Ticket #345 (new defect)

Opened 3 weeks ago

Last modified 3 weeks ago

[Folio Plugin] Login Tracking interrupts initialization

Reported by: justinr Assigned to: nobody
Priority: normal Milestone: 0.9.2
Component: plugins Version:
Severity: normal Keywords:
Cc: Patch Included: 0
Review Stage: unreviewed

Description

First off, I want to say that I know that this belongs in the plugins tracker, but I don't have ticket_create access to that Trac, so here I am. Second, can we please get an "0.9.1" version option in this main tracker?

That said, when the Folio plugin is set to "track_logons", it can actually interrupt the normal initialization process. What happens is that the $mod_init code from includes.php is called, and things run fine until it hits Folio. Then if Folio is set to track logons, it actually calls authenticate_account() on its own. It seems that a plugin should never do this, especially not during init().

I noticed this behavior because I am using the LDAP authentication with new account creation. I was testing out the newuser plugin and couldn't for the life of me figure out why it was never getting called. As it turns out, Folio was doing the authentication before the whole system was initialized: any plugin that got loaded after Folio didn't get to add itself to the event_hooks array (or $functions, or anything else for that matter). So my new user was created, but the newuser plugin (and my own plugin) weren't yet initialized and registered to listen to user creation, so they never got called.

I'm not sure of the best fix to this that would still allow Folio to track logons. Perhaps a user:logon event is in order?

Change History

(in reply to: ↑ description ; follow-up: ↓ 2 ) 04/22/08 21:38:47 changed by garrettn

I'm the folio author. I use it successfully with LDAP auth, but don't use the newuser mod. I ended up using a combination of functional calls to simulate a log-on event, and would much prefer having something throw upon login.

Really though, I wonder if this will be fixed when 1.0 is released. I'll probably port folio to the new arch as soon as possible.

Here's my code in lib.php line 40+

// Test to see if there has been a log-on event $l = optional_param('username'); $p = optional_param('password');

if ( $FOLIO_CFG->track_logons == 'Y' ) {

// Test to see if a log-on event is going to occur thru cached credentials (or if they're already logged in, but // the session variable with the replacement template code isn't being used). // Also test to see if a logon form has been submitted, in which case, re-test // against authenticate & then record the logon event. if ( isloggedin() && !isset( $_SESSIONfolio_template_frontpage? ) ) {

// Login via cached information. folio_record_logon();

} else {

// Test to see if a logon-form has been submitted. if (!empty($l) && !empty($p)) {

if ( authenticate_account($l, $p) ) {

folio_record_logon();

}

}

}

}

(in reply to: ↑ 1 ) 04/23/08 17:03:27 changed by justinr

if ( authenticate_account($l, $p) ) {

This is the line that's the problem. With this, Folio ends up doing an authentication before the rest of the system is initialized. It works fine until you've got a plugin that's wanting to affect user login in some way (like watching for user creation) sitting in the wings, down the alphabet from 'F'.