Trongate Way Docs

Project Introduction

This chapter will guide you through building a complete member authentication system using Trongate v2's login module. By the end, you will have member registration, login, logout, password resets, remember-me cookies, and a protected member area.

Want the complete code? Grab the full example from GitHub:

https://github.com/grady-trongate/Trongate-v2-Login-System

This repository contains the finished config/login.php, config/custom_routing.php, a complete members module (controller, model, views), and a login.sql file with the full database schema.

A Note on Administrators

Administrators are a special case in Trongate v2. The trongate_administrators module ships with the framework and provides a ready-made login flow, CRUD management, and the make_sure_allowed() security gate. You do not need to build an administrator login system from scratch - it is already there.

Members, however, require a custom implementation. Each application has unique requirements for member registration, profile fields, and front-end templates. This chapter focuses entirely on what you need to build - the member side of authentication.

The Four Components

A member login system in Trongate v2 consists of four parts working together:

  1. Configuration (config/login.php)
    Defines the member user level, target table, login identifiers, redirect paths, and security settings such as remember-me duration and forgot-password support.
  2. Custom Routing (config/custom_routing.php)
    Maps the member's secret login word to the login module, creating clean, secure login URLs.
  3. The Login Module (modules/login/)
    The framework's built-in authentication engine. It handles credential validation, token creation, rate limiting, and forgot-password flows. Everything is config-driven - you write configuration, not authentication logic.
  4. The Members Controller (modules/members/Members.php)
    Your custom controller that provides login form rendering, logout handling, a welcome page, and the protected member area. This is the piece you build yourself.

How the Flow Works

  1. A visitor navigates to /member-login (the secret login word).
  2. Custom routing forwards the request to the login module: login/login/member-login.
  3. The login module resolves the user level, renders the login form, and handles form submission.
  4. On successful login, the user is redirected to members/welcome.
  5. The Members controller's welcome() method renders the protected welcome page.
  6. The member can access their account dashboard, update their profile, change their password, and log out.

If the member forgets their password, they can request a reset email via the login module's built-in forgot-password flow.

What You Will Build

  • A members database table linked to trongate_users
  • A login configuration for the member user level
  • Custom routing for the member login word
  • A Members controller with login, logout, and welcome methods
  • A Registration and account management system

Let us begin with the database.

We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.

Share your thoughts in the Documentation Feedback.

Leave Feedback About This Page