title: Environment Types
summary: Configure your SilverStripe environment to define how your web application behaves.
# Environment Types
SilverStripe knows three different environment types (or "modes"). Each of the modes gives you different tools
and behaviors. The environment is managed either through a [YML configuration file](../configuration) or in a
[environment configuration file](../../getting_started/environment_management).
The definition of setting an environment type in a `mysite/_config/app.yml` looks like
environment_type: 'dev'
The definition of setting an environment type in a `_ss_environment.php` file looks like
define('SS_ENVIRONMENT_TYPE', 'dev');
The three environment types you can set are `dev`, `test` and `live`.
### Dev
When developing your websites, adding page types or installing modules you should run your site in `dev`. In this mode
you will see full error back traces and view the development tools without having to be logged in as an administrator
<div class="alert" markdown="1">
**dev mode should not be enabled long term on live sites for security reasons**. In dev mode by outputting back traces
of function calls a hacker can gain information about your environment (including passwords) so you should use dev mode
on a public server very carefully.
### Test Mode
Test mode is designed for staging environments or other private collaboration sites before deploying a site live.
In this mode error messages are hidden from the user and SilverStripe includes `[api:BasicAuth]` integration if you
want to password protect the site. You can enable that but adding this to your `mysite/_config/app.yml` file:
environment: 'test'
entire_site_protected: true
### Live Mode
All error messages are suppressed from the user and the application is in it's most *secure* state.
<div class="alert">
Live sites should always run in live mode. You should not run production websites in dev mode.
## Checking Environment Type
You can check for the current environment type in [config files](../configuration) through the `environment` variant.
environment: 'live'
myvar: live_value
environment: 'test'
myvar: test_value
Checking for what environment you're running in can also be done in PHP. Your application code may disable or enable
certain functionality depending on the environment type.
if(Director::isLive()) {
// is in live
} else if(Director::isTest()) {
// is in test mode
} else if(Director::isDev()) {
// is in dev mode

title: Error Handling
summary: Trap, fire and report user exceptions, warnings and errors.
# Error Handling
SilverStripe has its own error trapping and handling support. On development sites, SilverStripe will deal harshly with
any warnings or errors: a full call-stack is shown and execution stops for anything, giving you early warning of a
potential issue to handle.
## Error Levels
SilverStripe recognises two basic levels of error:
* **WARNING:** Something strange has happened; the system has attempted to continue as best it can, but the developers
need to look at this. This category also include areas where a newer version of SilverStripe requires changes to the
site's customised code.
* **FATAL ERROR:** There is no way that the system can attempt to continue with the particular operation; it would be
dangerous to report success to the user.
* **E_USER_WARNING:** Err on the side of over-reporting warnings. The more warnings we have, the less chance there is
developers know:
* Deprecated functions / usage patterns
* Strange data formats
* Things that will prevent an internal function from continuing. Throw a warning and return null.
@ -25,63 +31,43 @@ of a developer leaving a bug. Throwing warnings provides a means of ensuring th
* **E_USER_ERROR:** Throwing one of these errors is going to take down the production site. So you should only throw
E_USER_ERROR if it's going to be **dangerous** or **impossible** to continue with the request.
## Friendly Website Errors
An HTTP 500 error will be sent when there has been a fatal error on either a test or production site. You can make this
friendlier - much like the 404 page, the error content can be edited within the CMS.
* Create a page of type `[api:ErrorPage]`
* Set the error code to 500
* Publish the page.
## Filesystem Logs
You can indicate a log file relative to the site root.
### From SilverStripe
if(!Director::isDev()) {
// log errors and warnings
SS_Log::add_writer(new SS_LogFileWriter('/my/logfile/path'), SS_Log::WARN, '<=');
### From PHP
// or just errors
SS_Log::add_writer(new SS_LogFileWriter('/my/logfile/path'), SS_Log::ERR);
<div class="info" markdown="1">
In addition to SilverStripe-integrated logging, it is advisable to fall back to PHPs native logging functionality. A
script might terminate before it reaches the SilverStripe error handling, for example in the case of a fatal error. Make
sure `log_errors` and `error_log` in your PHP ini file are configured.
## Email Logs
You can send both fatal errors and warnings in your code to a specified email-address.
if(!Director::isDev()) {
// log errors and warnings
SS_Log::add_writer(new SS_LogEmailWriter(''), SS_Log::WARN, '<=');
// or just errors
SS_Log::add_writer(new SS_LogEmailWriter(''), SS_Log::ERR);
## API Documentation
* [api:SS_Log]

# Debugging
* *Debug::message("Wow, that's great")*: prints a short debugging message.
* [api:SS_Log]
* [api:SS_Backtrace]
* [api:Debug]

@ -0,0 +1,8 @@
#### Profiling
Profiling is the best way to identify bottle necks and other slow moving parts of your application prime for optimization. SilverStripe
does not include any profiling tools out of the box, but we recommend the use of existing tools such as [XHProf](
and [XDebug](
* [Profiling with XHProf](
* [Profiling PHP Applications With xdebug](

title: Members
# Member
## Introduction
@ -128,4 +130,4 @@ things, you should add appropriate `[api:Permission::checkMember()]` calls to th
## API Documentation

summary: This guide covers user authentication, the permission system and how to secure your code against malicious behaviors
# Security and User Authentication
## How-to
This guide covers using and extending the user authentication in SilverStripe, permissions, user groups and roles, and
how to secure your code against malicious behaviors of both your users and hackers.
[CHILDREN Exclude=How_to]
## How to's
[CHILDREN Folder=How_To]