Hi there,
I wonder if there is a way to detect if I have some session value before loading /system/index.php and /index.php/member/login/.
I tried two extension hooks, login_authenticate_start and member_member_login_start. But they both seem to work after login page was loaded and “Submit” button was submit.
The following is my test code. My objective is that, when visiting /index.php/member/login/, if I do not have a token (passed by URL), then I will get “No token” and the program exits.
But currently, I still get the normal memberlogin page.
Any hint on how to do what I want?
I also tried to change a little bit of cp.login.php. I put
$edata = $EXT->call_extension('login_authenticate_start');
if ($EXT->end_script === TRUE) return;
before
if ( ! $IN->GBL('username', 'POST') || ! $IN->GBL('password', 'POST'))
{
return $this->login_form();
}
But it does not work as I expect, either.
Thanks for help,
—test code—
<?php
if ( ! defined('EXT')) {
exit('Invalid file request'); }
//test code. class name is misleading. cp_loginstart means normal member login start
class Cp_loginstart{
//private fields
var $setting=array();
var $name = 'Pre CP Login';
var $version = '1.0.0';
var $description = 'Data validation before control panel login page was loaded';
var $settings_exist = 'n';
var $docs_url = '';
//constructor
function Cp_loginstart ($setting='') {
$this->setting=$setting;
}
function beforeLogin()
{
global $IN;
if ($IN->GBL('token', 'GET')!=null)
echo 'Has token';
else
{echo 'No token';
exit(1);}
}
function activate_extension()
{
global $DB;
$DB->query($DB->insert_string('exp_extensions',
array('extension_id' => '',
'class' => "Cp_loginstart",
'method' => "beforeLogin",
'hook' => "member_member_login_start ",
'settings' => "",
'priority' => 11,
'version' => $this->version,
'enabled' => "y")));
}
function update_extension($current='')
{
global $DB;
if ($current == '' OR $current == $this->version)
{
return FALSE;
}
$DB->query("UPDATE exp_extensions
SET version = '".$DB->escape_str($this->version)."'
WHERE class = 'Cp_loginstart'");
}
function disable_extension()
{
global $DB;
$DB->query("DELETE FROM exp_extensions WHERE class = 'Cp_loginstart'");
}
}
?>
Well, I know I can add the following
if (isset($_GET['token']))
echo 'Has token';
else
{echo 'No token';
exit(1);}
to /system/index.php and it can work. But I still prefer a way through an extension.
Any suggestion?
Thanks!
[Moderator Edit: Moved to Extensions forum]
The only hooks I can think of that will hit before that in this page are the session hooks: sessions_start and sessions_end. Either will be suitable to use; just keep in mind that this is called on every page, including the control panel, so you will likely need to be a bit more discreet than in your code sample above.
Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.