SecurityService

Type
Class
Namespace
Craft
Inherits
Craft\SecurityService » CSecurityManager (opens new window) » CApplicationComponent (opens new window) » CComponent (opens new window)
Implements
IApplicationComponent
Since
1.0

Class SecurityService

See also http://craftcms.com

View source (opens new window)

# Public Properties

Property Description
$behaviors (opens new window) array (opens new window) – The behaviors that should be attached to this component.
$cryptAlgorithm (opens new window) mixed – The name of the crypt algorithm to be used by {@link encrypt} and {@link decrypt}.
$hashAlgorithm (opens new window) string (opens new window) – The name of the hashing algorithm to be used by {@link computeHMAC}.
$validateEncryptionKey (opens new window) boolean (opens new window) – If encryption key should be validated

# Protected Properties

Property Description
$encryptionKeyMinimumLengths (opens new window) array (opens new window) – Known minimum lengths per encryption algorithm

# Public Methods

Method Description
__call() (opens new window) Calls the named method which is not a class method.
__get() (opens new window) Returns a property value, an event handler list or a behavior based on its name.
__isset() (opens new window) Checks if a property value is null.
__set() (opens new window) Sets value of a component property.
__unset() (opens new window) Sets a component property to be null.
asa() (opens new window) Returns the named behavior object.
attachBehavior() (opens new window) Attaches a behavior to this component.
attachBehaviors() (opens new window) Attaches a list of behaviors to the component.
attachEventHandler() (opens new window) Attaches an event handler to an event.
canGetProperty() (opens new window) Determines whether a property can be read.
canSetProperty() (opens new window) Determines whether a property can be set.
checkPassword() Validates a blowfish hash against a given string for sameness.
compareString() (opens new window) Performs string comparison using timing attack resistant approach.
computeHMAC() (opens new window) Computes the HMAC for the data with {@link getValidationKey validationKey}. This method has been made public since 1.1.14.
decrypt() (opens new window) Decrypts data
detachBehavior() (opens new window) Detaches a behavior from the component.
detachBehaviors() (opens new window) Detaches all behaviors from the component.
detachEventHandler() (opens new window) Detaches an existing event handler.
disableBehavior() (opens new window) Disables an attached behavior.
disableBehaviors() (opens new window) Disables all behaviors attached to this component.
enableBehavior() (opens new window) Enables an attached behavior.
enableBehaviors() (opens new window) Enables all behaviors attached to this component.
encrypt() (opens new window) Encrypts data.
evaluateExpression() (opens new window) Evaluates a PHP expression or callback under the context of this component.
generatePseudoRandomBlock() (opens new window) Generate a pseudo random block of data using several sources. On some systems this may be a bit better than PHP's {@link mt_rand} built-in function, which is not really random.
generateRandomBytes() (opens new window) Generates a string of random bytes.
generateRandomString() (opens new window) Generate a random ASCII string. Generates only [0-9a-zA-z_~] characters which are all transparent in raw URL encoding.
generateSessionRandomBlock() (opens new window) Get random bytes from the system entropy source via PHP session manager.
getEncryptionKey() (opens new window)
getEventHandlers() (opens new window) Returns the list of attached event handlers for an event.
getIsInitialized() (opens new window) Checks if this application component has been initialized.
getMinimumPasswordLength()
getValidation() (opens new window) This method has been deprecated since version 1.1.3.
getValidationKey() (opens new window)
hasEvent() (opens new window) Determines whether an event is defined.
hasEventHandler() (opens new window) Checks whether the named event has attached handlers.
hasProperty() (opens new window) Determines whether a property is defined.
hashData() (opens new window) Prefixes data with an HMAC.
hashPassword() Hashes a given password with the blowfish encryption algorithm.
init()
legacyDecrypt() (opens new window) Decrypts legacy ciphertext which was produced by the old, broken implementation of encrypt().
maskToken() (opens new window) Masks a token to make it uncompressible.
raiseEvent() (opens new window) Raises an event.
setEncryptionKey() (opens new window)
setValidation() (opens new window) This method has been deprecated since version 1.1.3.
setValidationKey() (opens new window)
unmaskToken() (opens new window) Unmasks a token previously masked by maskToken.
validateData() (opens new window) Validates if data is tampered.

# checkPassword()

Validates a blowfish hash against a given string for sameness.

View source (opens new window)

Arguments

Returns

boolean (opens new window)

Signature

public boolean checkPassword ( $string, $storedHash )

# getMinimumPasswordLength()

Signature

public integer getMinimumPasswordLength ( )

# hashPassword()

Hashes a given password with the blowfish encryption algorithm.

View source (opens new window)

Arguments

Returns

string (opens new window) – The hash.

Throws

Signature

public string hashPassword ( $string, $validateHash = false )

# init()

Signature

public null init ( )

# Protected Methods

Method Description
generateRandomKey() (opens new window)
openCryptModule() (opens new window) Opens the mcrypt module with the configuration specified in {@link cryptAlgorithm}.
validateEncryptionKey() (opens new window) Checks if a key is valid for {@link cryptAlgorithm}.

# Constants

Constant Description
STATE_ENCRYPTION_KEY
STATE_VALIDATION_KEY