in phpmaker 2025 if i use LDAP authentication as if the event function User_LoggingIn(string $userName, string &$password): bool does not work.
i have a table with all the users who can access. i want to verify before logging in that the user is actually enabled otherwise the message is returned that informs the user that he is not enabled. i tried to assign the username to a session and then print it but the session, after the login, remains null while in the previous version it is populated with what is written in the username.
You can reproduce the problem using ldap authentication, you will notice that the values are not passed to the User_LoggingIn function
function User_LoggingIn(string $userName, string &$password): bool
{
// Enter your code here
// To cancel, set return value to false
$userName = trim(strtolower($userName));
$a = $userName;
$_SESSION["prova"] = $a;
if ($a == "administrator") {
return true;
} else {
$_SESSION["mess"] = "unauthorized user";
$myCount2 = ExecuteScalar(
"SELECT COUNT(*) FROM autorizzazioneutente WHERE utenza='$a' and disabilita=false"
);
if ($myCount2 > 0) {
$_SESSION["user"] = $userName;
$_SESSION["pass"] = $password;
$_SESSION["OK"] = 0;
$_SESSION["OKPEC"] = 0;
$_SESSION["annorapp"] = 0;
return true;
} else {
$this->setFailureMessage($_SESSION["mess"]);
return false;
}
}
}
Please note that according to v2025 Documentation, you should avoid the usage of $_SESSION and session_*, since v2025 uses Symfony sessions which are designed to replace the usage of the $_SESSION super global and native PHP functions related to manipulating the session like session_start() , session_regenerate_id() , session_id() , session_name() , and session_destroy() . Sessions are only started if you read or write from it.
From your other post, the LDAP authentication was not successfully. If the user is not authenticated yet, the User_LoggingIn server event will not be called (because you are not logging in).
I saw that from version 2025 you have to use Symfony sessions however I don’t think the problem is attributable to that because if I don’t use ldap authentication but table authentication the program works correctly. I’ll see first to solve the LDAP authentication problem and then if I still have problems I’ll continue in this post. thanks for your understanding.
In PHPMaker 2024, I used the following code (with the old session system) to check whether the username entered was present in the database. If the user was not found, an error was returned stating that the user was not authorized.
Now, in PHPMaker 2025, it seems that this event is triggered after LDAP validation.
As a result, when I enter a username that does not exist in the database, I get the error “Invalid credentials”, which is expected because the user is not present in LDAP.
However, I need to check if the user is authorized before LDAP authentication takes place—this is how it worked in PHPMaker 2024.
Additionally, even when I enter a valid LDAP user, I can successfully log in, but the session does not store the password.
The username is correctly retrieved,
but the session does not retain the password after login.