Check user status before login

hi, I’m using CakePHP 4 and follow the CMS tutorial. How can I check the user status during the login process? only user with verified == 1 can log in. below is the code from the tutorial. During the account activation, I’ve create the function to change value from 0 to 1.

public function login()
{
	$this->request->allowMethod(['get', 'post']);
	$result = $this->Authentication->getResult();		
	if ($result->isValid()) {
		$redirect = $this->request->getQuery('redirect', [
			'controller' => 'Users',
			'action' => 'index',
		]);
		return $this->redirect($redirect);
	}
	if ($this->request->is('post') && !$result->isValid()) {
		$this->Flash->error(__('Invalid username or password'));
	}
}


public function verification($token)
{
	$userTable = TableRegistry::get('Users');
	$verify = $userTable->find('all')->where(['token'=>$token])->first();
	$verify->verified = '1';
	$userTable->save($verify);
}

The Authenticated user’s record is available and I assume that is where your verified value is stored.

$this->getRequest()->getAttribute('identity')->getOriginalData()

Should get you your User entity

Just check like this

 if( $result['verified']== 1){
     $this->Flash->error('User is not active.');
     return $this->redirect(['action' => 'login']);
 }

hi, thank you for your reply. I try to include the codes but it shows error:

Cannot use object of type Authentication\Authenticator\Result as array

code:

public function login()
{
	$this->request->allowMethod(['get', 'post']);
	$result = $this->Authentication->getResult();	

	if( $result['verified']== 1){
		$this->Flash->error('User is not active.');
		return $this->redirect(['action' => 'login']);
	}
	
	if ($result->isValid()) {
		$redirect = $this->request->getQuery('redirect', [
			'controller' => 'Users',
			'action' => 'index',
		]);

		return $this->redirect($redirect);
	}
	// display error if user submitted and authentication failed
	if ($this->request->is('post') && !$result->isValid()) {
		$this->Flash->error(__('Invalid username or password'));
	}
}

The Result object returned by $this->Authentication->getResult() is an object and doesn’t have your user’s ‘verified’ value.

But it does have a getData() method that will return your logged in user’s ‘user’ record (which, again I presume has the verified value in it.)

So you can use that as an alternate way to get to the value in addition to the way I described earlier.

So you can do something like this

$this->request->allowMethod(['get', 'post']);
    $result = $this->Authentication->getResult();	
    $user = $result->getData();

    //this makes assumptions about your user record. 
    //Only you know exactly how this conditional should be expressed.
    if( $user->verified == 1){
	$this->Flash->error('User is not active.');
	return $this->redirect(['action' => 'login']);
    }
...