how can I forbid users from logging in before verifying their accounts


I’m new to yii. I have just developed my first yii based web application, however I have a problem with activation. User can still access their accounts even though they haven’t activated them on their emails. how can I forbid them from logging in before verifying their accounts? active== 0 OR 1.

Thank you…

Hello and welcome.

Just create them inactive by default, and check the active status in your UserIdentity’s component authenticate() method

You can for instance do it like this (changes the example found in the link above):

class UserIdentity extends CUserIdentity


    /* In {yii-framework}/web/auth/CBaseUserIdentity.php

    const ERROR_NONE=0;



    const ERROR_UNKNOWN_IDENTITY=100; */

    // So here we add a specific constant for inactive users, with the value you like different from those above

    // There's one risk: some future version of the framework may use that value or that constant



    public function authenticate() {




        // here we check the active status

        else if (!$record->active)


        else if($record->password!==md5($this->password))


        else { // ok, can log the user





And also modify your LoginForm model’s authenticate method in order to reflect the new constant (ERROR_USERNAME_INACTIVE) and display some message to the user if you want

Thanks bennouna, It works like magic… I’m looking forward to create Yii Extensions… Thank you