Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

PHP User Authentication

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

User Profile

9:30 with Alena Holligan and Brian Retterer

Giving the user a way they can update their password is important. In this video, we will create a User Profile page with a password reset form.

Note on the Code

We could also have done

function requireAdmin() {
    requireAuth();
    ...
}

If we want to use the $session object we need to tell the function to pull that object from the global scope. (See the later video where we update this function: starting at 1:45)

global $session;

New Function to Display Success

function display_success() {
    global $session;

    if(!$session->getFlashBag()->has('success')) {
        return;
    }

    $messages = $session->getFlashBag()->get('success');

    $response = '<div class="alert alert-success alert-dismissable">';
    foreach ($messages as $message) {
        $response .= "{$message}<br>";
    }
    $response .= '</div>';

    return $response;
}

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    One frustration that I have with sites is not allowing me to change my password. 0:00
    But this is our site, so we can do what ever we want. 0:05
    So let's fix this on our site by providing a quick and easy way for 0:08
    a user to change their own password when they're logged in. 0:12
    Create a new file named account.php. 0:16
    Let's copy everything from register.php. 0:24
    Now we can make a few changes. 0:33
    First, let's add the requireAuth function. 0:35
    This means that our user is required to be logged in, and we can assume that the user 0:41
    who is logged in is the user we are changing the password for. 0:46
    Next, make sure you are using both the display_errors and 0:50
    the new display_success function that you created. 0:53
    If you still need help creating the display_success function, 1:02
    see the notes associated with this video. 1:06
    Next, change the form action to changePassword. 1:09
    Then change the header to read My Account. 1:16
    We'll also add a secondary header, and call this Change Password. 1:22
    Next, change the first field, the email address, to Current Password. 1:28
    Then we need to change the label, The ID, 1:40
    the type, the name, and 1:48
    finally, the placeholder. 1:53
    Then we'll clearly state, New Password. 2:03
    Finally, change the button to read, Change Password. 2:17
    To make this work, we'll need to create a new procedure. 2:25
    ChangePassword. 2:32
    We start with our bootstrap file. 2:39
    And then 2:40
    require auth. 2:45
    Now we can get our form variables. 2:59
    Current password, password, and confirm password. 3:30
    Now we can run the first check to see if the new passwords match. 3:36
    If they don't match, then we're gonna display an error and 3:52
    redirect to the account page. 3:55
    Now we need to get the current user from the JWT. 4:28
    This is the perfect place to have a function to get the JWT and 4:31
    find the user associated with it from the database. 4:35
    Let's open functions.php. 4:37
    Let's go down to our other findUser, and we'll duplicate this. 4:44
    We'll name this new function findUserByAccessToken. 4:54
    And since we're retrieving the information from the JWT in a cookie, 4:59
    we don't need to pass a parameter. 5:03
    Instead, we need to decode the JWT. 5:07
    This is the same thing that we did in the isAuthenticated function. 5:10
    So let's extract that functionality out into its own function. 5:13
    We'll call this decodeJwt. 5:22
    We'll also add an optional property. 5:43
    This property will tell the function if we 5:51
    want to return a specific item from the JWT or 5:56
    just return the whole JWT object itself, 6:02
    if the property is null. 6:08
    Now we can use this decodeJwt in our findUserByAccessToken function. 6:20
    We pass sub as the property. 6:40
    This will give us our user ID. 6:42
    Let's wrap this in a try catch block. 6:44
    Now we can try to get the user from the database based on the ID from the JWT. 7:02
    This function should now return the user array from the user who is logged in. 7:18
    We can now use this for our changePassword procedure. 7:23
    We can now run through a couple more checks. 7:38
    First, let's make sure that we're able to poll the existing user. 7:42
    If we don't have a user, let's add our error and redirect. 7:51
    Next let's verify the current password. 8:31
    Again, set the error and redirect. 8:56
    If we pass all these checks, we're ready to update the password. 9:26

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up