How to add external validation before logging in

Introduction

You can call your own authentication functions to check if the user logging in is valid (for example, you might require your user to have logged in through a control panel instead of directly through the Monsta FTP login form).

Prerequisites

• A Host Edition license (purchase or trial now)

Steps

On page load, Monsta FTP will check for a file called mftp_extensions.php (in the same directory as the index.php file) and include it if it exists.

If the function mftpInitialLoadValidation has been defined, then Monsta FTP will call it upon page load. Its signature should be:

mftpInitialLoadValidation($isMonstaPostEntry: bool) -> bool

$isMonstaPostEntry will be true if the page has been POSTed to with a Monsta FTP POST form from another page. See this article about logging in via POST for more information.

If mftpInitialLoadValidation() returns false the script execution immediately stops and no page output is displayed. An example might be:

function mftpInitialLoadValidation($isPostEntry) { if(!$isPostEntry) { die("Please login from within your control panel area."); } return crypt($_POST['MFTP_PASSWORD'], $_POST['HASHED_PASSWORD']) == $_POST['HASHED_PASSWORD']; }

Another example might be:

function mftpInitialLoadValidation($isMonstaPostEntry) { if($_COOKIE["my-cookie"] === "true") return true; return false; }

All PHP global variables are available in this script (e.g. $_GET, $_POST, $_SERVER etc) so you can use any method you want to additionally validate your users.