Hi all, I need to extend the authentication rules used by default in the CMS, so not just a user/password and status checking. I need to add some rules based on some other cirteria on things like account expiration date, etc...
Any ideas on what files need to be modified or created will help a lot.
Should be possible, although I never did this.
Have a look at the sapphire/security folder. There you'll find the MemberLoginForm and MemberAuthenticator which are the classes used to login a member.
The Security class is the Controller that's being called when you visit yoursite.com/Security/login. It gets the registered authenticators and displays their login form(s).
You can create your own LoginForm/Authenticator (or inherit from MemberLoginForm/MemberAuthenticator) and register it as default authenticator (see Authenticator::set_default_authenticator).
This should be doable without altering core files, so you can place all your code in the mysite/code directory (maybe in a subfolder named "security").