This Custom Authentication Process can be used to override the current login systems and can be extended to external authentication APIs.
To include a Custom Authentication Process in your answerspace you first need to create two mADL interactions.
...
Interaction Name |
|---|
| Type |
|---|
| Description | |
|---|---|
loginstatus | mADL |
...
Used to return True or False if user is logged in using$t->getSessionValue() Function | ||
loginprompt | mADL | Used to display a custom login screen |
| Code Block | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
// TODO: instead of pulling from $t->getSessionValue(), contact (web) service
// always return false if the user is not logged in
$account = $t->getSessionValue('account');
if (empty($account) || !is_array($account)) {
return false;
} else {
return $account;
}
/* example successful return
return array(
'username' => 'user01',
'name' => 'Bob', // [optional]
'groups' => array() // Interaction Group IDs
);
*/ |
| Code Block | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
|
...
$account = $t->runLoginStatusInteraction();
$users = array(
'ron' => 'blah',
'louise' => 'blah',
'ray' => 'blah'
);
$userGroups = array(
'ron' => array(20015, 1, 2),
'louise' => array(20015, 1),
'ray' => array(20015)
);
// TODO: replace all $t->(s|g)etSessionValue() invocations with calls to your own authentication (web) service
$html = '';
$error = '';
$status = '';
// debug;
//$html .= '<b>$account</b>' . gettype($account) . '<pre>' . print_r($account, true) . '</pre>';
//$html .= '<b>$_POST</b>' . gettype($_POST) . '<pre>' . print_r($_POST, true) . '</pre>';
if (!empty($_POST)) {
// received login details, process login
if (isset($_POST['username'], $_POST['password'])) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
// checking to see if login data is valid
if (array_key_exists($username, $users) && $users[$username] === $password) {
$account = array(
'username' => $username, // used internally, displayed if no "name"
'name' => ucwords($username), // displayed if defined [optional]
'groups' => $userGroups[$username] // array of Interaction Group IDs for access control
);
$t->setSessionValue('account', $account);
} else { // invalid login, scrubbing session
$error = 'invalid username and/or password';
$t->setSessionValue('account', null);
$account = null;
}
}
}
// check to see if we need to log out
if (isset($_GET['logout'])) {
$t->setSessionValue('account', null);
$account = null;
$status = 'successfully logged out';
}
if (empty($account)) {
// not logged in, so asking for user for login details
$html .= '<center><form action="?" method="POST" style="display: inline-block; width: auto; text-align: right; margin: 2em auto;">';
$html .= '<label>Username: <input type="text" name="username" required /></label><br />';
$html .= '<label>Password: <input type="password" name="password" required /></label>';
$html .= '<p><input type="submit" name="submit" value="login" /></p>';
$html .= '</form></center>';
} else {
// logged in, so showing user status and prompting for logout
if (isset($account['name'], $account['username']) && $account['username'] !== $account['name']) {
$name = $account['name'] . ' (' . $account['username'] . ')';
} else {
$name = $account['name'];
}
$html .= '<center>';
$html .= '<p>You are currently logged in as ' . $name . '.</p>';
$html .= '<form action="?" method="GET" style="display: inline-block; width: auto; margin: 2em auto;">';
$html .= '<p><input type="submit" name="logout" value="log out" /></p>';
$html .= '</form>';
$html .= '</center>';
}
// show messages
$html .= '<center><p style="color: #a00;">' . $error . '</p>';
$html .= '<p style="color: #0a0;">' . $status . '</p></center>';
return $html; |
Additionally you will need to configure the answerSpace Security settings.
For more detail see the Creating A Custom Login Process Guide