- Registration System 6:08
- Securing Passwords 5:38
- Login Systems 4:53
- Building a JWT 4:52
- Authentication Review 5 questions
- Working with Cookies 4:24
- Require Authentication 5:22
- Logging Out 3:13
- Flash Messages 5:29
- Cookies and Flash Messages 3 questions
- User Profile 9:30
- Reset Password 4:42
- Password Hashing 1 objective
Preview
Video Player
00:00
00:00
User Profile
9:30Giving the user a way they can update their password is important. In this video, we will create a User Profile page with a password reset form.
One frustration that I have with sites is
not allowing me to change my password.
0:00
But this is our site, so
we can do what ever we want.
0:05
So let's fix this on our site by
providing a quick and easy way for
0:08
a user to change their own
password when they're logged in.
0:12
Create a new file named account.php.
0:16
Let's copy everything from register.php.
0:24
Now we can make a few changes.
0:33
First, let's add the requireAuth function.
0:35
This means that our user is required to be
logged in, and we can assume that the user
0:41
who is logged in is the user we
are changing the password for.
0:46
Next, make sure you are using
both the display_errors and
0:50
the new display_success
function that you created.
0:53
If you still need help creating
the display_success function,
1:02
see the notes associated with this video.
1:06
Next, change the form
action to changePassword.
1:09
Then change the header to read My Account.
1:16
We'll also add a secondary header,
and call this Change Password.
1:22
Next, change the first field,
the email address, to Current Password.
1:28
Then we need to change the label, The ID,
1:40
the type, the name, and
1:48
finally, the placeholder.
1:53
Then we'll clearly state, New Password.
2:03
Finally, change the button to read,
Change Password.
2:17
To make this work,
we'll need to create a new procedure.
2:25
ChangePassword.
2:32
We start with our bootstrap file.
2:39
And then
2:40
require auth.
2:45
Now we can get our form variables.
2:59
Current password, password,
and confirm password.
3:30
Now we can run the first check to
see if the new passwords match.
3:36
If they don't match,
then we're gonna display an error and
3:52
redirect to the account page.
3:55
Now we need to get the current
user from the JWT.
4:28
This is the perfect place to have
a function to get the JWT and
4:31
find the user associated
with it from the database.
4:35
Let's open functions.php.
4:37
Let's go down to our other findUser,
and we'll duplicate this.
4:44
We'll name this new function
findUserByAccessToken.
4:54
And since we're retrieving
the information from the JWT in a cookie,
4:59
we don't need to pass a parameter.
5:03
Instead, we need to decode the JWT.
5:07
This is the same thing that we did
in the isAuthenticated function.
5:10
So let's extract that functionality
out into its own function.
5:13
We'll call this decodeJwt.
5:22
We'll also add an optional property.
5:43
This property will tell the function if we
5:51
want to return a specific
item from the JWT or
5:56
just return the whole JWT object itself,
6:02
if the property is null.
6:08
Now we can use this decodeJwt in
our findUserByAccessToken function.
6:20
We pass sub as the property.
6:40
This will give us our user ID.
6:42
Let's wrap this in a try catch block.
6:44
Now we can try to get the user from
the database based on the ID from the JWT.
7:02
This function should now return the user
array from the user who is logged in.
7:18
We can now use this for
our changePassword procedure.
7:23
We can now run through
a couple more checks.
7:38
First, let's make sure that we're
able to poll the existing user.
7:42
If we don't have a user,
let's add our error and redirect.
7:51
Next let's verify the current password.
8:31
Again, set the error and redirect.
8:56
If we pass all these checks,
we're ready to update the password.
9:26