Maybe someone that has this book is better to help you. However, if you need the first page of a site as the login.php then normally your site root is set to login.php as your directory index file; you normally set this where you manage your DNS and on the server where your site is hosted, normally as a virtual apache or IIS host.
From your login you do your authentication and redirect to a 'Denied', Try Again', or a random Internet page if their login fails, or redirect them to the controller if they pass authentication. Now the controller has to stop a would be hacker to just bypassing the login page and hoping into your site, so in some way you need to ensure that anyone that gets to the controller is actually authenticated. If you do that then the
<?php require_once('home/index.php'); ?> is ok.
Again, I understand this may or may not help, so don't let this confuse you, if someone with the book that understands how the controller is layedout, and the method of authentication.