Friday, October 2, 2009

Disabling standard Authenticator and creating new CMS entry point

This post outlines removing visibility of the standard email/password authentication in favour of your own front end Authenticator, but still having an access point to the standard Authenticator to authenticate yourself before redirecting to the CMS.

1. Disable MemberAuthenticator, so only customer login shows on normal /Security/login requests

_config.php:

Authenticator::register_authenticator('CustomerAuthenticator'); 
Authenticator::set_default_authenticator('CustomerAuthenticator'); 
Authenticator::unregister_authenticator('MemberAuthenticator');

2. Create rule to have a new CMS entry point (in this case "/manager" ), in reality this is just a pointer to the standard MemberAuthenticator, now disabled for all standard security login requests.

_config.php:

Director::addRules(100, array('manager' => 'AdminLogin_Controller',));

3. Create a new controller to handle this entry point, ensure any bad logins get redirected back to it.

class AdminLogin_Controller extends Page_Controller { 

  function init() { 
    Session::set('BadLoginURL', '/manager');
    Session::set('BackURL', '/admin');
    parent::init(); 
  } 

  function Form() { 
    return new MemberLoginForm($this, "LoginForm"); 
  } 

  function Title() { 
    return "Admin Log in"; 
  } 
}