Your First Configuration
The configuration file is where you tell Trongate's login module everything it needs to know. You write this file once, and the login module does the rest.
Create a new file at config/login.php and add the following:
<?php
$config['login'] = [
// Global settings
'default_view_file' => 'login_default',
'max_failed_attempts' => 3,
'block_duration' => 900,
'password_hash_cost' => 11,
'reset_token_lifespan' => 3600,
'user_levels' => [
// Level 1: Administrators
1 => [
'target_table' => 'trongate_administrators',
'user_ref_field' => 'trongate_user_id',
'secret_login_word' => 'tg-admin',
'redirect_on_success' => 'trongate_administrators/manage',
'allow_remember' => 0,
'remember_days' => 0,
'enable_forgot_password' => false,
'view_file' => 'login_default',
'fields' => [
'identifiers' => [
'username' => ['column' => 'username', 'label' => 'Username'],
'email' => ['column' => 'email', 'label' => 'Email']
],
'password' => [
'column' => 'password',
'label' => 'Password'
]
]
],
// Level 2: Members
2 => [
'target_table' => 'members',
'user_ref_field' => 'trongate_user_id',
'secret_login_word' => 'member-login',
'redirect_on_success' => 'members/welcome',
'allow_remember' => 1,
'remember_days' => 30,
'enable_forgot_password' => true,
'view_file' => 'login_default',
'fields' => [
'identifiers' => [
'username' => ['column' => 'username', 'label' => 'Username'],
'email' => ['column' => 'email_address', 'label' => 'Email Address']
],
'password' => [
'column' => 'password',
'label' => 'Password'
]
]
]
]
];What Each Setting Means
Let us go through the settings one at a time, in plain English.
Global Settings (Apply to All User Levels)
| Setting | What It Does |
|---|---|
max_failed_attempts |
How many wrong passwords someone can try before they get temporarily blocked. Set to 3 in this example. |
block_duration |
How long the block lasts, in seconds. 900 seconds = 15 minutes. |
password_hash_cost |
How strong the password scrambling should be. Higher = more secure but slower. 11 is a good balance. |
reset_token_lifespan |
How long a "forgot password" link works, in seconds. 3600 seconds = 1 hour. |
Per-Level Settings
Each user level has its own settings. Here is what each one means:
| Setting | What It Does |
|---|---|
target_table |
The database table that stores this type of user. For administrators, it is trongate_administrators. For members, it is members (the table you created). |
user_ref_field |
The column in your table that links back to trongate_users. Almost always trongate_user_id. |
secret_login_word |
A word that makes the login URL easy to remember. For example, tg-admin creates a URL like yoursite.com/tg-admin. You can remove this and just use a number instead (we will explain this on the next page). |
redirect_on_success |
Where the user is sent after they log in successfully. Format: module/method. |
allow_remember |
Show a "Remember Me" checkbox on the login form? 1 = yes, 0 = no. Members usually want this. Administrators usually do not. |
remember_days |
If "Remember Me" is enabled, how many days should the user stay logged in? 30 is common. |
enable_forgot_password |
Allow users to reset their password via email? true = yes, false = no. |
view_file |
Which login form design to use. The options are login_default, login_compact, or login_split. You can also create your own. |
fields → identifiers |
The columns that a user can log in with. In the example above, members can log in with either their username OR their email_address. Each identifier has a column (the database column name) and a label (what the form shows). |
fields → password |
The column that stores the password. The column value must match your database exactly. |
An Important Rule
The column names in your configuration must match the column names in your database exactly. If your table has a column called email_address but your config says email, the login module will not find your users.
Double-check that every column name in the fields section matches a real column in your target_table.
What's Next
Now that the configuration is ready, we need to set up the URLs so people can actually reach the login form. That is what the next page is about.
We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.
Share your thoughts in the Documentation Feedback.