class Security extends Controller implements TemplateGlobalProvider (View source)

Implements a basic security model

Properties

public string $class from  SS_Object
protected array $extension_instances from  SS_Object
protected $beforeExtendCallbacks

List of callbacks to call prior to extensions having extend called on them, each grouped by methodName.

from  SS_Object
protected $afterExtendCallbacks

List of callbacks to call after extensions having extend called on them, each grouped by methodName.

from  SS_Object
protected ViewableData $failover

A failover object to attempt to get data from if it is not present on this object.

from  ViewableData
protected ViewableData $customisedObject from  ViewableData
protected SS_HTTPRequest $request from  RequestHandler
protected $model

The DataModel for this request

from  RequestHandler
protected bool $brokenOnConstruct

This variable records whether RequestHandler::construct() was called or not. Useful for checking if subclasses have called parent::construct()

from  RequestHandler
protected array $urlParams from  Controller
protected array $requestParams from  Controller
protected string $action from  Controller
protected $session

The Session object for this controller

from  Controller
protected static $controller_stack

Stack of current controllers.

from  Controller
protected $basicAuthEnabled from  Controller
protected SS_HTTPResponse $response from  Controller
protected $baseInitCalled from  Controller
protected static string $default_username

Default user name. Only used in dev-mode by setDefaultAdmin()

protected static string $default_password

Default password. Only used in dev-mode by setDefaultAdmin()

protected static bool $strict_path_checking

If set to TRUE to prevent sharing of the session across several sites in the domain.

public static bool $force_database_is_ready
public static bool $database_is_ready

When the database has once been verified as ready, it will not do the checks again.

protected static $ignore_disallowed_actions

Methods

public static 
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

protected
beforeExtending(string $method, callable $callback)

Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.

protected
afterExtending(string $method, callable $callback)

Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.

public static 
create()

An implementation of the factory method, allows you to create an instance of a class

public static 
singleton()

Creates a class instance by the "singleton" design pattern.

public static 
create_from_string($classSpec, $firstArg = null)

Create an object from a string representation. It treats it as a PHP constructor without the 'new' keyword. It also manages to construct the object without the use of eval().

public static 
parse_class_spec($classSpec)

Parses a class-spec, such as "Versioned('Stage','Live')", as passed to create_from_string().

public static 
strong_create()

Similar to Object::create(), except that classes are only overloaded if you set the $strong parameter to TRUE when using Object::useCustomClass()

public static 
useCustomClass(string $oldClass, string $newClass, bool $strong = false)

This class allows you to overload classes with other classes when they are constructed using the factory method Object::create()

public static 
string
getCustomClass(string $class)

If a class has been overloaded, get the class name it has been overloaded with - otherwise return the class name

public static 
any
static_lookup($class, $name, null $default = null)

Get the value of a static property of a class, even in that property is declared protected (but not private), without any inheritance, merging or parent lookup if it doesn't exist on the given class.

public static 
get_static($class, $name, $uncached = false) deprecated

No description

public static 
set_static($class, $name, $value) deprecated

No description

public static 
uninherited_static($class, $name, $uncached = false) deprecated

No description

public static 
combined_static($class, $name, $ceiling = false) deprecated

No description

public static 
addStaticVars($class, $properties, $replace = false) deprecated

No description

public static 
add_static_var($class, $name, $value, $replace = false) deprecated

No description

public static 
has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)

Return TRUE if a class has a specified extension.

public static 
add_extension(string $classOrExtension, string $extension = null)

Add an extension to a specific class.

public static 
remove_extension(string $extension)

Remove an extension from a class.

public static 
array
get_extensions(string $class, bool $includeArgumentString = false)

No description

public static 
get_extra_config_sources($class = null)

No description

public
__construct()

No description

public
mixed
__call(string $method, array $arguments)

Attemps to locate and call a method dynamically added to a class at runtime if a default cannot be located

public
bool
hasMethod(string $method)

Return TRUE if a method exists on this object

public
array
allMethodNames(bool $custom = false)

Return the names of all the methods available on this object

public
defineMethods()

Add methods from the ViewableData::$failover object, as well as wrapping any methods prefixed with an underscore into a ViewableData::cachedCall().

protected
array
findMethodsFromExtension(object $extension)

No description

protected
addMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

protected
removeMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

protected
addWrapperMethod(string $method, string $wrap)

Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)

protected
createMethod(string $method, string $code)

Add an extra method using raw PHP code passed as a string

public
stat($name, $uncached = false)

No description

public
set_stat($name, $value)

No description

public
uninherited($name)

No description

public
bool
exists()

Return true if this object "exists" i.e. has a sensible value

public
string
parentClass()

No description

public
bool
is_a(string $class)

Check if this class is an instance of a specific class, or has that class as one of its parents

public
string
__toString()

No description

public
mixed
invokeWithExtensions(string $method, mixed $argument = null)

Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array

public
array
extend(string $method, mixed $a1 = null, mixed $a2 = null, mixed $a3 = null, mixed $a4 = null, mixed $a5 = null, mixed $a6 = null, mixed $a7 = null)

Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed

public
getExtensionInstance(string $extension)

Get an extension instance attached to this object by name.

public
bool
hasExtension(string $extension)

Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.

public
array
getExtensionInstances()

Get all extension instances for this specific object instance.

public
mixed
cacheToFile(string $method, int $lifetime = 3600, string $ID = false, array $arguments = array())

Cache the results of an instance method in this object to a file, or if it is already cache return the cached results

public
clearCache($method, $ID = false, $arguments = array())

Clears the cache for the given cacheToFile call

protected
mixed
loadCache(string $cache, int $lifetime = 3600)

Loads a cache from the filesystem if a valid on is present and within the specified lifetime

protected
saveCache(string $cache, mixed $data)

Save a piece of cached data to the file system

protected
string
sanitiseCachename(string $name)

Strip a file name of special characters so it is suitable for use as a cache file name

public static 
string
castingObjectCreator(string $fieldSchema)

Converts a field spec into an object creator. For example: "Int" becomes "new Int($fieldName);" and "Varchar(50)" becomes "new Varchar($fieldName, 50);".

public static 
array
castingObjectCreatorPair(string $fieldSchema)

Convert a field schema (e.g. "Varchar(50)") into a casting object creator array that contains both a className and castingHelper constructor code. See castingObjectCreator for more information about the constructor.

public
bool
__isset(string $property)

Check if a field exists on this object or its failover.

public
mixed
__get(string $property)

Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using ViewableData::getField(), then fall back on a failover object.

public
__set(string $property, mixed $value)

Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the ViewableData::setField() method.

public
setFailover(ViewableData $failover)

Set a failover object to attempt to get data from if it is not present on this object.

public
getFailover()

Get the current failover object if set

public
bool
hasField(string $field)

Check if a field exists on this object. This should be overloaded in child classes.

public
mixed
getField(string $field)

Get the value of a field on this object. This should be overloaded in child classes.

public
setField(string $field, mixed $value)

Set a field on this object. This should be overloaded in child classes.

public
unknown
deprecatedCachedCall($method, $args = null, string $identifier = null)

Method to facilitate deprecation of underscore-prefixed methods automatically being cached.

public
customise(array|ViewableData $data)

Merge some arbitrary data in with this object. This method returns a ViewableData_Customised instance with references to both this and the new custom data.

public
getCustomisedObj()

No description

public
setCustomisedObj(ViewableData $object)

No description

public
array
castingHelperPair(string $field)

Get the class a field on this object would be casted to, as well as the casting helper for casting a field to an object (see ViewableData::castingHelper() for information on casting helpers).

public
string
castingHelper(string $field)

Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object.

public
string
castingClass(string $field)

Get the class name a field on this object will be casted to

public
string
escapeTypeForField(string $field)

Return the string-format type for the given field.

public
buildCastingCache(reference $cache)

Save the casting cache for this object (including data from any failovers) into a variable

public
renderWith(string|array|SSViewer $template, array $customFields = null)

Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter:

  • a template name (e.g. Page)
  • an array of possible template names - the first valid one will be used
  • an SSViewer instance

protected
objCacheName(string $fieldName, array $arguments)

Generate the cache name for a field

protected
mixed
objCacheGet(string $key)

Get a cached value from the field cache

protected
objCacheSet(string $key, mixed $value)

Store a value in the field cache

public
obj(string $fieldName, array $arguments = null, bool $forceReturnedObject = true, bool $cache = false, string $cacheName = null)

Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.

public
cachedCall(string $field, array $arguments = null, string $identifier = null)

A simple wrapper around ViewableData::obj() that automatically caches the result so it can be used again without re-running the method.

public
bool
hasValue(string $field, array $arguments = null, bool $cache = true)

Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.

public
XML_val($field, $arguments = null, $cache = false)

Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.

public
RAW_val($field, $arguments = null, $cache = true)

Return the value of the field without any escaping being applied.

public
SQL_val($field, $arguments = null, $cache = true)

Return the value of a field in an SQL-safe format.

public
JS_val($field, $arguments = null, $cache = true)

Return the value of a field in a JavaScript-save format.

public
ATT_val($field, $arguments = null, $cache = true)

Return the value of a field escaped suitable to be inserted into an XML node attribute.

public
array
getXMLValues($fields)

Get an array of XML-escaped values by field name

public
getIterator()

Return a single-item iterator so you can iterate over the fields of a single record.

public
Me()

When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.

public
string
ThemeDir(string $subtheme = false)

Return the directory if the current active theme (relative to the site root).

public
string
CSSClasses(string $stopAtClass = 'ViewableData')

Get part of the current classes ancestry to be used as a CSS class.

public
Debug()

Return debug information about this object that can be rendered into a template

public
setDataModel($model)

Set the DataModel for this request.

public
handleRequest(SS_HTTPRequest $request, DataModel $model)

Executes this controller, and return an SS_HTTPResponse object with the result.

protected
findAction($request)

No description

protected
handleAction($request, $action)

Controller's default action handler. It will call the method named in $Action, if that method exists.

public
array|null
allowedActions(string $limitToClass = null)

Get a array of allowed actions defined on this controller, any parent classes or extensions.

public
bool
hasAction(string $action)

Checks if this request handler has a specific action, even if the current user cannot access it.

protected
definingClassForAction($action)

Return the class that defines the given action, so that we know where to check allowed_actions.

public
checkAccessAction($action)

Check that the given action is allowed to be called from a URL.

public
httpError(int $errorCode, string $errorMessage = null)

Throws a HTTP error response encased in a SS_HTTPResponse_Exception, which is later caught in RequestHandler::handleAction() and returned to the user.

public
getRequest()

Returns the SS_HTTPRequest object that this controller is using.

public
setRequest($request)

Typically the request is set through handleAction() or handleRequest(), but in some based we want to set it manually.

public
string
Link(string $action = null)

Get a link to a security action

public
init()

Initialisation function that is run before any action on the controller is called.

public
setURLParams($urlParams)

No description

public
array
getURLParams()

No description

public
getResponse()

Returns the SS_HTTPResponse object that this controller is building up.

public
setResponse(SS_HTTPResponse $response)

Sets the SS_HTTPResponse object that this controller is building up.

public
getFormOwner()

Return the object that is going to own a form that's being processed, and handle its execution.

public
defaultAction($action)

This is the default action handler used if a method doesn't exist.

public
getAction()

Returns the action that is being executed on this controller.

public
getViewer($action)

Return an SSViewer object to process the data

public static 
string
removeAction($fullURL, $action = null)

Removes all the "action" part of the current URL and returns the result.

public
bool
hasActionTemplate(string $action)

Returns TRUE if this controller has a template that is specifically designed to handle a specific action.

public
string
render(array $params = null)

Render the current controller with the templates determined by getViewer().

public
disableBasicAuth()

Call this to disable site-wide basic authentication for a specific contoller.

public static 
curr()

Returns the current controller

public static 
bool
has_curr()

Tests whether we have a currently active controller or not

public
bool
can($perm, $member = null)

Returns true if the member is allowed to do the given action.

public
pushCurrent()

Pushes this controller onto the stack of current controllers.

public
popCurrent()

Pop this controller off the top of the stack.

public
redirect($url, $code = 302)

Redirect to the given URL.

public
redirectBack()

Redirect back. Uses either the HTTP_REFERER or a manually set request-variable called "BackURL".

public
string
redirectedTo()

Tests whether a redirection has been requested.

public
getSession()

Get the Session object representing this Controller's session

public
setSession(Session $session)

Set the Session object.

public static 
string
join_links()

Joins two or more link segments together, putting a slash between them if necessary.

public static 
array
get_template_global_variables()

Defines global accessible templates variables.

public static 
get_word_list() deprecated

Get location of word list file

public static 
set_word_list(string $wordListFile) deprecated

Set location of word list file

public static 
set_default_message_set(string|array $messageSet) deprecated

Set the default message set used in permissions failures.

public static 
permissionFailure(Controller $controller = null, string|array $messageSet = null)

Register that we've had a permission failure trying to view the given page

public
index()

No description

protected
string
getAuthenticator()

Get the selected authenticator for this request

public
LoginForm()

Get the login form to process according to the submitted data

public
array
GetLoginForms()

Get the login forms for all available authentication methods

public
ping()

This action is available as a keep alive, so user sessions don't timeout. A common use is in the admin.

public
logout(bool $redirect = true)

Log the currently logged in user out

protected
preLogin()

Perform pre-login checking and prepare a response if available prior to login

protected
getResponseController(string $title)

Prepare the controller for handling the response to this request

public
array
getTemplatesFor(string $action)

Determine the list of templates to use for rendering the given action

protected
string
generateLoginFormSet(array $forms)

Combine the given forms into a formset with a tabbed interface

protected
string
getLoginMessage(string $messageType = null)

Get the HTML Content for the $Content area during login

public
login()

Show the "login" page

public
basicauthlogin()

No description

public
string
lostpassword()

Show the "lost password" page

public
LostPasswordForm()

Factory method for the lost password form

public
string
passwordsent(SS_HTTPRequest $request)

Show the "password sent" page, after a user has requested to reset their password.

public static 
getPasswordResetLink(Member $member, $autologinToken)

Create a link to the password reset form.

public
string
changepassword()

Show the "change password" page.

public
ChangePasswordForm()

Factory method for the lost password form

public
string|array
getIncludeTemplate($name)

Gets the template for an include used for security.

public static 
findAnAdministrator()

Return an existing member with administrator privileges, or create one of necessary.

public static 
clear_default_admin()

Flush the default admin credentials

public static 
setDefaultAdmin(string $username, string $password)

Set a default admin in dev-mode

public static 
bool
check_default_admin(string $username, string $password)

Checks if the passed credentials are matching the default-admin.

public static 
has_default_admin()

Check that the default admin account has been set.

public static 
string
default_admin_username()

Get default admin username

public static 
string
default_admin_password()

Get default admin password

public static 
setStrictPathChecking(bool $strictPathChecking) deprecated

Set strict path checking

public static 
bool
getStrictPathChecking() deprecated

Get strict path checking

public static 
bool
set_password_encryption_algorithm(string $algorithm) deprecated

Set the password encryption algorithm

public static 
string
get_password_encryption_algorithm() deprecated

No description

public static 
mixed
encrypt_password(string $password, string $salt = null, string $algorithm = null, Member $member = null)

Encrypt a password according to the current password encryption settings.

public static 
bool
database_is_ready()

Checks the database is in a state to perform security checks.

public static 
set_login_recording(bool $bool) deprecated

Enable or disable recording of login attempts through the LoginRecord object.

public static 
bool
login_recording() deprecated

No description

public static 
set_default_login_dest($dest) deprecated

No description

public static 
default_login_dest() deprecated

Get the default login dest.

public static 
set_ignore_disallowed_actions($flag)

Set to true to ignore access to disallowed actions, rather than returning permission failure Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()

public static 
ignore_disallowed_actions()

No description

public static 
set_login_url($loginUrl) deprecated

Set a custom log-in URL if you have built your own log-in page.

public static 
string
login_url()

Get the URL of the log-in page.

public static 
string
logout_url()

Get the URL of the logout page.

public static 
string
lost_password_url()

Get the URL of the logout page.

Details

static Config_ForClass|null config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass|null

protected beforeExtending(string $method, callable $callback)

Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.

Parameters

string $method

The name of the method to hook into

callable $callback

The callback to execute

protected afterExtending(string $method, callable $callback)

Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.

Parameters

string $method

The name of the method to hook into

callable $callback

The callback to execute

static SS_Object create()

An implementation of the factory method, allows you to create an instance of a class

This method first for strong class overloads (singletons & DB interaction), then custom class overloads. If an overload is found, an instance of this is returned rather than the original class. To overload a class, use Object::useCustomClass()

This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create('SiteTree'); $list = SiteTree::get();

Return Value

SS_Object

static SS_Object singleton()

Creates a class instance by the "singleton" design pattern.

It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).

Return Value

SS_Object

The singleton instance

static create_from_string($classSpec, $firstArg = null)

Create an object from a string representation. It treats it as a PHP constructor without the 'new' keyword. It also manages to construct the object without the use of eval().

Construction itself is done with Object::create(), so that Object::useCustomClass() calls are respected.

Object::create_from_string("Versioned('Stage','Live')") will return the result of Versioned::create('Stage', 'Live);

It is designed for simple, clonable objects. The first time this method is called for a given string it is cached, and clones of that object are returned.

If you pass the $firstArg argument, this will be prepended to the constructor arguments. It's impossible to pass null as the firstArg argument.

Object::create_from_string("Varchar(50)", "MyField") will return the result of Vachar::create('MyField', '50');

Arguments are always strings, although this is a quirk of the current implementation rather than something that can be relied upon.

Parameters

$classSpec
$firstArg

static parse_class_spec($classSpec)

Parses a class-spec, such as "Versioned('Stage','Live')", as passed to create_from_string().

Returns a 2-elemnent array, with classname and arguments

Parameters

$classSpec

static SS_Object strong_create()

Similar to Object::create(), except that classes are only overloaded if you set the $strong parameter to TRUE when using Object::useCustomClass()

Return Value

SS_Object

static useCustomClass(string $oldClass, string $newClass, bool $strong = false)

This class allows you to overload classes with other classes when they are constructed using the factory method Object::create()

Parameters

string $oldClass

the class to replace

string $newClass

the class to replace it with

bool $strong

allows you to enforce a certain class replacement under all circumstances. This is used in singletons and DB interaction classes

static string getCustomClass(string $class)

If a class has been overloaded, get the class name it has been overloaded with - otherwise return the class name

Parameters

string $class

the class to check

Return Value

string

the class that would be created if you called Object::create() with the class

static any static_lookup($class, $name, null $default = null)

Get the value of a static property of a class, even in that property is declared protected (but not private), without any inheritance, merging or parent lookup if it doesn't exist on the given class.

Parameters

$class
  • The class to get the static from
$name
  • The property to get from the class
null $default
  • The value to return if property doesn't exist on class

Return Value

any
  • The value of the static property $name on class $class, or $default if that property is not defined

static get_static($class, $name, $uncached = false) deprecated

deprecated

No description

Parameters

$class
$name
$uncached

static set_static($class, $name, $value) deprecated

deprecated

No description

Parameters

$class
$name
$value

static uninherited_static($class, $name, $uncached = false) deprecated

deprecated

No description

Parameters

$class
$name
$uncached

static combined_static($class, $name, $ceiling = false) deprecated

deprecated

No description

Parameters

$class
$name
$ceiling

static addStaticVars($class, $properties, $replace = false) deprecated

deprecated

No description

Parameters

$class
$properties
$replace

static add_static_var($class, $name, $value, $replace = false) deprecated

deprecated

No description

Parameters

$class
$name
$value
$replace

static has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)

Return TRUE if a class has a specified extension.

This supports backwards-compatible format (static Object::has_extension($requiredExtension)) and new format ($object->has_extension($class, $requiredExtension))

Parameters

string $classOrExtension

if 1 argument supplied, the class name of the extension to check for; if 2 supplied, the class name to test

string $requiredExtension

used only if 2 arguments supplied

bool $strict

if the extension has to match the required extension and not be a subclass

static add_extension(string $classOrExtension, string $extension = null)

Add an extension to a specific class.

The preferred method for adding extensions is through YAML config, since it avoids autoloading the class, and is easier to override in more specific configurations.

As an alternative, extensions can be added to a specific class directly in the Object::$extensions array. See SiteTree::$extensions for examples. Keep in mind that the extension will only be applied to new instances, not existing ones (including all instances created through singleton()).

Parameters

string $classOrExtension

Class that should be extended - has to be a subclass of Object

string $extension

Subclass of Extension with optional parameters as a string, e.g. "Versioned" or "Translatable('Param')"

See also

http://doc.silverstripe.org/framework/en/trunk/reference/dataextension

static remove_extension(string $extension)

Remove an extension from a class.

Keep in mind that this won't revert any datamodel additions of the extension at runtime, unless its used before the schema building kicks in (in your _config.php). Doesn't remove the extension from any Object instances which are already created, but will have an effect on new extensions. Clears any previously created singletons through singleton() to avoid side-effects from stale extension information.

Add support for removing extensions with parameters

Parameters

string $extension

Classname of an Extension subclass, without parameters

static array get_extensions(string $class, bool $includeArgumentString = false)

No description

Parameters

string $class
bool $includeArgumentString

Include the argument string in the return array, FALSE would return array("Versioned"), TRUE returns array("Versioned('Stage','Live')").

Return Value

array

Numeric array of either DataExtension classnames, or eval'ed classname strings with constructor arguments.

static get_extra_config_sources($class = null)

No description

Parameters

$class

__construct()

No description

mixed __call(string $method, array $arguments)

Attemps to locate and call a method dynamically added to a class at runtime if a default cannot be located

You can add extra methods to a class using Extensions}, {@link Object::createMethod() or Object::addWrapperMethod()

Parameters

string $method
array $arguments

Return Value

mixed

bool hasMethod(string $method)

Return TRUE if a method exists on this object

This should be used rather than PHP's inbuild method_exists() as it takes into account methods added via extensions

Parameters

string $method

Return Value

bool

array allMethodNames(bool $custom = false)

Return the names of all the methods available on this object

Parameters

bool $custom

include methods added dynamically at runtime

Return Value

array

defineMethods()

Add methods from the ViewableData::$failover object, as well as wrapping any methods prefixed with an underscore into a ViewableData::cachedCall().

protected array findMethodsFromExtension(object $extension)

No description

Parameters

object $extension

Return Value

array

protected addMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

Parameters

string $property

the property name

string|int $index

an index to use if the property is an array

protected removeMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

Parameters

string $property

the property name

string|int $index

an index to use if the property is an array

protected addWrapperMethod(string $method, string $wrap)

Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)

Parameters

string $method

the method name to wrap

string $wrap

the method name to wrap to

protected createMethod(string $method, string $code)

Add an extra method using raw PHP code passed as a string

Parameters

string $method

the method name

string $code

the PHP code - arguments will be in an array called $args, while you can access this object by using $obj. Note that you cannot call protected methods, as the method is actually an external function

stat($name, $uncached = false)

No description

Parameters

$name
$uncached

See also

SS_Object::get_static

set_stat($name, $value)

No description

Parameters

$name
$value

See also

SS_Object::set_static

uninherited($name)

No description

Parameters

$name

See also

SS_Object::uninherited_static

bool exists()

Return true if this object "exists" i.e. has a sensible value

This method should be overriden in subclasses to provide more context about the classes state. For example, a DataObject class could return false when it is deleted from the database

Return Value

bool

string parentClass()

No description

Return Value

string

this classes parent class

bool is_a(string $class)

Check if this class is an instance of a specific class, or has that class as one of its parents

Parameters

string $class

Return Value

bool

string __toString()

No description

Return Value

string

the class name

mixed invokeWithExtensions(string $method, mixed $argument = null)

Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array

integrate inheritance rules

Parameters

string $method

the method name to call

mixed $argument

a single argument to pass

Return Value

mixed

array extend(string $method, mixed $a1 = null, mixed $a2 = null, mixed $a3 = null, mixed $a4 = null, mixed $a5 = null, mixed $a6 = null, mixed $a7 = null)

Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed

Currently returns an array, with an index resulting every time the function is called. Only adds returns if they're not NULL, to avoid bogus results from methods just defined on the parent extension. This is important for permission-checks through extend, as they use min() to determine if any of the returns is FALSE. As min() doesn't do type checking, an included NULL return would fail the permission checks.

The extension methods are defined during __construct()} in {@link defineMethods().

Parameters

string $method

the name of the method to call on each extension

mixed $a1
mixed $a2
mixed $a3
mixed $a4
mixed $a5
mixed $a6
mixed $a7

Return Value

array

Extension getExtensionInstance(string $extension)

Get an extension instance attached to this object by name.

Parameters

string $extension

Return Value

Extension

bool hasExtension(string $extension)

Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.

Caution: Don't use singleton()->hasExtension() as it will give you inconsistent results based on when the singleton was first accessed.

Parameters

string $extension

Classname of an Extension subclass without parameters

Return Value

bool

array getExtensionInstances()

Get all extension instances for this specific object instance.

See get_extensions() to get all applied extension classes for this class (not the instance).

Return Value

array

Map of DataExtension instances, keyed by classname.

mixed cacheToFile(string $method, int $lifetime = 3600, string $ID = false, array $arguments = array())

Cache the results of an instance method in this object to a file, or if it is already cache return the cached results

Parameters

string $method

the method name to cache

int $lifetime

the cache lifetime in seconds

string $ID

custom cache ID to use

array $arguments

an optional array of arguments

Return Value

mixed

the cached data

clearCache($method, $ID = false, $arguments = array())

Clears the cache for the given cacheToFile call

Parameters

$method
$ID
$arguments

protected mixed loadCache(string $cache, int $lifetime = 3600)

Loads a cache from the filesystem if a valid on is present and within the specified lifetime

Parameters

string $cache

the cache name

int $lifetime

the lifetime (in seconds) of the cache before it is invalid

Return Value

mixed

protected saveCache(string $cache, mixed $data)

Save a piece of cached data to the file system

Parameters

string $cache

the cache name

mixed $data

data to save (must be serializable)

protected string sanitiseCachename(string $name)

Strip a file name of special characters so it is suitable for use as a cache file name

Parameters

string $name

Return Value

string

the name with all special cahracters replaced with underscores

static string castingObjectCreator(string $fieldSchema)

Converts a field spec into an object creator. For example: "Int" becomes "new Int($fieldName);" and "Varchar(50)" becomes "new Varchar($fieldName, 50);".

Parameters

string $fieldSchema

The field spec

Return Value

string

static array castingObjectCreatorPair(string $fieldSchema)

Convert a field schema (e.g. "Varchar(50)") into a casting object creator array that contains both a className and castingHelper constructor code. See castingObjectCreator for more information about the constructor.

Parameters

string $fieldSchema

Return Value

array

bool __isset(string $property)

Check if a field exists on this object or its failover.

Parameters

string $property

Return Value

bool

mixed __get(string $property)

Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using ViewableData::getField(), then fall back on a failover object.

Parameters

string $property

Return Value

mixed

__set(string $property, mixed $value)

Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the ViewableData::setField() method.

Parameters

string $property
mixed $value

setFailover(ViewableData $failover)

Set a failover object to attempt to get data from if it is not present on this object.

Parameters

ViewableData $failover

ViewableData|null getFailover()

Get the current failover object if set

Return Value

ViewableData|null

bool hasField(string $field)

Check if a field exists on this object. This should be overloaded in child classes.

Parameters

string $field

Return Value

bool

mixed getField(string $field)

Get the value of a field on this object. This should be overloaded in child classes.

Parameters

string $field

Return Value

mixed

setField(string $field, mixed $value)

Set a field on this object. This should be overloaded in child classes.

Parameters

string $field
mixed $value

unknown deprecatedCachedCall($method, $args = null, string $identifier = null)

Method to facilitate deprecation of underscore-prefixed methods automatically being cached.

Parameters

$method
$args
string $identifier

an optional custom cache identifier

Return Value

unknown

ViewableData_Customised customise(array|ViewableData $data)

Merge some arbitrary data in with this object. This method returns a ViewableData_Customised instance with references to both this and the new custom data.

Note that any fields you specify will take precedence over the fields on this object.

Parameters

array|ViewableData $data

Return Value

ViewableData_Customised

ViewableData getCustomisedObj()

No description

Return Value

ViewableData

setCustomisedObj(ViewableData $object)

No description

Parameters

ViewableData $object

array castingHelperPair(string $field)

Get the class a field on this object would be casted to, as well as the casting helper for casting a field to an object (see ViewableData::castingHelper() for information on casting helpers).

The returned array contains two keys:

  • className: the class the field would be casted to (e.g. "Varchar")
  • castingHelper: the casting helper for casting the field (e.g. "return new Varchar($fieldName)")

Parameters

string $field

Return Value

array

string castingHelper(string $field)

Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object.

Parameters

string $field

Return Value

string

string castingClass(string $field)

Get the class name a field on this object will be casted to

Parameters

string $field

Return Value

string

string escapeTypeForField(string $field)

Return the string-format type for the given field.

Parameters

string $field

Return Value

string 'xml'|'raw'

buildCastingCache(reference $cache)

Save the casting cache for this object (including data from any failovers) into a variable

Parameters

reference $cache

HTMLText renderWith(string|array|SSViewer $template, array $customFields = null)

Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter:

  • a template name (e.g. Page)
  • an array of possible template names - the first valid one will be used
  • an SSViewer instance

Parameters

string|array|SSViewer $template

the template to render into

array $customFields

fields to customise() the object with before rendering

Return Value

HTMLText

protected objCacheName(string $fieldName, array $arguments)

Generate the cache name for a field

Parameters

string $fieldName

Name of field

array $arguments

List of optional arguments given

protected mixed objCacheGet(string $key)

Get a cached value from the field cache

Parameters

string $key

Cache key

Return Value

mixed

protected objCacheSet(string $key, mixed $value)

Store a value in the field cache

Parameters

string $key

Cache key

mixed $value

obj(string $fieldName, array $arguments = null, bool $forceReturnedObject = true, bool $cache = false, string $cacheName = null)

Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.

Parameters

string $fieldName
array $arguments
bool $forceReturnedObject

if TRUE, the value will ALWAYS be casted to an object before being returned, even if there is no explicit casting information

bool $cache

Cache this object

string $cacheName

a custom cache name

cachedCall(string $field, array $arguments = null, string $identifier = null)

A simple wrapper around ViewableData::obj() that automatically caches the result so it can be used again without re-running the method.

Parameters

string $field
array $arguments
string $identifier

an optional custom cache identifier

bool hasValue(string $field, array $arguments = null, bool $cache = true)

Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.

Parameters

string $field
array $arguments
bool $cache

Return Value

bool

XML_val($field, $arguments = null, $cache = false)

Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.

Parameters

$field
$arguments
$cache

RAW_val($field, $arguments = null, $cache = true)

Return the value of the field without any escaping being applied.

Parameters

$field
$arguments
$cache

SQL_val($field, $arguments = null, $cache = true)

Return the value of a field in an SQL-safe format.

Parameters

$field
$arguments
$cache

JS_val($field, $arguments = null, $cache = true)

Return the value of a field in a JavaScript-save format.

Parameters

$field
$arguments
$cache

ATT_val($field, $arguments = null, $cache = true)

Return the value of a field escaped suitable to be inserted into an XML node attribute.

Parameters

$field
$arguments
$cache

array getXMLValues($fields)

Get an array of XML-escaped values by field name

Parameters

$fields

Return Value

array

ArrayIterator getIterator()

Return a single-item iterator so you can iterate over the fields of a single record.

This is useful so you can use a single record inside a <% control %> block in a template - and then use to access individual fields on this object.

Return Value

ArrayIterator

ViewableData Me()

When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.

Return Value

ViewableData

string ThemeDir(string $subtheme = false)

Return the directory if the current active theme (relative to the site root).

This method is useful for things such as accessing theme images from your template without hardcoding the theme page - e.g. .

This method should only be used when a theme is currently active. However, it will fall over to the current project directory.

Parameters

string $subtheme

the subtheme path to get

Return Value

string

string CSSClasses(string $stopAtClass = 'ViewableData')

Get part of the current classes ancestry to be used as a CSS class.

This method returns an escaped string of CSS classes representing the current classes ancestry until it hits a stop point - e.g. "Page DataObject ViewableData".

Parameters

string $stopAtClass

the class to stop at (default: ViewableData)

Return Value

string

ViewableData_Debugger Debug()

Return debug information about this object that can be rendered into a template

Return Value

ViewableData_Debugger

setDataModel($model)

Set the DataModel for this request.

Parameters

$model

SS_HTTPResponse|RequestHandler|string|array handleRequest(SS_HTTPRequest $request, DataModel $model)

Executes this controller, and return an SS_HTTPResponse object with the result.

This method first does a few set-up activities:

  • Push this controller ont to the controller stack - see Controller::curr() for information about this.
  • Call init()
  • Defer to RequestHandler->handleRequest() to determine which action should be executed

Note: $requestParams['executeForm'] support was removed, make the following change in your URLs: "/?executeForm=FooBar" -> "/FooBar" Also make sure "FooBar" is in the $allowed_actions of your controller class.

Note: You should rarely need to overload run() - this kind of change is only really appropriate for things like nested controllers - ModelAsController} and {@link RootURLController are two examples here. If you want to make more orthodox functionality, it's better to overload init()} or {@link index().

Important: If you are going to overload handleRequest, make sure that you start the method with $this->pushCurrent() and end the method with $this->popCurrent(). Failure to do this will create weird session errors.

Parameters

SS_HTTPRequest $request

The SS_HTTPRequest object that is reponsible for distributing URL parsing

DataModel $model

Return Value

SS_HTTPResponse|RequestHandler|string|array

protected findAction($request)

No description

Parameters

$request

protected SS_HTTPResponse handleAction($request, $action)

Controller's default action handler. It will call the method named in $Action, if that method exists.

If $Action isn't given, it will use "index" as a default.

Parameters

$request
$action

Return Value

SS_HTTPResponse

array|null allowedActions(string $limitToClass = null)

Get a array of allowed actions defined on this controller, any parent classes or extensions.

Caution: Since 3.1, allowed_actions definitions only apply to methods on the controller they're defined on, so it is recommended to use the $class argument when invoking this method.

Parameters

string $limitToClass

Return Value

array|null

bool hasAction(string $action)

Checks if this request handler has a specific action, even if the current user cannot access it.

Includes class ancestry and extensions in the checks.

Parameters

string $action

Return Value

bool

protected definingClassForAction($action)

Return the class that defines the given action, so that we know where to check allowed_actions.

Overrides RequestHandler to also look at defined templates

Parameters

$action

checkAccessAction($action)

Check that the given action is allowed to be called from a URL.

It will interrogate self::$allowed_actions to determine this.

Parameters

$action

httpError(int $errorCode, string $errorMessage = null)

Throws a HTTP error response encased in a SS_HTTPResponse_Exception, which is later caught in RequestHandler::handleAction() and returned to the user.

Parameters

int $errorCode
string $errorMessage

Plaintext error message

SS_HTTPRequest|NullHTTPRequest getRequest()

Returns the SS_HTTPRequest object that this controller is using.

Returns a placeholder NullHTTPRequest object unless handleAction()} or {@link handleRequest() have been called, which adds a reference to an actual SS_HTTPRequest object.

setRequest($request)

Typically the request is set through handleAction() or handleRequest(), but in some based we want to set it manually.

Parameters

$request

Get a link to a security action

Parameters

string $action

Name of the action

Return Value

string

init()

Initialisation function that is run before any action on the controller is called.

setURLParams($urlParams)

No description

Parameters

$urlParams

array getURLParams()

No description

Return Value

array

The parameters extracted from the URL by the Director.

getResponse()

Returns the SS_HTTPResponse object that this controller is building up.

Can be used to set the status code and headers

Controller setResponse(SS_HTTPResponse $response)

Sets the SS_HTTPResponse object that this controller is building up.

Parameters

SS_HTTPResponse $response

Return Value

Controller

getFormOwner()

Return the object that is going to own a form that's being processed, and handle its execution.

Note that the result needn't be an actual controller object.

defaultAction($action)

This is the default action handler used if a method doesn't exist.

It will process the controller object with the template returned by getViewer()

Parameters

$action

getAction()

Returns the action that is being executed on this controller.

SSViewer getViewer($action)

Return an SSViewer object to process the data

Parameters

$action

Return Value

SSViewer

The viewer identified being the default handler for this Controller/Action combination

static string removeAction($fullURL, $action = null)

Removes all the "action" part of the current URL and returns the result.

If no action parameter is present, returns the full URL

Parameters

$fullURL
$action

Return Value

string

bool hasActionTemplate(string $action)

Returns TRUE if this controller has a template that is specifically designed to handle a specific action.

Parameters

string $action

Return Value

bool

string render(array $params = null)

Render the current controller with the templates determined by getViewer().

Parameters

array $params

Key-value array for custom template variables (Optional)

Return Value

string

Parsed template content

disableBasicAuth()

Call this to disable site-wide basic authentication for a specific contoller.

This must be called before Controller::init(). That is, you must call it in your controller's init method before it calls parent::init().

static Controller curr()

Returns the current controller

Return Value

Controller

static bool has_curr()

Tests whether we have a currently active controller or not

Return Value

bool

True if there is at least 1 controller in the stack.

bool can($perm, $member = null)

Returns true if the member is allowed to do the given action.

Parameters

$perm
$member

Return Value

bool

pushCurrent()

Pushes this controller onto the stack of current controllers.

This means that any redirection, session setting, or other things that rely on Controller::curr() will now write to this controller object.

popCurrent()

Pop this controller off the top of the stack.

SS_HTTPResponse redirect($url, $code = 302)

Redirect to the given URL.

Parameters

$url
$code

Return Value

SS_HTTPResponse

redirectBack()

Redirect back. Uses either the HTTP_REFERER or a manually set request-variable called "BackURL".

This variable is needed in scenarios where not HTTP-Referer is sent ( e.g when calling a page by location.href in IE). If none of the two variables is available, it will redirect to the base URL (see Director::baseURL()).

string redirectedTo()

Tests whether a redirection has been requested.

Return Value

string

If redirect() has been called, it will return the URL redirected to. Otherwise, it will return null;

Session getSession()

Get the Session object representing this Controller's session

Return Value

Session

setSession(Session $session)

Set the Session object.

Parameters

Session $session

Joins two or more link segments together, putting a slash between them if necessary.

Use this for building the results of Link() methods. If either of the links have query strings, then they will be combined and put at the end of the resulting url.

Caution: All parameters are expected to be URI-encoded already.

Return Value

string

static array get_template_global_variables()

Defines global accessible templates variables.

Return Value

array

Returns an array of items. Each key => value pair is one of three forms:

  • template name (no key)
  • template name => method name
  • template name => array(), where the array can contain these key => value pairs
    • "method" => method name
    • "casting" => casting class to use (i.e., Varchar, HTMLText, etc)

static get_word_list() deprecated

deprecated 4.0 Use the "Security.word_list" config setting instead

Get location of word list file

static set_word_list(string $wordListFile) deprecated

deprecated 4.0 Use the "Security.word_list" config setting instead

Set location of word list file

Parameters

string $wordListFile

Location of word list file

static set_default_message_set(string|array $messageSet) deprecated

deprecated 4.0 Use the "Security.default_message_set" config setting instead

Set the default message set used in permissions failures.

Parameters

string|array $messageSet

static SS_HTTPResponse permissionFailure(Controller $controller = null, string|array $messageSet = null)

Register that we've had a permission failure trying to view the given page

This will redirect to a login page. If you don't provide a messageSet, a default will be used.

Parameters

Controller $controller

The controller that you were on to cause the permission failure.

string|array $messageSet

The message to show to the user. This can be a string, or a map of different messages for different contexts. If you pass an array, you can use the following keys:

  • default: The default message
  • alreadyLoggedIn: The message to show if the user is already logged in and lacks the permission to access the item.

The alreadyLoggedIn value can contain a '%s' placeholder that will be replaced with a link to log in.

Return Value

SS_HTTPResponse

index()

No description

protected string getAuthenticator()

Get the selected authenticator for this request

Return Value

string

Class name of Authenticator

Form LoginForm()

Get the login form to process according to the submitted data

Return Value

Form

array GetLoginForms()

Get the login forms for all available authentication methods

Check how to activate/deactivate authentication methods

Return Value

array

Returns an array of available login forms (array of Form objects).

ping()

This action is available as a keep alive, so user sessions don't timeout. A common use is in the admin.

logout(bool $redirect = true)

Log the currently logged in user out

Parameters

bool $redirect

Redirect the user back to where they came.

  • If it's false, the code calling logout() is responsible for sending the user where-ever they should go.

protected SS_HTTPResponse preLogin()

Perform pre-login checking and prepare a response if available prior to login

Return Value

SS_HTTPResponse

Substitute response object if the login process should be curcumvented. Returns null if should proceed as normal.

protected Controller getResponseController(string $title)

Prepare the controller for handling the response to this request

Parameters

string $title

Title to use

Return Value

Controller

array getTemplatesFor(string $action)

Determine the list of templates to use for rendering the given action

Parameters

string $action

Return Value

array

Template list

protected string generateLoginFormSet(array $forms)

Combine the given forms into a formset with a tabbed interface

Parameters

array $forms

List of LoginForm instances

Return Value

string

protected string getLoginMessage(string $messageType = null)

Get the HTML Content for the $Content area during login

Parameters

string $messageType

Type of message, if available, passed back to caller

Return Value

string

Message in HTML format

string|SS_HTTPResponse login()

Show the "login" page

For multiple authenticators, Security_MultiAuthenticatorLogin is used. See getTemplatesFor and getIncludeTemplate for how to override template logic

Return Value

string|SS_HTTPResponse

Returns the "login" page as HTML code.

basicauthlogin()

No description

string lostpassword()

Show the "lost password" page

Return Value

string

Returns the "lost password" page as HTML code.

Form LostPasswordForm()

Factory method for the lost password form

Return Value

Form

Returns the lost password form

string passwordsent(SS_HTTPRequest $request)

Show the "password sent" page, after a user has requested to reset their password.

Parameters

SS_HTTPRequest $request

The SS_HTTPRequest for this action.

Return Value

string

Returns the "password sent" page as HTML code.

Create a link to the password reset form.

GET parameters used:

  • m: member ID
  • t: plaintext token

Parameters

Member $member

Member object associated with this link.

$autologinToken

string changepassword()

Show the "change password" page.

This page can either be called directly by logged-in users (in which case they need to provide their old password), or through a link emailed through lostpassword(). In this case no old password is required, authentication is ensured through the Member.AutoLoginHash property.

Return Value

string

Returns the "change password" page as HTML code.

See also

ChangePasswordForm

Form ChangePasswordForm()

Factory method for the lost password form

Return Value

Form

Returns the lost password form

string|array getIncludeTemplate($name)

Gets the template for an include used for security.

For use in any subclass.

Parameters

$name

Return Value

string|array

Returns the template(s) for rendering

static Member findAnAdministrator()

Return an existing member with administrator privileges, or create one of necessary.

Will create a default 'Administrators' group if no group is found with an ADMIN permission. Will create a new 'Admin' member with administrative permissions if no existing Member with these permissions is found.

Important: Any newly created administrator accounts will NOT have valid login credentials (Email/Password properties), which means they can't be used for login purposes outside of any default credentials set through Security::setDefaultAdmin().

Return Value

Member

static clear_default_admin()

Flush the default admin credentials

static setDefaultAdmin(string $username, string $password)

Set a default admin in dev-mode

This will set a static default-admin which is not existing as a database-record. By this workaround we can test pages in dev-mode with a unified login. Submitted login-credentials are first checked against this static information in Security::authenticate().

Parameters

string $username

The user name

string $password

The password (in cleartext)

static bool check_default_admin(string $username, string $password)

Checks if the passed credentials are matching the default-admin.

Compares cleartext-password set through Security::setDefaultAdmin().

Parameters

string $username
string $password

Return Value

bool

static has_default_admin()

Check that the default admin account has been set.

static string default_admin_username()

Get default admin username

Return Value

string

static string default_admin_password()

Get default admin password

Return Value

string

static setStrictPathChecking(bool $strictPathChecking) deprecated

deprecated 4.0 Use the "Security.strict_path_checking" config setting instead

Set strict path checking

This prevents sharing of the session across several sites in the domain.

Parameters

bool $strictPathChecking

To enable or disable strict patch checking.

static bool getStrictPathChecking() deprecated

deprecated 4.0 Use the "Security.strict_path_checking" config setting instead

Get strict path checking

Return Value

bool

Status of strict path checking

static bool set_password_encryption_algorithm(string $algorithm) deprecated

deprecated 4.0 Use the "Security.password_encryption_algorithm" config setting instead

Set the password encryption algorithm

Parameters

string $algorithm

One of the available password encryption algorithms determined by Security::get_encryption_algorithms()

Return Value

bool

Returns TRUE if the passed algorithm was valid, otherwise FALSE.

static string get_password_encryption_algorithm() deprecated

deprecated 4.0 Use the "Security.password_encryption_algorithm" config setting instead

No description

Return Value

string

static mixed encrypt_password(string $password, string $salt = null, string $algorithm = null, Member $member = null)

Encrypt a password according to the current password encryption settings.

If the settings are so that passwords shouldn't be encrypted, the result is simple the clear text password with an empty salt except when a custom algorithm ($algorithm parameter) was passed.

Parameters

string $password

The password to encrypt

string $salt

Optional: The salt to use. If it is not passed, but needed, the method will automatically create a random salt that will then be returned as return value.

string $algorithm

Optional: Use another algorithm to encrypt the password (so that the encryption algorithm can be changed over the time).

Member $member Optional

Return Value

mixed

Returns an associative array containing the encrypted password and the used salt in the form:

    array(
    'password' => string,
    'salt' => string,
    'algorithm' => string,
    'encryptor' => PasswordEncryptor instance
    )

If the passed algorithm is invalid, FALSE will be returned.

See also

encrypt_passwords()

static bool database_is_ready()

Checks the database is in a state to perform security checks.

See DatabaseAdmin->init() for more information.

Return Value

bool

static set_login_recording(bool $bool) deprecated

deprecated 4.0 Use the "Security.login_recording" config setting instead

Enable or disable recording of login attempts through the LoginRecord object.

Parameters

bool $bool

static bool login_recording() deprecated

deprecated 4.0 Use the "Security.login_recording" config setting instead

No description

Return Value

bool

static set_default_login_dest($dest) deprecated

deprecated 4.0 Use the "Security.default_login_dest" config setting instead

No description

Parameters

$dest

static default_login_dest() deprecated

deprecated 4.0 Use the "Security.default_login_dest" config setting instead

Get the default login dest.

static set_ignore_disallowed_actions($flag)

Set to true to ignore access to disallowed actions, rather than returning permission failure Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()

Parameters

$flag

True or false

static ignore_disallowed_actions()

No description

static set_login_url($loginUrl) deprecated

deprecated 4.0 Use the "Security.login_url" config setting instead.

Set a custom log-in URL if you have built your own log-in page.

Parameters

$loginUrl

static string login_url()

Get the URL of the log-in page.

To update the login url use the "Security.login_url" config setting.

Return Value

string

static string logout_url()

Get the URL of the logout page.

To update the logout url use the "Security.logout_url" config setting.

Return Value

string

static string lost_password_url()

Get the URL of the logout page.

To update the logout url use the "Security.logout_url" config setting.

Return Value

string