Trongate Way Docs

Custom Routing

When a user level has a secret_login_word, that word must be mapped to the correct controller method via custom routing. This keeps login URLs clean and secure.

Create or update config/custom_routing.php:

PHP
<?php
$routes = [

    // Member route through the login module
    "member-login"                 => "login/login/member-login",

    // Admin route through the admin controller (built-in)
    "tg-admin"                     => "trongate_administrators/login",
    "tg-admin/submit_login"        => "trongate_administrators/submit_login",
];
define('CUSTOM_ROUTES', $routes);

Understanding the Member Route

The member route member-login points to login/login/member-login. Let us break this down:

  • login/login - The first login is the module name, the second login is the controller method. So this calls Login->login() in modules/login/Login.php.
  • /member-login - This is the secret login word passed as a URL segment. The login module uses get_last_part(current_url(), '/') to extract it and compare against the configured secret words.

When a visitor navigates to /member-login, the following happens:

  1. Custom routing forwards the request to login/login/member-login.
  2. The login() method calls resolve_level(), which scans the URL segments for a matching secret word.
  3. It finds member-login and matches it to user level 2 (Members).
  4. If the member already has a valid token, they are redirected to members/welcome.
  5. Otherwise, the login form is rendered.
  6. The form submits to login/submit_login/member-login, which routes through the same custom routing pattern.

How Member Routing Differs from Admin Routing

Notice the difference between the two route patterns:

  • Administrators route directly to trongate_administrators/login. This is because the admin controller has its own login() and submit_login() methods that handle the full authentication flow, rendered with the admin template.
  • Members route through login/login/member-login, which goes directly to the login module's built-in login() method. Members use the default login module views rendered with the site's public template.

Why this difference? Because administrators are covered by the framework's built-in trongate_administrators module, which has its own view and controller. Members have a custom controller that delegates the authentication heavy lifting to the login module.

Critical Rule: Route Key Must Match Secret Login Word

The secret_login_word in config/login.php and the route key in config/custom_routing.php must match exactly. If the login word is member-login, the route key must be member-login. A mismatch here is the most common source of routing errors.

How It Looks in the Browser

After setting up custom routing, the login URLs are clean and intuitive:

URL What It Does
http://your-site.com/member-login Displays the member login form
http://your-site.com/tg-admin Displays the admin login form

Next, we will build the Members controller that handles the post-login experience.

We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.

Share your thoughts in the Documentation Feedback.

Leave Feedback About This Page