Class PHPDS_security

Description

This is a new version of one the Big5: the security class

This new version supports connectors and queries class and should be compatible with the old one

  • author: jason, greg, ross
  • version: 1.0
  • date: 20100219

Located in /PHPDS_security.class.php (line 26)

PHPDS_dependant
   |
   --security
      |
      --PHPDS_security
Variable Summary
mixed $cookie
mixed $get
mixed $post
mixed $request
mixed $session
Method Summary
boolean canAccessMenu (mixed $menu_id, [string $type = 'menu_id'])
integer currentUserID ()
string decrypt (string $string)
string encrypt (string $string)
string getUserIp ()
string hashPassword ([ $password = ''], string $password,)
boolean isLoggedIn ()
boolean isRoot ([mixed $user_id = false])
boolean, isSameGroup ($user_id $user_id)
string postValidation ()
string securityIni ([ $validate_token = false], boolean $validate_crypt_key)
void sqlWatchdog (mixed $input)
string userIp ()
boolean validateEmail (string $email_string)
string validatePost ()
Variables
mixed $cookie (line 57)

Cleaned up $_COOKIE.

  • access: public
mixed $get (line 33)

Cleaned up $_GET.

  • access: public
mixed $post (line 39)

Cleaned up $_POST.

  • access: public
mixed $request (line 45)

Cleaned up $_REQUEST.

  • access: public
mixed $session (line 51)

Cleaned up $_SESSION.

  • access: public

Inherited Variables

Inherited from PHPDS_dependant

PHPDS_dependant::$dependance
PHPDS_dependant::$parent
Methods
canAccessMenu (line 300)

Check if a user has access to a given menu id.

  • return: Will return requested variable if user has access to requested menu item menu item.
  • version: 1.0.1
  • deprecated:
  • date: 20091105 fixed a possible warning when the menu is not in the list (i.e. the user is not allowed)
  • access: public
boolean canAccessMenu (mixed $menu_id, [string $type = 'menu_id'])
  • mixed $menu_id: This can have both the menu id as an integer or as a string.
  • string $type: The type of item requested, menu_id, menu_name etc...
currentUserID (line 230)

Returns current logged in user id.

  • deprecated:
  • access: public
integer currentUserID ()
decrypt (line 277)

Decrypts a string with the configuration key provided.

  • access: public
string decrypt (string $string)
  • string $string
encrypt (line 259)

Encrypts a string with the configuration key provided.

  • access: public
string encrypt (string $string)
  • string $string
getUserIp (line 343)

Simple method to return users IP, this method will be improved in the future if needed.

  • deprecated:
  • access: public
string getUserIp ()
hashPassword (line 321)

Creates a "secret" version of the password

  • return: the hashed password
  • author: jason, greg
  • version: 1.0
  • date: 20100204 greg: created from Jason's original fct
  • access: public
string hashPassword ([ $password = ''], string $password,)
  • string $password,: the clear password
  • $password
isLoggedIn (line 369)

Check is user is logged in, return false if not.

  • access: public
boolean isLoggedIn ()
isRoot (line 219)

Check if user is a root user.

  • deprecated:
  • date: 20100608 (v1.0.1) (greg) moved to query system
  • access: public
boolean isRoot ([mixed $user_id = false])
  • mixed $user_id: If not logged in user, what user should be checked (primary role check only).
isSameGroup (line 248)

Check if the currently logged in user is the same group as the given user

This can be used to check if the current user is allowed access to the given user's data

boolean, isSameGroup ($user_id $user_id)
  • $user_id $user_id: integer, the ID of the other user
postValidation (line 168)

Use inside your form brackets to send through a token validation to limit $this->post received from external pages.

  • return: Returns hidden input field.
  • access: public
string postValidation ()
searchFormValidation (line 197)

This is used in the search filter to validate $this->post made by the search form.

  • return: Returns hidden input field.
  • access: public
string searchFormValidation ()
securityIni (line 67)

This method does the actual security check, other security checks are done on a per call basis to this method in specific scripts.

Improved version reduces the cost of queries by 3, I also believe that this is a more secure method.

  • author: Jason Schoeman
  • access: public
string securityIni ([ $validate_token = false], boolean $validate_crypt_key)
  • boolean $validate_crypt_key: Set if you would like the system to verify an encryption before accepting global $_POST variables. Use with method send_crypt_key_validation in your form.
  • $validate_token
sqlWatchdog (line 150)

Function just like mysql_real_escape_string, but does so recursive through array.

  • access: public
void sqlWatchdog (mixed $input)
  • mixed $input
userIp (line 332)

Simple method to return users IP, this method will be improved in the future if needed.

  • deprecated:
  • access: public
string userIp ()
validateEmail (line 355)

Validates email address.

  • author: Jason Schoeman
  • access: public
boolean validateEmail (string $email_string)
  • string $email_string: Email address.
validatePost (line 178)

Use inside your form brackets to send through a token validation to limit $this->post received from external pages.

  • return: Returns hidden input field.
  • access: public
string validatePost ()

Inherited Methods

Inherited From security

security::access_menu()
security::delete_persistent_cookie()
security::do_login()
security::hash_password()
security::is_logged_in()
security::is_root()
security::is_same_group()
security::load_security()
security::lookup_persistent_user()
security::lookup_user()
security::post_validation()
security::prevent_sql_injection()
security::search_validation()
security::set_guest()
security::set_persistent_cookie()
security::user_ip()

Inherited From PHPDS_dependant

PHPDS_dependant::__construct()
PHPDS_dependant::construct()
PHPDS_dependant::debugInstance()
PHPDS_dependant::factory()
PHPDS_dependant::factoryWith()
PHPDS_dependant::info()
PHPDS_dependant::log()
PHPDS_dependant::PHPDS_dependance()
PHPDS_dependant::_log()
PHPDS_dependant::__call()
PHPDS_dependant::__get()
PHPDS_dependant::__set()

Documentation generated on Tue, 09 Aug 2011 09:05:19 +0200 by phpDocumentor 1.4.3