SecurityService

Type
Class
Namespace
Craft
Inherits
Craft\SecurityService » CSecurityManager » CApplicationComponent » CComponent
Implements
IApplicationComponent
Since
1.0

Class SecurityService

See also http://craftcms.com

View source

Public Properties

PropertyDescription
$behaviorsarray – The behaviors that should be attached to this component.
$cryptAlgorithmmixed – The name of the crypt algorithm to be used by {@link encrypt} and {@link decrypt}.
$hashAlgorithmstring – The name of the hashing algorithm to be used by {@link computeHMAC}.
$validateEncryptionKeyboolean – If encryption key should be validated

Protected Properties

PropertyDescription
$encryptionKeyMinimumLengthsarray – Known minimum lengths per encryption algorithm

Public Methods

MethodDescription
__call()Calls the named method which is not a class method.
__get()Returns a property value, an event handler list or a behavior based on its name.
__isset()Checks if a property value is null.
__set()Sets value of a component property.
__unset()Sets a component property to be null.
asa()Returns the named behavior object.
attachBehavior()Attaches a behavior to this component.
attachBehaviors()Attaches a list of behaviors to the component.
attachEventHandler()Attaches an event handler to an event.
canGetProperty()Determines whether a property can be read.
canSetProperty()Determines whether a property can be set.
checkPassword()Validates a blowfish hash against a given string for sameness.
compareString()Performs string comparison using timing attack resistant approach.
computeHMAC()Computes the HMAC for the data with {@link getValidationKey validationKey}. This method has been made public since 1.1.14.
decrypt()Decrypts data
detachBehavior()Detaches a behavior from the component.
detachBehaviors()Detaches all behaviors from the component.
detachEventHandler()Detaches an existing event handler.
disableBehavior()Disables an attached behavior.
disableBehaviors()Disables all behaviors attached to this component.
enableBehavior()Enables an attached behavior.
enableBehaviors()Enables all behaviors attached to this component.
encrypt()Encrypts data.
evaluateExpression()Evaluates a PHP expression or callback under the context of this component.
generatePseudoRandomBlock()Generate a pseudo random block of data using several sources. On some systems this may be a bit better than PHP's {@link mt_rand} built-in function, which is not really random.
generateRandomBytes()Generates a string of random bytes.
generateRandomString()Generate a random ASCII string. Generates only [0-9a-zA-z_~] characters which are all transparent in raw URL encoding.
generateSessionRandomBlock()Get random bytes from the system entropy source via PHP session manager.
getEncryptionKey()
getEventHandlers()Returns the list of attached event handlers for an event.
getIsInitialized()Checks if this application component has been initialized.
getMinimumPasswordLength()
getValidation()This method has been deprecated since version 1.1.3.
getValidationKey()
hasEvent()Determines whether an event is defined.
hasEventHandler()Checks whether the named event has attached handlers.
hasProperty()Determines whether a property is defined.
hashData()Prefixes data with an HMAC.
hashPassword()Hashes a given password with the blowfish encryption algorithm.
init()
legacyDecrypt()Decrypts legacy ciphertext which was produced by the old, broken implementation of encrypt().
maskToken()Masks a token to make it uncompressible.
raiseEvent()Raises an event.
setEncryptionKey()
setValidation()This method has been deprecated since version 1.1.3.
setValidationKey()
unmaskToken()Unmasks a token previously masked by maskToken.
validateData()Validates if data is tampered.

checkPassword()

Validates a blowfish hash against a given string for sameness.

View source

Arguments

Returns

boolean

Signature

public boolean checkPassword ( $string, $storedHash )

getMinimumPasswordLength()

Signature

public integer getMinimumPasswordLength ( )

hashPassword()

Hashes a given password with the blowfish encryption algorithm.

View source

Arguments

  • $string (string) – The string to hash
  • $validateHash (boolean) – If you want to validate the just generated hash. Will throw an exception if validation fails.

Returns

string – The hash.

Throws

Signature

public string hashPassword ( $string, $validateHash = false )

init()

Signature

public null init ( )

Protected Methods

MethodDescription
generateRandomKey()
openCryptModule()Opens the mcrypt module with the configuration specified in {@link cryptAlgorithm}.
validateEncryptionKey()Checks if a key is valid for {@link cryptAlgorithm}.

Constants

ConstantDescription
STATE_ENCRYPTION_KEY
STATE_VALIDATION_KEY