Commit Graph

27 Commits

Author SHA1 Message Date
Robbie Averill
51d4d2c11e Update some phpdocs that had typos, missing parts or incorrect formats 2018-04-11 20:12:38 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
644cc79ebb API Removed methods previously deprecated in 3.0 2012-12-14 01:16:47 +01:00
Ingo Schommer
c55c7c33f8 Merge branch '3.0'
Conflicts:
	admin/code/CMSProfileController.php
	composer.json
	tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Sean Harvey
587d669861 Removing deprecated PasswordEncryptor::compare() method
Use PasswordEncryptor::check() instead
2012-11-15 14:43:16 +13:00
Mateusz Uzdowski
a8b0e44d98 API Hash autologin tokens before storing in the database.
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.

This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Sean Harvey
8b2cb9a7d9 BUGFIX Declare PasswordEncryptor_Blowfish::get_cost() as static 2012-06-15 12:13:33 +12:00
Cam Spiers
9139f737b8 ENHANCEMENT: Added the ability to set a cost (the property was protected before and there were no setters and getters) and enforced the php requirements on the cost string used in the salt of crypt. Specifically, two digit from 04-31. Updated unit tests for blowfish algorithm to actually use the salt generation function and to test the newly implemented cost setting and getting functionality. 2012-06-14 15:13:11 +12:00
Andrew O'Neil
becdd85421 BUGFIX: Fix checking for flawed blowfish encryption 2012-05-16 16:40:12 +12:00
Andrew O'Neil
0c0a91e3c1 MINOR: Fix coding conventions 2012-05-08 10:33:03 +12:00
Andrew O'Neil
5cf3720bf0 ENHANCEMENT: Use the best blowfish encryption available - this fixes fragility between PHP versions and system installations 2012-05-07 15:04:09 +12:00
Andrew O'Neil
89fc8e5fdd APICHANGE: PasswordEncryptor::check() allows for more powerful password checking, deprecating PasswordEncryptor::compare() 2012-05-07 15:03:53 +12:00
Sam Minnee
de4a865fb8 BUGFIX: Fixed blowfish encryption for PHP < 5.3.7 (#7276) 2012-05-04 11:50:26 +12:00
Andrew O'Neil
a2e9c001d7 MINOR: Fix style according to style guidelines, and add a comment about use of "$2y" instead of "$2a" 2012-05-02 14:59:39 +12:00
Andrew O'Neil
fa60f9e8b2 ENHANCEMENT: Implement blowfish encryption and use it by default. (#7111) 2012-05-02 13:51:29 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Stig Lindqvist
0d031a5045 API CHANGE Use Config for registering default password encryptors
Using the config system for registering password encryptors
Remove the eval on password encryptor construction by using reflection
Throws deprecation messages when using static register / unregister
2012-04-07 19:14:00 +12:00
Sean Harvey
b92e4e01a9 MINOR Removed PHP 5.1 check for PasswordEncryptor, use hash() always as PHP 5.1 is no longer supported. 2012-03-27 20:09:36 +13:00
Sean Harvey
d0a0df0b8e API CHANGE Removed Security::$useSalt static, please use a custom PasswordEncryptor instead 2012-03-09 15:06:12 +13:00
Ingo Schommer
1dddd5252d BUGFIX Using RandomGenerator class in PasswordEncryptor->salt()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114503 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:37:35 +00:00
Ingo Schommer
f400c28099 BUGFIX: old 2.3 passwords now handled correctly and migrated accordingly (from r97357)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102443 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 05:01:31 +00:00
Sam Minnee
87e1454cd2 BUGFIX: Include salt in legacy password encryptor
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@91743 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-16 03:25:41 +00:00
Ingo Schommer
e675381cd4 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665)
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004)
API CHANGE Deprecated Security::encrypt_passwords()
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation
API CHANGE Removed Security::get_encryption_algorithms()
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:21 +00:00