Trongate PHP Framework Docs
Introduction
Quick Start
Basic Concepts
Understanding Routing
Intercepting Requests
Module Fundamentals
Database Operations
Templates
Helpers
Form Handling
Form Validation
Working With Files
Image Manipulation
Working With Dates & Times
Language Control
Security
Tips And Best Practices

Working with Login Routes

The login module lives at the URL login/login by default. While this works fine, you may prefer a shorter or more branded path for your users — /admin, /sign-in, or anything else that suits your application.

This page covers how to configure custom routes for the login module and how to handle unauthenticated access to protected pages.

The Default Login URL

Out of the box, the login module is accessible at:

All login-related functionality sits under this module:

URL Purpose
login/loginDisplay the login form
login/logoutLog out the current user
login/forgot_passwordRequest a password reset
login/not_allowedAccess denied page
login/unlockUnlock a blocked account

Setting a Custom Login URL

Open config/custom_routing.php and add a route that maps your preferred URL to the login module:

Now, visiting /admin displays the login form, and the form submission is handled correctly through the custom route.

Including All Login Actions

If you want to route all login module actions under your custom path, add entries for each action:

With these routes in place, your users see clean URLs like /admin and /admin/logout while the login module handles all the authentication logic behind the scenes.

Redirecting Unauthenticated Users to Login

When an unauthenticated user tries to access a protected page, the system needs to know where to send them. The login module handles this through the redirect_on_success and login-check methods, but you can also use Trongate's built-in redirect() helper:

Alternatively, use the security module to let it handle redirection:

The Security Module and Custom Routes

The trongate_security module's default scenario checks for a valid token and redirects to login/login if none is found. If you have set a custom route for login, the security module will still redirect correctly because the login module is doing the actual work.

For scenarios where you need a different redirect behaviour, you can override the default scenario in your Trongate_security.php controller:

Configuration Options

The login module's behaviour is configured in config/login.php. The most relevant settings for routing are:

Setting Purpose
user_levels[x][redirect_on_success]Where to send the user after a successful login
user_levels[x][view_file]Which login view style to use (login_default, login_compact, or login_split)
max_failed_attemptsNumber of failed attempts before blocking (default: 3)
block_durationHow long to block after max failures (seconds, default: 900)

Practical Example: Admin Panel

A common setup is to use a custom route for the admin login and a separate route for the members area:

With this configuration:

  • Administrators visit /portal to log in
  • They are redirected to trongate_administrators/manage after successful login (as configured in config/login.php)
  • The logout link becomes /portal/logout
  • The forgot-password flow runs through /portal/forgot_password

This gives your application a clean, branded authentication experience without exposing the underlying module structure.

We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.

Share your thoughts in the Documentation Feedback.

Leave Feedback About This Page