From a quick glance that code looks pretty good. Here's a little constructive criticism:
I really hate when people use php alt syntax outside of a view, I would recommend changing that for uniformity.
Also, some of your logic could be simplified, for example the is_user_banned() method should return FALSE by default and then the only additional return statements you need are when you're returning TRUE.
If I was using this I would integrate it into the login() method as well so your controller code doesn't change.