Managing user accounts effectively is crucial for any web application. CodeIgniter 4 Shield simplifies this task with its powerful authentication and authorization tools. In this post, we will explore user profile management, password reset and recovery, and account activation and deactivation using CodeIgniter 4 Shield.
In the previous post we described how to create a basic CodeIgniter 4 project with composer and how to add the Shield dependency for authorization. How to create a basic login and Registration system and how to implement logout feature. We will take this post a step ahead and dive into the user management system in CodeIgniter 4 Shield.
1. User Profile Management
1.1 Creating User Profile Views and Forms
To manage user profiles, you need to create views and forms that allow users to view and update their information. Let’s start by creating a basic profile view and form.
Profile View (app/Views/profile_view.php):
<code><!DOCTYPE html>
<html>
<head>
<title>User Profile</title>
</head>
<body>
<h1>User Profile</h1>
<form action="<?= site_url('profile/update') ?>" method="post">
<?= csrf_field() ?>
<label for="username">Username:</label>
<input type="text" id="username" name="username" value="<?= esc($user['username']) ?>" required>
<label for="email">Email:</label>
<input type="email" id="email" name="email" value="<?= esc($user['email']) ?>" required>
<input type="submit" value="Update Profile">
</form>
</body>
</html></code>
Code language: PHP (php)
Profile Controller (app/Controllers/Profile.php):
<code><?php
namespace App\Controllers;
use CodeIgniter\Controller;
class Profile extends Controller
{
public function index()
{
$userModel = model('UserModel');
$userId = auth()->id(); // Get current user ID
$data['user'] = $userModel->find($userId);
return view('profile_view', $data);
}
public function update()
{
$userModel = model('UserModel');
$userId = auth()->id(); // Get current user ID
$userModel->update($userId, [
'username' => $this->request->getPost('username'),
'email' => $this->request->getPost('email'),
]);
return redirect()->to('/profile')->with('success', 'Profile updated successfully.');
}
}</code>
Code language: PHP (php)
1.2 Updating User Information
Updating user information involves handling form submissions and updating the user data in the database. The update()
method in the Profile
controller demonstrates how to achieve this.
2. Password Reset and Recovery
2.1 Implementing Password Reset Functionality
To implement password reset functionality, you need to create a reset request form and a reset form.
Password Reset Request Form (app/Views/password_reset_request.php):
<code><!DOCTYPE html>
<html>
<head>
<title>Password Reset Request</title>
</head>
<body>
<h1>Request Password Reset</h1>
<form action="<?= site_url('password/reset-request') ?>" method="post">
<?= csrf_field() ?>
<label for="email">Email:</label>
<input type="email" id="email" name="email" required>
<input type="submit" value="Request Reset Link">
</form>
</body>
</html></code>
Code language: PHP (php)
Password Reset Controller (app/Controllers/Password.php):
<code><?php
namespace App\Controllers;
use CodeIgniter\Controller;
class Password extends Controller
{
public function resetRequest()
{
$email = $this->request->getPost('email');
$userModel = model('UserModel');
$user = $userModel->where('email', $email)->first();
if ($user) {
// Send reset link via email (implement email sending)
// For simplicity, we just log a message here
log_message('info', 'Password reset link sent to ' . $email);
}
return redirect()->to('/')->with('message', 'If the email is registered, a reset link will be sent.');
}
}
</code>
Code language: PHP (php)
Password Reset Form (app/Views/password_reset.php):
<code><!DOCTYPE html>
<html>
<head>
<title>Reset Password</title>
</head>
<body>
<h1>Reset Password</h1>
<form action="<?= site_url('password/reset') ?>" method="post">
<?= csrf_field() ?>
<input type="hidden" name="token" value="<?= esc($token) ?>">
<label for="new_password">New Password:</label>
<input type="password" id="new_password" name="new_password" required>
<input type="submit" value="Reset Password">
</form>
</body>
</html></code>
Code language: HTML, XML (xml)
Password Reset Controller (app/Controllers/Password.php):
<code><?php
namespace App\Controllers;
use CodeIgniter\Controller;
class Password extends Controller
{
public function reset()
{
$token = $this->request->getPost('token');
$newPassword = $this->request->getPost('new_password');
$userModel = model('UserModel');
// Validate token and reset password
// For simplicity, token validation is skipped here
$user = $userModel->where('reset_token', $token)->first();
if ($user) {
$userModel->update($user['id'], [
'password' => password_hash($newPassword, PASSWORD_DEFAULT),
'reset_token' => null // Clear reset token
]);
return redirect()->to('/login')->with('success', 'Password reset successfully.');
}
return redirect()->to('/')->with('error', 'Invalid token.');
}
}
</code>
Code language: PHP (php)
2.2 Handling Password Recovery Requests
Handle password recovery requests by creating forms for users to request a password reset link and to set a new password using the provided link.
3. Account Activation and Deactivation
3.1 Implementing Account Activation via Email
To implement account activation, generate an activation token and send it via email to the user.
Account Activation Controller (app/Controllers/Account.php):
<code><?php
namespace App\Controllers;
use CodeIgniter\Controller;
class Account extends Controller
{
public function activate($token)
{
$userModel = model('UserModel');
$user = $userModel->where('activation_token', $token)->first();
if ($user) {
$userModel->update($user['id'], [
'is_active' => true,
'activation_token' => null // Clear activation token
]);
return redirect()->to('/login')->with('success', 'Account activated successfully.');
}
return redirect()->to('/')->with('error', 'Invalid activation token.');
}
}</code>
Code language: PHP (php)
3.2 Handling Account Deactivation
To handle account deactivation, update the user’s status in the database.
Account Deactivation Controller (app/Controllers/Account.php):
<code><?php
namespace App\Controllers;
use CodeIgniter\Controller;
class Account extends Controller
{
public function deactivate()
{
$userId = auth()->id(); // Get current user ID
$userModel = model('UserModel');
$userModel->update($userId, [
'is_active' => false
]);
return redirect()->to('/login')->with('success', 'Account deactivated. Please contact support to reactivate.');
}
}
</code>
Code language: PHP (php)
Conclusion
With CodeIgniter 4 Shield, managing user profiles, handling password resets, and controlling account activation and deactivation are streamlined processes. By following the code examples provided, you can effectively implement these features and ensure robust user management in your application.
Feel free to customize the code to fit your specific requirements and enhance your application’s user management capabilities.
For more details and advanced configurations, refer to the CodeIgniter 4 Shield documentation.