||Abstract base class for an authentication method
||Provides an interface to HTTP basic authentication.
||Standard Change Password Form
||A security group.
||Record all login attempts through the
LoginForm object. This behaviour
is disabled by default.
||Abstract base class for a login form
||The member class which represents the users of the system
||Class used as template to send an email saying that the password has been
||Class used as template to send the forgot password email
||Represents a set of Groups attached to a member. Handles the hierarchy logic.
||Form for editing a member profile.
||Authenticator for the default "member" method
||Imports member records, and checks/updates duplicates based on their 'Email'
||Log-in form for the "member" authentication method
||Keep track of users' previous passwords, so that we can check that new passwords
aren't changed back to old ones.
||Specialized subclass for disabled security tokens - always returns TRUE for
token checks. Use through
||Allows pluggable password encryption. By default, this might be PHP's integrated
sha1() function, but could also be more sophisticated to facilitate password
migrations from other systems. Use
PasswordEncryptor::register() to add new
||Blowfish encryption - this is the default from SilverStripe 3. PHP 5.3+ will
provide a php implementation if there is no system version available.
||Legacy implementation for SilverStripe 2.1 - 2.3, which had a design flaw in
password hashing that caused the hashes to differ between architectures due to
floating point precision problems in base_convert(). See http://open.silverstripe.org/ticket/3004
||Uses MySQL's OLD_PASSWORD encyrption. Requires an active DB connection.
||Uses MySQL's PASSWORD encryption. Requires an active DB connection.
||Cleartext passwords (used in SilverStripe 2.1). Also used when
Security::$encryptPasswords is set to FALSE. Not recommended.
||Encryption using built-in hash types in PHP. Please note that the implemented
algorithms depend on the PHP distribution and architecture.
||This class represents a validator for member passwords.
||Represents a permission assigned to a group.
||Shows a categorized list of available permissions (through
Permission::get_codes()). Permissions which are assigned to a given
Group record (either directly, inherited from parent groups, or through a
PermissionRole) will be checked automatically. All checkboxes for
"inherited" permissions will be readonly.
||Readonly version of a
PermissionCheckboxSetField - uses the same
structure, but has all checkboxes disabled.
||A PermissionRole represents a collection of permission codes that can be applied
||A PermissionRoleCode represents a single permission code assigned to a
||Generates entropy values based on strongest available methods
(mcrypt_create_iv(), openssl_random_pseudo_bytes(), /dev/urandom,
COM.CAPICOM.Utilities.1, mt_rand()). Chosen method depends on operating system
and PHP version.
||Implements a basic security model
||Cross Site Request Forgery (CSRF) protection for the
Form class and
other GET links. Can be used globally (through
on a form-by-form basis Form->getSecurityToken().