diff --git a/src/user_controller.v b/src/user_controller.v
index 5cd399e..80a85d8 100644
--- a/src/user_controller.v
+++ b/src/user_controller.v
@@ -48,6 +48,13 @@ pub fn (mut app App) controller_create_user(mut ctx Context, first_name string,
 		return ctx.html(error_html)
 	}
 
+	if x := app.service_find_user_by_email(email, password) {
+		// Generate and insert the token using user ID
+		token := app.auth.add_token(x.id) or { '' }
+		// Authenticate the user by adding the token to the cookies
+		ctx.set_cookie(name: 'token', value: token)
+	}
+
 	// Return success message with HTML
 	success_html := '<div class="alert alert-success">
 		<h4>User created successfully!</h4>
@@ -59,7 +66,7 @@ pub fn (mut app App) controller_create_user(mut ctx Context, first_name string,
 }
 
 @['/controller/user'; post]
-pub fn (app &App) controller_get_user(mut ctx Context, email string, password string) veb.Result {
+pub fn (mut app App) controller_get_user(mut ctx Context, email string, password string) veb.Result {
 	// Create a map of field names and their values
 	fields := {
 		'email':    email
@@ -101,6 +108,10 @@ pub fn (app &App) controller_get_user(mut ctx Context, email string, password st
 		return ctx.html(error_html)
 	}
 
+	token := app.auth.add_token(user.id) or { '' }
+	// Authenticate the user by adding the token to the cookies
+	ctx.set_cookie(name: 'token', value: token)
+
 	// Return success message with HTML and redirect
 	success_html := '<div class="alert alert-success">
 		<h4>Login successful!</h4>
@@ -117,4 +128,60 @@ pub fn (app &App) controller_get_user(mut ctx Context, email string, password st
 
 @['/controller/user/update'; post]
 pub fn (app &App) controller_update_user(mut ctx Context, first_name string, last_name string, password string) veb.Result {
+	// Create a map of field names and their values
+	fields := {
+		'first_name': first_name
+		'last_name':  last_name
+		'password':   password
+	}
+
+	// Check for empty fields
+	mut empty_fields := []string{}
+	for field_name, value in fields {
+		if value == '' {
+			empty_fields << field_name
+		}
+	}
+
+	// If any fields are empty, return field-specific error messages
+	if empty_fields.len > 0 {
+		mut response := '<script>'
+
+		// Reset all field errors first
+		response += 'document.querySelectorAll(".field-error").forEach(el => el.textContent = "");'
+		response += 'document.querySelectorAll("input").forEach(el => el.classList.remove("input-error"));'
+
+		// Set error for each empty field
+		for field in empty_fields {
+			response += 'document.querySelector(".' + field + '-error").textContent = "(Required)";'
+			response += 'document.querySelector("[name=' + field +
+				']").classList.add("input-error");'
+		}
+
+		response += '</script>'
+		response += '<div class="alert alert-danger">Please fill in all required fields</div>'
+
+		return ctx.html(response)
+	}
+
+	id := ctx.get_cookie('token')
+
+	// Try to update the user
+	app.service_update_user(id, first_name, last_name, password) or {
+		error_html := '<div class="alert alert-danger">Error: ${err}</div>'
+		return ctx.html(error_html)
+	}
+
+	// Return success message with HTML
+	success_html := '<div class="alert alert-success">
+        <h4>Profile Updated Successfully!</h4>
+        <p>Your profile information has been updated.</p>
+    </div>
+    <script>
+        setTimeout(function() {
+            window.location.href = "/profile";
+        }, 2000);
+    </script>'
+
+	return ctx.html(success_html)
 }
diff --git a/src/user_service.v b/src/user_service.v
index f2775ea..bb22d0c 100644
--- a/src/user_service.v
+++ b/src/user_service.v
@@ -35,3 +35,19 @@ fn (app &App) service_find_user_by_email(email string, password string) !User {
 	}
 	return user[0]
 }
+
+fn (app &App) service_update_user(id ?string, first_name string, last_name string, password string) ! {
+	if id == none {
+		return error('User ID is required')
+	}
+
+	salt := auth.generate_salt()
+	hashed_password := auth.hash_password_with_salt(password, salt)
+
+	sql app.db {
+		update User set first_name = first_name, last_name = last_name, password = hashed_password,
+		salt = salt where id == id
+	}!
+
+	return
+}