Trongate Way Docs

After They Log In

Great news! The login module handles all the hard parts - checking passwords, creating tokens, rate-limiting bad attempts, and remembering logged-in users. Your job now is to build the pages that members see after they log in.

You do this by creating a simple controller called Members. It lives at modules/members/Members.php.

The Welcome Page

When a member logs in successfully, the login module sends them to wherever you set in redirect_on_success. In our configuration, that is members/welcome.

Let us build that welcome page. First, the controller:

PHP
<?php
class Members extends Trongate {

    /**
     * Show the welcome page after login.
     */
    public function welcome(): void {
        $data['view_module'] = 'members';
        $data['view_file'] = 'welcome';
        $this->templates->public($data);
    }

}

Then, create the view file at modules/members/views/welcome.php:

HTML
<h1>Welcome!</h1>

<p>You are now logged in as a member of our site.</p>

<p><?= anchor('members/your_account', 'Your Account') ?></p>
<p><?= anchor('members/logout', 'Logout') ?></p>

That is it. The welcome() method loads the welcome view inside the public template. Your members see a friendly message and links to their account or to log out.

Logging Out

Logging out is even simpler. Add a logout() method to your Members controller:

PHP
public function logout(): void {
    $this->trongate_tokens->destroy();
    redirect('member-login');
}

That is three lines of code. It destroys the user's token (removes the "digital hand stamp") and sends them back to the login page.

Protecting a Page

What about pages that should only be visible to logged-in members? You do not want someone to be able to type /members/your_account into their browser and see it without logging in.

Protecting a page is easy. You check if the user has a valid token. If they do not, you send them to the login page.

PHP
public function your_account(): void {
    $member_level_id = 2;
    $token = $this->trongate_tokens->attempt_get_valid_token($member_level_id);

    if ($token === false) {
        redirect('member-login');
    }

    // The member is authenticated  -  show the page
    $data['view_module'] = 'members';
    $data['view_file'] = 'your_account';
    $this->templates->public($data);
}

Let us break that down:

  1. $member_level_id = 2 - we are checking for level 2 (members).
  2. $this->trongate_tokens->attempt_get_valid_token(2) - this looks for a valid token for a member. If found, it returns the token. If not, it returns false.
  3. If the token is false, we redirect to the login page. The member never sees the protected content.
  4. If the token is valid, we show the page.

You can add this same pattern to any method that should be member-only. Just put the token check at the top.

A Handy Shortcut

There is another way to check if someone is logged in. The login module provides an is_logged_in() method:

PHP
$this->module('login');

if ($this->login->is_logged_in(2) === true) {
    // Member is logged in!
} else {
    // Member is not logged in.
}

Use whichever one you prefer. attempt_get_valid_token() gives you the token object (which contains the user's ID), while is_logged_in() simply returns true or an error message.

What's Next

You now have a working login system. The next page shows you the complete Members controller and a summary of everything we have covered.

We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.

Share your thoughts in the Documentation Feedback.

Leave Feedback About This Page