Trongate Way Docs

Your First Configuration

The configuration file is where you tell Trongate's login module everything it needs to know. You write this file once, and the login module does the rest.

Create a new file at config/login.php and add the following:

PHP
<?php
$config['login'] = [

    // Global settings
    'default_view_file'    => 'login_default',
    'max_failed_attempts'  => 3,
    'block_duration'       => 900,
    'password_hash_cost'   => 11,
    'reset_token_lifespan' => 3600,

    'user_levels' => [

        // Level 1: Administrators
        1 => [
            'target_table'           => 'trongate_administrators',
            'user_ref_field'         => 'trongate_user_id',
            'secret_login_word'      => 'tg-admin',
            'redirect_on_success'    => 'trongate_administrators/manage',
            'allow_remember'         => 0,
            'remember_days'          => 0,
            'enable_forgot_password' => false,
            'view_file'              => 'login_default',
            'fields' => [
                'identifiers' => [
                    'username' => ['column' => 'username', 'label' => 'Username'],
                    'email'    => ['column' => 'email', 'label' => 'Email']
                ],
                'password' => [
                    'column' => 'password',
                    'label'  => 'Password'
                ]
            ]
        ],

        // Level 2: Members
        2 => [
            'target_table'           => 'members',
            'user_ref_field'         => 'trongate_user_id',
            'secret_login_word'      => 'member-login',
            'redirect_on_success'    => 'members/welcome',
            'allow_remember'         => 1,
            'remember_days'          => 30,
            'enable_forgot_password' => true,
            'view_file'              => 'login_default',
            'fields' => [
                'identifiers' => [
                    'username' => ['column' => 'username', 'label' => 'Username'],
                    'email'    => ['column' => 'email_address', 'label' => 'Email Address']
                ],
                'password' => [
                    'column' => 'password',
                    'label'  => 'Password'
                ]
            ]
        ]
    ]
];

What Each Setting Means

Let us go through the settings one at a time, in plain English.

Global Settings (Apply to All User Levels)

Setting What It Does
max_failed_attempts How many wrong passwords someone can try before they get temporarily blocked. Set to 3 in this example.
block_duration How long the block lasts, in seconds. 900 seconds = 15 minutes.
password_hash_cost How strong the password scrambling should be. Higher = more secure but slower. 11 is a good balance.
reset_token_lifespan How long a "forgot password" link works, in seconds. 3600 seconds = 1 hour.

Per-Level Settings

Each user level has its own settings. Here is what each one means:

Setting What It Does
target_table The database table that stores this type of user. For administrators, it is trongate_administrators. For members, it is members (the table you created).
user_ref_field The column in your table that links back to trongate_users. Almost always trongate_user_id.
secret_login_word A word that makes the login URL easy to remember. For example, tg-admin creates a URL like yoursite.com/tg-admin. You can remove this and just use a number instead (we will explain this on the next page).
redirect_on_success Where the user is sent after they log in successfully. Format: module/method.
allow_remember Show a "Remember Me" checkbox on the login form? 1 = yes, 0 = no. Members usually want this. Administrators usually do not.
remember_days If "Remember Me" is enabled, how many days should the user stay logged in? 30 is common.
enable_forgot_password Allow users to reset their password via email? true = yes, false = no.
view_file Which login form design to use. The options are login_default, login_compact, or login_split. You can also create your own.
fields → identifiers The columns that a user can log in with. In the example above, members can log in with either their username OR their email_address. Each identifier has a column (the database column name) and a label (what the form shows).
fields → password The column that stores the password. The column value must match your database exactly.

An Important Rule

The column names in your configuration must match the column names in your database exactly. If your table has a column called email_address but your config says email, the login module will not find your users.

Double-check that every column name in the fields section matches a real column in your target_table.

What's Next

Now that the configuration is ready, we need to set up the URLs so people can actually reach the login form. That is what the next page is about.

We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.

Share your thoughts in the Documentation Feedback.

Leave Feedback About This Page