request

from  RequestHandler
protected bool $brokenOnConstruct

This variable records whether RequestHandler::construct() was called or not. Useful for checking if subclasses have called parent::construct()

from  RequestHandler
protected array $urlParams

An array of arguments extracted from the URL.

from  Controller
protected array $requestParams

Contains all GET and POST parameters passed to the current HTTPRequest.

from  Controller
protected string $action

The URL part matched on the current controller as determined by the "$Action" part of the $url_handlers definition. Should correlate to a public method on this controller.

from  Controller
protected static array $controller_stack

Stack of current controllers. Controller::$controller_stack[0] is the current controller.

from  Controller
protected array $templates

Assign templates for this controller.

from  Controller
protected deprecated bool $basicAuthEnabled from  Controller
protected HTTPResponse $response

The response object that the controller returns.

from  Controller
protected bool $baseInitCalled from  Controller
protected static bool $force_database_is_ready from  Security
protected static bool $database_is_ready

When the database has once been verified as ready, it will not do the checks again.

from  Security
protected static Member $currentUser from  Security
protected static $ignore_disallowed_actions from  Security

Methods

public
mixed
__call(string $method, array $arguments)

Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located

protected
defineMethods()

Adds any methods from Extension instances attached to this object.

protected
registerExtraMethodCallback(string $name, callable $callback)

Register an callback to invoke that defines extra methods

public
bool
hasMethod(string $method)

Return TRUE if a method exists on this object

protected
array
getExtraMethodConfig(string $method)

Get meta-data details on a named method

public
array
allMethodNames(bool $custom = false)

Return the names of all the methods available on this object

protected
array
findMethodsFromExtension(object $extension) deprecated

No description

protected
addMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

protected
removeMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

protected
addWrapperMethod(string $method, string $wrap)

Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)

protected
addCallbackMethod(string $method, callable $callback)

Add callback as a method.

protected
beforeExtending(string $method, callable $callback)

Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.

protected
afterExtending(string $method, callable $callback)

Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.

protected
constructExtensions() deprecated

No description

protected
defineExtensionMethods()

Adds any methods from Extension instances attached to this object.

public static 
bool
add_extension(string $classOrExtension, string $extension = null)

Add an extension to a specific class.

public static 
remove_extension(string $extension)

Remove an extension from a class.

public static 
array
get_extensions(string $class = null, bool $includeArgumentString = false)

No description

public static 
array|null
get_extra_config_sources(string $class = null)

Get extra config sources for this class

public static 
bool
has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)

Return TRUE if a class has a specified extension.

public
array
invokeWithExtensions(string $method, mixed $a1 = null, mixed $a2 = null, mixed $a3 = null, mixed $a4 = null, mixed $a5 = null, mixed $a6 = null, mixed $a7 = null)

Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array

public
array
extend(string $method, mixed $a1 = null, mixed $a2 = null, mixed $a3 = null, mixed $a4 = null, mixed $a5 = null, mixed $a6 = null, mixed $a7 = null)

Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed

public
Extension|null
getExtensionInstance(string $extension)

Get an extension instance attached to this object by name.

public
bool
hasExtension(string $extension)

Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.

public
getExtensionInstances()

Get all extension instances for this specific object instance.

public static 
create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

public static 
singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

public static 
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

public
mixed
stat(string $name) deprecated

Get inherited config value

public
mixed
uninherited(string $name)

Gets the uninherited value for the given config option

public
$this
set_stat(string $name, mixed $value) deprecated

Update the config value for a given property

public
__construct()

No description

public
bool
__isset(string $property)

Check if a field exists on this object or its failover.

public
mixed
__get(string $property)

Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using ViewableData::getField(), then fall back on a failover object.

public
__set(string $property, mixed $value)

Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the ViewableData::setField() method.

public
setFailover(ViewableData $failover)

Set a failover object to attempt to get data from if it is not present on this object.

public
getFailover()

Get the current failover object if set

public
bool
hasField(string $field)

Check if a field exists on this object. This should be overloaded in child classes.

public
mixed
getField(string $field)

Get the value of a field on this object. This should be overloaded in child classes.

public
$this
setField(string $field, mixed $value)

Set a field on this object. This should be overloaded in child classes.

public
customise(array|ViewableData $data)

Merge some arbitrary data in with this object. This method returns a ViewableData_Customised instance with references to both this and the new custom data.

public
bool
exists()

Return true if this object "exists" i.e. has a sensible value

public
string
__toString()

No description

public
getCustomisedObj()

No description

public
setCustomisedObj(ViewableData $object)

No description

public
string
castingHelper(string $field)

Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object. This helper will be a subclass of DBField.

public
string
castingClass(string $field)

Get the class name a field on this object will be casted to.

public
string
escapeTypeForField(string $field)

Return the string-format type for the given field.

public
renderWith(string|array|SSViewer $template, array $customFields = null)

Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter:

  • a template name (e.g. Page)
  • an array of possible template names - the first valid one will be used
  • an SSViewer instance

protected
string
objCacheName(string $fieldName, array $arguments)

Generate the cache name for a field

protected
mixed
objCacheGet(string $key)

Get a cached value from the field cache

protected
$this
objCacheSet(string $key, mixed $value)

Store a value in the field cache

protected
$this
objCacheClear()

Clear object cache

public
object|DBField
obj(string $fieldName, array $arguments = [], bool $cache = false, string $cacheName = null)

Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.

public
object|DBField
cachedCall(string $field, array $arguments = [], string $identifier = null)

A simple wrapper around ViewableData::obj() that automatically caches the result so it can be used again without re-running the method.

public
bool
hasValue(string $field, array $arguments = [], bool $cache = true)

Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.

public
string
XML_val(string $field, array $arguments = [], bool $cache = false)

Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.

public
array
getXMLValues(array $fields)

Get an array of XML-escaped values by field name

public
getIterator()

Return a single-item iterator so you can iterate over the fields of a single record.

public
array
getViewerTemplates(string $suffix = '')

Find appropriate templates for SSViewer to use to render this object

public
Me()

When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.

public
string
ThemeDir() deprecated

Return the directory if the current active theme (relative to the site root).

public
string
CSSClasses(string $stopAtClass = self::class)

Get part of the current classes ancestry to be used as a CSS class.

public
Debug()

Return debug information about this object that can be rendered into a template

public
handleRequest(HTTPRequest $request)

Executes this controller, and return an HTTPResponse object with the result.

protected
array
findAction(HTTPRequest $request)

No description

protected
string
addBackURLParam(string $link)

No description

protected
handleAction($request, $action)

Controller's default action handler. It will call the method named in "$Action", if that method exists. If "$Action" isn't given, it will use "index" as a default.

public
array|null
allowedActions(string $limitToClass = null)

Get a array of allowed actions defined on this controller, any parent classes or extensions.

public
bool
hasAction(string $action)

No description

protected
string
definingClassForAction(string $action)

Return the class that defines the given action, so that we know where to check allowed_actions.

public
bool
checkAccessAction(string $action)

Check that the given action is allowed to be called from a URL.

public
httpError(int $errorCode, string $errorMessage = null)

Throws a HTTP error response encased in a HTTPResponse_Exception, which is later caught in RequestHandler::handleAction() and returned to the user.

public
getRequest()

Returns the HTTPRequest object that this controller is using.

from  Security
public
$this
setRequest(HTTPRequest $request)

Typically the request is set through handleAction() or handleRequest(), but in some based we want to set it manually.

public
string
Link(string $action = null)

Get a link to a security action

public
redirect(string $url, int $code = 302)

Redirect to the given URL.

public
string
getBackURL()

Safely get the value of the BackURL param, if provided via querystring / posted var

public
string
getReferer()

Get referer

public
redirectBack()

Redirect back. Uses either the HTTP-Referer or a manually set request-variable called "BackURL".

protected
init()

Initialisation function that is run before any action on the controller is called.

public
doInit()

A stand in function to protect the init function from failing to be called as well as providing before and after hooks for the init function itself

protected
beforeHandleRequest(HTTPRequest $request)

A bootstrap for the handleRequest method

protected
afterHandleRequest()

Cleanup for the handleRequest method

protected
prepareResponse(HTTPResponse|object $response)

Prepare the response (we can receive an assortment of response types (strings/objects/HTTPResponses) and changes the controller response object appropriately

public
$this
setURLParams(array $urlParams)

No description

public
array
getURLParams()

Returns the parameters extracted from the URL by the Director.

public
getResponse()

Returns the HTTPResponse object that this controller is building up. Can be used to set the status code and headers.

public
$this
setResponse(HTTPResponse $response)

Sets the HTTPResponse object that this controller is building up.

public
defaultAction(string $action)

This is the default action handler used if a method doesn't exist. It will process the controller object with the template returned by getViewer().

public
string
getAction()

Returns the action that is being executed on this controller.

public
getViewer(string $action)

Return the viewer identified being the default handler for this Controller/Action combination.

public
string
removeAction(string $fullURL, null|string $action = null)

Removes all the "action" part of the current URL and returns the result. If no action parameter is present, returns the full URL.

public
bool
hasActionTemplate(string $action)

Returns TRUE if this controller has a template that is specifically designed to handle a specific action.

public
string
render(array $params = null)

Render the current controller with the templates determined by getViewer().

public
disableBasicAuth() deprecated

Call this to disable site-wide basic authentication for a specific controller. This must be called before Controller::init(). That is, you must call it in your controller's init method before it calls parent::init().

public static 
curr()

Returns the current controller.

public static 
bool
has_curr()

Tests whether we have a currently active controller or not. True if there is at least 1 controller in the stack.

public
bool
can(string $perm, null|member $member = null)

Returns true if the member is allowed to do the given action. Defaults to the currently logged in user.

public
pushCurrent()

Pushes this controller onto the stack of current controllers. This means that any redirection, session setting, or other things that rely on Controller::curr() will now write to this controller object.

public
popCurrent()

Pop this controller off the top of the stack.

public
null|string
redirectedTo()

Tests whether a redirection has been requested. If redirect() has been called, it will return the URL redirected to. Otherwise, it will return null.

public static 
string
join_links(string|array $arg = null)

Joins two or more link segments together, putting a slash between them if necessary. Use this for building the results of Link() methods. If either of the links have query strings, then they will be combined and put at the end of the resulting url.

public static 
array
get_template_global_variables()

Defines global accessible templates variables.

from  Security
public
getAuthenticators()

No description

from  Security
public
setAuthenticators(array $authenticators)

No description

from  Security
public
index()

No description

from  Security
protected
getAuthenticator(string $name = 'cms')

Get the selected authenticator for this request

public
getApplicableAuthenticators(int $service = Authenticator::CMS_LOGIN)

Get all registered authenticators

public
bool
hasAuthenticator(string $authenticator)

Check if a given authenticator is registered

from  Security
public static 
permissionFailure(Controller $controller = null, string|array $messageSet = null)

Register that we've had a permission failure trying to view the given page

from  Security
public static 
setCurrentUser(null|Member $currentUser = null)

The intended uses of this function is to temporarily change the current user for things such as canView() checks or unit tests. It is stateless and will not persist between requests. Importantly it also will not call any logic that may be present in the current IdentityStore logIn() or logout() methods

from  Security
public static 
null|Member
getCurrentUser()

No description

from  Security
public
array
getLoginForms() deprecated

Get the login forms for all available authentication methods

from  Security
public
ping()

This action is available as a keep alive, so user sessions don't timeout. A common use is in the admin.

from  Security
protected
preLogin()

Perform pre-login checking and prepare a response if available prior to login

public
getResponseController(string $title)

Prepare the controller for handling the response to this request

protected
string
generateTabbedFormSet(array|Form[] $forms)

Combine the given forms into a formset with a tabbed interface

from  Security
protected
string
getSessionMessage(string $messageType = null)

Get the HTML Content for the $Content area during login

public
setSessionMessage(string $message, string $messageType = ValidationResult::TYPE_WARNING, string $messageCast = ValidationResult::CAST_TEXT)

Set the next message to display for the security login page. Defaults to warning

from  Security
public static 
clearSessionMessage()

Clear login message

from  Security
public
HTTPResponse|string
login(null|HTTPRequest $request = null, int $service = Authenticator::CMS_LOGIN)

Show the "login" page

public
HTTPResponse|string
logout(null|HTTPRequest $request = null, int $service = Authenticator::LOGOUT)

Log the currently logged in user out

from  Security
protected
array|Authenticator[]
getServiceAuthenticatorsFromRequest(int $service, HTTPRequest $request)

Get authenticators for the given service, optionally filtered by the ID parameter of the current request

from  Security
protected
array
aggregateTabbedForms(array $results)

Aggregate tabbed forms from each handler to fragments ready to be rendered.

from  Security
protected
array|HTTPResponse
aggregateAuthenticatorResponses(array $results)

We have three possible scenarios.

from  Security
protected
delegateToMultipleHandlers(array $handlers, string $title, array $templates, callable $aggregator)

Delegate to a number of handlers and aggregate the results. This is used, for example, to build the log-in page where there are multiple authenticators active.

from  Security
protected
delegateToHandler(RequestHandler $handler, string $title, array $templates = [])

Delegate to another RequestHandler, rendering any fragment arrays into an appropriate.

from  Security
protected
renderWrappedController(string $title, array $fragments, array $templates)

Render the given fragments into a security page controller with the given title.

from  Security
public
basicauthlogin()

No description

from  Security
public
string
lostpassword()

Show the "lost password" page

from  Security
public
string|HTTPRequest
changepassword()

Show the "change password" page.

from  Security
public static 
string
getPasswordResetLink(Member $member, string $autologinToken)

Create a link to the password reset form.

from  Security
public
array
getTemplatesFor(string $action)

Determine the list of templates to use for rendering the given action.

from  Security
public static 
findAnAdministrator() deprecated

Return an existing member with administrator privileges, or create one of necessary.

from  Security
public static 
clear_default_admin() deprecated

Flush the default admin credentials

from  Security
public static 
bool
setDefaultAdmin(string $username, string $password) deprecated

Set a default admin in dev-mode

from  Security
public static 
bool
check_default_admin(string $username, string $password) deprecated

Checks if the passed credentials are matching the default-admin.

from  Security
public static 
has_default_admin() deprecated

Check that the default admin account has been set.

from  Security
public static 
string
default_admin_username() deprecated

Get default admin username

from  Security
public static 
string
default_admin_password() deprecated

Get default admin password

from  Security
public static 
mixed
encrypt_password(string $password, string $salt = null, string $algorithm = null, Member $member = null)

Encrypt a password according to the current password encryption settings.

from  Security
public static 
bool
database_is_ready()

Checks the database is in a state to perform security checks.

from  Security
public static 
clear_database_is_ready()

Resets the database_is_ready cache

from  Security
public static 
force_database_is_ready(bool $isReady)

For the database_is_ready call to return a certain value - used for testing

from  Security
public static 
set_ignore_disallowed_actions(bool $flag)

Set to true to ignore access to disallowed actions, rather than returning permission failure Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()

from  Security
public static 
ignore_disallowed_actions()

No description

from  Security
public static 
string
login_url()

Get the URL of the log-in page.

from  Security
public static 
string
logout_url()

Get the URL of the logout page.

from  Security
public static 
string
lost_password_url()

Get the URL of the logout page.

from  Security
public
getTargetMember()

Get known logged out member

public
bool
getIsloggedIn()

Check if there is a logged in member

protected
redirectToExternalLogin()

Redirects the user to the external login page

public
bool
enabled()

Determine if CMSSecurity is enabled

public
success()

Given a successful login, tell the parent frame to close the dialog

Details

mixed __call(string $method, array $arguments)

Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located

You can add extra methods to a class using Extensions}, {@link Object::createMethod() or Object::addWrapperMethod()

Parameters

string $method
array $arguments

Return Value

mixed

Exceptions

BadMethodCallException

protected defineMethods()

Adds any methods from Extension instances attached to this object.

All these methods can then be called directly on the instance (transparently mapped through __call()}), or called explicitly through {@link extend().

protected registerExtraMethodCallback(string $name, callable $callback)

Register an callback to invoke that defines extra methods

Parameters

string $name
callable $callback

bool hasMethod(string $method)

Return TRUE if a method exists on this object

This should be used rather than PHP's inbuild method_exists() as it takes into account methods added via extensions

Parameters

string $method

Return Value

bool

protected array getExtraMethodConfig(string $method)

Get meta-data details on a named method

Parameters

string $method

Return Value

array

List of custom method details, if defined for this method

array allMethodNames(bool $custom = false)

Return the names of all the methods available on this object

Parameters

bool $custom

include methods added dynamically at runtime

Return Value

array

protected array findMethodsFromExtension(object $extension) deprecated

deprecated 4.13.0 Will be replaced by findMethodsFrom() in CMS 5

No description

Parameters

object $extension

Return Value

array

protected addMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

Parameters

string $property

the property name

string|int $index

an index to use if the property is an array

Exceptions

InvalidArgumentException

protected removeMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

Parameters

string $property

the property name

string|int $index

an index to use if the property is an array

protected addWrapperMethod(string $method, string $wrap)

Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)

Parameters

string $method

the method name to wrap

string $wrap

the method name to wrap to

protected addCallbackMethod(string $method, callable $callback)

Add callback as a method.

Parameters

string $method

Name of method

callable $callback

Callback to invoke. Note: $this is passed as first parameter to this callback and then $args as array

protected beforeExtending(string $method, callable $callback)

Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.

Parameters

string $method

The name of the method to hook into

callable $callback

The callback to execute

protected afterExtending(string $method, callable $callback)

Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.

Parameters

string $method

The name of the method to hook into

callable $callback

The callback to execute

protected constructExtensions() deprecated

deprecated 4.0.0:5.0.0 Extensions and methods are now lazy-loaded

No description

protected defineExtensionMethods()

Adds any methods from Extension instances attached to this object.

All these methods can then be called directly on the instance (transparently mapped through __call()}), or called explicitly through {@link extend().

static bool add_extension(string $classOrExtension, string $extension = null)

Add an extension to a specific class.

The preferred method for adding extensions is through YAML config, since it avoids autoloading the class, and is easier to override in more specific configurations.

As an alternative, extensions can be added to a specific class directly in the Object::$extensions array. See SiteTree::$extensions for examples. Keep in mind that the extension will only be applied to new instances, not existing ones (including all instances created through singleton()).

Parameters

string $classOrExtension

Class that should be extended - has to be a subclass of Object

string $extension

Subclass of Extension with optional parameters as a string, e.g. "Versioned" or "Translatable('Param')"

Return Value

bool

Flag if the extension was added

See also

http://doc.silverstripe.org/framework/en/trunk/reference/dataextension

static remove_extension(string $extension)

Remove an extension from a class.

Note: This will not remove extensions from parent classes, and must be called directly on the class assigned the extension.

Keep in mind that this won't revert any datamodel additions of the extension at runtime, unless its used before the schema building kicks in (in your _config.php). Doesn't remove the extension from any Object instances which are already created, but will have an effect on new extensions. Clears any previously created singletons through singleton() to avoid side-effects from stale extension information.

Add support for removing extensions with parameters

Parameters

string $extension

class name of an Extension subclass, without parameters

static array get_extensions(string $class = null, bool $includeArgumentString = false)

No description

Parameters

string $class

If omitted, will get extensions for the current class

bool $includeArgumentString

Include the argument string in the return array, FALSE would return array("Versioned"), TRUE returns array("Versioned('Stage','Live')").

Return Value

array

Numeric array of either DataExtension class names, or eval'ed class name strings with constructor arguments.

static array|null get_extra_config_sources(string $class = null)

Get extra config sources for this class

Parameters

string $class

Name of class. If left null will return for the current class

Return Value

array|null

static bool has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)

Return TRUE if a class has a specified extension.

This supports backwards-compatible format (static Object::has_extension($requiredExtension)) and new format ($object->has_extension($class, $requiredExtension))

Parameters

string $classOrExtension

Class to check extension for, or the extension name to check if the second argument is null.

string $requiredExtension

If the first argument is the parent class, this is the extension to check. If left null, the first parameter will be treated as the extension.

bool $strict

if the extension has to match the required extension and not be a subclass

Return Value

bool

Flag if the extension exists

array invokeWithExtensions(string $method, mixed $a1 = null, mixed $a2 = null, mixed $a3 = null, mixed $a4 = null, mixed $a5 = null, mixed $a6 = null, mixed $a7 = null)

Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array

Parameters

string $method

the method name to call

mixed $a1
mixed $a2
mixed $a3
mixed $a4
mixed $a5
mixed $a6
mixed $a7

Return Value

array

List of results with nulls filtered out

array extend(string $method, mixed $a1 = null, mixed $a2 = null, mixed $a3 = null, mixed $a4 = null, mixed $a5 = null, mixed $a6 = null, mixed $a7 = null)

Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed

Currently returns an array, with an index resulting every time the function is called. Only adds returns if they're not NULL, to avoid bogus results from methods just defined on the parent extension. This is important for permission-checks through extend, as they use min() to determine if any of the returns is FALSE. As min() doesn't do type checking, an included NULL return would fail the permission checks.

The extension methods are defined during __construct()} in {@link defineMethods().

Parameters

string $method

the name of the method to call on each extension

mixed $a1
mixed $a2
mixed $a3
mixed $a4
mixed $a5
mixed $a6
mixed $a7

Return Value

array

Extension|null getExtensionInstance(string $extension)

Get an extension instance attached to this object by name.

Parameters

string $extension

Return Value

Extension|null

bool hasExtension(string $extension)

Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.

Caution: Don't use singleton()->hasExtension() as it will give you inconsistent results based on when the singleton was first accessed.

Parameters

string $extension

Classname of an Extension subclass without parameters

Return Value

bool

Extension[] getExtensionInstances()

Get all extension instances for this specific object instance.

See get_extensions() to get all applied extension classes for this class (not the instance).

This method also provides lazy-population of the extension_instances property.

Return Value

Extension[]

Map of DataExtension instances, keyed by classname.

static Injectable create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.

This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create(SiteTree::class); $list = SiteTree::get();

Parameters

mixed ...$args

Return Value

Injectable

static Injectable singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).

Parameters

string $class

Optional classname to create, if the called class should not be used

Return Value

Injectable

The singleton instance

static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

mixed stat(string $name) deprecated

deprecated 5.0 Use ->config()->get() instead

Get inherited config value

Parameters

string $name

Return Value

mixed

mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

$this set_stat(string $name, mixed $value) deprecated

deprecated 5.0 Use ->config()->set() instead

Update the config value for a given property

Parameters

string $name
mixed $value

Return Value

$this

__construct()

No description

bool __isset(string $property)

Check if a field exists on this object or its failover.

Note that, unlike the core isset() implementation, this will return true if the property is defined and set to null.

Parameters

string $property

Return Value

bool

mixed __get(string $property)

Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using ViewableData::getField(), then fall back on a failover object.

Parameters

string $property

Return Value

mixed

__set(string $property, mixed $value)

Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the ViewableData::setField() method.

Parameters

string $property
mixed $value

setFailover(ViewableData $failover)

Set a failover object to attempt to get data from if it is not present on this object.

Parameters

ViewableData $failover

ViewableData|null getFailover()

Get the current failover object if set

Return Value

ViewableData|null

bool hasField(string $field)

Check if a field exists on this object. This should be overloaded in child classes.

Parameters

string $field

Return Value

bool

mixed getField(string $field)

Get the value of a field on this object. This should be overloaded in child classes.

Parameters

string $field

Return Value

mixed

$this setField(string $field, mixed $value)

Set a field on this object. This should be overloaded in child classes.

Parameters

string $field
mixed $value

Return Value

$this

ViewableData_Customised customise(array|ViewableData $data)

Merge some arbitrary data in with this object. This method returns a ViewableData_Customised instance with references to both this and the new custom data.

Note that any fields you specify will take precedence over the fields on this object.

Parameters

array|ViewableData $data

Return Value

ViewableData_Customised

bool exists()

Return true if this object "exists" i.e. has a sensible value

This method should be overridden in subclasses to provide more context about the classes state. For example, a DataObject class could return false when it is deleted from the database

Return Value

bool

string __toString()

No description

Return Value

string

the class name

ViewableData getCustomisedObj()

No description

Return Value

ViewableData

setCustomisedObj(ViewableData $object)

No description

Parameters

ViewableData $object

string castingHelper(string $field)

Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object. This helper will be a subclass of DBField.

Parameters

string $field

Return Value

string

Casting helper As a constructor pattern, and may include arguments.

Exceptions

Exception

string castingClass(string $field)

Get the class name a field on this object will be casted to.

Parameters

string $field

Return Value

string

string escapeTypeForField(string $field)

Return the string-format type for the given field.

Parameters

string $field

Return Value

string 'xml'|'raw'

DBHTMLText renderWith(string|array|SSViewer $template, array $customFields = null)

Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter:

  • a template name (e.g. Page)
  • an array of possible template names - the first valid one will be used
  • an SSViewer instance

Parameters

string|array|SSViewer $template

the template to render into

array $customFields

fields to customise() the object with before rendering

Return Value

DBHTMLText

protected string objCacheName(string $fieldName, array $arguments)

Generate the cache name for a field

Parameters

string $fieldName

Name of field

array $arguments

List of optional arguments given

Return Value

string

protected mixed objCacheGet(string $key)

Get a cached value from the field cache

Parameters

string $key

Cache key

Return Value

mixed

protected $this objCacheSet(string $key, mixed $value)

Store a value in the field cache

Parameters

string $key

Cache key

mixed $value

Return Value

$this

protected $this objCacheClear()

Clear object cache

Return Value

$this

object|DBField obj(string $fieldName, array $arguments = [], bool $cache = false, string $cacheName = null)

Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.

Parameters

string $fieldName
array $arguments
bool $cache

Cache this object

string $cacheName

a custom cache name

Return Value

object|DBField

object|DBField cachedCall(string $field, array $arguments = [], string $identifier = null)

A simple wrapper around ViewableData::obj() that automatically caches the result so it can be used again without re-running the method.

Parameters

string $field
array $arguments
string $identifier

an optional custom cache identifier

Return Value

object|DBField

bool hasValue(string $field, array $arguments = [], bool $cache = true)

Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.

Parameters

string $field
array $arguments
bool $cache

Return Value

bool

string XML_val(string $field, array $arguments = [], bool $cache = false)

Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.

Parameters

string $field
array $arguments
bool $cache

Return Value

string

array getXMLValues(array $fields)

Get an array of XML-escaped values by field name

Parameters

array $fields

an array of field names

Return Value

array

ArrayIterator getIterator()

Return a single-item iterator so you can iterate over the fields of a single record.

This is useful so you can use a single record inside a <% control %> block in a template - and then use to access individual fields on this object.

Return Value

ArrayIterator

array getViewerTemplates(string $suffix = '')

Find appropriate templates for SSViewer to use to render this object

Parameters

string $suffix

Return Value

array

ViewableData Me()

When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.

Return Value

ViewableData

string ThemeDir() deprecated

deprecated 4.0.1 Use ModuleResourceLoader::resourcePath() or ModuleResourceLoader::resourceURL() instead

Return the directory if the current active theme (relative to the site root).

This method is useful for things such as accessing theme images from your template without hardcoding the theme page - e.g. .

This method should only be used when a theme is currently active. However, it will fall over to the current project directory.

Return Value

string

URL to the current theme

string CSSClasses(string $stopAtClass = self::class)

Get part of the current classes ancestry to be used as a CSS class.

This method returns an escaped string of CSS classes representing the current classes ancestry until it hits a stop point - e.g. "Page DataObject ViewableData".

Parameters

string $stopAtClass

the class to stop at (default: ViewableData)

Return Value

string

ViewableData_Debugger Debug()

Return debug information about this object that can be rendered into a template

Return Value

ViewableData_Debugger

HTTPResponse|RequestHandler|string|array handleRequest(HTTPRequest $request)

Executes this controller, and return an HTTPResponse object with the result.

This method defers to RequestHandler->handleRequest() to determine which action should be executed

Note: You should rarely need to overload handleRequest() - this kind of change is only really appropriate for things like nested controllers - ModelAsController} and {@link RootURLController are two examples here. If you want to make more orthodox functionality, it's better to overload init()} or {@link index().

Important: If you are going to overload handleRequest, make sure that you start the method with $this->beforeHandleRequest() and end the method with $this->afterHandleRequest()

Parameters

HTTPRequest $request

The object that is responsible for distributing URL parsing

Return Value

HTTPResponse|RequestHandler|string|array

protected array findAction(HTTPRequest $request)

No description

Parameters

HTTPRequest $request

Return Value

array

protected string addBackURLParam(string $link)

No description

Parameters

string $link

Return Value

string

protected HTTPResponse handleAction($request, $action)

Controller's default action handler. It will call the method named in "$Action", if that method exists. If "$Action" isn't given, it will use "index" as a default.

Parameters

$request
$action

Return Value

HTTPResponse

array|null allowedActions(string $limitToClass = null)

Get a array of allowed actions defined on this controller, any parent classes or extensions.

Caution: Since 3.1, allowed_actions definitions only apply to methods on the controller they're defined on, so it is recommended to use the $class argument when invoking this method.

Parameters

string $limitToClass

Return Value

array|null

bool hasAction(string $action)

No description

Parameters

string $action

Return Value

bool

protected string definingClassForAction(string $action)

Return the class that defines the given action, so that we know where to check allowed_actions.

Overrides RequestHandler to also look at defined templates.

Parameters

string $action

Return Value

string

bool checkAccessAction(string $action)

Check that the given action is allowed to be called from a URL.

It will interrogate self::$allowed_actions to determine this.

Parameters

string $action

Return Value

bool

Exceptions

Exception

httpError(int $errorCode, string $errorMessage = null)

Throws a HTTP error response encased in a HTTPResponse_Exception, which is later caught in RequestHandler::handleAction() and returned to the user.

Parameters

int $errorCode
string $errorMessage

Plaintext error message

Exceptions

HTTPResponse_Exception

HTTPRequest getRequest()

Returns the HTTPRequest object that this controller is using.

Returns a placeholder NullHTTPRequest object unless handleAction()} or {@link handleRequest() have been called, which adds a reference to an actual HTTPRequest object.

Return Value

HTTPRequest

$this setRequest(HTTPRequest $request)

Typically the request is set through handleAction() or handleRequest(), but in some based we want to set it manually.

Parameters

HTTPRequest $request

Return Value

$this

Get a link to a security action

Parameters

string $action

Optional action

Return Value

string

HTTPResponse redirect(string $url, int $code = 302)

Redirect to the given URL.

Parameters

string $url
int $code

Return Value

HTTPResponse

string getBackURL()

Safely get the value of the BackURL param, if provided via querystring / posted var

Return Value

string

string getReferer()

Get referer

Return Value

string

HTTPResponse redirectBack()

Redirect back. Uses either the HTTP-Referer or a manually set request-variable called "BackURL".

This variable is needed in scenarios where HTTP-Referer is not sent (e.g when calling a page by location.href in IE). If none of the two variables is available, it will redirect to the base URL (see Director::baseURL()).

Return Value

HTTPResponse

protected init()

Initialisation function that is run before any action on the controller is called.

doInit()

A stand in function to protect the init function from failing to be called as well as providing before and after hooks for the init function itself

This should be called on all controllers before handling requests

protected beforeHandleRequest(HTTPRequest $request)

A bootstrap for the handleRequest method

setDataModel and setRequest are redundantly called in parent::handleRequest() - sort this out

Parameters

HTTPRequest $request

protected afterHandleRequest()

Cleanup for the handleRequest method

protected prepareResponse(HTTPResponse|object $response)

Prepare the response (we can receive an assortment of response types (strings/objects/HTTPResponses) and changes the controller response object appropriately

Parameters

HTTPResponse|object $response

$this setURLParams(array $urlParams)

No description

Parameters

array $urlParams

Return Value

$this

array getURLParams()

Returns the parameters extracted from the URL by the Director.

Return Value

array

HTTPResponse getResponse()

Returns the HTTPResponse object that this controller is building up. Can be used to set the status code and headers.

Return Value

HTTPResponse

$this setResponse(HTTPResponse $response)

Sets the HTTPResponse object that this controller is building up.

Parameters

HTTPResponse $response

Return Value

$this

DBHTMLText defaultAction(string $action)

This is the default action handler used if a method doesn't exist. It will process the controller object with the template returned by getViewer().

Parameters

string $action

Return Value

DBHTMLText

string getAction()

Returns the action that is being executed on this controller.

Return Value

string

SSViewer getViewer(string $action)

Return the viewer identified being the default handler for this Controller/Action combination.

Parameters

string $action

Return Value

SSViewer

string removeAction(string $fullURL, null|string $action = null)

Removes all the "action" part of the current URL and returns the result. If no action parameter is present, returns the full URL.

Parameters

string $fullURL
null|string $action

Return Value

string

bool hasActionTemplate(string $action)

Returns TRUE if this controller has a template that is specifically designed to handle a specific action.

Parameters

string $action

Return Value

bool

string render(array $params = null)

Render the current controller with the templates determined by getViewer().

Parameters

array $params

Return Value

string

disableBasicAuth() deprecated

deprecated 4.1.0 Add this controller's url to SilverStripe\Security\BasicAuthMiddleware.URLPatterns injected property instead

Call this to disable site-wide basic authentication for a specific controller. This must be called before Controller::init(). That is, you must call it in your controller's init method before it calls parent::init().

static Controller curr()

Returns the current controller.

Return Value

Controller

static bool has_curr()

Tests whether we have a currently active controller or not. True if there is at least 1 controller in the stack.

Return Value

bool

bool can(string $perm, null|member $member = null)

Returns true if the member is allowed to do the given action. Defaults to the currently logged in user.

Parameters

string $perm
null|member $member

Return Value

bool

pushCurrent()

Pushes this controller onto the stack of current controllers. This means that any redirection, session setting, or other things that rely on Controller::curr() will now write to this controller object.

Note: Ensure this controller is assigned a request with a valid session before pushing it to the stack.

popCurrent()

Pop this controller off the top of the stack.

null|string redirectedTo()

Tests whether a redirection has been requested. If redirect() has been called, it will return the URL redirected to. Otherwise, it will return null.

Return Value

null|string

Joins two or more link segments together, putting a slash between them if necessary. Use this for building the results of Link() methods. If either of the links have query strings, then they will be combined and put at the end of the resulting url.

Caution: All parameters are expected to be URI-encoded already.

Parameters

string|array $arg

One or more link segments, or list of link segments as an array

Return Value

string

static array get_template_global_variables()

Defines global accessible templates variables.

Return Value

array

Returns an array of items. Each key => value pair is one of three forms:

  • template name (no key)
  • template name => method name
  • template name => [], where the array can contain these key => value pairs
    • "method" => method name
    • "casting" => casting class to use (i.e., Varchar, HTMLFragment, etc)

Authenticator[] getAuthenticators()

No description

Return Value

Authenticator[]

setAuthenticators(array $authenticators)

No description

Parameters

array $authenticators

index()

No description

protected Authenticator getAuthenticator(string $name = 'cms')

Get the selected authenticator for this request

Parameters

string $name

The identifier of the authenticator in your config

Return Value

Authenticator

Class name of Authenticator

Exceptions

LogicException

Authenticator[] getApplicableAuthenticators(int $service = Authenticator::CMS_LOGIN)

Get all registered authenticators

Parameters

int $service

The type of service that is requested

Return Value

Authenticator[]

Return an array of Authenticator objects

bool hasAuthenticator(string $authenticator)

Check if a given authenticator is registered

Parameters

string $authenticator

The configured identifier of the authenticator

Return Value

bool

Returns TRUE if the authenticator is registered, FALSE otherwise.

static HTTPResponse permissionFailure(Controller $controller = null, string|array $messageSet = null)

Register that we've had a permission failure trying to view the given page

This will redirect to a login page. If you don't provide a messageSet, a default will be used.

Parameters

Controller $controller

The controller that you were on to cause the permission failure.

string|array $messageSet

The message to show to the user. This can be a string, or a map of different messages for different contexts. If you pass an array, you can use the following keys:

  • default: The default message
  • alreadyLoggedIn: The message to show if the user is already logged in and lacks the permission to access the item.

The alreadyLoggedIn value can contain a '%s' placeholder that will be replaced with a link to log in.

Return Value

HTTPResponse

static setCurrentUser(null|Member $currentUser = null)

The intended uses of this function is to temporarily change the current user for things such as canView() checks or unit tests. It is stateless and will not persist between requests. Importantly it also will not call any logic that may be present in the current IdentityStore logIn() or logout() methods

If you are unit testing and calling FunctionalTest::get() or FunctionalTest::post() and you need to change the current user, you should instead use SapphireTest::logInAs() / logOut() which itself will call Injector::inst()->get(IdentityStore::class)->logIn($member) / logout()

Parameters

null|Member $currentUser

static null|Member getCurrentUser()

No description

Return Value

null|Member

array getLoginForms() deprecated

deprecated 4.12.0 Use delegateToMultipleHandlers() instead

Get the login forms for all available authentication methods

Return Value

array

Returns an array of available login forms (array of Form objects).

ping()

This action is available as a keep alive, so user sessions don't timeout. A common use is in the admin.

protected HTTPResponse preLogin()

Perform pre-login checking and prepare a response if available prior to login

Return Value

HTTPResponse

Substitute response object if the login process should be circumvented. Returns null if should proceed as normal.

Controller getResponseController(string $title)

Prepare the controller for handling the response to this request

Parameters

string $title

Title to use

Return Value

Controller

protected string generateTabbedFormSet(array|Form[] $forms)

Combine the given forms into a formset with a tabbed interface

Parameters

array|Form[] $forms

Return Value

string

protected string getSessionMessage(string $messageType = null)

Get the HTML Content for the $Content area during login

Parameters

string $messageType

Type of message, if available, passed back to caller (by reference)

Return Value

string

Message in HTML format

setSessionMessage(string $message, string $messageType = ValidationResult::TYPE_WARNING, string $messageCast = ValidationResult::CAST_TEXT)

Set the next message to display for the security login page. Defaults to warning

Parameters

string $message Message
string $messageType

Message type. One of ValidationResult::TYPE_*

string $messageCast

Message cast. One of ValidationResult::CAST_*

static clearSessionMessage()

Clear login message

HTTPResponse|string login(null|HTTPRequest $request = null, int $service = Authenticator::CMS_LOGIN)

Show the "login" page

For multiple authenticators, Security_MultiAuthenticatorLogin is used. See getTemplatesFor and getIncludeTemplate for how to override template logic

Parameters

null|HTTPRequest $request
int $service

Return Value

HTTPResponse|string

Returns the "login" page as HTML code.

Exceptions

HTTPResponse_Exception

HTTPResponse|string logout(null|HTTPRequest $request = null, int $service = Authenticator::LOGOUT)

Log the currently logged in user out

Logging out without ID-parameter in the URL, will log the user out of all applicable Authenticators.

Adding an ID will only log the user out of that Authentication method.

Parameters

null|HTTPRequest $request
int $service

Return Value

HTTPResponse|string

protected array|Authenticator[] getServiceAuthenticatorsFromRequest(int $service, HTTPRequest $request)

Get authenticators for the given service, optionally filtered by the ID parameter of the current request

Parameters

int $service
HTTPRequest $request

Return Value

array|Authenticator[]

Exceptions

HTTPResponse_Exception

protected array aggregateTabbedForms(array $results)

Aggregate tabbed forms from each handler to fragments ready to be rendered.

Parameters

array $results

Return Value

array

protected array|HTTPResponse aggregateAuthenticatorResponses(array $results)

We have three possible scenarios.

We get back Content (e.g. Password Reset) We get back a Form (no token set for logout) We get back a HTTPResponse, telling us to redirect. Return the first one, which is the default response, as that covers all required scenarios

Parameters

array $results

Return Value

array|HTTPResponse

protected array|HTTPResponse|RequestHandler|DBHTMLText|string delegateToMultipleHandlers(array $handlers, string $title, array $templates, callable $aggregator)

Delegate to a number of handlers and aggregate the results. This is used, for example, to build the log-in page where there are multiple authenticators active.

If a single handler is passed, delegateToHandler() will be called instead

Parameters

array $handlers
string $title

The title of the form

array $templates
callable $aggregator

Return Value

array|HTTPResponse|RequestHandler|DBHTMLText|string

protected array|HTTPResponse|RequestHandler|DBHTMLText|string delegateToHandler(RequestHandler $handler, string $title, array $templates = [])

Delegate to another RequestHandler, rendering any fragment arrays into an appropriate.

controller.

Parameters

RequestHandler $handler
string $title

The title of the form

array $templates

Return Value

array|HTTPResponse|RequestHandler|DBHTMLText|string

protected HTTPResponse|DBHTMLText renderWrappedController(string $title, array $fragments, array $templates)

Render the given fragments into a security page controller with the given title.

Parameters

string $title

string The title to give the security page

array $fragments

A map of objects to render into the page, e.g. "Form"

array $templates

An array of templates to use for the render

Return Value

HTTPResponse|DBHTMLText

basicauthlogin()

No description

string lostpassword()

Show the "lost password" page

Return Value

string

Returns the "lost password" page as HTML code.

string|HTTPRequest changepassword()

Show the "change password" page.

This page can either be called directly by logged-in users (in which case they need to provide their old password), or through a link emailed through lostpassword(). In this case no old password is required, authentication is ensured through the Member.AutoLoginHash property.

Return Value

string|HTTPRequest

Returns the "change password" page as HTML code, or a redirect response

See also

ChangePasswordForm

Create a link to the password reset form.

GET parameters used:

  • m: member ID
  • t: plaintext token

Parameters

Member $member

Member object associated with this link.

string $autologinToken

The auto login token.

Return Value

string

array getTemplatesFor(string $action)

Determine the list of templates to use for rendering the given action.

Parameters

string $action

Return Value

array

Template list

static Member findAnAdministrator() deprecated

deprecated 4.0.1 Use DefaultAdminService::findOrCreateDefaultAdmin()

Return an existing member with administrator privileges, or create one of necessary.

Will create a default 'Administrators' group if no group is found with an ADMIN permission. Will create a new 'Admin' member with administrative permissions if no existing Member with these permissions is found.

Important: Any newly created administrator accounts will NOT have valid login credentials (Email/Password properties), which means they can't be used for login purposes outside of any default credentials set through Security::setDefaultAdmin().

Return Value

Member

static clear_default_admin() deprecated

deprecated 4.0.1 Use DefaultAdminService::clearDefaultAdmin()

Flush the default admin credentials

static bool setDefaultAdmin(string $username, string $password) deprecated

deprecated 4.0.1 Use DefaultAdminService::setDefaultAdmin($username, $password)

Set a default admin in dev-mode

This will set a static default-admin which is not existing as a database-record. By this workaround we can test pages in dev-mode with a unified login. Submitted login-credentials are first checked against this static information in Security::authenticate().

Parameters

string $username

The user name

string $password

The password (in cleartext)

Return Value

bool

True if successfully set

static bool check_default_admin(string $username, string $password) deprecated

deprecated 4.0.1 Use DefaultAdminService::isDefaultAdminCredentials() instead

Checks if the passed credentials are matching the default-admin.

Compares cleartext-password set through Security::setDefaultAdmin().

Parameters

string $username
string $password

Return Value

bool

static has_default_admin() deprecated

deprecated 4.0.1 Use DefaultAdminService::hasDefaultAdmin() instead

Check that the default admin account has been set.

static string default_admin_username() deprecated

deprecated 4.0.1 Use DefaultAdminService::getDefaultAdminUsername() instead

Get default admin username

Return Value

string

static string default_admin_password() deprecated

deprecated 4.0.1 Use DefaultAdminService::getDefaultAdminPassword() instead

Get default admin password

Return Value

string

static mixed encrypt_password(string $password, string $salt = null, string $algorithm = null, Member $member = null)

Encrypt a password according to the current password encryption settings.

If the settings are so that passwords shouldn't be encrypted, the result is simple the clear text password with an empty salt except when a custom algorithm ($algorithm parameter) was passed.

Parameters

string $password

The password to encrypt

string $salt

Optional: The salt to use. If it is not passed, but needed, the method will automatically create a random salt that will then be returned as return value.

string $algorithm

Optional: Use another algorithm to encrypt the password (so that the encryption algorithm can be changed over the time).

Member $member Optional

Return Value

mixed

Returns an associative array containing the encrypted password and the used salt in the form:

 array(
 'password' => string,
 'salt' => string,
 'algorithm' => string,
 'encryptor' => PasswordEncryptor instance
 )

If the passed algorithm is invalid, FALSE will be returned.

Exceptions

PasswordEncryptor_NotFoundException

See also

encrypt_passwords()

static bool database_is_ready()

Checks the database is in a state to perform security checks.

See DatabaseAdmin->init() for more information.

Return Value

bool

static clear_database_is_ready()

Resets the database_is_ready cache

static force_database_is_ready(bool $isReady)

For the database_is_ready call to return a certain value - used for testing

Parameters

bool $isReady

static set_ignore_disallowed_actions(bool $flag)

Set to true to ignore access to disallowed actions, rather than returning permission failure Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()

Parameters

bool $flag

True or false

static ignore_disallowed_actions()

No description

static string login_url()

Get the URL of the log-in page.

To update the login url use the "Security.login_url" config setting.

Return Value

string

static string logout_url()

Get the URL of the logout page.

To update the logout url use the "Security.logout_url" config setting.

Return Value

string

static string lost_password_url()

Get the URL of the logout page.

To update the logout url use the "Security.logout_url" config setting.

Return Value

string

Member getTargetMember()

Get known logged out member

Return Value

Member

bool getIsloggedIn()

Check if there is a logged in member

Return Value

bool

protected HTTPResponse redirectToExternalLogin()

Redirects the user to the external login page

Return Value

HTTPResponse

bool enabled()

Determine if CMSSecurity is enabled

Return Value

bool

HTTPResponse|DBField success()

Given a successful login, tell the parent frame to close the dialog

Return Value

HTTPResponse|DBField