The Login Form

After you’ve installed and configured Community Auth, you’ll want to customize your application to use it, and creating a login form is essential. You’ll need to make some decisions and do a little configuration.

Create Your Own Login Method

Take a look at the login method inside the provided Examples controller:

public function login()
    // Method should not be directly accessible
    if( $this->uri->uri_string() == 'examples/login')

    if( strtolower( $_SERVER['REQUEST_METHOD'] ) == 'post' )


    $html = $this->load->view('examples/page_header', '', TRUE);
    $html .= $this->load->view('examples/login_form', '', TRUE);
    $html .= $this->load->view('examples/page_footer', '', TRUE);

    echo $html;

Most of what is there is essential, except for where I loaded the page header and footer views. Since you will have your own website template, you’ll have your own way of handling how the form is embedded or displayed. So, your first decisions would be in which controller to put the login method, and then where to put your own customized view for the login form. In the past I have often put the login method in a User controller.

On line 4 above, you can see that the method is making sure that it is not directly accessible. If you were to put this method in a User controller, you would want to change line 4 to:

if( $this->uri->uri_string() == 'user/login')

You might be wondering why the method should not be directly accessible, and the reason is that we want to be able to control the URL where login attempts are done. If somebody knew that they could circumnavigate your chosen login form location by accessing the login method directly, then they could hammer away on the method and you wouldn’t be able to stop them.

On line 17 above, you see that the view for the login form is the one provided with Community Auth. If you create a new login form and put it somewhere else, for instance in a “user” directory, you’ll update the loading of the view to point to that view file:

$html .= $this->load->view('user/login_form', '', TRUE);

Route to Your New Login Method

Again, using the User controller as an example, we need to make sure that our application knows where the login form is. Adjust the route to the login form by editing it in config/routes.php.

$route[LOGIN_PAGE] = 'user/login';

Customizing the Login Form View

You will no doubt customize the view for the login form, and if you look at the view that is provided, most of the code in the view is self explanatory. Where you might get tripped up is if you change the name attributes for the inputs. Community Auth is expecting “login_string” and “login_pass”.

Also note that the provided view uses the form helper to create the form’s opening tag. This is important because Community Auth inserts a hidden form field into the form, and without using the form_open function you will not have the necessary token posted, and so never able to log in.

Important Variables in the Login Form View

  • $optional_login
  • $on_hold_message
  • $login_error_mesg
  • $login_url


If the login form has been set up as an optional login, the $optional_login variable is set. In the case of the example login form, it simply removes the header above the form.


If the $on_hold_message variable is set, it means the IP address of the site visitor has been put on hold. In the example login form, this removes the actual form and replaces it with a message indicating that there have been excessive login attempts.


If the $login_error_message variable is set, it means that the login attempt failed. In the case of the example login form, an error message is displayed so the site visitor knows there was a login error.


The $login_url variable is the URL where the form will post to, and technically the form’s action attribute.