Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Introduction to User Authentication in PHP

Well done!

You have completed Introduction to User Authentication in PHP!

Sign up for Treehouse Back to Library
Preview
Video Player
00:00
00:00
00:00
  1. 2x 2x
  2. 1.75x 1.75x
  3. 1.5x 1.5x
  4. 1.25x 1.25x
  5. 1.1x 1.1x
  6. 1x 1x
  7. 0.75x 0.75x
  8. 0.5x 0.5x
Use Up/Down Arrow keys to increase or decrease volume.

Update Password

8:41 with Alena Holligan

Now that all our password checks pass, we can update the user with the new password.

To get the update password working, we'll need to create a new procedure. 0:00
In procedures, we'll add a new file named changePassword.php. 0:04
We'll require our bootstrap 0:16
And then requireAuth. 0:30
Now we can get our user enter data. 0:34
Our current password = request, 0:39
get current_password. 0:46
And our new password = request, 0:53
Get password, And 1:00
confirmPassword = request, 1:07
Get confirm_password. 1:13
Now we can run the first check to see that the new passwords match. 1:18
If ($newPassword != $confirmPassword), 1:23
Then we're going to set a session GetFlashBag, 1:37
Add error, New 1:46
passwords do not match. 1:50
Please try again. 1:55
Then we can redirect to account.php. 2:01
Now we want to get the details of the logged in user. 2:10
Let's open functions_auth 2:13
We're going to add a new function, 2:19
getAuthenticatedUser. 2:23
We'll want to use the current session, so 2:30
we'll need to start with the global session. 2:34
Then we can use session, 2:40
get, and off_user id. 2:45
We can use this ID to find a user, with a function in our functions_user file. 2:50
Find user by ID. 2:58
Return findUserById. 3:06
Now we can use this function in our change password procedure. 3:11
User = getAuthetnicatedUser. 3:20
We're now ready for a couple more checks. 3:26
First, let's make sure that we can pull an existing user. 3:28
If (empty(user), 3:34
Then we weren't able to find the user, so we'll do session, GetFlashBag, 3:41
Add error, and then we'll say, 3:52
Some Error Happened. 3:57
Try again. 4:02
If it continues, 4:05
please log out and back in. 4:09
If they're at this page the user should be able to be found. 4:14
We'll redirect to account.php. 4:20
Now we're going to make sure that the current password matches the one that 4:28
we have on file. 4:33
If not Password verify, 4:34
Current password, And 4:42
then the user, 4:47
password from the data base, 4:50
session, getFlashBag, 4:58
Add error, 5:04
Password is incorrect, 5:09
please try again. 5:14
We'll say current password. 5:22
Current password, Was incorrect, please try again. 5:27
And then we'll redirect to account.php. 5:33
And now if we passed all of these checks, we're ready to update the password. 5:42
We have an update password function in the functions_users file. 5:47
This function accepts a password, and a user ID. 5:59
Before we call that function, we want to make sure that we're using 6:02
the password hash function on our new password. 6:06
Hashed = password_hash, 6:12
New password, And PASSWORD_DEFAULT. 6:20
Let's move up a little bit. 6:30
We're going to updatePassword past 6:33
the hashed password, and the current user ID. 6:39
Finally, we can redirect the user with the success or error message. 6:48
If not updated the password. 6:54
Then we're going to session, getFlashBag, 7:02
Add error, 7:08
Could not update password, 7:14
please try again. 7:19
Redirect('/account.php'); and close. 7:25
And finally, if we're all the way here, 7:34
we can $session->getFlashBag, Add success. 7:38
Password Updated. 7:49
And redirect to account.php. 7:54
Now we're ready to test this out in a browser. 8:05
From My Account page, we're gonna enter a current password, 8:11
that's wrong, and the new password. 8:16
Current password was incorrect. 8:19
So, current password, 8:21
new password, not matched. 8:25
New passwords do not match, okay? 8:29
Old password, new password, And our password was updated. 8:33