manditory agreements after login

Tuesday 29 April 2008 1:24:24 pm

I have been looking through the forum for tips on how to do this.

For example periodicaly new agreements made be required to be agreeded too before doing anything after logging in.

I have found threads that mention this but no solution.

Where is the hook for me to add this?

I see in eZUserLoginHandler where $userObject = eZUserLoginHandler::instance( $handler ) is called. But if the login is successful there are no hooks for a postLogin handler or something simular.

can anyone point me in the right direction?

Wednesday 30 April 2008 6:13:49 am

That might work but only on new users when they are created. I need it to work for all users.

Thanks for the idea.

Wednesday 30 April 2008 2:22:05 pm

Hi Douglas

I believe the only consistent way you will be able to achieve what you want is to modify or replace kernel/user/login.php. By replace I mean create your own in a module with a login view and override all the instances where /user/login are used in the temapltes, or maybe you can simply do an apache rewrite rule to redirect to your login.

I think I've brought it up before but the user/authentication system would benefit greatly from hooks that allowed it to be extended, also a cleaner separation of the 3 A's (Authentication, Authorisation & Access*) would allow easier integration with external systems, with each phase having pre & post hooks.

@Sébastien; The issue is not with users changing their details but forcing them to see (and possibly acknowledge ) a new set of terms & conditions when they login but before they have access to the system. My bank will often do this when there are changes to the system or T&C.

Cheers
Bruce

* From http://www.microsoft.com/technet/security/guidance/complianceandpolicies/compliance/rcguide/4-13-00.mspx?mfr=true
Authentication usually involves a user name and a password, but it can include additional methods to demonstrate identity, such as a smart card, retina scan, voice recognition, or fingerprints. Authorization focuses on determining if someone, after the person is identified, is permitted to access requested resources. Access is granted or denied depending on a wide variety of criteria, such as the network address of the client, the time of day, or the browser that the person uses.

My Blog: http://www.stuffandcontent.com/
Follow me on twitter: http://twitter.com/brucemorrison
Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish

Thursday 01 May 2008 1:16:30 am

<i>I think I've brought it up before but the user/authentication system would benefit greatly from hooks that allowed it to be extended, also a cleaner separation of the 3 A's (Authentication, Authorisation & Access*) would allow easier integration with external systems, with each phase having pre & post hooks.</i>

Maybe it's planned to be introduced along with Authentication component... Anyways, this would be a great to have!

--
Company: mediaSELF Sp. z o.o., http://www.mediaself.pl
eZ references: http://ez.no/partners/worldwide_partners/mediaself
eZ certified developer: http://ez.no/certification/verify/272585
eZ blog: http://ez.ryba.eu