CMSSecurity
class CMSSecurity extends Security
Provides a security interface functionality within the cms
Traits
Config options
| reauth_enabled | boolean | Enable in-cms reauthentication |
Methods
Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located
Return the names of all the methods available on this object
Add an extension to a specific class.
No description
Get extra config sources for this class
Return TRUE if a class has a specified extension.
Calls a method if available on both this object and all applied {@link Extensions}, and then attempts to merge all results into an array
Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed
Get an extension instance attached to this object by name.
Returns TRUE if this object instance has a specific extension applied in {@link $extension_instances}. Extension instances are initialized at constructor time, meaning if you use {@link add_extension()} afterwards, the added extension will just be added to new instances of the extended class. Use the static method {@link has_extension()} to check if a class (not an instance) has a specific extension.
Get all extension instances for this specific object instance.
An implementation of the factory method, allows you to create an instance of a class
Creates a class instance by the "singleton" design pattern.
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .
Gets the uninherited value for the given config option
Check if a field exists on this object or its failover.
Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using {@link ViewableData::getField()}, then fall back on a failover object.
Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the {@link ViewableData::setField()} method.
Set a failover object to attempt to get data from if it is not present on this object.
Check if a field exists on this object. This should be overloaded in child classes.
Get the value of a field on this object. This should be overloaded in child classes.
Set a field on this object. This should be overloaded in child classes.
Add methods from the {@link ViewableData::$failover} object, as well as wrapping any methods prefixed with an underscore into a {@link ViewableData::cachedCall()}.
Merge some arbitrary data in with this object. This method returns a {@link ViewableData_Customised} instance with references to both this and the new custom data.
Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object. This helper will be a subclass of DBField.
Get the class name a field on this object will be casted to.
Return the string-format type for the given field.
Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter: - a template name (e.g. Page) - an array of possible template names - the first valid one will be used - an SSViewer instance
Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.
A simple wrapper around {@link ViewableData::obj()} that automatically caches the result so it can be used again without re-running the method.
Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.
Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.
Get an array of XML-escaped values by field name
Return a single-item iterator so you can iterate over the fields of a single record.
Find appropriate templates for SSViewer to use to render this object
When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.
Get part of the current classes ancestry to be used as a CSS class.
Return debug information about this object that can be rendered into a template
Executes this controller, and return an {@link HTTPResponse} object with the result.
Get a array of allowed actions defined on this controller, any parent classes or extensions.
Check that the given action is allowed to be called from a URL.
Throws a HTTP error response encased in a {@link HTTPResponse_Exception}, which is later caught in {@link RequestHandler::handleAction()} and returned to the user.
Returns the HTTPRequest object that this controller is using.
Typically the request is set through {@link handleAction()} or {@link handleRequest()}, but in some based we want to set it manually.
Get a link to a security action
Safely get the value of the BackURL param, if provided via querystring / posted var
Redirect back. Uses either the HTTP-Referer or a manually set request-variable called "BackURL".
A stand in function to protect the init function from failing to be called as well as providing before and after hooks for the init function itself
Returns the parameters extracted from the URL by the {@link Director}.
Returns the HTTPResponse object that this controller is building up. Can be used to set the status code and headers.
Sets the HTTPResponse object that this controller is building up.
This is the default action handler used if a method doesn't exist. It will process the controller object with the template returned by {@link getViewer()}.
Return the viewer identified being the default handler for this Controller/Action combination.
Removes all the "action" part of the current URL and returns the result. If no action parameter is present, returns the full URL.
Returns TRUE if this controller has a template that is specifically designed to handle a specific action.
Render the current controller with the templates determined by {@link getViewer()}.
Call this to disable site-wide basic authentication for a specific controller. This must be called before Controller::init(). That is, you must call it in your controller's init method before it calls parent::init().
Tests whether we have a currently active controller or not. True if there is at least 1 controller in the stack.
Returns true if the member is allowed to do the given action. Defaults to the currently logged in user.
Pushes this controller onto the stack of current controllers. This means that any redirection, session setting, or other things that rely on Controller::curr() will now write to this controller object.
Tests whether a redirection has been requested. If redirect() has been called, it will return the URL redirected to. Otherwise, it will return null.
Joins two or more link segments together, putting a slash between them if necessary. Use this for building the results of {@link Link()} methods. If either of the links have query strings, then they will be combined and put at the end of the resulting url.
Defines global accessible templates variables.
Get all registered authenticators
Check if a given authenticator is registered
Register that we've had a permission failure trying to view the given page
This action is available as a keep alive, so user sessions don't timeout. A common use is in the admin.
Set the next message to display for the security login page. Defaults to warning
Show the "login" page
Log the currently logged in user out
Create a link to the password reset form.
Determine the list of templates to use for rendering the given action.
Return an existing member with administrator privileges, or create one of necessary.
Checks if the passed credentials are matching the default-admin.
Encrypt a password according to the current password encryption settings.
Checks the database is in a state to perform security checks.
For the database_is_ready call to return a certain value - used for testing
Set to true to ignore access to disallowed actions, rather than returning permission failure Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()
Get known logged out member
No description
Check if there is a logged in member
Determine if CMSSecurity is enabled
Given a successful login, tell the parent frame to close the dialog
Details
in CustomMethods at line 50
mixed
__call(string $method, array $arguments)
Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located
You can add extra methods to a class using {@link Extensions}, {@link Object::createMethod()} or {@link Object::addWrapperMethod()}
in CustomMethods at line 144
bool
hasMethod(string $method)
Return TRUE if a method exists on this object
This should be used rather than PHP's inbuild method_exists() as it takes into account methods added via extensions
in CustomMethods at line 172
array
allMethodNames(bool $custom = false)
Return the names of all the methods available on this object
in Extensible at line 163
static bool
add_extension(string $classOrExtension, string $extension = null)
Add an extension to a specific class.
The preferred method for adding extensions is through YAML config, since it avoids autoloading the class, and is easier to override in more specific configurations.
As an alternative, extensions can be added to a specific class directly in the {@link Object::$extensions} array. See {@link SiteTree::$extensions} for examples. Keep in mind that the extension will only be applied to new instances, not existing ones (including all instances created through {@link singleton()}).
in Extensible at line 224
static
remove_extension(string $extension)
Remove an extension from a class.
Note: This will not remove extensions from parent classes, and must be called directly on the class assigned the extension.
Keep in mind that this won't revert any datamodel additions of the extension at runtime, unless its used before the schema building kicks in (in your _config.php). Doesn't remove the extension from any {@link Object} instances which are already created, but will have an effect on new extensions. Clears any previously created singletons through {@link singleton()} to avoid side-effects from stale extension information.
in Extensible at line 264
static array
get_extensions(string $class = null, bool $includeArgumentString = false)
in Extensible at line 298
static array|null
get_extra_config_sources(string $class = null)
Get extra config sources for this class
in Extensible at line 359
static bool
has_extension(string $classOrExtension, string $requiredExtension = null, boolean $strict = false)
Return TRUE if a class has a specified extension.
This supports backwards-compatible format (static Object::has_extension($requiredExtension)) and new format ($object->has_extension($class, $requiredExtension))
in Extensible at line 395
array
invokeWithExtensions(string $method, mixed $arguments)
Calls a method if available on both this object and all applied {@link Extensions}, and then attempts to merge all results into an array
in Extensible at line 424
array
extend(string $method, mixed $arguments)
Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed
Currently returns an array, with an index resulting every time the function is called. Only adds returns if they're not NULL, to avoid bogus results from methods just defined on the parent extension. This is important for permission-checks through extend, as they use min() to determine if any of the returns is FALSE. As min() doesn't do type checking, an included NULL return would fail the permission checks.
The extension methods are defined during {@link __construct()} in {@link defineMethods()}.
in Extensible at line 465
Extension|null
getExtensionInstance(string $extension)
Get an extension instance attached to this object by name.
in Extensible at line 494
bool
hasExtension(string $extension)
Returns TRUE if this object instance has a specific extension applied in {@link $extension_instances}. Extension instances are initialized at constructor time, meaning if you use {@link add_extension()} afterwards, the added extension will just be added to new instances of the extended class. Use the static method {@link has_extension()} to check if a class (not an instance) has a specific extension.
Caution: Don't use singleton(
in Extensible at line 508
Extension[]
getExtensionInstances()
Get all extension instances for this specific object instance.
See {@link get_extensions()} to get all applied extension classes for this class (not the instance).
This method also provides lazy-population of the extension_instances property.
in Injectable at line 26
static Injectable
create(array $args)
An implementation of the factory method, allows you to create an instance of a class
This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.
This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create('SiteTree'); $list = SiteTree::get();
in Injectable at line 43
static Injectable
singleton(string $class = null)
Creates a class instance by the "singleton" design pattern.
It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).
in Configurable at line 20
static Config_ForClass
config()
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .
....).
in Configurable at line 32
mixed
stat(string $name)
deprecated
deprecated 5.0 Use ->config()->get() instead
Get inherited config value
in Configurable at line 44
mixed
uninherited(string $name)
Gets the uninherited value for the given config option
in Configurable at line 57
$this
set_stat(string $name, mixed $value)
deprecated
deprecated 5.0 Use ->config()->set() instead
Update the config value for a given property
in RequestHandler at line 121
__construct()
in ViewableData at line 106
bool
__isset(string $property)
Check if a field exists on this object or its failover.
Note that, unlike the core isset() implementation, this will return true if the property is defined and set to null.
in ViewableData at line 129
mixed
__get(string $property)
Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using {@link ViewableData::getField()}, then fall back on a failover object.
in ViewableData at line 152
__set(string $property, mixed $value)
Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the {@link ViewableData::setField()} method.
in ViewableData at line 167
setFailover(ViewableData $failover)
Set a failover object to attempt to get data from if it is not present on this object.
in ViewableData at line 183
ViewableData|null
getFailover()
Get the current failover object if set
in ViewableData at line 194
bool
hasField(string $field)
Check if a field exists on this object. This should be overloaded in child classes.
in ViewableData at line 205
mixed
getField(string $field)
Get the value of a field on this object. This should be overloaded in child classes.
in ViewableData at line 217
$this
setField(string $field, mixed $value)
Set a field on this object. This should be overloaded in child classes.
in ViewableData at line 232
defineMethods()
Add methods from the {@link ViewableData::$failover} object, as well as wrapping any methods prefixed with an underscore into a {@link ViewableData::cachedCall()}.
in ViewableData at line 258
ViewableData_Customised
customise(array|ViewableData $data)
Merge some arbitrary data in with this object. This method returns a {@link ViewableData_Customised} instance with references to both this and the new custom data.
Note that any fields you specify will take precedence over the fields on this object.
in ViewableData at line 281
bool
exists()
Return true if this object "exists" i.e. has a sensible value
This method should be overriden in subclasses to provide more context about the classes state. For example, a {@link DataObject} class could return false when it is deleted from the database
in ViewableData at line 289
string
__toString()
in ViewableData at line 297
ViewableData
getCustomisedObj()
in ViewableData at line 305
setCustomisedObj(ViewableData $object)
in ViewableData at line 320
string
castingHelper(string $field)
Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object. This helper will be a subclass of DBField.
in ViewableData at line 352
string
castingClass(string $field)
Get the class name a field on this object will be casted to.
in ViewableData at line 365
string
escapeTypeForField(string $field)
Return the string-format type for the given field.
in ViewableData at line 389
DBHTMLText
renderWith(string|array|SSViewer $template, array $customFields = null)
Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter: - a template name (e.g. Page) - an array of possible template names - the first valid one will be used - an SSViewer instance
in ViewableData at line 471
Object|DBField
obj(string $fieldName, array $arguments = [], bool $cache = false, string $cacheName = null)
Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.
in ViewableData at line 516
Object|DBField
cachedCall(string $field, array $arguments = [], string $identifier = null)
A simple wrapper around {@link ViewableData::obj()} that automatically caches the result so it can be used again without re-running the method.
in ViewableData at line 530
bool
hasValue(string $field, array $arguments = [], bool $cache = true)
Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.
in ViewableData at line 545
string
XML_val(string $field, array $arguments = [], bool $cache = false)
Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.
in ViewableData at line 558
array
getXMLValues(array $fields)
Get an array of XML-escaped values by field name
in ViewableData at line 579
ArrayIterator
getIterator()
Return a single-item iterator so you can iterate over the fields of a single record.
This is useful so you can use a single record inside a <% control %> block in a template - and then use to access individual fields on this object.
in ViewableData at line 592
array
getViewerTemplates(string $suffix = '')
Find appropriate templates for SSViewer to use to render this object
in ViewableData at line 603
ViewableData
Me()
When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.
in ViewableData at line 620
string
ThemeDir()
deprecated
deprecated 4.0.0:5.0.0 Use $resourcePath or $resourceURL template helpers instead
Return the directory if the current active theme (relative to the site root).
This method is useful for things such as accessing theme images from your template without hardcoding the theme
page - e.g. 
.
This method should only be used when a theme is currently active. However, it will fall over to the current project directory.
in ViewableData at line 647
string
CSSClasses(string $stopAtClass = self::class)
Get part of the current classes ancestry to be used as a CSS class.
This method returns an escaped string of CSS classes representing the current classes ancestry until it hits a stop point - e.g. "Page DataObject ViewableData".
in ViewableData at line 676
ViewableData_Debugger
Debug()
Return debug information about this object that can be rendered into a template
in Controller at line 199
HTTPResponse|RequestHandler|string|array
handleRequest(HTTPRequest $request)
Executes this controller, and return an {@link HTTPResponse} object with the result.
This method defers to {@link RequestHandler->handleRequest()} to determine which action should be executed
Note: You should rarely need to overload handleRequest() - this kind of change is only really appropriate for things like nested controllers - {@link ModelAsController} and {@link RootURLController} are two examples here. If you want to make more orthodox functionality, it's better to overload {@link init()} or {@link index()}.
Important: If you are going to overload handleRequest, make sure that you start the method with $this->beforeHandleRequest() and end the method with $this->afterHandleRequest()
in RequestHandler at line 349
array|null
allowedActions(string $limitToClass = null)
Get a array of allowed actions defined on this controller, any parent classes or extensions.
Caution: Since 3.1, allowed_actions definitions only apply to methods on the controller they're defined on, so it is recommended to use the $class argument when invoking this method.
in Controller at line 427
bool
hasAction(string $action)
in RequestHandler at line 460
bool
checkAccessAction(string $action)
Check that the given action is allowed to be called from a URL.
It will interrogate {@link self::$allowed_actions} to determine this.
in RequestHandler at line 520
httpError(int $errorCode, string $errorMessage = null)
Throws a HTTP error response encased in a {@link HTTPResponse_Exception}, which is later caught in {@link RequestHandler::handleAction()} and returned to the user.
in Security at line 545
HTTPRequest
getRequest()
Returns the HTTPRequest object that this controller is using.
Returns a placeholder {@link NullHTTPRequest} object unless {@link handleAction()} or {@link handleRequest()} have been called, which adds a reference to an actual {@link HTTPRequest} object.
in Controller at line 145
$this
setRequest(HTTPRequest $request)
Typically the request is set through {@link handleAction()} or {@link handleRequest()}, but in some based we want to set it manually.
at line 52
string
Link(string $action = null)
Get a link to a security action
in Controller at line 634
HTTPResponse
redirect(string $url, int $code = 302)
Redirect to the given URL.
in RequestHandler at line 606
string
getBackURL()
Safely get the value of the BackURL param, if provided via querystring / posted var
in RequestHandler at line 647
string
getReferer()
Get referer
in RequestHandler at line 666
HTTPResponse
redirectBack()
Redirect back. Uses either the HTTP-Referer or a manually set request-variable called "BackURL".
This variable is needed in scenarios where HTTP-Referer is not sent (e.g when calling a page by location.href in IE). If none of the two variables is available, it will redirect to the base URL (see {@link Director::baseURL()}).
in Controller at line 120
doInit()
A stand in function to protect the init function from failing to be called as well as providing before and after hooks for the init function itself
This should be called on all controllers before handling requests
in Controller at line 314
$this
setURLParams(array $urlParams)
in Controller at line 325
array
getURLParams()
Returns the parameters extracted from the URL by the {@link Director}.
in Controller at line 336
HTTPResponse
getResponse()
Returns the HTTPResponse object that this controller is building up. Can be used to set the status code and headers.
in Controller at line 351
$this
setResponse(HTTPResponse $response)
Sets the HTTPResponse object that this controller is building up.
in Controller at line 369
DBHTMLText
defaultAction(string $action)
This is the default action handler used if a method doesn't exist. It will process the controller object with the template returned by {@link getViewer()}.
in Controller at line 379
string
getAction()
Returns the action that is being executed on this controller.
in Controller at line 391
SSViewer
getViewer(string $action)
Return the viewer identified being the default handler for this Controller/Action combination.
in Controller at line 441
string
removeAction(string $fullURL, null|string $action = null)
Removes all the "action" part of the current URL and returns the result. If no action parameter is present, returns the full URL.
in Controller at line 491
bool
hasActionTemplate(string $action)
Returns TRUE if this controller has a template that is specifically designed to handle a specific action.
in Controller at line 515
string
render(array $params = null)
Render the current controller with the templates determined by {@link getViewer()}.
in Controller at line 537
disableBasicAuth()
deprecated
deprecated 4.1.0:5.0.0 Add this controller's url to SilverStripe\Security\BasicAuthMiddleware.URLPatterns injected property instead of setting false
Call this to disable site-wide basic authentication for a specific controller. This must be called before Controller::init(). That is, you must call it in your controller's init method before it calls parent::init().
in Controller at line 551
static Controller
curr()
Returns the current controller.
in Controller at line 566
static bool
has_curr()
Tests whether we have a currently active controller or not. True if there is at least 1 controller in the stack.
in Controller at line 580
bool
can(string $perm, null|member $member = null)
Returns true if the member is allowed to do the given action. Defaults to the currently logged in user.
in Controller at line 604
pushCurrent()
Pushes this controller onto the stack of current controllers. This means that any redirection, session setting, or other things that rely on Controller::curr() will now write to this controller object.
Note: Ensure this controller is assigned a request with a valid session before pushing it to the stack.
in Controller at line 614
popCurrent()
Pop this controller off the top of the stack.
in Controller at line 652
null|string
redirectedTo()
Tests whether a redirection has been requested. If redirect() has been called, it will return the URL redirected to. Otherwise, it will return null.
in Controller at line 667
static string
join_links($arg = null)
Joins two or more link segments together, putting a slash between them if necessary. Use this for building the results of {@link Link()} methods. If either of the links have query strings, then they will be combined and put at the end of the resulting url.
Caution: All parameters are expected to be URI-encoded already.
in Security at line 1365
static array
get_template_global_variables()
Defines global accessible templates variables.
in Security at line 203
Authenticator[]
getAuthenticators()
in Security at line 211
setAuthenticators(array $authenticators)
in Security at line 233
index()
at line 63
Authenticator[]
getApplicableAuthenticators(int $service = Authenticator::CMS_LOGIN)
Get all registered authenticators
in Security at line 287
bool
hasAuthenticator(string $authenticator)
Check if a given authenticator is registered
in Security at line 319
static HTTPResponse
permissionFailure(Controller $controller = null, string|array $messageSet = null)
Register that we've had a permission failure trying to view the given page
This will redirect to a login page. If you don't provide a messageSet, a default will be used.
in Security at line 465
array
getLoginForms()
deprecated
deprecated 5.0.0 Now handled by {@link static::delegateToMultipleHandlers}
Get the login forms for all available authentication methods
in Security at line 498
ping()
This action is available as a keep alive, so user sessions don't timeout. A common use is in the admin.
in Security at line 642
setSessionMessage(string $message, string $messageType = ValidationResult::TYPE_WARNING, string $messageCast = ValidationResult::CAST_TEXT)
Set the next message to display for the security login page. Defaults to warning
in Security at line 658
static
clearSessionMessage()
Clear login message
at line 47
HTTPResponse|string
login(null|HTTPRequest $request = null, int $service = Authenticator::CMS_LOGIN)
Show the "login" page
For multiple authenticators, Security_MultiAuthenticatorLogin is used. See getTemplatesFor and getIncludeTemplate for how to override template logic
in Security at line 722
HTTPResponse|string
logout(null|HTTPRequest $request = null, int $service = Authenticator::LOGOUT)
Log the currently logged in user out
Logging out without ID-parameter in the URL, will log the user out of all applicable Authenticators.
Adding an ID will only log the user out of that Authentication method.
in Security at line 954
basicauthlogin()
in Security at line 965
string
lostpassword()
Show the "lost password" page
in Security at line 996
string|HTTPRequest
changepassword()
Show the "change password" page.
This page can either be called directly by logged-in users (in which case they need to provide their old password), or through a link emailed through {@link lostpassword()}. In this case no old password is required, authentication is ensured through the Member.AutoLoginHash property.
in Security at line 1024
static string
getPasswordResetLink(Member $member, string $autologinToken)
Create a link to the password reset form.
GET parameters used: - m: member ID - t: plaintext token
in Security at line 1038
array
getTemplatesFor(string $action)
Determine the list of templates to use for rendering the given action.
in Security at line 1068
static Member
findAnAdministrator()
deprecated
deprecated 4.0.0:5.0.0 Please use DefaultAdminService::findOrCreateDefaultAdmin()
Return an existing member with administrator privileges, or create one of necessary.
Will create a default 'Administrators' group if no group is found with an ADMIN permission. Will create a new 'Admin' member with administrative permissions if no existing Member with these permissions is found.
Important: Any newly created administrator accounts will NOT have valid login credentials (Email/Password properties), which means they can't be used for login purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}.
in Security at line 1081
static
clear_default_admin()
deprecated
deprecated 4.0.0:5.0.0 Please use DefaultAdminService::clearDefaultAdmin()
Flush the default admin credentials
in Security at line 1102
static bool
setDefaultAdmin(string $username, string $password)
deprecated
deprecated 4.0.0:5.0.0 Please use DefaultAdminService::setDefaultAdmin($username, $password)
Set a default admin in dev-mode
This will set a static default-admin which is not existing as a database-record. By this workaround we can test pages in dev-mode with a unified login. Submitted login-credentials are first checked against this static information in {@link Security::authenticate()}.
in Security at line 1120
static bool
check_default_admin(string $username, string $password)
deprecated
deprecated 4.0.0:5.0.0 Use DefaultAdminService::isDefaultAdminCredentials() instead
Checks if the passed credentials are matching the default-admin.
Compares cleartext-password set through Security::setDefaultAdmin().
in Security at line 1133
static
has_default_admin()
deprecated
deprecated 4.0.0:5.0.0 Use DefaultAdminService::hasDefaultAdmin() instead
Check that the default admin account has been set.
in Security at line 1146
static string
default_admin_username()
deprecated
deprecated 4.0.0:5.0.0 Use DefaultAdminService::getDefaultAdminUsername()
Get default admin username
in Security at line 1159
static string
default_admin_password()
deprecated
deprecated 4.0.0:5.0.0 Use DefaultAdminService::getDefaultAdminPassword()
Get default admin password
in Security at line 1194
static mixed
encrypt_password(string $password, string $salt = null, string $algorithm = null, Member $member = null)
Encrypt a password according to the current password encryption settings.
If the settings are so that passwords shouldn't be encrypted, the result is simple the clear text password with an empty salt except when a custom algorithm ($algorithm parameter) was passed.
in Security at line 1220
static bool
database_is_ready()
Checks the database is in a state to perform security checks.
See {@link DatabaseAdmin->init()} for more information.
in Security at line 1272
static
clear_database_is_ready()
Resets the database_is_ready cache
in Security at line 1283
static
force_database_is_ready(bool $isReady)
For the database_is_ready call to return a certain value - used for testing
in Security at line 1312
static
set_ignore_disallowed_actions(bool $flag)
Set to true to ignore access to disallowed actions, rather than returning permission failure Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()
in Security at line 1317
static
ignore_disallowed_actions()
in Security at line 1329
static string
login_url()
Get the URL of the log-in page.
To update the login url use the "Security.login_url" config setting.
in Security at line 1342
static string
logout_url()
Get the URL of the logout page.
To update the logout url use the "Security.logout_url" config setting.
in Security at line 1355
static string
lost_password_url()
Get the URL of the logout page.
To update the logout url use the "Security.logout_url" config setting.
at line 73
Member
getTargetMember()
Get known logged out member
at line 83
getResponseController($title)
at line 108
bool
getIsloggedIn()
Check if there is a logged in member
at line 161
bool
enabled()
Determine if CMSSecurity is enabled
at line 176
HTTPResponse|DBField
success()
Given a successful login, tell the parent frame to close the dialog