I am using the Auth with authenticate Basic. Is there a way to check if the user is active = 1? I would like to check that for the Form and the Basic method. The Basic method is used, when a user log in from an iphone app sending username and password via http header.

public $components = array('Session', 'RequestHandler', 'Auth' => array(
        'loginAction' => array(
            'controller' => 'api',
            'action' => 'login'
        ),
        'authenticate' => array(
            'Basic' => array(
                'userModel' => 'Appuser',
                'fields' => array(
                    'username' => 'name'
                )
            ),
            'Form' => array(
                'userModel' => 'Appuser',
                'fields' => array(
                    'username' => 'name'
                )
            )
        )
    ));

Use the scope setting of the AuthComponent and set it using the ALL constant:

public $components = array(
    'Auth' => array(
        'loginAction' => array(
            'controller' => 'api',
            'action' => 'login'
        ),
        'authenticate' => array(
            AuthComponent::ALL => array(      // Use this to apply common settings
                'userModel' => 'Appuser',
                'fields' => array(
                    'username' => 'name'
                ),
                'scope' => array(
                    'Appuser.active' => 1       // This is the check you need
                )
            ),
            'Basic',
            'Form'
        )
    )
);

For more info, refer to this section in the book.