Hi Alfredo,

The plugin events are separate from yii events.
Limesurveys afterLogout is called in authentication.php on line ~120.

Hi Sam,

Thanks for your comment. My problem is that I modify AuditLog.php code but changes are ignored and I think it doesn't depend on where the call to afterLogout is. I paste here the code (as I described above, nothing happens when I call die from afterLogout function either):

diff --git a/plugins/AuditLog/AuditLog.php b/plugins/AuditLog/AuditLog.php
index 501f8e7..bb78dbc 100644
--- a/plugins/AuditLog/AuditLog.php
+++ b/plugins/AuditLog/AuditLog.php
@@ -17,8 +17,19 @@
$this->subscribe('beforePermissionSetSave');
$this->subscribe('beforeParticipantSave');
$this->subscribe('beforeParticipantDelete');

• $this->subscribe('afterLogout');
  }

• public function afterLogout()

• {

• $oAutoLog = $this->api->newModel($this, 'log');

• $oAutoLog->uid='uid';

• $oAutoLog->entity='prueba';

• $oAutoLog->entityid='666';

• $oAutoLog->action='action';

• $oAutoLog->save();

• }

•  /**
   * Saves permissions changes to the audit log
   */

I found the problem. Function "dispatchEvent" of PluginManager.php accepts an argument "target". This argument is used by Auth plugins and contains the authentication method for current user. If "target" is not empty only the plugin named "target" can process the event:

if (!$event->isStopped()) && (empty($target) || in_array(get_class($subscription[0]), $target)))

This is usefull for authentication plugins. This way, authdb users are managed by authdb plugin and authldap users are managed by authldap plugin.

However, this behaviour implies that no authentication plugins can not use events when target is specified (for example, beforeLogout and afterLogout).

I propose allowing dispatching if plugin isn't an authentication one:

https://github.com/LimeSurvey/LimeSurvey/pull/253

Maybe target must be fixed in autplugin ? Don't know, but i always dislike exception like this.

Thanks for your comment, Denis.

Passing "target" as element of _parameters in PluginEvent could be an alternative but we should verify "target" at the beginning of every method in auth plugins to prevent authXXX plugins from processing events of authYYY users. IMHO resulting behaviour is the same than my proposition but writing more code.

What do you think? Any better idea to fix target in auth plugins?

I don't have idea, just some thinking.

But looking at this sentence:
"This way, authdb users are managed by authdb plugin and authldap users are managed by authldap plugin." This must be done in the plugin, not by event.

The plugin must look if the target is OK, like we must do for newDirectRequest (to try :add 2 event aaaFirst and bbbSecond, send a die in First without testing target : if you launch plugins/direct?plugin=bbbSecond&function=test the die from first is called.

It's a bug in the plugin, not in LS core.

Anyway, something must be done in PluginManager.php. If we don't modify current code, beforeLogout and afterLogout are useless for no auth plugins beyond modifications we could do in plugins.

Denis, could you confirm your suggestion is this one?:

• Remove target param
• Auth plugin process event only if user has proper auth method
• Every event is sent to every plugin

If you agree, I will implement this solution.

@aesteban : i don't read the code, only the comment. I think sammoussa have some idea.

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=14756

Fix committed to 2.06 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=14757

Version 2.05 Build 141229 released