Trongate Way Docs

Password Recovery

If you have lost your password, do not worry. It happens to all of us. The important thing is that you can fix it.

When you created your administrator account (or any other user account on your Trongate site), your password was stored in a database table. For administrators, this is the trongate_administrators table. For other types of users - such as members - it would be whatever table you set up for them (for example, a table called members).

In every case, the password lives in a column called password (or whatever you named it in your configuration). The data in that column is scrambled - it is turned into a long, unreadable string using a process called bcrypt hashing. This is a good thing. It means that even if someone were to see your database, they would not be able to read your password.

But here is the good news: even though your password is scrambled, you can still create a new one. The rest of this page will show you how, step by step. The instructions work whether your website is running in development mode or in live/production mode, and they work for any user level - administrators, members, or any other type of user you have set up.

The method for recovering your password depends on whether your website is in development mode or live mode. This is controlled by the ENV constant inside your config/config.php file. If ENV is set to 'dev', your site is in development mode. Anything else means your site is in live mode. We will cover both scenarios on this page.

Development Mode

The following instructions explain how to reset a Trongate Administrator's password when working in Development Mode.

Resetting a Trongate Administrator Password When In Development Mode

  1. Navigate to <base-url>trongate_administrators/manage.

    This will take you directly to the administrator management page. Since your application is running in Development Mode, you will be taken straight to the page without needing to log in.

  2. Locate the account whose password you want to reset, then click View.

    You will see a list of all Trongate Administrator accounts for your application. Clicking View will open the Account Details page.

  3. On the Account Details page, click Edit.

    This will take you to the Update Record page. Near the top-right corner of the page, you will find the Update Password button.

  4. Click Update Password.

    You can now enter and save a new password for the selected administrator account.

Live Mode

When your website is in live mode (ENV is set to anything other than 'dev'), you cannot simply browse to the admin panel without logging in. You will need to use the login module's built-in Forgot Password feature instead.

This feature allows a user to request a password reset email. They enter their email address, receive a link, and choose a new password - all without needing anyone else's help.

Step 1: Enable the Forgot Password Feature

By default, the forgot password feature is disabled for administrators. Open your config/login.php file and find the administrator user level (level 1). Change this:

'enable_forgot_password' => false

to this:

'enable_forgot_password' => true

Save the file.

Step 2: Configure Your Email Settings

The forgot password feature sends emails through the trongate_email module. This module needs to know your SMTP server details so it can deliver the reset emails.

Create a file at config/trongate_email.php with your SMTP credentials:

PHP
<?php
$config['trongate_email'] = [
    'smtp_host'       => 'mail.yourdomain.com',
    'smtp_port'       => 465,
    'smtp_user'       => '[email protected]',
    'smtp_pass'       => 'your-password-here',
    'smtp_secure'     => 'ssl',
    'smtp_from_name'  => 'Your Website Name'
];

Replace the values above with your actual SMTP details. Your web host or email provider can give you these settings.

Step 3: Use the Forgot Password Form

Once the configuration is ready, the forgot password link will appear on your login form automatically. A user can also visit the forgot password page directly at:

http://yoursite.com/login/forgot_password/{secret_word}

For administrators, this would be:

http://yoursite.com/login/forgot_password/tg-admin

Here is how the full flow works:

  1. User enters their email address.

    The login module checks whether an account with that email exists. If it does, a unique, time-sensitive reset token is created and stored in the database.

  2. An email is sent with a reset link.

    The link contains the reset token and looks something like this: http://yoursite.com/login/reset_password/abc123...64characters. This link expires after one hour.

  3. User clicks the link and chooses a new password.

    The login module verifies that the token is valid and has not expired. The user then types a new password and confirms it.

  4. The password is updated.

    The new password is hashed and saved to the database. All existing authentication tokens for that user are destroyed, which means any active sessions are logged out. The user can then log in with their new password.

That is all there is to it. The login module handles the token generation, email delivery, password hashing, and session cleanup automatically.

We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.

Share your thoughts in the Documentation Feedback.

Leave Feedback About This Page