Plugin/Events/User
From Joomla! Documentation
In a standard installation of Joomla! we have several predefined User events which, when triggered, call functions in the associated plugins.
onUserAuthorisation
Description
This event authorises that a particular user should be able to login. The system triggers this event after the user has been authenticated and before he has been signed in the website. It is possible to be triggered by plugin types User and Authentication.
Parameters
- $user - an object JAuthenticationResponse
- $options - an associative array containing these keys: ["remember"] => bool, ["return"] => string, ["entry_url"] => string, ["action"] => string
Return Value
JAuthenticationResponse or NULL (NULL if you would like to miss the authorisation)
Used in files
- libraries/joomla/user/authentication.php
Example
onUserAuthorisationFailure
Description
The system triggers this event when the user has been authenticated but he has not been authorised to login. You should only use this event in User plugins.
Parameters
- $user - an object JAuthenticationResponse
Return Value
void (it does not return any value or object)
Used in files
- libraries/cms/application/cms.php
onUserLogin
Description
This event is triggered after the user is authenticated against the Joomla! user-base.
If you need to abort the login process (authentication), you will need to use onUserAuthenticate instead.
Parameters
- $user - an associative array of JAuthenticationResponse type (see link for array keys)
- $options - an associative array containing these keys: ["remember"] => bool, ["return"] => string, ["entry_url"] => string
Return Value
Boolean
Used in files
- libraries/joomla/application/application.php
- plugins/user/joomla.php
Example
- plugins/user/example.php
onUserLogout
Description
This event is triggered before the user is logged out of the system.
If any plugin returns false, the global logout fails and the onUserLogoutFailure event is fired; if it succeeds, onUserAfterLogout event is triggered instead.
NOTE: as of 3.3.6, returning false does not work correctly, because stock components perform their logout operation during the onUserLogout event. So even if your plugin returns false, the stock ones have already run anyway. Thus, the user will be "mostly" logged out even if you return false. There is no actual way to cleanly abort logout.
Parameters
- $credentials - an associative array containing these keys: ["username"] => string, ["id"] => int
- $options - an associative array containing this key: ["clientid"] => int
Return Value
Boolean
Used in files
- libraries/cms/application/cms.php
- plugins/user/joomla/joomla.php
- plugins/system/logout.php
- plugins/system/remember/remember.php
Example
- plugins/user/example.php
onUserLoginFailure
Description
This event is triggered whenever a user authentication request is failed by any plugin.
Parameters
Two parameters. The credentials array for the user (see onAuthenticate), and the JAuthenticationResponse that caused the failure.
Return Value
Unknown. The return value appears to be ignored in any case.
Used in file
- libraries/joomla/application/user/authentication.php
onUserAfterLogin
Description
This event is triggered whenever a user is successfully logged in.
Parameters
Options is array with:
- remember
- return
- entry_url
- action
- user - JUser Object
- responseType
Return Value
Boolean
Used in files
- libraries/legacy/application/application.php
- libraries/cms/application/cms.php
- plugins/authentication/cookie/cookie.php
onUserBeforeSave
Description
This event is triggered before an update of a user record.
The old and new user parameters are provided; commonly-used members are: username, name, email, password, password_clear.
The password array entry is the hashed password value. If the user has just changed the password, you may retrieve the cleartext password from $newUser['password_clear']. (It will be set to "" if the password has not been changed.)
Parameters
- $oldUser - An associative array of the columns in the user table (current values).
- $isnew - Boolean to identify if this is a new user (true - insert) or an existing one (false - update)
- $newUser - An associative array of the columns in the user table (new values).
Return Value
Boolean. Whether the user-save should proceed or not. Any plugin that returns false aborts the save.
Used in file
- libraries/joomla/user/user.php
Example
- plugins/user/example.php
onUserAfterSave
Description
This event is triggered after an update of a user record, or when a new user has been stored in the database.
Password in $user array is already hashed at this point. You may retrieve the cleartext password using $_POST['password'].
Parameters
- $user - An associative array of the columns in the user table.
- $isnew - Boolean to identify if this is a new user (true - insert) or an existing one (false - update)
- $success - Boolean to identify if the store was successful
- $msg - Error message if store failed
Note: The old values that were just updated are not available here or afterwards. In case you need the old values, use onBeforeStoreUser().
Return Value
None
Used in file
- libraries/joomla/user/user.php
Example
- plugins/user/example.php
onUserBeforeDelete
Description
The event is triggered when a user is about to be deleted from the system.
Parameters
- $user - An associative array of the columns in the user table.
Return Value
None. If you want to prevent the user from being deleted, you may abort the delete by redirecting back to the User Manager. For example:
if ($this->deleteNotAllowed($data))
{
$url = JRoute::_('index.php?option=com_users&view=users', false);
$msg = JText::sprintf('PLG_USER_DELETE_NOT_ALLOWED', $data['username']);
$app = Factory::getApplication();
$app->enqueueMessage($msg, 'error');
$app->redirect($url);
}
Used in files
- libraries/joomla/user/user.php
- plugins/user/joomla.php
Example
- plugins/user/example.php
onUserAfterDelete
Description
The event is triggered after a user has been deleted from the system.
Parameters
- $user - An associative array of the columns in the user table.
- $succes - Boolean to identify if the deletion was successful
- $msg - Error message if delete failed (JError object detailing the error, if any)
Return Value
None.
Used in files
- libraries/joomla/user/user.php
- plugins/user/joomla.php
Example
- plugins/user/example.php
Order of execution
To modify Joomla! login process upon your needs (e.g. creating AJAX output for login), it may be useful to know the order of the events to be fired.
| Wrong credentials | CORRECT CREDENTIALS and the user is not blocked (is activated) | CORRECT CREDENTIALS and the user is blocked (is not activated) |
|---|---|---|
onUserAuthenticate returns TRUE or FALSE | | \ / onUserLoginFailure |
onUserAuthenticate returns TRUE or FALSE | | \ / onUserLogin returns FALSE -> END returns TRUE | | \ / onUserAfterLogin |
onUserAuthenticate returns TRUE or FALSE | | \ / onUserLogin returns TRUE or FALSE | | \ / END |
Example idea Let's assume you want to preform Ajax login. You have already overriden a mod_login form so it's posted to Joomla! via an AJAX call. You added a field named ajax to the form. So when the form is posted and authentication is failed, your custom plugin must return some JSON data.
public function onUserLoginFailure($response)
{
$input = JFactory::getApplication()->input;
// If a non-ajax form was posted, we do not modify the behavior
if (!$input->post->get('ajax', false))
{
return;
}
$app = JFactory::getApplication();
$task_failed = false;
// Fill this array with the data you want to return, e.g. $response['status'] may be useful
// Check libraries/joomla/user/authentication.php for available status codes
$data = array('status' => $response['status']);
// At least here in the plugin it's a must to send proper headers
JFactory::getApplication()->setHeader('Content-Type', 'application/json', true)->sendHeaders();
echo new JResponseJson($data, $response['error_message'], $task_failed);
// Closing app is a must here to return JSON immediately
$app->close();
}