Bitrix Site Manager

OnAfterUserLogin event

event_handler(
 array &arParams
);

The OnAfterUserLogin event is called from the method CUser::Login after a user authorization attempt (after the login arParams['LOGIN'] and password arParams['PASSWORD'] are both verified).

Parameters

ParameterDescription
arParams Array of fields used for user login and password verification, the following keys available:
  • USER_ID - contains a valid user ID on successful authorization;
  • RESULT_MESSAGE - array containing the verification result description (can be passed to ShowMessage to display a message);
  • LOGIN - user login;
  • PASSWORD - user password. If the value of PASSWORD_ORIGINAL is "Y", this parameter contains the original password. Otherwise, this parameter contains the MD5 hash value of the original password.
  • REMEMBER - if "Y", the user authorization information is to be stored in cookie.
  • PASSWORD_ORIGINAL - if "Y", the value of the PASSWORD field contains the original password typed by a user (not converted to MD5). If "N", the value of the PASSWORD field is converted to MD5.

Note
All parameters passed to this handler function are references to original variables. Therefore, all changes to parameters made within the handler affect values of the original variables.

For example, this allows to modify the RESULT_MESSAGE, which will change message returned by the method CUser::Login.

See Also

Example



<?
AddEventHandler("main", "OnAfterUserLogin", Array("MyClass", "OnAfterUserLoginHandler"));

class MyClass
{
    // create the OnAfterUserLogin handler
    function OnAfterUserLoginHandler(&$fields)
    {
        // if the login failed...
        if($fields['USER_ID']<=0)
        {
            // increment the login failure counter
            $_SESSION["AUTHORIZE_FAILURE_COUNTER"]++;

            // if the number of unsuccessful login attempts exceeds 10...
            if ($_SESSION["AUTHORIZE_FAILURE_COUNTER"]>10)
            {
                // lookup a user by login
                $rsUser = CUser::GetByLogin($fields['LOGIN']);
                // if found...
                if ($arUser = $rsUser->Fetch())
                {
                    // lock the user profile
                    $user = new CUser;
                    $user->Update($arUser["ID"],array("ACTIVE" => "N"));

                    // assign message
                    $fields['RESULT_MESSAGE'] = array("TYPE" => "ERROR", "MESSAGE" => "Your account is disabled.");
                }
            }
        }
    }
}
?>