Home/ Questions/Q 8335063
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T03:33:05+00:00

I have a bit of code that prevents deleted and banned users from logging

  • 0

I have a bit of code that prevents deleted and banned users from logging in. To clear minds a status of -2 means that the user is deleted, and -1 means that the user is banned. Below is the code which works fine on local, but on the live it sucks. users who have status of -1 or -2 are still able to login. I cannot find where the problem is.

if ($this->Auth->login()) {
    //first check if the user's status is -1 or -2. 
    $status = $this->Auth->user('status');

    if ($status == '-1') {
        $this->Auth->logout();
        $this->Session->setFlash(__('This account has been banned. Please contact with us.'));
        $this->redirect('/');
    } elseif ($status == '-2') {
        $this->Auth->logout();
        $this->Session->setFlash(__('This account has been deleted, and is not usable anymore.'));
        $this->redirect('/');
    }

    //something else
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    By calling $this->Auth->login() in the check you are logging the user in.

    You could avoid this, and check the user information prior to login, or you could add the status flags to the scope for users.

    $this->Auth->authenticate = array(
    AuthComponent::ALL => array(
        'userModel' => 'User',
        'scope' => array('User.status' => '> 0)
    ),
    'Form',
    'Basic'
);

    This add the status field check to the login process.

    If you want to customise messages as in your example, you can check the values on the user information before processing login:

    $user = $this->User->findByUsername($this->data['User']['username']);
if (!empty($user)) {
    if ($user['User']['status'] == -1) {
        // Set message for banned account
    }
    if ($user['User']['status'] == -2) {
        // Set message for deleted account
    }
    $this->redirect( ... ); // Redirect away
}

if ($this->Auth->login()) {
    // Normal login process
}
    • 0