How to add external validation before logging in


You can call your own authentication functions to check if the user logging in is valid (for example, you might require your user to have logged in through a control panel instead of directly through the Monsta FTP login form).



On page load, Monsta FTP will check for a file called mftp_extensions.php (in the same directory as the index.php file) and include it if it exists.

If the function mftpInitialLoadValidation has been defined, then Monsta FTP will call it upon page load. Its signature should be:

mftpInitialLoadValidation($isMonstaPostEntry: bool) -> bool

$isMonstaPostEntry will be true if the page has been POSTed to with a Monsta FTP POST form from another page. See this article about logging in via POST for more information.

If mftpInitialLoadValidation() returns false the script execution immediately stops and no page output is displayed. An example might be:

Another example might be:

All PHP global variables are available in this script (e.g. $_GET, $_POST, $_SERVER etc) so you can use any method you want to additionally validate your users.