From 7615a5c22ff733b2c0ac9a30029104cc9ab9a542 Mon Sep 17 00:00:00 2001
From: Paul Sohier <paul999@phpbb.com>
Date: Sat, 24 Oct 2015 14:18:52 +0200
Subject: [PATCH] [ticket/14258] Add event into auth::login before session
 creation

Add a new event in the login method just before the session create,
so extensions can do some additional validation during login.

PHPBB3-14258
---
 phpBB/phpbb/auth/auth.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php
index b59f0e60ec..fa168a5325 100644
--- a/phpBB/phpbb/auth/auth.php
+++ b/phpBB/phpbb/auth/auth.php
@@ -928,6 +928,7 @@ class auth
 	function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
 	{
 		global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container;
+		global $phpbb_dispatcher;
 
 		$provider_collection = $phpbb_container->get('auth.provider_collection');
 
@@ -982,6 +983,25 @@ class auth
 				redirect($url);
 			}
 
+			/**
+			 * This event is triggered just after the user has been checked if he has a valid username/password,
+			 * but before the actual session creation.
+			 *
+			 * @event core.auth_login_before_session_create
+			 * @var	array	login				Variable containing login array value
+			 * @var	bool	admin				Variable containing if is logging into the acp
+			 * @var	string	username			Variable containing the username
+			 * @var	bool	autologin			Variable containing if this is by auto login
+			 * @since 3.1.7-RC1
+			 */
+			$vars = array(
+				'login',
+				'admin',
+				'username',
+				'autologin',
+			);
+			extract($phpbb_dispatcher->trigger_event('core.auth_login_before_session_create', compact($vars)));
+
 			// If login succeeded, we will log the user in... else we pass the login array through...
 			if ($login['status'] == LOGIN_SUCCESS)
 			{