(Created at: February 05, 2015; Las update: March 11, 2016
All good and well: we’ve done our login and logout pages, we’ve facilitated the administration of users and groups using Ion Auth. But what about the profile page? What if the user wants to change his/her credentials or our default password (which, shockingly, is… “password”).
For this it would be nice to have a profile page, where the user can do his/her own changes. We will not allow the user to change its own email or username, even if it is an admin. We should let this part in the hands of the other administrators (but you can do whatever you want in the end).
For the profile page we will create a profile() method inside the application/controllers/admin/User.php controller.
So let’s first modify the top menu (application/views/templates/_parts/admin_master_header_view.php) in order to put a link to the profile page.
<li><a href="<?php echo site_url('admin/user/profile');?>">Profile page</a></li>
Now going to our User.php we create the profile() method that, after interrogating the database, will output the profile page:
public function profile() { if(!$this->ion_auth->logged_in()) { redirect('admin'); } $this->data['page_title'] = 'User Profile'; $user = $this->ion_auth->user()->row(); $this->data['user'] = $user; $this->data['current_user_menu'] = ''; if($this->ion_auth->in_group('admin')) { $this->data['current_user_menu'] = $this->load->view('templates/_parts/user_menu_admin_view.php', NULL, TRUE); } $this->load->library('form_validation'); $this->form_validation->set_rules('first_name','First name','trim'); $this->form_validation->set_rules('last_name','Last name','trim'); $this->form_validation->set_rules('company','Company','trim'); $this->form_validation->set_rules('phone','Phone','trim'); if($this->form_validation->run()===FALSE) { $this->render('admin/user/profile_view','admin_master'); } else { $new_data = array( 'first_name' => $this->input->post('first_name'), 'last_name' => $this->input->post('last_name'), 'company' => $this->input->post('company'), 'phone' => $this->input->post('phone') ); if(strlen($this->input->post('password'))>=6) $new_data['password'] = $this->input->post('password'); $this->ion_auth->update($user->id, $new_data); $this->session->set_flashdata('message', $this->ion_auth->messages()); redirect('admin/user/profile','refresh'); } }
Nice… Now the application/views/admin/user/profile_view.php:
<?php defined('BASEPATH') OR exit('No direct script access allowed');?> <div class="container" style="margin-top:60px;"> <div class="row"> <div class="col-lg-4 col-lg-offset-4"> <h1>Profile page</h1> <?php echo form_open('',array('class'=>'form-horizontal'));?> <div class="form-group"> <?php echo form_label('First name','first_name'); echo form_error('first_name'); echo form_input('first_name',set_value('first_name',$user->first_name),'class="form-control"'); ?> </div> <div class="form-group"> <?php echo form_label('Last name','last_name'); echo form_error('last_name'); echo form_input('last_name',set_value('last_name',$user->last_name),'class="form-control"'); ?> </div> <div class="form-group"> <?php echo form_label('Company','company'); echo form_error('company'); echo form_input('company',set_value('company',$user->company),'class="form-control"'); ?> </div> <div class="form-group"> <?php echo form_label('Phone','phone'); echo form_error('phone'); echo form_input('phone',set_value('phone',$user->phone),'class="form-control"'); ?> </div> <div class="form-group"> <?php echo form_label('Username','username'); echo form_error('username'); echo form_input('username',set_value('username',$user->username),'class="form-control" readonly'); ?> </div> <div class="form-group"> <?php echo form_label('Email','email'); echo form_error('email'); echo form_input('email',set_value('email',$user->email),'class="form-control" readonly'); ?> </div> <div class="form-group"> <?php echo form_label('Change password','password'); echo form_error('password'); echo form_password('password','','class="form-control"'); ?> </div> <div class="form-group"> <?php echo form_label('Confirm changed password','password_confirm'); echo form_error('password_confirm'); echo form_password('password_confirm','','class="form-control"'); ?> </div> <?php echo form_submit('submit', 'Save profile', 'class="btn btn-primary btn-lg btn-block"');?> <?php echo form_close();?> </div> </div> </div>
And that’s it: we can say that we’ve set up the security. Did I miss something? Please write a comment below.
A good advice would be to delete the Auth.php that we’ve pasted from the Ion_Auth library, so that there won’t be any doubts about what controller(s) will be used from now on for authentication.
If you’ve followed my tutorials you should have at least what I have. Here is the application and assets directories for the application we’ve developed so far.
Please send me the url to run this applicaltion, i didn’t get how to run taht application.
You are kidding me, right?…
Hi! I dont understood only one thing – why you saving password like usual string? How I that password saved in DB like crypted string
The password is actually hashed…
Yeah, sorry I missed that – all happens in ion_auth->update method if in array $new_data present key ‘password’
Hi, I can’t reach the admin page. I am using WAMP server so my website directory is http://localhost/myprojects/TMD/ will this have any effect on the coding. I guess I should just head to http://localhost/myprojects/TMD/admin but this does not work.
I have checked the files and everything seems to be the same as in your files. Any help would be great. Thanks.
Do you have the .htaccess in place?
User class extends on MY_Controller not Admin_Controller, $this->data[‘current_user’], $this->data[‘current_user_menu’] and $this->data[‘page_title’] variables don’t exist in __construct() function. Instead they are in profile() function, but $this->data[‘user’] exist and $this->data[‘current_user’] not exist. Is it mistake?
Sorry for my bad English. 🙂
You are totally right. Thank you for noticing that. It is a mistake. I changed it now. Thank you again.
Hi Mr. Avenirer,
Thank you for your nice and very useful ion auth library, it is awesome.
Would you please tell me that which method have used for hashing the password after the user is registered in DB and is it secure or strongly secure?
Have you used Bcrypt and salt and if yes why it takes very less time to generate the hash?
Thanks
thanks for the best tutorial!
one question: when i logout of /admin i am also logged out of /user.
how can we keep this as separate sessions ?
thanks.
Hello. You can’t be a normal user and an admin user at the same time. There is only one session between your website and your browser. You could however create some sort of library that could do such a thing.
http://localhost/CI/admin/user/profile
Unable to load the requested file: admin/user/profile_view.php
how fix this ?
Most likely by reading the whole series…
Great tutorial but you have inconsistent folder naming, in previous tutorial you create application/views/admin/users/ but in this tutorial you change that become application/views/admin/user/ missing one character.
Hi,
And a big thanks for this excellent tutorial.
Just one thing, in the User.php controller, in the profile function it misses the verification rules for the password change:
$this-> form_validation-> set_rules (‘password’, ‘Password’ ‘min_length [6]’);
$this-> form_validation-> set_rules (‘password_confirm’, ‘Password confirmation’, ‘matches [password]’);