[RFC] user_logout hook

Request hook events and what data needs to be sent for the new hook system.
Post Reply
Jhong
Registered User
Posts: 50
Joined: Tue Dec 26, 2006 3:28 pm

[RFC] user_logout hook

Post by Jhong » Mon Aug 23, 2010 9:45 am

I imagine this one is 'obvious'.. but for completeness....

Name: hook_user_logout
Rationale: To log out from third-party modules or to perform additional cleanup actions on logout
Placement: After phpBB logout has succeeded, in ucp.php
Input arguments: The user ID of the user that was just logged out.
Output arguments: void; any remaining actions should proceed regardless of the return value of the hook

User avatar
nickvergessen
Former Team Member
Posts: 733
Joined: Sun Oct 07, 2007 11:54 am
Location: Stuttgart, Germany
Contact:

Re: [RFC] user_logout hook

Post by nickvergessen » Mon Aug 23, 2010 3:28 pm

Same for login I guess.
Member of the Development-TeamNo Support via PM

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1731
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [RFC] user_logout hook

Post by DavidIQ » Mon Aug 23, 2010 4:33 pm

Then maybe the hook should be hook_user_authentication so it can be used for either?
Image

Jhong
Registered User
Posts: 50
Joined: Tue Dec 26, 2006 3:28 pm

Re: [RFC] user_logout hook

Post by Jhong » Tue Aug 24, 2010 4:17 am

I think the login hook might proceed conceptually quite differently -- the hook might want to return true or false to enable / disable the login, or even override the user ID parameter.

However, for security reasons, a logout should probably always succeed and not be overridable. (Don't you need to have some certainty that a logout succeeds?)

I would have an additional hook for authentication (or perhaps a hook for each authentication method -- e.g. hook_authenticate_db, hook_authenticate_ldap).

logging in should come after authentication IMO, so the flow would be:

- Authentication takes place: authentication hooks can override
- If authentication is successful (as reported by all hooks), then log the user in -- call the login hook
- Establish the session and set cookies, etc. (and call additional hooks as needed -- e.g. a set cookie hook...)

I know I use the equivalent hooks in WordPress quite extensively.

Logout on the other hand needn't have all these steps -- hook_user_logout and hook_user_end_session or similar would probably be enough.

User avatar
igorw
Registered User
Posts: 500
Joined: Thu Jan 04, 2007 11:47 pm

Re: [RFC] user_logout hook

Post by igorw » Sun Aug 29, 2010 12:44 pm

Please create a separate topic for login.

Post Reply