Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.

Preview

Start a free Basic trial
to watch this video

Sign up for Treehouse

User Profile

9:30 with Alena Holligan and Brian Retterer

Giving the user a way they can update their password is important. In this video, we will create a User Profile page with a password reset form.

Note on the Code

We could also have done

function requireAdmin() {
    requireAuth();
    ...
}

If we want to use the $session object we need to tell the function to pull that object from the global scope. (See the later video where we update this function: starting at 1:45)

global $session;

New Function to Display Success

function display_success() {
    global $session;

    if(!$session->getFlashBag()->has('success')) {
        return;
    }

    $messages = $session->getFlashBag()->get('success');

    $response = '<div class="alert alert-success alert-dismissable">';
    foreach ($messages as $message) {
        $response .= "{$message}<br>";
    }
    $response .= '</div>';

    return $response;
}
  • 0:00

    One frustration that I have with sites is not allowing me to change my password.

  • 0:05

    But this is our site, so we can do what ever we want.

  • 0:08

    So let's fix this on our site by providing a quick and easy way for

  • 0:12

    a user to change their own password when they're logged in.

  • 0:16

    Create a new file named account.php.

  • 0:24

    Let's copy everything from register.php.

  • 0:33

    Now we can make a few changes.

  • 0:35

    First, let's add the requireAuth function.

  • 0:41

    This means that our user is required to be logged in, and we can assume that the user

  • 0:46

    who is logged in is the user we are changing the password for.

  • 0:50

    Next, make sure you are using both the display_errors and

  • 0:53

    the new display_success function that you created.

  • 1:02

    If you still need help creating the display_success function,

  • 1:06

    see the notes associated with this video.

  • 1:09

    Next, change the form action to changePassword.

  • 1:16

    Then change the header to read My Account.

  • 1:22

    We'll also add a secondary header, and call this Change Password.

  • 1:28

    Next, change the first field, the email address, to Current Password.

  • 1:40

    Then we need to change the label, The ID,

  • 1:48

    the type, the name, and

  • 1:53

    finally, the placeholder.

  • 2:03

    Then we'll clearly state, New Password.

  • 2:17

    Finally, change the button to read, Change Password.

  • 2:25

    To make this work, we'll need to create a new procedure.

  • 2:32

    ChangePassword.

  • 2:39

    We start with our bootstrap file.

  • 2:40

    And then

  • 2:45

    require auth.

  • 2:59

    Now we can get our form variables.

  • 3:30

    Current password, password, and confirm password.

  • 3:36

    Now we can run the first check to see if the new passwords match.

  • 3:52

    If they don't match, then we're gonna display an error and

  • 3:55

    redirect to the account page.

  • 4:28

    Now we need to get the current user from the JWT.

  • 4:31

    This is the perfect place to have a function to get the JWT and

  • 4:35

    find the user associated with it from the database.

  • 4:37

    Let's open functions.php.

  • 4:44

    Let's go down to our other findUser, and we'll duplicate this.

  • 4:54

    We'll name this new function findUserByAccessToken.

  • 4:59

    And since we're retrieving the information from the JWT in a cookie,

  • 5:03

    we don't need to pass a parameter.

  • 5:07

    Instead, we need to decode the JWT.

  • 5:10

    This is the same thing that we did in the isAuthenticated function.

  • 5:13

    So let's extract that functionality out into its own function.

  • 5:22

    We'll call this decodeJwt.

  • 5:43

    We'll also add an optional property.

  • 5:51

    This property will tell the function if we

  • 5:56

    want to return a specific item from the JWT or

  • 6:02

    just return the whole JWT object itself,

  • 6:08

    if the property is null.

  • 6:20

    Now we can use this decodeJwt in our findUserByAccessToken function.

  • 6:40

    We pass sub as the property.

  • 6:42

    This will give us our user ID.

  • 6:44

    Let's wrap this in a try catch block.

  • 7:02

    Now we can try to get the user from the database based on the ID from the JWT.

  • 7:18

    This function should now return the user array from the user who is logged in.

  • 7:23

    We can now use this for our changePassword procedure.

  • 7:38

    We can now run through a couple more checks.

  • 7:42

    First, let's make sure that we're able to poll the existing user.

  • 7:51

    If we don't have a user, let's add our error and redirect.

  • 8:31

    Next let's verify the current password.

  • 8:56

    Again, set the error and redirect.

  • 9:26

    If we pass all these checks, we're ready to update the password.

You need to sign up for Treehouse in order to download course files.

Sign up