If you have enabled the must approve users setting on your Discourse site, new users will not be allowed to log into Discourse until they have been approved by a staff member. This will also prevent the new users from logging into your PHP site until they have been approved on Discourse. If your PHP site is displaying a link to allow users to login via Discourse, when an unapproved user clicks the link, they will be taken to the Discourse login page, and see a notice like this if they attempt to login:
Let me know if that doesn’t answer your question.
In case you are interested, here’s an example of the payload that is sent when an approved Discourse user attempts to login to a site via DiscourseConnect:
[admin] => false
[moderator] => false
[email] => connecttester@example.com
[external_id] => 379
[groups] => trust_level_3,trust_level_0,message_test,eurorack,trust_level_1,trust_level_2
[name] => Connect Tester
[nonce] => 690d8fb0853fd4c69bb89a5084d87f45
[return_sso_url] => http://wp-discourse.test/
[username] => connecttester
For an unapproved user, no data will be sent, because the user will not be able to get past the Discourse login page.