Authentication Process in SugarCRM

Authentication methods in SugarCRM is controlled by using AuthenticationController class in AuthenticationController.php via getAuthController method. This method receives $type of string parameter, and usually not defined at the start of SugarCRM application session.

When it is not defined, the controller class try to activate certain method of authentication. This is achieved through authenticationClass string variable in config.php and system_ldap_enabled flag when using LDAP authentication method. If these values is not configured, the SugarCRM application will default authentication routines hardcoded in the method as ‘SugarAuthenticate’.

The getAuthController then returned authentication class, ready to be used.

Using the above architecture, it is possible to perform customization of authentication process, just by adding the appropriate PHP file for the $type variable and then placed it in custom/modules/Users/authentication/ or modules/Users/authentication/. You can find the example given by the directory structure of SugarAuthenticate.php file.

Let’s see the process involved when the user clicks login button on the login screen.

When SugarCRM loads the login display using login.tpl template, it includes hidden input in the login form as follows:


The action will be used as a PHP page for actual authentication routines and return_action will be used when there are errors on login process, which again return to login display.

So, when login button is clicked, the SugarCRM will execute Authenticate.php. Inside this page, there is a call to:

$authController->login($user_name, $password);

The $authController is a global variable defined and initialized with appropriate AuthenticationController in loadUser method in SugarApplication class.

For SugarAuthenticate class, the hierarchy of call after the above login method as follows:

– loginAuthenticate method in SugarAuthenticate class
– loadUserOnLogin method in SugarAuthenticateUser class

The SugarAuthenticateUser is created during the construction phase of SugarAuthenticate class.

The actual user and password verification resides in loadUserOnLogin, precisely in authenticateUser method. The method will return user id on successfull login, or a blank one when failed. Based on this information, the login method will return true or false.

For SugarAuthenticate class, authenticateUser method utilizes findUserPassword method of User class, created in User.php). This method uses $db class to perform actual queries to Users table. $db class will perform the queries based on the type of database back end.

For mySQL back end, $db will contains MysqliManager class. This value can be configured via config.php in dbconfig – db_manager or db_manager_class configuration values.

The process of creating database manager class is done through static method getInstance of DBManagerFactory class (DBManagerFactory.php):

$db = DBManagerFactory::getInstance()

Instantiation of this class resides in entryPoint.php routines.

The getInstance routines will read configuration variables related to the database such as sql type, etc and perform appropriate include for related database manager class. For mySQL, this class usually will be MysqliManager class (MysqliManager.php).

Declaration of MysqliManager class as follows:

class MysqliManager extends MysqlManager

And for MysqlManager:

class MysqlManager extends DBManager

When failed or false, SugarCRM via Authenticate.php will redirects again to index.php?module=Users&action=Login. In this case, the return_action appears to of no use. You can prove it by changing return_action in login.tpl by non existent value such as loginx and see whether this will affects the system when login is falied 🙂


One Response to “Authentication Process in SugarCRM”

  1. deptz Says:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: