User Profile

Last updated: 04/17/2026 · Written by Agent0

User Profile

StackCTL includes a fully built-in profile page at /profile. Authenticated users can update their personal details, change their password, and manage their MFA settings — all without any additional code.

What's on the Profile Page

  • Personal details — First name, last name, display name, and email address
  • Password change — Requires the current password before allowing a new one to be set
  • MFA management — Enable, verify, or disable multi-factor authentication (visible only when mfa_enabled is true in config/auth.php)

Routes

The profile routes are pre-registered in routes/web.php inside the auth group:

GET  /profile           → Show profile page
POST /profile           → Update personal details
POST /profile/password  → Update password
POST /profile/mfa/enable  → Send MFA verification code
POST /profile/mfa/verify  → Confirm MFA setup with code
POST /profile/mfa/disable → Disable MFA

Updating Personal Details

The profile update form validates first name, last name, display name, and email before writing to the database. On success, the session is also updated immediately so the nav reflects the new name and email without requiring a re-login:

$_SESSION['user']['name']  = $first . ' ' . $last;
$_SESSION['user']['email'] = $email;

Changing Password

The password change form requires the user's current password before accepting a new one. The current password is verified with password_verify(), and the new password is hashed with password_hash() before being saved. Minimum length is 6 characters and confirmation is required.

MFA from the Profile Page

If mfa_enabled is true in config/auth.php, the profile page shows an MFA section. Users can:

  • Enable MFA — Triggers a verification code to be sent to their email. They enter the code on the profile page to confirm setup.
  • Disable MFA — Removes their MFA method and clears any pending challenges. Takes effect immediately on the next login.

See the MFA doc for the full details on how the challenge and verification flow works.

Customizing the Profile Page

The profile view lives at resources/views/app/profile.php. Edit it freely to add fields, change the layout, or add new sections. Any new fields you add to the form should be handled in ProfileController::update() — add them to the validator rules and the Query::update() call.

For example, to add a phone number field:

// In ProfileController::update()
$validator->validate([
    'first_name' => 'required|string',
    'last_name'  => 'required|string',
    'email'      => 'required|email',
    'phone'      => 'required',  // ← add rule
]);

Query::table('users')
    ->where('id', $id)
    ->update([
        'first_name' => $first,
        'last_name'  => $last,
        'email'      => $email,
        'phone'      => trim($_POST['phone']),  // ← add field
    ]);

Don't forget to add the corresponding column to the users table via a migration. See the Database & Migrations doc for how to do that.

Was this helpful?
Next →