Isolating the PHP code for a custom login page.

Yes, I know, another question! :p

I am in the process of modifying elgg, and it's going well (only 2 crashes so far).

My next task is to re-build the usual login panel on a new page:

The page, so far:

I have the redirect plugin in place and it will bring the user directly to a course they have enroled in.

How could I isolate the required PHP code for this?

  • The HTML I have found:
<div id="login-box">
<h1>Log in</h1>
<form action="path-to/elgg/action/login" method="post" >
<input type="hidden" name="__elgg_token" value="903a662089ef737dc9a702c246868745" />
<input type="hidden" name="__elgg_ts" value="1296749845" />

<p class="loginbox">

<label>Username<br />
<input type="text" name="username" value="" class="login-textarea"/></label><br />

<label>Password<br />
<input type="password" name="password" value="" class="login-textarea" /></label><br />

<input name="" type="submit" class="submit_button" value="Log in" />

<div id="persistent_login">
<label><input type="checkbox" name="persistent" value="true" />Remember me</label>
<p class="loginbox">
<a href="path-to/elgg/account/forgotten_password.php">Lost password</a></p>

</div><div class="clearfloat">
  • And the PHP


// Get username and password
$username = get_input('username');
$password = get_input("password");
$persistent = get_input("persistent", false);

// If all is present and correct, try to log in
$result = false;
if (!empty($username) && !empty($password)) {
    if ($user = authenticate($username,$password)) {
        $result = login($user, $persistent);

// Set the system_message as appropriate
if ($result) {
    if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
        $forward_url = $_SESSION['last_forward_from'];
    } else {
        if ( (isadminloggedin()) && (!datalist_get('first_admin_login'))) {
            datalist_set('first_admin_login', time());

        } else if (get_input('returntoreferer')) {
        } else {
} else {
    $error_msg = elgg_echo('loginerror');
    // figure out why the login failed
    if (!empty($username) && !empty($password)) {
        // See if it exists and is disabled
        $access_status = access_get_show_hidden_status();
        if (($user = get_user_by_username($username)) && !$user->validated) {
            // give plugins a chance to respond
            if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) {
                // if plugins have not registered an action, the default action is to
                // trigger the validation event again and assume that the validation
                // event will display an appropriate message
                trigger_elgg_event('validate', 'user', $user);
        } else {
    } else {

So here are the pieces of the puzzle. How do I cobble them together?