SecurityService
- Type
- Class
- Namespace
- Craft
- Inherits
- Craft\SecurityService » CSecurityManager (opens new window) » CApplicationComponent (opens new window) » CComponent (opens new window)
- Implements
IApplicationComponent- Since
- 1.0
Class SecurityService
See also http://craftcms.com
View source (opens new window)
# Public Properties
| Property | Description |
|---|---|
| $behaviors (opens new window) | array (opens new window) – The behaviors that should be attached to this component. |
| $cryptAlgorithm (opens new window) | mixed – The name of the crypt algorithm to be used by {@link encrypt} and {@link decrypt}. |
| $hashAlgorithm (opens new window) | string (opens new window) – The name of the hashing algorithm to be used by {@link computeHMAC}. |
| $validateEncryptionKey (opens new window) | boolean (opens new window) – If encryption key should be validated |
# Protected Properties
| Property | Description |
|---|---|
| $encryptionKeyMinimumLengths (opens new window) | array (opens new window) – Known minimum lengths per encryption algorithm |
# Public Methods
| Method | Description |
|---|---|
| __call() (opens new window) | Calls the named method which is not a class method. |
| __get() (opens new window) | Returns a property value, an event handler list or a behavior based on its name. |
| __isset() (opens new window) | Checks if a property value is null. |
| __set() (opens new window) | Sets value of a component property. |
| __unset() (opens new window) | Sets a component property to be null. |
| asa() (opens new window) | Returns the named behavior object. |
| attachBehavior() (opens new window) | Attaches a behavior to this component. |
| attachBehaviors() (opens new window) | Attaches a list of behaviors to the component. |
| attachEventHandler() (opens new window) | Attaches an event handler to an event. |
| canGetProperty() (opens new window) | Determines whether a property can be read. |
| canSetProperty() (opens new window) | Determines whether a property can be set. |
| checkPassword() | Validates a blowfish hash against a given string for sameness. |
| compareString() (opens new window) | Performs string comparison using timing attack resistant approach. |
| computeHMAC() (opens new window) | Computes the HMAC for the data with {@link getValidationKey validationKey}. This method has been made public since 1.1.14. |
| decrypt() (opens new window) | Decrypts data |
| detachBehavior() (opens new window) | Detaches a behavior from the component. |
| detachBehaviors() (opens new window) | Detaches all behaviors from the component. |
| detachEventHandler() (opens new window) | Detaches an existing event handler. |
| disableBehavior() (opens new window) | Disables an attached behavior. |
| disableBehaviors() (opens new window) | Disables all behaviors attached to this component. |
| enableBehavior() (opens new window) | Enables an attached behavior. |
| enableBehaviors() (opens new window) | Enables all behaviors attached to this component. |
| encrypt() (opens new window) | Encrypts data. |
| evaluateExpression() (opens new window) | Evaluates a PHP expression or callback under the context of this component. |
| generatePseudoRandomBlock() (opens new window) | Generate a pseudo random block of data using several sources. On some systems this may be a bit better than PHP's {@link mt_rand} built-in function, which is not really random. |
| generateRandomBytes() (opens new window) | Generates a string of random bytes. |
| generateRandomString() (opens new window) | Generate a random ASCII string. Generates only [0-9a-zA-z_~] characters which are all transparent in raw URL encoding. |
| generateSessionRandomBlock() (opens new window) | Get random bytes from the system entropy source via PHP session manager. |
| getEncryptionKey() (opens new window) | |
| getEventHandlers() (opens new window) | Returns the list of attached event handlers for an event. |
| getIsInitialized() (opens new window) | Checks if this application component has been initialized. |
| getMinimumPasswordLength() | |
| getValidation() (opens new window) | This method has been deprecated since version 1.1.3. |
| getValidationKey() (opens new window) | |
| hasEvent() (opens new window) | Determines whether an event is defined. |
| hasEventHandler() (opens new window) | Checks whether the named event has attached handlers. |
| hasProperty() (opens new window) | Determines whether a property is defined. |
| hashData() (opens new window) | Prefixes data with an HMAC. |
| hashPassword() | Hashes a given password with the blowfish encryption algorithm. |
| init() | |
| legacyDecrypt() (opens new window) | Decrypts legacy ciphertext which was produced by the old, broken implementation of encrypt(). |
| maskToken() (opens new window) | Masks a token to make it uncompressible. |
| raiseEvent() (opens new window) | Raises an event. |
| setEncryptionKey() (opens new window) | |
| setValidation() (opens new window) | This method has been deprecated since version 1.1.3. |
| setValidationKey() (opens new window) | |
| unmaskToken() (opens new window) | Unmasks a token previously masked by maskToken. |
| validateData() (opens new window) | Validates if data is tampered. |
# checkPassword()
Validates a blowfish hash against a given string for sameness.
View source (opens new window)
Arguments
$string(string (opens new window))$storedHash(string (opens new window))
Returns
Signature
public boolean checkPassword ( $string, $storedHash )
# getMinimumPasswordLength()
Signature
public integer getMinimumPasswordLength ( )
# hashPassword()
Hashes a given password with the blowfish encryption algorithm.
View source (opens new window)
Arguments
$string(string (opens new window)) – The string to hash$validateHash(boolean (opens new window)) – If you want to validate the just generated hash. Will throw an exception if validation fails.
Returns
string (opens new window) – The hash.
Throws
Signature
public string hashPassword ( $string, $validateHash = false )
# init()
Signature
public null init ( )
# Protected Methods
| Method | Description |
|---|---|
| generateRandomKey() (opens new window) | |
| openCryptModule() (opens new window) | Opens the mcrypt module with the configuration specified in {@link cryptAlgorithm}. |
| validateEncryptionKey() (opens new window) | Checks if a key is valid for {@link cryptAlgorithm}. |
# Constants
| Constant | Description |
|---|---|
STATE_ENCRYPTION_KEY | |
STATE_VALIDATION_KEY |