userLoggingIn() not triggering

skidmarks · June 9, 2025, 12:37am

Hi,

it “appears” our userLoggingIn() event is not firing.

I have code in there to check that the login is coming from valid countries, when we tested with an invalid country, the login still occurred, and it went on to the 2fa stage and then userLoggedIn(). it should have stopped and displayed a message…

we stripped all code from the function and put a die() in there, and it still continues to login successfully and moves onto the userLoggedIn() event

    // User Logging In event
    public function userLoggingIn(string $userName, string &$password): bool
    {
echo "not going far....";
        die();
   }

it looks like the code in login.php at run() - $valid is never true, thus userLoggingIn is never accessed,

public function run(): void:

            if (!$valid) {
                $this->resetCaptcha();
            }
            if ($valid) {
                // Call Logging In event
                $valid = $this->userLoggingIn($this->Username->CurrentValue, $this->Password->CurrentValue);

no console errors whatsoever, any user regular or admin.

Thanks,
JS

arbei · June 11, 2025, 1:45am

Assume v2025.

Note that User_LoggingIn server event is fired after successful login, i.e. after 2FA (then $valid is true). You cannot invalidate authentication by User_LoggingIn. If you want to check user’s country (assume you store it in the user table, so you only know if after identifying the user), you may try the User_CustomValidate server event, e.g.

Check if the user is database user by IsEntityUser(),
If yes, validate CurrentUserInfo("country") (assume the field name is “country”),
If invalid, throw AuthenticationException.

Also read Security Events.

skidmarks · June 11, 2025, 11:01am

Hi,

it wasn’t being fired after the 2fa as well… this is where the code resided in 2024 and without 2fa the sequence was:
1 . userLoggingIn()
2. userLoggedIn()

after removing the 2fa its working back the way it was. not sure why they would move the sequence around, but even with that its not firing after loggedin() – this is why i disabled the 2FA to investigate what was going on…

i’ll look at moving the code to your suggestion.

thanks,
JS

skidmarks · June 13, 2025, 10:40am

there was an issue with this, phpMaker has released an updated template.