Trongate Way Docs

Putting It All Together

Let us bring everything together. Below is a complete Members controller that includes a welcome page, logout, a protected account page, and registration for new members.

The Complete Members Controller

PHP
<?php
class Members extends Trongate {

    /**
     * Welcome page  -  shown after successful login.
     */
    public function welcome(): void {
        $data['view_module'] = 'members';
        $data['view_file'] = 'welcome';
        $this->templates->public($data);
    }

    /**
     * Log the member out and redirect to the login page.
     */
    public function logout(): void {
        $this->trongate_tokens->destroy();
        redirect('member-login');
    }

    /**
     * Protected account page  -  only visible to logged-in members.
     */
    public function your_account(): void {
        $token = $this->trongate_tokens->attempt_get_valid_token(2);

        if ($token === false) {
            redirect('member-login');
        }

        // Fetch the member's data using their user ID from the token
        $params = ['trongate_user_id' => $token->user_id];
        $sql = 'SELECT * FROM members WHERE trongate_user_id = :trongate_user_id';
        $member = $this->db->query_bind($sql, $params, 'object');

        if (empty($member)) {
            redirect('member-login');
        }

        $data = (array) $member[0];
        $data['view_module'] = 'members';
        $data['view_file'] = 'your_account';
        $this->templates->public($data);
    }

    /**
     * Display the registration form.
     */
    public function create_account(): void {
        $data['view_module'] = 'members';
        $data['view_file'] = 'create_account';
        $this->templates->public($data);
    }

    /**
     * Process the registration form.
     */
    public function submit_create_account(): void {
        $this->module('login');

        $this->validation->set_rules('username', 'username', 'required|min_length[3]|max_length[55]');
        $this->validation->set_rules('email_address', 'email address', 'required|valid_email');
        $this->validation->set_rules('password', 'password', 'required|min_length[5]|max_length[35]');
        $this->validation->set_rules('password_repeat', 'password repeat', 'required|matches[password]');

        $result = $this->validation->run();

        if ($result === true) {
            // Create the trongate_users record
            $sql = 'INSERT INTO trongate_users (user_level_id, code)
                    VALUES (:user_level_id, :code)';
            $params = [
                'user_level_id' => 2,
                'code' => make_rand_str(32)
            ];
            $this->db->query_bind($sql, $params);
            $trongate_user_id = $this->db->insert_id();

            // Create the members record
            $data['username'] = post('username', true);
            $data['email_address'] = post('email_address', true);
            $data['password'] = $this->login->hash_password(post('password'));
            $data['trongate_user_id'] = $trongate_user_id;
            $data['date_created'] = time();
            $data['num_logins'] = 0;
            $data['last_login'] = 0;
            $data['code'] = make_rand_str(16);

            $this->db->insert($data, 'members');

            set_flashdata('Your account has been created. Please log in.');
            redirect('member-login');
        }

        // Validation failed  -  show the form again with errors
        $data['view_module'] = 'members';
        $data['view_file'] = 'create_account';
        $this->templates->public($data);
    }

}

What You Have Learned

Here is a quick recap of everything we covered in this chapter:

  1. What a login system is. It is the lock on your website's door. The login module checks who people are, remembers them while they browse, and forgets them when they leave.
  2. The pieces you need. Three framework tables (trongate_user_levels, trongate_users, trongate_tokens) and one custom table for your users. The configuration file (config/login.php) ties them all together.
  3. How to configure the login module. You told it which table to use, which columns hold usernames and passwords, where to send people after login, and how strict to be with failed attempts.
  4. How login URLs work. You can use numbers (/login/login/2) or secret words (/login/login/member-login). Custom routing makes the URLs clean (/member-login).
  5. How to build the Members controller. A welcome page, a logout method, and protected pages that check for a valid token before showing content.

Key Principles to Remember

  • The login module is config-driven. You configure, you do not code authentication logic. The module handles everything.
  • Every user needs a trongate_users record. This is the master list. Their details go in the per-level table (like members).
  • Column names must match. The fields in your config must use the exact column names from your database table.
  • Use attempt_get_valid_token() to protect pages. Check for a valid token at the top of any method that should be member-only.
  • Use $this->login->hash_password() when creating users. Never hash passwords manually - the login module uses the correct settings from your config.

Where to Go Next

Your login system is working. Here are some things you might want to add next:

  • Forgot password. Set enable_forgot_password to true in your config and configure the trongate_email module with your SMTP settings.
  • Profile pages. Add more methods to your Members controller for updating names, emails, and passwords.
  • Email confirmation. Send a confirmation email when a new member registers, and only let them log in after they confirm.

Congratulations - you have built a complete login system with Trongate v2!

We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.

Share your thoughts in the Documentation Feedback.

Leave Feedback About This Page