In v2024, the function was
function User_CustomValidate(&usr, &pwd) {
.. so the entered password was easily available.
In v2026, the function has changed to
function User_CustomValidate(string &$userName): bool {
… so how do you get the entered password in v2026?
Thanks
You may use User_LoggingIn server event, if you return false, the login will be cancelled.
// User Logging In event
function User_LoggingIn(string $userName, ?string $password): bool
{
// Enter your code here
// To cancel, set return value to false
return true;
}
Note: Do not try to store the password anywhere. Storing plain-text password in session (or any persistent state) bypasses hashing security and creates a permanent "leak" risk.