In a standard installation of Joomla! we have several predefined User events which, when triggered, call functions in the associated plugins.
This event is triggered after the user is authenticated against the Joomla! user-base.
If you need to abort the login process (authentication), you will need to use onUserAuthenticate instead.
This event is triggered before the user is logged out of the system.
If any plugin returns false, the global logout fails and the onUserLogoutFailure event is fired; if it succeeds, onUserAfterLogout event is triggered instead.
NOTE: as of 3.3.6, returning false does not work correctly, because stock components perform their logout operation during the onUserLogout event. So even if your plugin returns false, the stock ones have already run anyway. Thus, the user will be "mostly" logged out even if you return false. There is no actual way to cleanly abort logout.
This event is triggered to verify that a set of login credentials is valid.
Array of credentials. Structure:\\ ['username']\\ ['password']\\ Alternative authentication mechanisms can supply additional credentials.
An array of JAuthenticateResponse objects detailing the results of each called plugin, including success or failure.
This event is triggered whenever a user authentication request is failed by any plugin.
Two parameters. The credentials array for the user (see onAuthenticate), and the JAuthenticateResponse that caused the failure.
Unknown. The return value appears to be ignored in any case.
This event is triggered whenever a user is successfully logged in.
Options is array with:
This event is triggered before an update of a user record.
The old and new user parameters are provided; commonly-used members are: username, name, email, password, password_clear.
The password array entry is the hashed password value. If the user has just changed the password, you may retrieve the cleartext password from $newUser['password_clear']. (It will be set to "" if the password has not been changed.)
Boolean. Whether the user-save should proceed or not. Any plugin that returns false aborts the save.
This event is triggered after an update of a user record, or when a new user has been stored in the database.
Password in $user array is already hashed at this point. You may retrieve the cleartext password using $_POST['password'].
Note: The old values that were just updated are not available here or afterwards. In case you need the old values, use onBeforeStoreUser().
The event is triggered when a user is about to be deleted from the system.
The event is triggered after a user has been deleted from the system.