The LCM authentication mecanism can be extented to use third-party authentication methods, such as an LDAP server or other.

An authentication mecanism must provide the following interface:

 Name: Auth_FOO, where FOO is a lower-case short name (db, ldap, etc.)

 bool function init(): Called after initializing the class. Return true if not used.

 bool function validate_md5_challenge($username, $current_mdpass, $future_mdpass): Validate MD5 passwords. Returns true if password is accepted.

 bool function validate_pass_cleartext($username, $pass): Validate cleartext passwords. Should be used as a fallback if validate_md5_challenge failed because not all passwords are encoded with MD5 (such as the "change password" fields in "edit author"). Also, not all authentication mecanisms might support MD5s. Returns true if password is accepted.

 bool function is_newpass_allowed($id_author, $username, $author_session = 0): Used by LCM to decide whether to display or not the "change password" fields from "edit author". Both the id_author and username are required since the authentication mecanism may use one or the other. The author_session is required in order to decide if the user has sufficient priviledges to change the password, if it is not passed, the policy is not checked. Returns true if the authentication mecanism and site policy allows the user to change the password.

 bool function newpass($id_author, $username, $pass, $author_session = 0): Same logic as is_newpass_allowed, but changes the passwords if possible. Returns true on success.

 bool function is_newusername_allowed($id_author, $username, $author_session = 0): Same logic as is_newpass_allowed, but checks whether changing the username is allowed. Returns true on success.

 bool function newusername($id_author, $old_username, $new_username, $author_session = 0): Same logic as newpass, but for changing the username. Returns true on success.

Adding a new authentication mecanism

Since the support of various authentication mecanisms was not a priority task for LCM, the following tasks must be done:

 Add a field "authtype" in lcm_author.

 Add "authtype" in $author_session.

 In inc_auth.php, use authtype in order to include the correct inc/inc_auth_FOO.php file and instantiate the class.

 Repeat the same mini-modifications where authentication mecanisms are used.

 Provide method to configure the authentication mecanism (for example, if LDAP, then LDAP source must be specified somewhere).