Stupid Mura Tricks - onSiteLogin

Every once in a while I stumble across new (new to me anyway) bits about Mura CMS that seem blog-worthy. I’m going to start posting them as “Stupid Mura Tricks”. Starting with this one...

Today I learned that the onSiteLogin event fires immediately before any user is successfully logged into the site. So this event will fire on both legit logins as well as users with bad passwords, hackers trying to brute force login attempts as well as people logging into the Mura Admin screen.

I didn’t have any security issues or anything like that (fortunately! *knocks on wood*), but it was surprising me when trying to debug a plugin earlier today. My first inclination was that onSiteLogin would only run after a user successfully logged in (seeing as how onSiteLogout only runs when successfully logging out).

Just something to keep in mind when hooking into that event: though onSiteLogin has fired, it doesn’t mean the user has provided you with the correct username/password, only that someone is going thru the motions of trying to login.

As you were.

-nolan