I use an external auth-system where I get a cookie and use that to authenticate the user. Login and Logout are done by a different website on a second server (in the same domain).
The class auth_basic in inc/auth/basic.class.php defines the functions trustExternal(…) and logOff(). I can easily place the cookie-check in trustExternal and I can redirect to the Logout site within the function logoff. But there is no way (I found) to suppress the form to get username and password and redirect to the login site instead.
I suggest to move html_login() from inc/template.php to inc/auth/basic.class.php. Then any auth module may overload that.
$auth->html_login(); change inc/template.php row 112
global $auth; add at row 58
- Chained authentication: It would be easy to build a auth-module where the user may select his (valid) auth-system. Not exactly chained but saver