Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

User Profile

9:30 with Alena Holligan and Brian Retterer

Giving the user a way they can update their password is important. In this video, we will create a User Profile page with a password reset form.

Note on the Code

We could also have done

function requireAdmin() {
    requireAuth();
    ...
}

If we want to use the $session object we need to tell the function to pull that object from the global scope. (See the later video where we update this function: starting at 1:45)

global $session;

New Function to Display Success

function display_success() {
    global $session;

    if(!$session->getFlashBag()->has('success')) {
        return;
    }

    $messages = $session->getFlashBag()->get('success');

    $response = '<div class="alert alert-success alert-dismissable">';
    foreach ($messages as $message) {
        $response .= "{$message}<br>";
    }
    $response .= '</div>';

    return $response;
}

One frustration that I have with sites is not allowing me to change my password. 0:00
But this is our site, so we can do what ever we want. 0:05
So let's fix this on our site by providing a quick and easy way for 0:08
a user to change their own password when they're logged in. 0:12
Create a new file named account.php. 0:16
Let's copy everything from register.php. 0:24
Now we can make a few changes. 0:33
First, let's add the requireAuth function. 0:35
This means that our user is required to be logged in, and we can assume that the user 0:41
who is logged in is the user we are changing the password for. 0:46
Next, make sure you are using both the display_errors and 0:50
the new display_success function that you created. 0:53
If you still need help creating the display_success function, 1:02
see the notes associated with this video. 1:06
Next, change the form action to changePassword. 1:09
Then change the header to read My Account. 1:16
We'll also add a secondary header, and call this Change Password. 1:22
Next, change the first field, the email address, to Current Password. 1:28
Then we need to change the label, The ID, 1:40
the type, the name, and 1:48
finally, the placeholder. 1:53
Then we'll clearly state, New Password. 2:03
Finally, change the button to read, Change Password. 2:17
To make this work, we'll need to create a new procedure. 2:25
ChangePassword. 2:32
We start with our bootstrap file. 2:39
And then 2:40
require auth. 2:45
Now we can get our form variables. 2:59
Current password, password, and confirm password. 3:30
Now we can run the first check to see if the new passwords match. 3:36
If they don't match, then we're gonna display an error and 3:52
redirect to the account page. 3:55
Now we need to get the current user from the JWT. 4:28
This is the perfect place to have a function to get the JWT and 4:31
find the user associated with it from the database. 4:35
Let's open functions.php. 4:37
Let's go down to our other findUser, and we'll duplicate this. 4:44
We'll name this new function findUserByAccessToken. 4:54
And since we're retrieving the information from the JWT in a cookie, 4:59
we don't need to pass a parameter. 5:03
Instead, we need to decode the JWT. 5:07
This is the same thing that we did in the isAuthenticated function. 5:10
So let's extract that functionality out into its own function. 5:13
We'll call this decodeJwt. 5:22
We'll also add an optional property. 5:43
This property will tell the function if we 5:51
want to return a specific item from the JWT or 5:56
just return the whole JWT object itself, 6:02
if the property is null. 6:08
Now we can use this decodeJwt in our findUserByAccessToken function. 6:20
We pass sub as the property. 6:40
This will give us our user ID. 6:42
Let's wrap this in a try catch block. 6:44
Now we can try to get the user from the database based on the ID from the JWT. 7:02
This function should now return the user array from the user who is logged in. 7:18
We can now use this for our changePassword procedure. 7:23
We can now run through a couple more checks. 7:38
First, let's make sure that we're able to poll the existing user. 7:42
If we don't have a user, let's add our error and redirect. 7:51
Next let's verify the current password. 8:31
Again, set the error and redirect. 8:56
If we pass all these checks, we're ready to update the password. 9:26

You need to sign up for Treehouse in order to download course files.

Sign up