Create and register a security listener
From Achievo/ATK Wiki
ATK's security listener allows you to have specific control before and after a user authenticates into the system. For example if you wanted to store the time users logged in and logged out, a security listener is precisely what you need. As of this writing ATK supports the following events as part of the security listener:
* preLogin: This event is thrown just before the user get's authenticated. * postLogin: This event is thrown just after the user is successfully authenticated. * preLogout: This event is thrown just before the user get's logged out the system. * postLogout: This event is thrown just after the user is logged out the system.
The following steps are needed to implement and use a security listener:
- 1. create a custom class the extends atkSecurityListener
- 2. register the security listener on atk/include/security.inc
Implementation of the security listener:
Below is an example of a security listener class which I saved to the path: modules/gktools/security/class.login_management.inc
/* Jorge Garifuna info@GariDigital.com 7/28/10 Security listener implementation Events: * preLogin: This event is thrown just before the user get's authenticated. * postLogin: This event is thrown just after the user is successfully authenticated. * preLogout: This event is thrown just before the user get's logged out the system. * postLogout: This event is thrown just after the user is logged out the system. */ atkimport("atk.security.atksecuritylistener"); class login_management extends atkSecurityListener{ // This event is thrown just before the user get's authenticated. function preLogin($username){ atkdebug("$username about to login: preLogin()"); // place your custom code below }// end function // This event is thrown just after the user is successfully authenticated. function postLogin($username){ atkdebug("$username already logged in: postLogin()"); // place your custom code below }// end function // This event is thrown just before the user get's logged out the system. function preLogout($username){ atkdebug("$username about to logout: preLogout()"); // place your custom code below }// end function // This event is thrown just after the user is logged out the system. function postLogout($username){ atkdebug("$username already logged out: postLogout()"); // place your custom code below }// end function }// end class
Registering the security listener:
As of this writing the only way that I could successfully register a custom security listener was by modifying the atksecure() function of the file, atk/include/security.inc, as follows:
/** * Calling this function will invoke the login process. Call this function in * every file that you want to have secured. * (This is actually a small wrapper for $securityManager->authenticate(), * so you can quickly secure an application. */ function atksecure() { $securityMgr = &atkGetSecurityManager(); /****************** START CUSTOM ******************/ // added by Jorge Garifuna on 7/28/10: register the secirity listener. // Please not that modules.gktools.security is the folder path where the custom security listener is located $securityMgr->addListener(atknew("modules.gktools.security.login_management")); // custom (not part of out of the box ATK). modules.gktools.security.login_management // is saved to modules/gktools/security/class.login_management.inc /****************** END CUSTOM ******************/ if (!$securityMgr->authenticate()) { echo '<b>'.atktext("login_failed", "atk").'</b>'; echo '<br><br>'.$securityMgr->m_fatalError; exit; } }
Until next time,
Jorge Garifuna info@GariDigital.com [1]
