Update Password8:41 with Alena Holligan
Now that all our password checks pass, we can update the user with the new password.
To get the update password working, we'll need to create a new procedure. 0:00 In procedures, we'll add a new file named changePassword.php. 0:04 We'll require our bootstrap 0:16 And then requireAuth. 0:30 Now we can get our user enter data. 0:34 Our current password = request, 0:39 get current_password. 0:46 And our new password = request, 0:53 Get password, And 1:00 confirmPassword = request, 1:07 Get confirm_password. 1:13 Now we can run the first check to see that the new passwords match. 1:18 If ($newPassword != $confirmPassword), 1:23 Then we're going to set a session GetFlashBag, 1:37 Add error, New 1:46 passwords do not match. 1:50 Please try again. 1:55 Then we can redirect to account.php. 2:01 Now we want to get the details of the logged in user. 2:10 Let's open functions_auth 2:13 We're going to add a new function, 2:19 getAuthenticatedUser. 2:23 We'll want to use the current session, so 2:30 we'll need to start with the global session. 2:34 Then we can use session, 2:40 get, and off_user id. 2:45 We can use this ID to find a user, with a function in our functions_user file. 2:50 Find user by ID. 2:58 Return findUserById. 3:06 Now we can use this function in our change password procedure. 3:11 User = getAuthetnicatedUser. 3:20 We're now ready for a couple more checks. 3:26 First, let's make sure that we can pull an existing user. 3:28 If (empty(user), 3:34 Then we weren't able to find the user, so we'll do session, GetFlashBag, 3:41 Add error, and then we'll say, 3:52 Some Error Happened. 3:57 Try again. 4:02 If it continues, 4:05 please log out and back in. 4:09 If they're at this page the user should be able to be found. 4:14 We'll redirect to account.php. 4:20 Now we're going to make sure that the current password matches the one that 4:28 we have on file. 4:33 If not Password verify, 4:34 Current password, And 4:42 then the user, 4:47 password from the data base, 4:50 session, getFlashBag, 4:58 Add error, 5:04 Password is incorrect, 5:09 please try again. 5:14 We'll say current password. 5:22 Current password, Was incorrect, please try again. 5:27 And then we'll redirect to account.php. 5:33 And now if we passed all of these checks, we're ready to update the password. 5:42 We have an update password function in the functions_users file. 5:47 This function accepts a password, and a user ID. 5:59 Before we call that function, we want to make sure that we're using 6:02 the password hash function on our new password. 6:06 Hashed = password_hash, 6:12 New password, And PASSWORD_DEFAULT. 6:20 Let's move up a little bit. 6:30 We're going to updatePassword past 6:33 the hashed password, and the current user ID. 6:39 Finally, we can redirect the user with the success or error message. 6:48 If not updated the password. 6:54 Then we're going to session, getFlashBag, 7:02 Add error, 7:08 Could not update password, 7:14 please try again. 7:19 Redirect('/account.php'); and close. 7:25 And finally, if we're all the way here, 7:34 we can $session->getFlashBag, Add success. 7:38 Password Updated. 7:49 And redirect to account.php. 7:54 Now we're ready to test this out in a browser. 8:05 From My Account page, we're gonna enter a current password, 8:11 that's wrong, and the new password. 8:16 Current password was incorrect. 8:19 So, current password, 8:21 new password, not matched. 8:25 New passwords do not match, okay? 8:29 Old password, new password, And our password was updated. 8:33
You need to sign up for Treehouse in order to download course files.Sign up