1 00:00:00,000 --> 00:00:04,650 To get the update password working, we'll need to create a new procedure. 2 00:00:04,650 --> 00:00:12,657 In procedures, we'll add a new file named changePassword.php. 3 00:00:16,121 --> 00:00:18,441 We'll require our bootstrap 4 00:00:30,421 --> 00:00:34,200 And then requireAuth. 5 00:00:34,200 --> 00:00:36,384 Now we can get our user enter data. 6 00:00:39,551 --> 00:00:46,083 Our current password = request, 7 00:00:46,083 --> 00:00:51,043 get current_password. 8 00:00:53,881 --> 00:00:58,170 And our new password = request, 9 00:01:00,972 --> 00:01:07,206 Get password, And 10 00:01:07,206 --> 00:01:11,617 confirmPassword = request, 11 00:01:13,445 --> 00:01:18,473 Get confirm_password. 12 00:01:18,473 --> 00:01:23,790 Now we can run the first check to see that the new passwords match. 13 00:01:23,790 --> 00:01:32,313 If ($newPassword != $confirmPassword), 14 00:01:37,034 --> 00:01:43,540 Then we're going to set a session GetFlashBag, 15 00:01:46,252 --> 00:01:50,915 Add error, New 16 00:01:50,915 --> 00:01:55,552 passwords do not match. 17 00:01:55,552 --> 00:01:58,173 Please try again. 18 00:02:01,682 --> 00:02:06,953 Then we can redirect to account.php. 19 00:02:10,061 --> 00:02:13,913 Now we want to get the details of the logged in user. 20 00:02:13,913 --> 00:02:16,394 Let's open functions_auth 21 00:02:19,212 --> 00:02:23,661 We're going to add a new function, 22 00:02:23,661 --> 00:02:26,933 getAuthenticatedUser. 23 00:02:30,838 --> 00:02:34,297 We'll want to use the current session, so 24 00:02:34,297 --> 00:02:38,052 we'll need to start with the global session. 25 00:02:40,489 --> 00:02:45,417 Then we can use session, 26 00:02:45,417 --> 00:02:50,352 get, and off_user id. 27 00:02:50,352 --> 00:02:56,122 We can use this ID to find a user, with a function in our functions_user file. 28 00:02:58,882 --> 00:03:00,507 Find user by ID. 29 00:03:06,492 --> 00:03:11,920 Return findUserById. 30 00:03:11,920 --> 00:03:15,782 Now we can use this function in our change password procedure. 31 00:03:20,159 --> 00:03:26,551 User = getAuthetnicatedUser. 32 00:03:26,551 --> 00:03:28,851 We're now ready for a couple more checks. 33 00:03:28,851 --> 00:03:32,283 First, let's make sure that we can pull an existing user. 34 00:03:34,338 --> 00:03:36,411 If (empty(user), 35 00:03:41,420 --> 00:03:48,857 Then we weren't able to find the user, so we'll do session, GetFlashBag, 36 00:03:52,991 --> 00:03:57,847 Add error, and then we'll say, 37 00:03:57,847 --> 00:04:01,146 Some Error Happened. 38 00:04:02,797 --> 00:04:05,141 Try again. 39 00:04:05,141 --> 00:04:09,027 If it continues, 40 00:04:09,027 --> 00:04:14,991 please log out and back in. 41 00:04:14,991 --> 00:04:20,619 If they're at this page the user should be able to be found. 42 00:04:20,619 --> 00:04:26,698 We'll redirect to account.php. 43 00:04:28,681 --> 00:04:33,675 Now we're going to make sure that the current password matches the one that 44 00:04:33,675 --> 00:04:34,791 we have on file. 45 00:04:34,791 --> 00:04:39,341 If not Password verify, 46 00:04:42,721 --> 00:04:47,628 Current password, And 47 00:04:47,628 --> 00:04:50,387 then the user, 48 00:04:50,387 --> 00:04:55,698 password from the data base, 49 00:04:58,115 --> 00:05:02,066 session, getFlashBag, 50 00:05:04,217 --> 00:05:07,158 Add error, 51 00:05:09,442 --> 00:05:14,192 Password is incorrect, 52 00:05:14,192 --> 00:05:17,815 please try again. 53 00:05:22,130 --> 00:05:23,689 We'll say current password. 54 00:05:27,380 --> 00:05:33,812 Current password, Was incorrect, please try again. 55 00:05:33,812 --> 00:05:39,213 And then we'll redirect to account.php. 56 00:05:42,312 --> 00:05:47,862 And now if we passed all of these checks, we're ready to update the password. 57 00:05:47,862 --> 00:05:54,040 We have an update password function in the functions_users file. 58 00:05:59,011 --> 00:06:02,514 This function accepts a password, and a user ID. 59 00:06:02,514 --> 00:06:06,714 Before we call that function, we want to make sure that we're using 60 00:06:06,714 --> 00:06:09,743 the password hash function on our new password. 61 00:06:12,571 --> 00:06:18,418 Hashed = password_hash, 62 00:06:20,527 --> 00:06:27,227 New password, And PASSWORD_DEFAULT. 63 00:06:30,970 --> 00:06:33,721 Let's move up a little bit. 64 00:06:33,721 --> 00:06:39,056 We're going to updatePassword past 65 00:06:39,056 --> 00:06:45,947 the hashed password, and the current user ID. 66 00:06:48,122 --> 00:06:54,971 Finally, we can redirect the user with the success or error message. 67 00:06:54,971 --> 00:06:59,227 If not updated the password. 68 00:07:02,300 --> 00:07:06,369 Then we're going to session, getFlashBag, 69 00:07:08,784 --> 00:07:11,939 Add error, 70 00:07:14,528 --> 00:07:19,345 Could not update password, 71 00:07:19,345 --> 00:07:22,560 please try again. 72 00:07:25,893 --> 00:07:34,352 Redirect('/account.php'); and close. 73 00:07:34,352 --> 00:07:38,855 And finally, if we're all the way here, 74 00:07:38,855 --> 00:07:46,346 we can $session->getFlashBag, Add success. 75 00:07:49,369 --> 00:07:52,940 Password Updated. 76 00:07:54,530 --> 00:08:01,790 And redirect to account.php. 77 00:08:05,767 --> 00:08:07,763 Now we're ready to test this out in a browser. 78 00:08:11,242 --> 00:08:16,502 From My Account page, we're gonna enter a current password, 79 00:08:16,502 --> 00:08:19,789 that's wrong, and the new password. 80 00:08:19,789 --> 00:08:21,681 Current password was incorrect. 81 00:08:21,681 --> 00:08:25,339 So, current password, 82 00:08:25,339 --> 00:08:29,700 new password, not matched. 83 00:08:29,700 --> 00:08:33,170 New passwords do not match, okay? 84 00:08:33,170 --> 00:08:40,900 Old password, new password, And our password was updated.