SecurityComponent Class Reference

Inheritance diagram for SecurityComponent:

List of all members.

Public Member Functions
	_authRequired (&$controller)
	_callback (&$controller, $method, $params=array())
	_generateToken (&$controller)
	_loginRequired (&$controller)
	_methodsRequired (&$controller)
	_requireMethod ($method, $actions=array())
	_secureRequired (&$controller)
	_setLoginDefaults (&$options)
	_validatePost (&$controller)
	blackHole (&$controller, $error= '')
	generateDigestResponseHash ($data)
	loginCredentials ($type=null)
	loginRequest ($options=array())
	parseDigestAuthData ($digest)
	requireAuth ()
	requireDelete ()
	requireGet ()
	requireLogin ()
	requirePost ()
	requirePut ()
	requireSecure ()
	startup (&$controller)
Public Attributes
	$_action = null
	$allowedActions = array()
	$allowedControllers = array()
	$blackHoleCallback = null
	$components = array('RequestHandler', 'Session')
	$disabledFields = array()
	$loginOptions = array('type' => '', 'prompt' => null)
	$loginUsers = array()
	$requireAuth = array()
	$requireDelete = array()
	$requireGet = array()
	$requireLogin = array()
	$requirePost = array()
	$requirePut = array()
	$requireSecure = array()
	$validatePost = true

---

Detailed Description

Definition at line 35 of file security.php.

---

Member Function Documentation

SecurityComponent::_authRequired

(

&$

controller

)

Check if authentication is required

Parameters:

object

$controller Instantiating controller

Returns:

bool true if authentication required protected

Definition at line 460 of file security.php.

Referenced by startup().

SecurityComponent::_callback	(	&$	controller,
		$	method,
		$	params = array()
	)

Calls a controller callback method

Parameters:

	object	$controller Controller to run callback on
	string	$method Method to execute
	array	$params Parameters to send to method

Returns:

mixed Controller callback method's response protected

Definition at line 682 of file security.php.

SecurityComponent::_generateToken

(

&$

controller

)

Add authentication key for new form posts

Parameters:

object

$controller Instantiating controller

Returns:

bool Success protected

Definition at line 622 of file security.php.

Referenced by startup().

SecurityComponent::_loginRequired

(

&$

controller

)

Check if login is required

Parameters:

object

$controller Instantiating controller

Returns:

bool true if login is required protected

Definition at line 495 of file security.php.

Referenced by startup().

SecurityComponent::_methodsRequired

(

&$

controller

)

Check if HTTP methods are required

Parameters:

object

$controller Instantiating controller

Returns:

bool true if $method is required protected

Definition at line 415 of file security.php.

Referenced by startup().

SecurityComponent::_requireMethod	(	$	method,
		$	actions = array()
	)

Sets the actions that require a $method HTTP request, or empty for all actions

Parameters:

	string	$method The HTTP method to assign controller actions to
	array	$actions Controller actions to set the required HTTP method to.

Returns:

void protected

Definition at line 405 of file security.php.

Referenced by requireAuth(), requireDelete(), requireGet(), requireLogin(), requirePost(), requirePut(), and requireSecure().

SecurityComponent::_secureRequired

(

&$

controller

)

Check if access requires secure connection

Parameters:

object

$controller Instantiating controller

Returns:

bool true if secure connection required protected

Definition at line 439 of file security.php.

Referenced by startup().

SecurityComponent::_setLoginDefaults

(

&$

options

)

Sets the default login options for an HTTP-authenticated request

Parameters:

array

$options Default login options

Returns:

void protected

Definition at line 664 of file security.php.

Referenced by loginRequest().

SecurityComponent::_validatePost

(

&$

controller

)

Validate submitted form

Parameters:

object

$controller Instantiating controller

Returns:

bool true if submitted form is valid protected

Definition at line 542 of file security.php.

Referenced by startup().

SecurityComponent::blackHole	(	&$	controller,
		$	error = ''
	)

Black-hole an invalid request with a 404 error or custom callback. If SecurityComponent::$blackHoleCallback is specified, it will use this callback by executing the method indicated in $error

Parameters:

	object	$controller Instantiating controller
	string	$error Error method

Returns:

mixed If specified, controller blackHoleCallback's response, or no return otherwise public

See also:

SecurityComponent::$blackHoleCallback

Definition at line 383 of file security.php.

Referenced by startup().

SecurityComponent::generateDigestResponseHash

(

$

data

)

Generates a hash to be compared with an HTTP digest-authenticated response

Parameters:

array

$data HTTP digest response data, as parsed by SecurityComponent::parseDigestAuthData()

Returns:

string Digest authentication hash public

See also:

SecurityComponent::parseDigestAuthData()

Definition at line 366 of file security.php.

SecurityComponent::loginCredentials

(

$

type = null

)

Attempts to validate the login credentials for an HTTP-authenticated request

Parameters:

string

$type Either 'basic', 'digest', or null. If null/empty, will try both.

Returns:

mixed If successful, returns an array with login name and password, otherwise null. public

Definition at line 280 of file security.php.

References __(), env(), and parseDigestAuthData().

SecurityComponent::loginRequest

(

$

options = array()

)

Generates the text of an HTTP-authentication request header from an array of options.

Parameters:

array

$options Set of options for header

Returns:

string HTTP-authentication request header public

Definition at line 318 of file security.php.

References $out, and _setLoginDefaults().

SecurityComponent::parseDigestAuthData

(

$

digest

)

Parses an HTTP digest authentication response, and returns an array of the data, or null on failure.

Parameters:

string

$digest Digest authentication response

Returns:

array Digest authentication parameters public

Definition at line 339 of file security.php.

Referenced by loginCredentials().

SecurityComponent::requireAuth

(

)

Sets the actions that require an authenticated request, or empty for all actions

Returns:

void public

Definition at line 246 of file security.php.

References _requireMethod().

SecurityComponent::requireDelete

(

)

Sets the actions that require a DELETE request, or empty for all actions

Returns:

void public

Definition at line 226 of file security.php.

References _requireMethod().

SecurityComponent::requireGet

(

)

Sets the actions that require a GET request, or empty for all actions

Returns:

void public

Definition at line 206 of file security.php.

References _requireMethod().

SecurityComponent::requireLogin

(

)

Sets the actions that require an HTTP-authenticated request, or empty for all actions

Returns:

void public

Definition at line 256 of file security.php.

References _requireMethod().

SecurityComponent::requirePost

(

)

Sets the actions that require a POST request, or empty for all actions

Returns:

void public

Definition at line 196 of file security.php.

References _requireMethod().

SecurityComponent::requirePut

(

)

Sets the actions that require a PUT request, or empty for all actions

Returns:

void public

Definition at line 216 of file security.php.

References _requireMethod().

SecurityComponent::requireSecure

(

)

Sets the actions that require a request that is SSL-secured, or empty for all actions

Returns:

void public

Definition at line 236 of file security.php.

References _requireMethod().

SecurityComponent::startup

(

&$

controller

)

Component startup. All security checking happens here.

Parameters:

object

$controller Instantiating controller public

Definition at line 168 of file security.php.

References _authRequired(), _generateToken(), _loginRequired(), _methodsRequired(), _secureRequired(), _validatePost(), blackHole(), and params().

---

Member Data Documentation

SecurityComponent::$_action = null

Definition at line 161 of file security.php.

SecurityComponent::$allowedActions = array()

Definition at line 133 of file security.php.

SecurityComponent::$allowedControllers = array()

Definition at line 124 of file security.php.

SecurityComponent::$blackHoleCallback = null

Definition at line 42 of file security.php.

SecurityComponent::$components = array('RequestHandler', 'Session')

Definition at line 155 of file security.php.

SecurityComponent::$disabledFields = array()

Definition at line 140 of file security.php.

SecurityComponent::$loginOptions = array('type' => '', 'prompt' => null)

Definition at line 106 of file security.php.

SecurityComponent::$loginUsers = array()

Definition at line 115 of file security.php.

SecurityComponent::$requireAuth = array()

Definition at line 90 of file security.php.

SecurityComponent::$requireDelete = array()

Definition at line 74 of file security.php.

SecurityComponent::$requireGet = array()

Definition at line 58 of file security.php.

SecurityComponent::$requireLogin = array()

Definition at line 98 of file security.php.

SecurityComponent::$requirePost = array()

Definition at line 50 of file security.php.

SecurityComponent::$requirePut = array()

Definition at line 66 of file security.php.

SecurityComponent::$requireSecure = array()

Definition at line 82 of file security.php.

SecurityComponent::$validatePost = true

Definition at line 148 of file security.php.

---

The documentation for this class was generated from the following file:

• libs/controller/components/security.php

---