I'm trying to write an authentication plugin against a version of Cosign. I've been reading over the documentation and some code (such as auth/cas, auth/email, auth/ldap, auth/none, auth/shibboleth, lib/authlib.php), but I'm still having some trouble.
For example, in lib/authlib.php:
/**
* Hook for overriding behaviour of login page.
* This method is called from login/index.php page for all enabled auth plugins.
*
* @global object
* @global object
*/
function loginpage_hook() {
global $frm; // can be used to override submitted login form
global $user; // can be used to replace authenticate_user_login()
//override if needed
}
How exactly can $frm be used to override submitted login form? How exactly can $user be used to replace authenticate_user_login()? Why would either of these be desirable?
And:
/**
* Post authentication hook.
* This method is called from authenticate_user_login() for all enabled auth plugins.
*
* @param object $user user object, later used for $USER
* @param string $username (with system magic quotes)
* @param string $password plain text password (with system magic quotes)
*/
function user_authenticated_hook(&$user, $username, $password) {
//override if needed
}
If $user was used to replace authenticate_user_login(), would user_authenticated_hook() be called?
I wasn't sure if this would be better placed here or in the General Developer Forum. Thanks!