Logging In

With CodeIgniter’s logging feature turned on, every time you try to login or request a page on your website, CodeIgniter will be writing to a log file located in /application/logs/. In your text editor, open the log file that includes today’s date as the filename.

For each login attempt, you should see something like this:

DEBUG - 2015-06-28 10:54:17 --> 
 string      = <your username or email address>
 password    = <the password you entered>
 form_token  = <the value of the posted form token>
 token_jar   = <the array of acceptable tokens>

What to Expect

  • You should see the username or email address you used for your login attempt.
  • You should see the password you used for your login attempt.
  • You should see a random string of characters that was posted by your login form.
  • You should see a JSON encoded array of acceptable form tokens. The posted form token should be in this array.

First, unless you changed the name attributes of the login form’s input elements , the string, password, and form_token values should always be set. If they aren’t then you’re going to need to revert to the original name attributes:

  • login_string
  • login_pass
  • login_token

Although unlikely, if the logged form_token is not in the logged token_jar, then you probably have an issue with cookies being set. Are cookies enabled in your browser? Are you sure you autoloaded CodeIgniter’s cookie helper? If the tokens cookie is not being set at all, you’ll want to do a simple test setting cookies with CodeIgniter, because Community Auth uses simple CodeIgniter features for setting the tokens cookie.

Everything Seems Fine, What’s Next?

If your string (which is either a username or email address), password, form_token and flash_token look good, then you’ll want to look for other debug message logged by Community Auth’s Authentication library.

DEBUG - 2015-06-28 10:54:17 --> 
 user is banned             = no
 password in database       = $2y$11$...
 supplied password match    = 1
 required level or role     = 1
 auth level in database     = 9
 auth level equivalent role = admin
  • The user might be banned.
  • The password in the database may not match the posted password.
  • The auth level may not be sufficient when compared to the required level.
  • The user role may not be sufficient when compared to the required role.

If the password in the database isn’t the same as the one you are trying to use to login with, are you sure you are using the right password? If this is not the case, did you change the website’s encryption key?

Still Not Working?

If you are still not able to login, check for the following messages in your log file:


This log message is pretty obvious. There’s simply no match for the username or email address that you used in your login attempt.


Just like it says, this log message indicates that the IP address, username, or email address is on hold.


This log message indicates that some part of the login attempt didn’t pass validation. It might even be a bad password if the password used in the login attempt wasn’t strong enough.