Manual:Hooks/AuthManagerLoginAuthenticateAudit

Details

 * $response - the  in either a PASS or FAIL state. (Note that while FAIL usually means that the system found the login attempt invalid and prevented it, that's not always the case. It could also be caused by some sort of internal error preventing an otherwise valid attempt,  e.g. user autocreation failing due to a database transaction timeout. The error message in the response will help tell those cases apart.)
 * $user - if the authentication process got to the point where the identity of the user could be determined, this will contain the corresponding  object; otherwise, null. More specifically, this parameter will be set if primary authentication was successful (e.g. successfully providing the username and password but then failing a TOTP check will result in a FAIL with a filled $user parameter).
 * $username - a guess at the user name being authenticated, or null if we can't even determine that. (The latter can happen e.g. when using something like GoogleLogin where the user just clicks a button without entering any username.)

Before AuthManager, the hook was used.