User Guide | User Login Functions

The flexi auth library core login and logout functions.

User Login Functions

Login Index | Login Session/Cookie Config | Login reCAPTCHA Config | Login CAPTCHA Functions

login() | logout()

Help with Function Parameters

Show / Hide Help

Name: The name of the function parameter (argument).

Data Type: The data type that is expected by the parameter.

  • bool : Requires a boolean value of 'TRUE' or 'FALSE'.
  • string : Requires a textual value.
  • int : Requires a numeric value. It does not matter whether the value is an integer, float, decimal etc.
  • array : Requires an array.

Required: Defines whether the parameter requires a value to be submitted.

Default: Defines the default parameter value that is used if no other value is submitted.


Verifies a users identity and password, if valid, they are logged in.

Library and Requirements

Available via the standard library.

Function Parameters
login(identity, password, remember_user) Help
Name Data Type Required Default Description
identity string Yes FALSE Defines the identity of the user.
Depending on the the settings defined via the config. file, this can either be the users email or username.
password string Yes FALSE The users plain text password.
remember_user bool No FALSE Defines whether a cookie should be created to auto login the user on future visits to the site.
How it Works

The function checks whether the config. file has defined for failed login attempts to be counted, if so, the function will check how many failed login attempts have been made using the submitted identity.
If the number of failed attempts exceed the limit defined via the config. file, it will then check whether an imposed short time limit ban has passed. If the time ban has not passed, the login attempt will stop.

Provided the login attempt isn't still pending a time limit ban, the function will lookup the users account data from the database table.

If the user is found, the function will then perform a series of checks, checking the users account has been activated (If required), not since suspended, and most importantly that the submitted password is valid.

If the users data was invalid, the function will increment the failed login attempt counter. If the data was valid, the function will reset the counter for any previous failed login attempts and then set the users authentication details to the database and the browsers session and cookie (If 'Remember me' was used).


This function is compatible with flexi auths 'Query Builder' functions.

Return Values

Failure:FALSE | An error message will be set.

Success:TRUE | A status message will be set.

// Example : Login user and set a 'Remember me' cookie.

$identity = '';
$password = 'plaintextpassword';
$remember_user = true;

$this->flexi_auth->login($identity, $password, $remember_user);


Logs a user out of their current session or all sessions.

Library and Requirements

Available via the lite and standard libraries.

Function Parameters
logout(all_sessions) Help
Name Data Type Required Default Description
all_sessions bool No TRUE Defines whether sessions on all devices (i.e. A home and work computer) that the user has logged into the site on should be logged out.
If set as FALSE, only the current browsers session will be logged out.
How it Works

The function deletes all session and cookie data in the current browser.

If 'all_sessions = TRUE', the function will then delete all login session data that is stored within the database. This means that the next time another device that was previously logged in is used, its database credentials will have been deleted, and so the session will be invalid and auto logged out.

This function also includes a garbage collection function that deletes any expired login sessions from the database, regardless of which user they belong to.

Return Values


Success:TRUE | A status message will be set.

// Example #1 : Log a user out of their current browser session.

// Example #2 : Log a user out of all devices that are logged into their account.