I also have a website that uses auth/login. So you did say you took care of the route:
PHP Code:
$route[LOGIN_PAGE] = 'auth/login';
Then, in my Auth.php controller (note that this is customized):
PHP Code:
/**
* This login method only serves to redirect a user to a
* location once they have successfully logged in. It does
* not attempt to confirm that the user has permission to
* be on the page they are being redirected to.
*/
public function login()
{
// Method should not be directly accessible
if( $this->uri->uri_string() == 'auth/login')
show_404();
if( strtolower( $_SERVER['REQUEST_METHOD'] ) == 'post' )
$this->require_min_level(1);
$this->setup_login_form();
$data = [
'doc_title' => ['post' => ' - Sign In'],
'content' => $this->load->view('auth/login_form', '', TRUE)
];
$this->load->view('templates/plain', $data);
}
// --------------------------------------------------------------
This is my login form (view):
PHP Code:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
$max_chars_for_password = config_item('max_chars_for_password') > 0
? ' maxlength="' . config_item('max_chars_for_password') . '"'
: '';
$form = form_open( $login_url, [
'class' => 'custom-form client-form'
]);
$form .= '
<header>
Sign In
</header>
<fieldset>
<section>
<label for="login_string" class="label">Username or Email</label>
<label class="input"> <i class="icon-append fa fa-user"></i>
<input type="text" name="login_string" id="login_string">
</label>
</section>
<section>
<label for="login_pass" class="label">Password</label>
<label class="input"> <i class="icon-append fa fa-lock"></i>
<input type="password" name="login_pass" id="login_pass" ' . $max_chars_for_password . '>
</label>
<div class="note">
<a href="/account_recovery">Forgot password?</a>
</div>
</section>
</fieldset>
<footer>
<button type="submit" class="btn btn-primary">
Sign in
</button>
</footer>
</form>';
if( ! isset( $on_hold_message ) )
{
if( isset( $login_error_mesg ) )
{
$alert = '
<div class="alert alert-danger" role="alert">
<strong>Login Error #' . $this->authentication->login_errors_count . ' of ' . config_item('max_allowed_attempts') . '</strong>
</div>
';
}
if( $this->input->get('logout') )
{
$alert = '
<div class="alert alert-success" role="alert">
<strong>You are signed out.</strong>
</div>
';
}
}
else
{
unset( $form );
// ON HOLD MESSAGE
$alert = '
<div class="alert alert-danger" role="alert">
<strong>Excessive Login Attempts</strong><br /><br />
Access locked for ' . ( (int) config_item('seconds_on_hold') / 60 ) . ' minutes.
</div>
';
}
?>
<div class="container-fluid">
<div class="row">
<div class="col-xs-12 col-sm-9 col-md-5 col-lg-4 col-centered">
<?php if( isset( $alert ) ) echo $alert; ?>
</div>
</div>
<?php
if( isset( $form ) )
{
?>
<div class="row">
<div class="col-xs-12 col-sm-9 col-md-5 col-lg-4 col-centered">
<div class="well no-padding">
<?php echo $form; ?>
</div>
</div>
</div>
<?php
}
?>
</div>
<?php
/* End of file login_form.php */
/* Location: /views/auth/login_form.php */
So, how does it all work? When a login attempt is made to an allowed login URL, your login method in your Auth controller has this in it:
PHP Code:
$this->require_min_level(1);
That calls the require_min_level() method that is in Auth_controller.php. If you look in that method, it's calling the user_status method of the Authentication.php library, and that library method checks for POST variables, and other stuff. If all is well and the user is authenticated, then the auth variables are set, and the user is redirected to where you specify. If the login attempt fails, the user is redirected back to the login page via _redirect_to_login_page().
With that, I think you should have enough info to get this going. Let me know if you have any other questions.