NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1
|Anonymous | Login | Signup for a new account||25-06-17 16:35 BST|
|My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0018027||phplist application||Authentication System||public||20-02-16 19:43||17-04-16 12:45|
|Target Version||next minor||Fixed in Version||3.2.5|
|Summary||0018027: add plugin hook before login page for SSO|
As outlined here, https://github.com/phpList/phplist3/pull/25 [^]
it would be good to add another hook for plugins to capture the login process.
|Tags||No tags attached.|
Hum, after a tour about validateAccount method, I think it's could not be a solution for my use case without some modifications on core because, this method is only call when login and password is pass by REQUEST or if a session is already initialized. Futhermore, the usage of this method to handle my use case seem to me a little bit twisted. However, I keep this method in mind, because I mean I have to implement it to secure existing user session.
Finally, I always twink the good way to handle my use case ("capture the login form") is to add an hook during login process. What do you think if we add a case in the "if" block in index.php file witch check the $_SESSION['adminloggedin'] state (beginning at line 253) ? We could call here an auth plugin method to offer it the possibility to capture the login form before display. This method could return a boolean or eventually the futur content of $_SESSION['adminloggedin'] variable.
|Copyright © 2000 - 2017 MantisBT Team|