User Profile

One frustration that I have with sites is not allowing me to change my password. 0:00 But this is our site, so we can do what ever we want. 0:05 So let's fix this on our site by providing a quick and easy way for 0:08 a user to change their own password when they're logged in. 0:12 Create a new file named account.php. 0:16 Let's copy everything from register.php. 0:24 Now we can make a few changes. 0:33 First, let's add the requireAuth function. 0:35 This means that our user is required to be logged in, and we can assume that the user 0:41 who is logged in is the user we are changing the password for. 0:46 Next, make sure you are using both the display_errors and 0:50 the new display_success function that you created. 0:53 If you still need help creating the display_success function, 1:02 see the notes associated with this video. 1:06 Next, change the form action to changePassword. 1:09 Then change the header to read My Account. 1:16 We'll also add a secondary header, and call this Change Password. 1:22 Next, change the first field, the email address, to Current Password. 1:28 Then we need to change the label, The ID, 1:40 the type, the name, and 1:48 finally, the placeholder. 1:53 Then we'll clearly state, New Password. 2:03 Finally, change the button to read, Change Password. 2:17 To make this work, we'll need to create a new procedure. 2:25 ChangePassword. 2:32 We start with our bootstrap file. 2:39 And then 2:40 require auth. 2:45 Now we can get our form variables. 2:59 Current password, password, and confirm password. 3:30 Now we can run the first check to see if the new passwords match. 3:36 If they don't match, then we're gonna display an error and 3:52 redirect to the account page. 3:55 Now we need to get the current user from the JWT. 4:28 This is the perfect place to have a function to get the JWT and 4:31 find the user associated with it from the database. 4:35 Let's open functions.php. 4:37 Let's go down to our other findUser, and we'll duplicate this. 4:44 We'll name this new function findUserByAccessToken. 4:54 And since we're retrieving the information from the JWT in a cookie, 4:59 we don't need to pass a parameter. 5:03 Instead, we need to decode the JWT. 5:07 This is the same thing that we did in the isAuthenticated function. 5:10 So let's extract that functionality out into its own function. 5:13 We'll call this decodeJwt. 5:22 We'll also add an optional property. 5:43 This property will tell the function if we 5:51 want to return a specific item from the JWT or 5:56 just return the whole JWT object itself, 6:02 if the property is null. 6:08 Now we can use this decodeJwt in our findUserByAccessToken function. 6:20 We pass sub as the property. 6:40 This will give us our user ID. 6:42 Let's wrap this in a try catch block. 6:44 Now we can try to get the user from the database based on the ID from the JWT. 7:02 This function should now return the user array from the user who is logged in. 7:18 We can now use this for our changePassword procedure. 7:23 We can now run through a couple more checks. 7:38 First, let's make sure that we're able to poll the existing user. 7:42 If we don't have a user, let's add our error and redirect. 7:51 Next let's verify the current password. 8:31 Again, set the error and redirect. 8:56 If we pass all these checks, we're ready to update the password. 9:26