From 86e483f7dff103ea702ec6f9a6f109918c9a69c3 Mon Sep 17 00:00:00 2001
From: Jerry <zeruiz@nycstudents.net>
Date: Thu, 5 Feb 2026 22:12:03 -0500
Subject: [PATCH] Add: Change password in settings

---
 app/auth/auth_utils.py           |   62 ++
 app/auth/routes.py               |   48 ++
 app/templates/auth/settings.html | 1014 ++++++++++++++++++++++--------
 3 files changed, 861 insertions(+), 263 deletions(-)

diff --git a/app/auth/auth_utils.py b/app/auth/auth_utils.py
index 4e47e7c..318c4b6 100644
--- a/app/auth/auth_utils.py
+++ b/app/auth/auth_utils.py
@@ -4,6 +4,7 @@
 from datetime import datetime, timezone
 from typing import Optional
 
+from bson import ObjectId
 from flask_login import current_user
 from werkzeug.security import generate_password_hash
 
@@ -231,6 +232,67 @@ async def delete_user(self, user_id: str) -> tuple[bool, str]:
             logger.error(f"Error deleting user: {str(e)}")
             return False, "An internal error has occurred."
 
+    @with_mongodb_retry(retries=3, delay=2)
+    async def change_password(self, user_id: str, current_password: str, new_password: str) -> tuple[bool, str]:
+        """Change user password after verifying current password"""
+        
+        try:            
+            # Get user data
+            user_data = self.db.users.find_one({"_id": ObjectId(user_id)})
+            if not user_data:
+                return False, "User not found"
+            
+            # Check for account lockout due to too many failed attempts
+            failed_attempts = user_data.get('failed_password_change_attempts', 0)
+            last_failed = user_data.get('last_failed_password_change')
+            
+            if failed_attempts >= 5 and last_failed:
+                # Lock for 15 minutes after 5 failed attempts
+                time_since = (datetime.now(timezone.utc) - last_failed).total_seconds()
+                if time_since < 900:  # 15 minutes
+                    mins_left = int((900 - time_since) / 60) + 1
+                    return False, f"Too many failed attempts. Try again in {mins_left} minutes"
+            
+            # Create user object to verify current password
+            user = User.create_from_db(user_data)
+            if not user.check_password(current_password):
+                # Track failed attempt
+                self.db.users.update_one(
+                    {"_id": ObjectId(user_id)},
+                    {
+                        "$set": {"last_failed_password_change": datetime.now(timezone.utc)},
+                        "$inc": {"failed_password_change_attempts": 1}
+                    }
+                )
+                return False, "Current password is incorrect"
+            
+            # Check new password strength
+            password_valid, message = await check_password_strength(new_password)
+            if not password_valid:
+                return False, message
+            
+            # Update password and reset failed attempts
+            result = self.db.users.update_one(
+                {"_id": ObjectId(user_id)},
+                {
+                    "$set": {
+                        "password_hash": generate_password_hash(new_password),
+                        "password_changed_at": datetime.now(timezone.utc),
+                        "failed_password_change_attempts": 0
+                    },
+                    "$unset": {"last_failed_password_change": ""}
+                }
+            )
+            
+            if result.modified_count > 0:
+                logger.info(f"Password changed for user: {user.username}")
+                return True, "Password changed successfully"
+            return False, "Failed to update password"
+            
+        except Exception as e:
+            logger.error(f"Error changing password: {str(e)}")
+            return False, "An internal error has occurred."
+
     @with_mongodb_retry(retries=3, delay=2)
     async def update_user_settings(self, user_id: str, form_data: dict, profile_picture=None) -> tuple[bool, Optional[str]]:
         """Update user settings including profile picture"""
diff --git a/app/auth/routes.py b/app/auth/routes.py
index e9c0ab4..b1888da 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -281,6 +281,54 @@ async def check_username():
         }), 500
 
 
+@auth_bp.route("/change_password", methods=["POST"])
+@limiter.limit("5 per minute")
+@login_required
+@async_route
+async def change_password():
+    """Change user password"""
+    try:
+        if request.headers.get('X-Requested-With') != 'XMLHttpRequest':
+            return jsonify({"success": False, "message": "Invalid request"}), 403
+        
+        data = request.get_json()
+        current_password = data.get('current_password', '').strip()
+        new_password = data.get('new_password', '').strip()
+        confirm_password = data.get('confirm_password', '').strip()
+
+        # Validate input
+        if not all([current_password, new_password, confirm_password]):
+            return jsonify({"success": False, "message": "All fields are required"}), 400
+
+        if new_password != confirm_password:
+            return jsonify({"success": False, "message": "New passwords do not match"}), 400
+
+        # Additional security: Prevent reusing current password
+        if current_password == new_password:
+            return jsonify({"success": False, "message": "New password must be different from current password"}), 400
+
+        # Change password
+        success, message = await user_manager.change_password(
+            current_user.get_id(),
+            current_password,
+            new_password
+        )
+
+        if success:
+            current_app.logger.info(f"Password changed for user {current_user.username}")
+            # Log out user to invalidate session
+            logout_user()
+            return jsonify({"success": True, "message": "Password changed successfully. Please log in again.", "redirect": url_for("auth.login")})
+        else:
+            # Don't reveal whether username exists or password was wrong (timing attack mitigation)
+            current_app.logger.warning(f"Failed password change attempt for user {current_user.username}")
+            return jsonify({"success": False, "message": message}), 400
+
+    except Exception as e:
+        current_app.logger.error(f"Error changing password for user {current_user.username}: {str(e)}", exc_info=True)
+        return jsonify({"success": False, "message": "An internal error has occurred."}), 500
+
+
 @auth_bp.route("/delete_account", methods=["POST"])
 @login_required
 @async_route
diff --git a/app/templates/auth/settings.html b/app/templates/auth/settings.html
index 43b26cb..089c742 100644
--- a/app/templates/auth/settings.html
+++ b/app/templates/auth/settings.html
@@ -1,317 +1,805 @@
-{% extends "base.html" %}
+{% extends "base.html" %} {% block content %}
+<div
+  id="notification-area"
+  class="fixed top-4 right-4 z-50 space-y-2"
+  style="max-width: 400px"
+></div>
 
-{% block content %}
 <div class="container mx-auto px-4 py-8">
-    <div class="max-w-4xl mx-auto">
-        <div class="bg-white rounded-2xl shadow-xl">
-            <div class="bg-gradient-to-r from-blue-600 to-blue-800 p-6 rounded-t-2xl">
-                <div class="flex justify-between items-center">
-                    <h2 class="text-white text-2xl font-bold">Profile Settings</h2>
-                    <a href="{{ url_for('auth.profile', username=current_user.username) }}"
-                       class="bg-white p-2 rounded-full hover:bg-gray-50 transition-colors">
-                        <svg xmlns="http://www.w3.org/2000/svg" class="h-6 w-6 text-gray-600" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z" />
-                        </svg>
-                    </a>
-                </div>
+  <div class="max-w-4xl mx-auto">
+    <div class="bg-white rounded-2xl shadow-xl">
+      <div class="bg-gradient-to-r from-blue-600 to-blue-800 p-6 rounded-t-2xl">
+        <div class="flex justify-between items-center">
+          <h2 class="text-white text-2xl font-bold">Profile Settings</h2>
+          <a
+            href="{{ url_for('auth.profile', username=current_user.username) }}"
+            class="bg-white p-2 rounded-full hover:bg-gray-50 transition-colors"
+          >
+            <svg
+              xmlns="http://www.w3.org/2000/svg"
+              class="h-6 w-6 text-gray-600"
+              fill="none"
+              viewBox="0 0 24 24"
+              stroke="currentColor"
+            >
+              <path
+                stroke-linecap="round"
+                stroke-linejoin="round"
+                stroke-width="2"
+                d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z"
+              />
+            </svg>
+          </a>
+        </div>
+      </div>
+
+      <div class="p-6 md:p-8">
+        <form method="POST" enctype="multipart/form-data" class="space-y-6">
+          <!-- Profile Picture Section -->
+          <div class="text-center">
+            <div class="relative inline-block">
+              <img
+                src="{{ url_for('auth.profile_picture', user_id=current_user.id) }}"
+                class="w-40 h-40 rounded-full border-4 border-white shadow-lg object-cover profile-preview"
+                alt="Profile picture"
+              />
+              <label
+                for="profile_picture"
+                class="absolute bottom-0 right-0 bg-blue-600 p-2 rounded-full shadow-lg hover:bg-blue-700 transition-colors cursor-pointer"
+              >
+                <svg
+                  xmlns="http://www.w3.org/2000/svg"
+                  class="h-5 w-5 text-white"
+                  fill="none"
+                  viewBox="0 0 24 24"
+                  stroke="currentColor"
+                >
+                  <path
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    stroke-width="2"
+                    d="M3 9a2 2 0 012-2h.93a2 2 0 001.664-.89l.812-1.22A2 2 0 0110.07 4h3.86a2 2 0 011.664.89l.812 1.22A2 2 0 0018.07 7H19a2 2 0 012 2v9a2 2 0 01-2 2H5a2 2 0 01-2-2V9z"
+                  />
+                  <path
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    stroke-width="2"
+                    d="M15 13a3 3 0 11-6 0 3 3 0 016 0z"
+                  />
+                </svg>
+              </label>
+              <input
+                type="file"
+                id="profile_picture"
+                name="profile_picture"
+                accept="image/*"
+                class="hidden"
+              />
             </div>
+            <div class="mt-2">
+              <p id="upload-info" class="text-sm text-gray-500"></p>
+              <p class="text-xs text-gray-400 mt-1">
+                Supported formats: PNG, JPG, JPEG. Maximum file size: 6MB
+              </p>
+            </div>
+          </div>
+
+          <!-- Settings Form -->
+          <div class="space-y-6">
+            <div class="bg-white rounded-xl shadow-sm p-6">
+              <h4
+                class="flex items-center text-lg font-semibold text-gray-900 mb-6"
+              >
+                <svg
+                  xmlns="http://www.w3.org/2000/svg"
+                  class="h-5 w-5 text-blue-600 mr-2"
+                  fill="none"
+                  viewBox="0 0 24 24"
+                  stroke="currentColor"
+                >
+                  <path
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    stroke-width="2"
+                    d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z"
+                  />
+                </svg>
+                Basic Information
+              </h4>
 
-            <div class="p-6 md:p-8">
-                <form method="POST" enctype="multipart/form-data" class="space-y-6">
-                    <!-- Profile Picture Section -->
-                    <div class="text-center">
-                        <div class="relative inline-block">
-                            <img src="{{ url_for('auth.profile_picture', user_id=current_user.id) }}"
-                                 class="w-40 h-40 rounded-full border-4 border-white shadow-lg object-cover profile-preview"
-                                 alt="Profile picture">
-                            <label for="profile_picture"
-                                   class="absolute bottom-0 right-0 bg-blue-600 p-2 rounded-full shadow-lg hover:bg-blue-700 transition-colors cursor-pointer">
-                                <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 text-white" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M3 9a2 2 0 012-2h.93a2 2 0 001.664-.89l.812-1.22A2 2 0 0110.07 4h3.86a2 2 0 011.664.89l.812 1.22A2 2 0 0018.07 7H19a2 2 0 012 2v9a2 2 0 01-2 2H5a2 2 0 01-2-2V9z" />
-                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 13a3 3 0 11-6 0 3 3 0 016 0z" />
-                                </svg>
-                            </label>
-                            <input type="file" id="profile_picture" name="profile_picture"
-                                   accept="image/*" class="hidden">
-                        </div>
-                        <div class="mt-2">
-                            <p id="upload-info" class="text-sm text-gray-500"></p>
-                            <p class="text-xs text-gray-400 mt-1">Supported formats: PNG, JPG, JPEG. Maximum file size: 6MB</p>
-                        </div>
+              <div class="space-y-4">
+                <div>
+                  <label
+                    for="username"
+                    class="block text-sm font-medium text-gray-700 mb-1"
+                    >Username</label
+                  >
+                  <div class="relative rounded-md shadow-sm">
+                    <div
+                      class="absolute inset-y-0 left-0 pl-3 flex items-center pointer-events-none"
+                    >
+                      <svg
+                        xmlns="http://www.w3.org/2000/svg"
+                        class="h-5 w-5 text-gray-400"
+                        fill="none"
+                        viewBox="0 0 24 24"
+                        stroke="currentColor"
+                      >
+                        <path
+                          stroke-linecap="round"
+                          stroke-linejoin="round"
+                          stroke-width="2"
+                          d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z"
+                        />
+                      </svg>
                     </div>
+                    <input
+                      type="text"
+                      id="username"
+                      name="username"
+                      value="{{ current_user.username }}"
+                      required
+                      class="block w-full pl-10 pr-3 py-3 border-gray-300 rounded-lg focus:ring-blue-500 focus:border-blue-500"
+                      onkeyup="checkUsername(this.value)"
+                    />
+                  </div>
+                  <div id="username-status" class="mt-1 text-sm"></div>
+                </div>
+
+                <div>
+                  <label
+                    for="description"
+                    class="block text-sm font-medium text-gray-700 mb-1"
+                    >About Me</label
+                  >
+                  <div class="relative rounded-md shadow-sm">
+                    <div
+                      class="absolute inset-y-0 left-0 pl-3 pt-3 pointer-events-none"
+                    >
+                      <svg
+                        xmlns="http://www.w3.org/2000/svg"
+                        class="h-5 w-5 text-gray-400"
+                        viewBox="0 0 58.707 58.707"
+                        xml:space="preserve"
+                      >
+                        <g>
+                          <g>
+                            <polygon
+                              style="fill: #efebde"
+                              points="46.072,14 32.072,0 1.072,0 1.072,58 46.072,58   "
+                            />
+                            <g>
+                              <path
+                                style="fill: #d5d0bb"
+                                d="M11.072,23h25c0.552,0,1-0.447,1-1s-0.448-1-1-1h-25c-0.552,0-1,0.447-1,1S10.52,23,11.072,23z"
+                              />
+                              <path
+                                style="fill: #d5d0bb"
+                                d="M11.072,15h10c0.552,0,1-0.447,1-1s-0.448-1-1-1h-10c-0.552,0-1,0.447-1,1S10.52,15,11.072,15z"
+                              />
+                              <path
+                                style="fill: #d5d0bb"
+                                d="M36.072,29h-25c-0.552,0-1,0.447-1,1s0.448,1,1,1h25c0.552,0,1-0.447,1-1S36.624,29,36.072,29z"
+                              />
+                              <path
+                                style="fill: #d5d0bb"
+                                d="M36.072,37h-25c-0.552,0-1,0.447-1,1s0.448,1,1,1h25c0.552,0,1-0.447,1-1S36.624,37,36.072,37z"
+                              />
+                              <path
+                                style="fill: #d5d0bb"
+                                d="M36.072,45h-25c-0.552,0-1,0.447-1,1s0.448,1,1,1h25c0.552,0,1-0.447,1-1S36.624,45,36.072,45z"
+                              />
+                            </g>
+                            <polygon
+                              style="fill: #d5d0bb"
+                              points="32.072,0 32.072,14 46.072,14   "
+                            />
+                          </g>
+                          <g>
+                            <polygon
+                              style="fill: #eddcc7"
+                              points="36.201,49.214 36.194,49.222 34.205,56.511 38.852,51.865   "
+                            />
+                            <path
+                              style="fill: #d75a4a"
+                              d="M55.451,35.266l-1.247-1.247c-0.775-0.775-2.032-0.775-2.807,0L47.815,37.6l2.651,2.651    L55.451,35.266z"
+                            />
+
+                            <rect
+                              x="41.459"
+                              y="36.521"
+                              transform="matrix(0.7071 0.7071 -0.7071 0.7071 44.3228 -17.5395)"
+                              style="fill: #f29c21"
+                              width="3.749"
+                              height="16.424"
+                            />
+                            <polygon
+                              style="fill: #d6c4b1"
+                              points="41.85,54.879 41.858,54.871 38.852,51.865 34.205,56.511 34.072,57   "
+                            />
+                            <path
+                              style="fill: #a34740"
+                              d="M53.472,43.257l3.582-3.582c0.775-0.775,0.775-2.032,0-2.807l-1.602-1.602l-4.985,4.985    L53.472,43.257z"
+                            />
 
-                    <!-- Settings Form -->
-                    <div class="space-y-6">
-                        <div class="bg-white rounded-xl shadow-sm p-6">
-                            <h4 class="flex items-center text-lg font-semibold text-gray-900 mb-6">
-                                <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 text-blue-600 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z" />
-                                </svg>
-                                Basic Information
-                            </h4>
-                            
-                            <div class="space-y-4">
-                                <div>
-                                    <label for="username" class="block text-sm font-medium text-gray-700 mb-1">Username</label>
-                                    <div class="relative rounded-md shadow-sm">
-                                        <div class="absolute inset-y-0 left-0 pl-3 flex items-center pointer-events-none">
-                                            <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 text-gray-400" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                                                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z" />
-                                            </svg>
-                                        </div>
-                                        <input type="text" id="username" name="username"
-                                               value="{{ current_user.username }}" required
-                                               class="block w-full pl-10 pr-3 py-3 border-gray-300 rounded-lg focus:ring-blue-500 focus:border-blue-500"
-                                               onkeyup="checkUsername(this.value)">
-                                    </div>
-                                    <div id="username-status" class="mt-1 text-sm"></div>
-                                </div>
-
-                                <div>
-                                    <label for="description" class="block text-sm font-medium text-gray-700 mb-1">About Me</label>
-                                    <div class="relative rounded-md shadow-sm">
-                                        <div class="absolute inset-y-0 left-0 pl-3 pt-3 pointer-events-none">
-                                            <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 text-gray-400" viewBox="0 0 58.707 58.707" xml:space="preserve">
-                                                <g>
-                                                    <g>
-                                                        <polygon style="fill:#EFEBDE;" points="46.072,14 32.072,0 1.072,0 1.072,58 46.072,58   "/>
-                                                        <g>
-                                                            <path style="fill:#D5D0BB;" d="M11.072,23h25c0.552,0,1-0.447,1-1s-0.448-1-1-1h-25c-0.552,0-1,0.447-1,1S10.52,23,11.072,23z"/>
-                                                            <path style="fill:#D5D0BB;" d="M11.072,15h10c0.552,0,1-0.447,1-1s-0.448-1-1-1h-10c-0.552,0-1,0.447-1,1S10.52,15,11.072,15z"/>
-                                                            <path style="fill:#D5D0BB;" d="M36.072,29h-25c-0.552,0-1,0.447-1,1s0.448,1,1,1h25c0.552,0,1-0.447,1-1S36.624,29,36.072,29z"/>
-                                                            <path style="fill:#D5D0BB;" d="M36.072,37h-25c-0.552,0-1,0.447-1,1s0.448,1,1,1h25c0.552,0,1-0.447,1-1S36.624,37,36.072,37z"/>
-                                                            <path style="fill:#D5D0BB;" d="M36.072,45h-25c-0.552,0-1,0.447-1,1s0.448,1,1,1h25c0.552,0,1-0.447,1-1S36.624,45,36.072,45z"/>
-                                                        </g>
-                                                        <polygon style="fill:#D5D0BB;" points="32.072,0 32.072,14 46.072,14   "/>
-                                                    </g>
-                                                    <g>
-                                                        <polygon style="fill:#EDDCC7;" points="36.201,49.214 36.194,49.222 34.205,56.511 38.852,51.865   "/>
-                                                        <path style="fill:#D75A4A;" d="M55.451,35.266l-1.247-1.247c-0.775-0.775-2.032-0.775-2.807,0L47.815,37.6l2.651,2.651    L55.451,35.266z"/>
-                                                        
-                                                        <rect x="41.459" y="36.521" transform="matrix(0.7071 0.7071 -0.7071 0.7071 44.3228 -17.5395)" style="fill:#F29C21;" width="3.749" height="16.424"/>
-                                                        <polygon style="fill:#D6C4B1;" points="41.85,54.879 41.858,54.871 38.852,51.865 34.205,56.511 34.072,57   "/>
-                                                        <path style="fill:#A34740;" d="M53.472,43.257l3.582-3.582c0.775-0.775,0.775-2.032,0-2.807l-1.602-1.602l-4.985,4.985    L53.472,43.257z"/>
-                                                        
-                                                        <rect x="44.036" y="39.349" transform="matrix(-0.7071 -0.7071 0.7071 -0.7071 45.1717 113.8333)" style="fill:#E18C25;" width="4.251" height="16.424"/>
-                                                        <path style="fill:#5E5E5E;" d="M33.365,58.707c-0.256,0-0.512-0.098-0.707-0.293c-0.391-0.391-0.391-1.023,0-1.414l2.207-2.207    c0.391-0.391,1.023-0.391,1.414,0s0.391,1.023,0,1.414l-2.207,2.207C33.877,58.609,33.621,58.707,33.365,58.707z"/>
-                                                    </g>
-                                                </g>
-                                            </svg>
-                                        </div>
-                                        <textarea id="description" name="description" rows="4"
-                                                  placeholder="Tell us about yourself..."
-                                                  class="block w-full pl-10 pr-3 py-3 border-gray-300 rounded-lg focus:ring-blue-500 focus:border-blue-500">{{ current_user.description }}</textarea>
-                                    </div>
-                                </div>
-                            </div>
-                        </div>
-
-                        {% if current_user.teamNumber %}
-                        <div class="bg-white rounded-xl shadow-sm p-6">
-                            <h4 class="flex items-center text-lg font-semibold text-gray-900 mb-4">
-                                <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 text-blue-600 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M17 20h5v-2a3 3 0 00-5.356-1.857M17 20H7m10 0v-2c0-.656-.126-1.283-.356-1.857M7 20H2v-2a3 3 0 015.356-1.857M7 20v-2c0-.656.126-1.283.356-1.857m0 0a5.002 5.002 0 019.288 0M15 7a3 3 0 11-6 0 3 3 0 016 0zm6 3a2 2 0 11-4 0 2 2 0 014 0zM7 10a2 2 0 11-4 0 2 2 0 014 0z" />
-                                </svg>
-                                Team Information
-                            </h4>
-                            <div class="flex items-center space-x-3">
-                                <span class="text-gray-500">Current Team:</span>
-                                <span class="bg-blue-600 text-white px-4 py-1 rounded-full text-sm font-semibold">
-                                    Team {{ current_user.teamNumber }}
-                                </span>
-                            </div>
-                        </div>
-                        {% endif %}
-
-                        <div class="bg-white rounded-xl shadow-sm p-6">
-                            <h4 class="flex items-center text-lg font-semibold text-gray-900 mb-4">
-                                <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 text-red-600 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
-                                </svg>
-                                Danger Zone
-                            </h4>
-                            <div class="border border-red-200 rounded-lg p-4">
-                                <h5 class="text-red-600 font-medium mb-2">Delete Account</h5>
-                                <p class="text-gray-600 text-sm mb-4">
-                                    Once you delete your account, there is no going back. Please be certain.
-                                </p>
-                                <button type="button" 
-                                        onclick="confirmDeleteAccount()"
-                                        class="inline-flex items-center px-4 py-2 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500 transition-colors">
-                                    Delete Account
-                                </button>
-                            </div>
-                        </div>
-
-                        <div class="flex justify-end">
-                            <button type="submit" 
-                                    class="inline-flex items-center px-6 py-3 border border-transparent text-base font-medium rounded-lg shadow-sm text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500 transition-colors">
-                                <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 7H5a2 2 0 00-2 2v9a2 2 0 002 2h14a2 2 0 002-2V9a2 2 0 00-2-2h-3m-1 4l-3 3m0 0l-3-3m3 3V4" />
-                                </svg>
-                                Save Changes
-                            </button>
-                        </div>
+                            <rect
+                              x="44.036"
+                              y="39.349"
+                              transform="matrix(-0.7071 -0.7071 0.7071 -0.7071 45.1717 113.8333)"
+                              style="fill: #e18c25"
+                              width="4.251"
+                              height="16.424"
+                            />
+                            <path
+                              style="fill: #5e5e5e"
+                              d="M33.365,58.707c-0.256,0-0.512-0.098-0.707-0.293c-0.391-0.391-0.391-1.023,0-1.414l2.207-2.207    c0.391-0.391,1.023-0.391,1.414,0s0.391,1.023,0,1.414l-2.207,2.207C33.877,58.609,33.621,58.707,33.365,58.707z"
+                            />
+                          </g>
+                        </g>
+                      </svg>
                     </div>
-                </form>
+                    <textarea
+                      id="description"
+                      name="description"
+                      rows="4"
+                      placeholder="Tell us about yourself..."
+                      class="block w-full pl-10 pr-3 py-3 border-gray-300 rounded-lg focus:ring-blue-500 focus:border-blue-500"
+                    >
+{{ current_user.description }}</textarea
+                    >
+                  </div>
+                </div>
+              </div>
             </div>
+
+            {% if current_user.teamNumber %}
+            <div class="bg-white rounded-xl shadow-sm p-6">
+              <h4
+                class="flex items-center text-lg font-semibold text-gray-900 mb-4"
+              >
+                <svg
+                  xmlns="http://www.w3.org/2000/svg"
+                  class="h-5 w-5 text-blue-600 mr-2"
+                  fill="none"
+                  viewBox="0 0 24 24"
+                  stroke="currentColor"
+                >
+                  <path
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    stroke-width="2"
+                    d="M17 20h5v-2a3 3 0 00-5.356-1.857M17 20H7m10 0v-2c0-.656-.126-1.283-.356-1.857M7 20H2v-2a3 3 0 015.356-1.857M7 20v-2c0-.656.126-1.283.356-1.857m0 0a5.002 5.002 0 019.288 0M15 7a3 3 0 11-6 0 3 3 0 016 0zm6 3a2 2 0 11-4 0 2 2 0 014 0zM7 10a2 2 0 11-4 0 2 2 0 014 0z"
+                  />
+                </svg>
+                Team Information
+              </h4>
+              <div class="flex items-center space-x-3">
+                <span class="text-gray-500">Current Team:</span>
+                <span
+                  class="bg-blue-600 text-white px-4 py-1 rounded-full text-sm font-semibold"
+                >
+                  Team {{ current_user.teamNumber }}
+                </span>
+              </div>
+            </div>
+            {% endif %}
+
+            <!-- Save Profile Changes Button -->
+            <div class="flex justify-end">
+              <button
+                type="submit"
+                class="inline-flex items-center px-6 py-3 border border-transparent text-base font-medium rounded-lg shadow-sm text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500 transition-colors"
+              >
+                <svg
+                  xmlns="http://www.w3.org/2000/svg"
+                  class="h-5 w-5 mr-2"
+                  fill="none"
+                  viewBox="0 0 24 24"
+                  stroke="currentColor"
+                >
+                  <path
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    stroke-width="2"
+                    d="M8 7H5a2 2 0 00-2 2v9a2 2 0 002 2h14a2 2 0 002-2V9a2 2 0 00-2-2h-3m-1 4l-3 3m0 0l-3-3m3 3V4"
+                  />
+                </svg>
+                Save Profile Changes
+              </button>
+            </div>
+          </div>
+        </form>
+
+        <!-- Password Change Section (Separate from form) -->
+        <div class="space-y-6 mt-6">
+            <div class="bg-white rounded-xl shadow-sm p-6">
+              <h4
+                class="flex items-center text-lg font-semibold text-gray-900 mb-6"
+              >
+                <svg
+                  xmlns="http://www.w3.org/2000/svg"
+                  class="h-5 w-5 text-blue-600 mr-2"
+                  fill="none"
+                  viewBox="0 0 24 24"
+                  stroke="currentColor"
+                >
+                  <path
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    stroke-width="2"
+                    d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z"
+                  />
+                </svg>
+                Change Password
+              </h4>
+
+              <div class="space-y-4">
+                <div>
+                  <label
+                    for="current_password"
+                    class="block text-sm font-medium text-gray-700 mb-1"
+                    >Current Password</label
+                  >
+                  <input
+                    type="password"
+                    id="current_password"
+                    name="current_password"
+                    class="block w-full px-3 py-3 border-gray-300 rounded-lg focus:ring-blue-500 focus:border-blue-500"
+                    placeholder="Enter your current password"
+                  />
+                </div>
+
+                <div>
+                  <label
+                    for="new_password"
+                    class="block text-sm font-medium text-gray-700 mb-1"
+                    >New Password</label
+                  >
+                  <input
+                    type="password"
+                    id="new_password"
+                    name="new_password"
+                    class="block w-full px-3 py-3 border-gray-300 rounded-lg focus:ring-blue-500 focus:border-blue-500"
+                    placeholder="Enter new password (min. 8 characters)"
+                  />
+                </div>
+
+                <div>
+                  <label
+                    for="confirm_new_password"
+                    class="block text-sm font-medium text-gray-700 mb-1"
+                    >Confirm New Password</label
+                  >
+                  <input
+                    type="password"
+                    id="confirm_new_password"
+                    name="confirm_new_password"
+                    class="block w-full px-3 py-3 border-gray-300 rounded-lg focus:ring-blue-500 focus:border-blue-500"
+                    placeholder="Confirm your new password"
+                  />
+                </div>
+
+                <div>
+                  <button
+                    type="button"
+                    onclick="changePassword()"
+                    class="inline-flex items-center px-4 py-2 border border-transparent text-sm font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500 transition-colors"
+                  >
+                    <svg
+                      xmlns="http://www.w3.org/2000/svg"
+                      class="h-5 w-5 mr-2"
+                      fill="none"
+                      viewBox="0 0 24 24"
+                      stroke="currentColor"
+                    >
+                      <path
+                        stroke-linecap="round"
+                        stroke-linejoin="round"
+                        stroke-width="2"
+                        d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z"
+                      />
+                    </svg>
+                    Change Password
+                  </button>
+                </div>
+              </div>
+            </div>
+
+            <div class="bg-white rounded-xl shadow-sm p-6">
+              <h4
+                class="flex items-center text-lg font-semibold text-gray-900 mb-4"
+              >
+                <svg
+                  xmlns="http://www.w3.org/2000/svg"
+                  class="h-5 w-5 text-red-600 mr-2"
+                  fill="none"
+                  viewBox="0 0 24 24"
+                  stroke="currentColor"
+                >
+                  <path
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    stroke-width="2"
+                    d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16"
+                  />
+                </svg>
+                Danger Zone
+              </h4>
+              <div class="border border-red-200 rounded-lg p-4">
+                <h5 class="text-red-600 font-medium mb-2">Delete Account</h5>
+                <p class="text-gray-600 text-sm mb-4">
+                  Once you delete your account, there is no going back. Please
+                  be certain.
+                </p>
+                <button
+                  type="button"
+                  onclick="confirmDeleteAccount()"
+                  class="inline-flex items-center px-4 py-2 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500 transition-colors"
+                >
+                  Delete Account
+                </button>
+              </div>
+            </div>
+          </div>
         </div>
+      </div>
     </div>
+  </div>
 </div>
 
 <script>
-// Handle form submission
-document.querySelector('form').addEventListener('submit', function(e) {
+  // Toast notification function
+  function showNotification(message, type = "info") {
+    const notificationArea = document.getElementById("notification-area");
+    if (!notificationArea) return;
+
+    const colors = {
+      success: {
+        bg: "bg-green-50",
+        text: "text-green-800",
+        border: "border-green-300",
+        icon: "text-green-600",
+      },
+      error: {
+        bg: "bg-red-50",
+        text: "text-red-800",
+        border: "border-red-300",
+        icon: "text-red-600",
+      },
+      warning: {
+        bg: "bg-yellow-50",
+        text: "text-yellow-800",
+        border: "border-yellow-300",
+        icon: "text-yellow-600",
+      },
+      info: {
+        bg: "bg-blue-50",
+        text: "text-blue-800",
+        border: "border-blue-300",
+        icon: "text-blue-600",
+      },
+    };
+
+    const icons = {
+      success:
+        '<path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.707-9.293a1 1 0 00-1.414-1.414L9 10.586 7.707 9.293a1 1 0 00-1.414 1.414l2 2a1 1 0 001.414 0l4-4z" clip-rule="evenodd"></path>',
+      error:
+        '<path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd"></path>',
+      warning:
+        '<path fill-rule="evenodd" d="M8.257 3.099c.765-1.36 2.722-1.36 3.486 0l5.58 9.92c.75 1.334-.213 2.98-1.742 2.98H4.42c-1.53 0-2.493-1.646-1.743-2.98l5.58-9.92zM11 13a1 1 0 11-2 0 1 1 0 012 0zm-1-8a1 1 0 00-1 1v3a1 1 0 002 0V6a1 1 0 00-1-1z" clip-rule="evenodd"></path>',
+      info: '<path fill-rule="evenodd" d="M18 10a8 8 0 11-16 0 8 8 0 0116 0zm-7-4a1 1 0 11-2 0 1 1 0 012 0zM9 9a1 1 0 000 2v3a1 1 0 001 1h1a1 1 0 100-2v-3a1 1 0 00-1-1H9z" clip-rule="evenodd"></path>',
+    };
+
+    const color = colors[type] || colors.info;
+    const icon = icons[type] || icons.info;
+
+    const notification = document.createElement("div");
+    notification.className = `flex items-center p-4 rounded-lg shadow-lg ${color.bg} ${color.text} border-2 ${color.border} animate-slide-in`;
+    notification.style.cssText =
+      "animation: slideIn 0.3s ease-out; min-width: 300px;";
+
+    notification.innerHTML = `
+      <svg class="w-6 h-6 mr-3 flex-shrink-0 ${color.icon}" fill="currentColor" viewBox="0 0 20 20">
+        ${icon}
+      </svg>
+      <p class="text-sm font-medium flex-1">${message}</p>
+      <button type="button" class="ml-3 -mx-1.5 -my-1.5 rounded-lg p-1.5 inline-flex h-8 w-8 ${color.icon} hover:bg-opacity-20" onclick="this.parentElement.remove()">
+        <span class="sr-only">Dismiss</span>
+        <svg class="w-5 h-5" fill="currentColor" viewBox="0 0 20 20">
+          <path fill-rule="evenodd" d="M4.293 4.293a1 1 0 011.414 0L10 8.586l4.293-4.293a1 1 0 111.414 1.414L11.414 10l4.293 4.293a1 1 0 01-1.414 1.414L10 11.414l-4.293 4.293a1 1 0 01-1.414-1.414L8.586 10 4.293 5.707a1 1 0 010-1.414z" clip-rule="evenodd"></path>
+        </svg>
+      </button>
+    `;
+
+    notificationArea.appendChild(notification);
+
+    // Auto-dismiss after 5 seconds
+    setTimeout(() => {
+      notification.style.opacity = "0";
+      notification.style.transition = "opacity 300ms";
+      setTimeout(() => notification.remove(), 300);
+    }, 5000);
+  }
+
+  // Add animation keyframe
+  const style = document.createElement("style");
+  style.textContent = `
+    @keyframes slideIn {
+      from {
+        transform: translateX(100%);
+        opacity: 0;
+      }
+      to {
+        transform: translateX(0);
+        opacity: 1;
+      }
+    }
+  `;
+  document.head.appendChild(style);
+
+  // Handle form submission
+  document.querySelector("form").addEventListener("submit", function (e) {
     e.preventDefault(); // Prevent default form submission
-    
+
     // Create FormData object from the form
     const formData = new FormData(this);
-    
+
     // Submit the form using fetch
     fetch(window.location.href, {
-        method: 'POST',
-        body: formData,
-        // Don't set Content-Type header when using FormData - it will set it automatically with boundary
+      method: "POST",
+      body: formData,
+      // Don't set Content-Type header when using FormData - it will set it automatically with boundary
     })
-    .then(response => {
+      .then((response) => {
         if (response.redirected) {
-            // If the server redirects, follow that redirect
-            window.location.href = response.url;
+          // If the server redirects, follow that redirect
+          window.location.href = response.url;
         } else {
-            // If not redirected but successful, refresh the page to show updated info
-            window.location.reload();
+          // If not redirected but successful, refresh the page to show updated info
+          window.location.reload();
         }
-    })
-    .catch(error => {
-        console.error('Error submitting form:', error);
-        alert('An error occurred while saving your changes. Please try again.');
-    });
-});
-
-document.getElementById('profile_picture').addEventListener('change', function(e) {
-    const file = e.target.files[0];
-    
-    // Check file size (6MB = 6 * 1024 * 1024 bytes)
-    const maxSize = 6 * 1024 * 1024;
-    if (file && file.size > maxSize) {
-        alert('File size must be less than 6MB');
-        this.value = ''; // Clear the file input
-        document.getElementById('upload-info').textContent = '';
+      })
+      .catch((error) => {
+        console.error("Error submitting form:", error);
+        showNotification(
+          "An error occurred while saving your changes. Please try again.",
+          "error",
+        );
+      });
+  });
+
+  document
+    .getElementById("profile_picture")
+    .addEventListener("change", function (e) {
+      const file = e.target.files[0];
+
+      // Check file size (6MB = 6 * 1024 * 1024 bytes)
+      const maxSize = 6 * 1024 * 1024;
+      if (file && file.size > maxSize) {
+        showNotification("File size must be less than 6MB", "error");
+        this.value = ""; // Clear the file input
+        document.getElementById("upload-info").textContent = "";
         return;
-    }
-    
-    if (file) {
+      }
+
+      if (file) {
         // Update file name display
-        document.getElementById('upload-info').textContent = file.name;
-        
+        document.getElementById("upload-info").textContent = file.name;
+
         // Show immediate preview first before compression starts
         const reader = new FileReader();
-        reader.onload = function(e) {
-            document.querySelector('.profile-preview').src = e.target.result;
+        reader.onload = function (e) {
+          document.querySelector(".profile-preview").src = e.target.result;
         };
         reader.readAsDataURL(file);
-        
+
         // Then use Compressor.js to compress the image in background
         try {
-            new Compressor(file, {
-                quality: 0.8, // 0.8 means 80% quality
-                maxWidth: 800,
-                maxHeight: 800,
-                mimeType: 'image/jpeg',
-                success(result) {
-                    // Replace the file in the input with the compressed one
-                    const dataTransfer = new DataTransfer();
-                    dataTransfer.items.add(new File([result], file.name, { type: 'image/jpeg' }));
-                    document.getElementById('profile_picture').files = dataTransfer.files;
-                    console.log('Image compressed successfully');
-                },
-                error(err) {
-                    console.error('Image compression failed:', err);
-                    // No need to update preview again since we already did it above
-                }
-            });
+          new Compressor(file, {
+            quality: 0.8, // 0.8 means 80% quality
+            maxWidth: 800,
+            maxHeight: 800,
+            mimeType: "image/jpeg",
+            success(result) {
+              // Replace the file in the input with the compressed one
+              const dataTransfer = new DataTransfer();
+              dataTransfer.items.add(
+                new File([result], file.name, { type: "image/jpeg" }),
+              );
+              document.getElementById("profile_picture").files =
+                dataTransfer.files;
+              console.log("Image compressed successfully");
+            },
+            error(err) {
+              console.error("Image compression failed:", err);
+              // No need to update preview again since we already did it above
+            },
+          });
         } catch (err) {
-            console.error('Error initializing compressor:', err);
-            // The preview is already shown above, so no need for fallback here
+          console.error("Error initializing compressor:", err);
+          // The preview is already shown above, so no need for fallback here
         }
-    }
-});
+      }
+    });
 
-let usernameCheckTimeout;
-const currentUsername = "{{ current_user.username }}";
+  let usernameCheckTimeout;
+  const currentUsername = "{{ current_user.username }}";
 
-function checkUsername(username) {
+  function checkUsername(username) {
     // Clear any existing timeout
     clearTimeout(usernameCheckTimeout);
-    
-    const statusDiv = document.getElementById('username-status');
-    
+
+    const statusDiv = document.getElementById("username-status");
+
     // Don't check if username hasn't changed
     if (username === currentUsername) {
-        statusDiv.innerHTML = '';
-        return;
+      statusDiv.innerHTML = "";
+      return;
     }
-    
+
     // Check username length and characters
     if (username.length < 3) {
-        statusDiv.innerHTML = '<span class="text-yellow-600">Username must be at least 3 characters long</span>';
-        return;
+      statusDiv.innerHTML =
+        '<span class="text-yellow-600">Username must be at least 3 characters long</span>';
+      return;
     }
-    
+
     if (!/^[a-zA-Z0-9_]+$/.test(username)) {
-        statusDiv.innerHTML = '<span class="text-red-600">Username can only contain letters, numbers, and underscores</span>';
-        return;
+      statusDiv.innerHTML =
+        '<span class="text-red-600">Username can only contain letters, numbers, and underscores</span>';
+      return;
     }
 
     // Set a timeout to avoid too many requests
     usernameCheckTimeout = setTimeout(() => {
-        statusDiv.innerHTML = '<span class="text-blue-600">Checking availability...</span>';
-        
-        fetch('/auth/check_username', {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'X-Requested-With': 'XMLHttpRequest'
-            },
-            body: JSON.stringify({ username: username })
-        })
-        .then(response => response.json())
-        .then(data => {
-            if (data.available) {
-                statusDiv.innerHTML = '<span class="text-green-600">✓ Username is available</span>';
-            } else {
-                statusDiv.innerHTML = '<span class="text-red-600">✗ Username is already taken</span>';
-            }
+      statusDiv.innerHTML =
+        '<span class="text-blue-600">Checking availability...</span>';
+
+      fetch("/auth/check_username", {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "X-Requested-With": "XMLHttpRequest",
+        },
+        body: JSON.stringify({ username: username }),
+      })
+        .then((response) => response.json())
+        .then((data) => {
+          if (data.available) {
+            statusDiv.innerHTML =
+              '<span class="text-green-600">✓ Username is available</span>';
+          } else {
+            statusDiv.innerHTML =
+              '<span class="text-red-600">✗ Username is already taken</span>';
+          }
         })
-        .catch(error => {
-            console.error('Error:', error);
-            statusDiv.innerHTML = '<span class="text-red-600">Error checking username availability</span>';
+        .catch((error) => {
+          console.error("Error:", error);
+          statusDiv.innerHTML =
+            '<span class="text-red-600">Error checking username availability</span>';
         });
     }, 500); // Wait 500ms after user stops typing before checking
-}
-
-function confirmDeleteAccount() {
-    if (confirm('Are you sure you want to delete your account? This action cannot be undone.')) {
-        fetch('/auth/delete_account', {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'X-Requested-With': 'XMLHttpRequest'
-            }
-        })
-        .then(response => response.json())
-        .then(data => {
-            if (data.success) {
-                window.location.href = data.redirect;
-            } else {
-                alert(data.message || 'Failed to delete account');
-            }
+  }
+
+  function changePassword() {
+    const currentPassword = document.getElementById("current_password").value;
+    const newPassword = document.getElementById("new_password").value;
+    const confirmPassword = document.getElementById(
+      "confirm_new_password",
+    ).value;
+
+    // Client-side validation
+    if (!currentPassword || !newPassword || !confirmPassword) {
+      showNotification("All password fields are required", "warning");
+      return;
+    }
+
+    if (newPassword !== confirmPassword) {
+      showNotification("New passwords do not match", "error");
+      return;
+    }
+
+    if (newPassword.length < 8) {
+      showNotification(
+        "New password must be at least 8 characters long",
+        "error",
+      );
+      return;
+    }
+
+    if (newPassword === currentPassword) {
+      showNotification(
+        "New password must be different from current password",
+        "error",
+      );
+      return;
+    }
+
+    // Send request
+    fetch("/auth/change_password", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Requested-With": "XMLHttpRequest",
+      },
+      body: JSON.stringify({
+        current_password: currentPassword,
+        new_password: newPassword,
+        confirm_password: confirmPassword,
+      }),
+    })
+      .then((response) => response.json())
+      .then((data) => {
+        if (data.success) {
+          showNotification(
+            data.message || "Password changed successfully",
+            "success",
+          );
+          // Redirect to login if logout is required
+          if (data.redirect) {
+            setTimeout(() => {
+              window.location.href = data.redirect;
+            }, 1500);
+          } else {
+            // Clear the password fields
+            document.getElementById("current_password").value = "";
+            document.getElementById("new_password").value = "";
+            document.getElementById("confirm_new_password").value = "";
+          }
+        } else {
+          showNotification(
+            data.message || "Failed to change password",
+            "error",
+          );
+        }
+      })
+      .catch((error) => {
+        console.error("Error:", error);
+        showNotification(
+          "An error occurred while changing your password",
+          "error",
+        );
+      });
+  }
+
+  function confirmDeleteAccount() {
+    if (
+      confirm(
+        "Are you sure you want to delete your account? This action cannot be undone.",
+      )
+    ) {
+      fetch("/auth/delete_account", {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "X-Requested-With": "XMLHttpRequest",
+        },
+      })
+        .then((response) => response.json())
+        .then((data) => {
+          if (data.success) {
+            showNotification(
+              "Account deleted successfully. Redirecting...",
+              "success",
+            );
+            setTimeout(() => {
+              window.location.href = data.redirect;
+            }, 1500);
+          } else {
+            showNotification(
+              data.message || "Failed to delete account",
+              "error",
+            );
+          }
         })
-        .catch(error => {
-            console.error('Error:', error);
-            alert('An error occurred while deleting your account');
+        .catch((error) => {
+          console.error("Error:", error);
+          showNotification(
+            "An error occurred while deleting your account",
+            "error",
+          );
         });
     }
-}
+  }
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}