Module Configuration
Create config/login.php. This is the central configuration file that tells the login module everything it needs to know about your user levels.
<?php
$config['login'] = [
// Global settings
'default_view_file' => 'login_default',
'max_failed_attempts' => 3,
'block_duration' => 900,
'password_hash_cost' => 11,
'reset_token_lifespan' => 3600,
'user_levels' => [
// Level 1: Administrators (built-in with framework)
1 => [
'target_table' => 'trongate_administrators',
'user_ref_field' => 'trongate_user_id',
'secret_login_word' => 'tg-admin',
'redirect_on_success' => 'trongate_administrators/manage',
'allow_remember' => 0,
'remember_days' => 0,
'enable_forgot_password' => false,
'view_file' => 'login_default',
'fields' => [
'identifiers' => [
'username' => ['column' => 'username', 'label' => 'Username'],
'email' => ['column' => 'email', 'label' => 'Email']
],
'password' => [
'column' => 'password',
'label' => 'Password'
]
]
],
// Level 2: Members
2 => [
'target_table' => 'members',
'user_ref_field' => 'trongate_user_id',
'secret_login_word' => 'member-login',
'redirect_on_success' => 'members/welcome',
'allow_remember' => 1,
'remember_days' => 30,
'enable_forgot_password' => true,
'view_file' => 'login_default',
'fields' => [
'identifiers' => [
'username' => ['column' => 'username', 'label' => 'Username'],
'email' => ['column' => 'email_address', 'label' => 'Email Address']
],
'password' => [
'column' => 'password',
'label' => 'Password'
]
]
]
]
];Member-Level Settings Explained
Settings that are specifically relevant to the member experience:
| Setting | Value | Why This Matters for Members |
|---|---|---|
secret_login_word |
member-login |
Creates a clean URL like /member-login. The login module uses this word to identify the correct user level. |
redirect_on_success |
members/welcome |
After a successful login, members are sent to the welcome page in your custom Members controller. |
allow_remember |
1 |
Members typically want to stay logged in between visits. Enable this to show a "Remember Me" checkbox on the login form. |
remember_days |
30 |
How long the remember-me token remains valid. 30 days is a common balance between convenience and security. |
enable_forgot_password |
true |
Members forget their passwords. Enable this to allow them to request a password reset email. |
identifiers |
username and email_address |
Members can log in with either their chosen username or their email address. The column values must match column names in the members table. |
Important: Column Names Must Match
The fields.identifiers and fields.password column names must match exactly with the column names in your members table. In this configuration:
usernamemaps to theusernamecolumn in thememberstableemail_addressmaps to theemail_addresscolumnpasswordmaps to thepasswordcolumn
A common source of errors is a column name mismatch between the configuration and the database. Verify that every column name in your config exists in your target table.
Global Settings Reference
| Setting | Default | Purpose |
|---|---|---|
default_view_file |
login_default |
The default view file for login forms when a level does not specify its own. |
max_failed_attempts |
3 |
Number of failed login attempts before the user is temporarily blocked. |
block_duration |
900 |
Duration in seconds (15 minutes) that a user is blocked after exceeding the max failed attempts. |
password_hash_cost |
11 |
The cost factor used by password_hash() with the bcrypt algorithm. |
reset_token_lifespan |
3600 |
Duration in seconds (1 hour) that a password reset token remains valid. |
With the configuration in place, the login module now knows exactly how to authenticate members. Next, we will set up custom routing so the secret login word resolves to the correct controller.
We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.
Share your thoughts in the Documentation Feedback.