Trongate Way Docs

Building the Members Controller

The login module handles the heavy lifting of authentication: credential validation, token creation, rate limiting, and forgot-password flows. Your Members controller provides the landing pages, the post-login experience, and access to protected content.

Create modules/members/Members.php:

PHP
<?php
class Members extends Trongate {

    /**
     * Display the member's welcome page.
     *
     * This is the page members see after logging in.
     * The login module redirects here after successful
     * authentication (configured in config/login.php).
     *
     * @return void
     */
    public function welcome(): void {
        $data['view_module'] = 'members';
        $data['view_file'] = 'welcome';
        $this->templates->public($data);
    }

    /**
     * Log the current user out.
     *
     * Destroys the authentication token and redirects
     * to the member login page.
     *
     * @return void
     */
    public function logout(): void {
        $this->trongate_tokens->destroy();
        redirect('member-login');
    }

    /**
     * Check if a member is authenticated with a valid token.
     *
     * Unlike administrators who use make_sure_allowed(),
     * members can be checked via is_logged_in() or by
     * attempting to retrieve a valid token directly.
     *
     * @return void
     */
    public function members_only(): void {
        $member_level_id = 2;

        // Option A: Using the login module's is_logged_in()
        $logged_in = $this->login->is_logged_in($member_level_id);

        // Option B: Using tokens directly
        // $token = $this->trongate_tokens->attempt_get_valid_token($member_level_id);
        // if ($token === false) { redirect('member-login'); }

        if ($logged_in !== true) {
            redirect('member-login');
        }

        // Member is authenticated  -  show the protected page
        $data['view_module'] = 'members';
        $data['view_file'] = 'members_only';
        $this->templates->public($data);
    }
}

Understanding the Login Flow

Notice that the Members controller does not need login() or submit_login() methods. When a visitor navigates to /member-login, the custom routing forwards the request to the login module directly:

  • login/login/member-login renders the login form using the configured view_file from modules/login/views/.
  • The form submits to login/submit_login/member-login, which validates credentials, enforces rate limiting, and creates a session token.
  • On success, the member is redirected to members/welcome.
  • On failure, the form is redisplayed with validation errors.

This is the key difference from the administrator flow, where the trongate_administrators controller implements its own login() and submit_login() methods to integrate with the admin template.

Checking Authentication

There are two ways to check whether a member is logged in:

Using is_logged_in()

PHP
$this->module('login'); // Ensure the module is loaded
if ($this->login->is_logged_in(2) === true) {
    // Member (level 2) is authenticated
}

The is_logged_in() method checks for a valid, unexpired token for the given user level. Pass no argument to check any user level.

Using attempt_get_valid_token()

PHP
$token = $this->trongate_tokens->attempt_get_valid_token(2);
if ($token !== false) {
    // Member is authenticated  -  token object is available
    // $token->token, $token->user_id, $token->expiry_date
}

This returns the token object if a valid one exists, or false if not. It is useful when you need access to token metadata.

Logging Out

The logout() method in the Members controller destroys all existing tokens and redirects the member to the login page. If you prefer, you can also use the login module's built-in logout:

PHP
$this->module('login');
$this->login->logout(); // Destroys tokens and redirects to login/login/{secret_word}

Using $this->trongate_tokens->destroy() directly gives you control over the redirect destination.

Creating the Welcome View

Create modules/members/views/welcome.php:

View File
<h1>Welcome!</h1>

<p>You are now logged in as a member of our site.</p>

<p><?= anchor('members/your_account', 'Your Account') ?></p>
<p><?= anchor('members/logout', 'Logout') ?></p>

Key Points

  • The login module handles authentication logic - your controller focuses on the user experience.
  • Use is_logged_in() for simple authentication checks in any controller.
  • Use attempt_get_valid_token() when you need the token object itself.
  • Members use the public template ($this->templates->public()), not the admin template.
  • You can add methods to the Members controller for profile pages, settings, or any member-only features.

In the next page, we will add registration and account management to give members a complete self-service experience.

We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.

Share your thoughts in the Documentation Feedback.

Leave Feedback About This Page