How to add external validation before logging in

Introduction

You can call your own authentication function to validate users before they access Monsta FTP (for example, requiring users to come from your control panel instead of directly using the Monsta FTP login form).

Prerequisites

• A licensed Host Edition install (purchase or trial now)

Steps

On page load, Monsta FTP checks for a file called mftp_extensions.php (in the same directory as index.php) and includes it if it exists.

If the function mftpInitialLoadValidation is defined, Monsta FTP calls it during initial page load:

mftpInitialLoadValidation($isMonstaPostEntry: bool) -> bool

$isMonstaPostEntry is true only when the request method is POST and MFTP_POST is set to 'true'. See How to log in from an external form for POST login usage.

If mftpInitialLoadValidation() returns false, script execution stops immediately and no page output is displayed. Example:

function mftpInitialLoadValidation($isMonstaPostEntry) { if (!$isMonstaPostEntry) { die("Please login from within your control panel area."); } if (!isset($_POST['MFTP_PASSWORD'], $_POST['HASHED_PASSWORD'])) { return false; } $storedHash = $_POST['HASHED_PASSWORD']; return hash_equals($storedHash, crypt($_POST['MFTP_PASSWORD'], $storedHash)); }

Another example:

function mftpInitialLoadValidation($isMonstaPostEntry) { if ($_COOKIE["my-cookie"] === "true") return true; return false; }

All PHP globals are available in this function (for example: $_GET, $_POST, $_SERVER), so you can implement any validation logic you need.