manditory agreements after login

Author Message

Douglas Hammond

Tuesday 29 April 2008 1:24:24 pm

I have been looking through the forum for tips on how to do this.

For example periodicaly new agreements made be required to be agreeded too before doing anything after logging in.

I have found threads that mention this but no solution.

Where is the hook for me to add this?

I see in eZUserLoginHandler where $userObject = eZUserLoginHandler::instance( $handler ) is called. But if the login is successful there are no hooks for a postLogin handler or something simular.

can anyone point me in the right direction?

Maxime Thomas

Tuesday 29 April 2008 11:53:50 pm

Maybe you can use a content publish workflow on users. It will put the user in the validation mechanism.

Maxime Thomas
maxime.thomas@wascou.org | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

Douglas Hammond

Wednesday 30 April 2008 6:13:49 am

That might work but only on new users when they are created. I need it to work for all users.

Thanks for the idea.

Sébastien Antoniotti

Wednesday 30 April 2008 2:19:46 pm

Hi,

Maybe you can use the custom edit handler : http://serwatka.net/blog/ez_publish_3_8_new_custom_edit_handler

Everytime a content is created/edited, the publish() fonction will be run. So into them you can test if current object is an user and then make actions, etc.

eZ Publish Freelance
web : http://www.webaxis.fr

Bruce Morrison

Wednesday 30 April 2008 2:22:05 pm

Hi Douglas

I believe the only consistent way you will be able to achieve what you want is to modify or replace kernel/user/login.php. By replace I mean create your own in a module with a login view and override all the instances where /user/login are used in the temapltes, or maybe you can simply do an apache rewrite rule to redirect to your login.

I think I've brought it up before but the user/authentication system would benefit greatly from hooks that allowed it to be extended, also a cleaner separation of the 3 A's (Authentication, Authorisation & Access*) would allow easier integration with external systems, with each phase having pre & post hooks.

@Sébastien; The issue is not with users changing their details but forcing them to see (and possibly acknowledge ) a new set of terms & conditions when they login but before they have access to the system. My bank will often do this when there are changes to the system or T&C.

Cheers
Bruce

* From http://www.microsoft.com/technet/security/guidance/complianceandpolicies/compliance/rcguide/4-13-00.mspx?mfr=true
Authentication usually involves a user name and a password, but it can include additional methods to demonstrate identity, such as a smart card, retina scan, voice recognition, or fingerprints. Authorization focuses on determining if someone, after the person is identified, is permitted to access requested resources. Access is granted or denied depending on a wide variety of criteria, such as the network address of the client, the time of day, or the browser that the person uses.

My Blog: http://www.stuffandcontent.com/
Follow me on twitter: http://twitter.com/brucemorrison
Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish

Sébastien Antoniotti

Thursday 01 May 2008 12:22:41 am

OK Bruce, I haven't understood the problem !

eZ Publish Freelance
web : http://www.webaxis.fr

Piotrek Karaś

Thursday 01 May 2008 1:16:30 am

<i>I think I've brought it up before but the user/authentication system would benefit greatly from hooks that allowed it to be extended, also a cleaner separation of the 3 A's (Authentication, Authorisation & Access*) would allow easier integration with external systems, with each phase having pre & post hooks.</i>

Maybe it's planned to be introduced along with Authentication component... Anyways, this would be a great to have!

--
Company: mediaSELF Sp. z o.o., http://www.mediaself.pl
eZ references: http://ez.no/partners/worldwide_partners/mediaself
eZ certified developer: http://ez.no/certification/verify/272585
eZ blog: http://ez.ryba.eu

Douglas Hammond

Thursday 01 May 2008 6:00:59 am

Brice that sounds like a good idea for now.

thank you

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.