||Abstract base class for an authentication method
||Provides an interface to HTTP basic authentication.
||Standard Change Password Form
||Provides the in-cms session re-authentication form for the "member"
||Provides a security interface functionality within the cms
||A security group.
||Record all login attempts through the
LoginForm object. This behaviour
is disabled by default.
||Abstract base class for a login form
||The member class which represents the users of the system
||Class used as template to send an email saying that the password has been
||Class used as template to send the forgot password email
||Represents a set of Groups attached to a member. Handles the hierarchy logic.
||Authenticator for the default "member" method
||Imports member records, and checks/updates duplicates based on their 'Email'
||Log-in form for the "member" authentication method.
||Keep track of users' previous passwords, so that we can check that new passwords
aren't changed back to old ones.
||Specialized subclass for disabled security tokens - always returns TRUE for
token checks. Use through
||Allows pluggable password encryption. By default, this might be PHP's integrated
sha1() function, but could also be more sophisticated to facilitate password
migrations from other systems. Use register() to add new
||Blowfish encryption - this is the default from SilverStripe 3. PHP 5.3+ will
provide a php implementation if there is no system version available.
||Legacy implementation for SilverStripe 2.1 - 2.3, which had a design flaw in
password hashing that caused the hashes to differ between architectures due to
floating point precision problems in base_convert(). See http://open.silverstripe.org/ticket/3004
||Uses MySQL's OLD_PASSWORD encyrption. Requires an active DB connection.
||Uses MySQL's PASSWORD encryption. Requires an active DB connection.
||Cleartext passwords (used in SilverStripe 2.1). Also used when
Security::$encryptPasswords is set to FALSE. Not recommended.
||Encryption using built-in hash types in PHP. Please note that the implemented
algorithms depend on the PHP distribution and architecture.
||This class represents a validator for member passwords.
||Represents a permission assigned to a group.
||Shows a categorized list of available permissions (through
Permission::get_codes()). Permissions which are assigned to a given
Group record (either directly, inherited from parent groups, or through a
PermissionRole) will be checked automatically. All checkboxes for
"inherited" permissions will be readonly.
||Readonly version of a
PermissionCheckboxSetField - uses the same
structure, but has all checkboxes disabled.
||A PermissionRole represents a collection of permission codes that can be applied
||A PermissionRoleCode represents a single permission code assigned to a
||Generates entropy values based on strongest available methods
(mcrypt_create_iv(), openssl_random_pseudo_bytes(), /dev/urandom,
COM.CAPICOM.Utilities.1, mt_rand()). Chosen method depends on operating system
and PHP version.
||Implements a basic security model
||Cross Site Request Forgery (CSRF) protection for the
Form class and
other GET links. Can be used globally (through
on a form-by-form basis Form->getSecurityToken().