Account updates
Klub exposes endpoints to update or delete the logged-in user account. Use this page when building a member settings screen.
Update account
POST /klub/account
The endpoint filters incoming fields through the user blueprint. A field is writable if:
- It exists in the blueprint and is not explicitly blocked.
Use these flags to restrict fields:
klub: falseblocks read and update.klub: { update: false }blocks updates only.klub: { read: false }blocks read helper output.
Kirby credential fields (email, name, password, language) are handled separately and require the user’s permissions. When updating passwords, send both password and password_confirm with the same value.
Example blueprint field:
fields:
bio:
type: textarea
klub:
read: true
update: true
internalNotes:
type: textarea
klub:
update: falseExample form:
<form method="post" action="<?= site()->url() ?>/klub/account">
<input type="hidden" name="token" value="<?= csrf() ?>">
<input type="hidden" name="redirect" value="<?= url('account') ?>">
<textarea name="bio"></textarea>
<button type="submit">Save</button>
</form>Field helpers
Use the field helpers to align form UI with blueprint permissions:
$field->allowsRead()$field->allowsUpdate()$field->ecco($a, $b)to toggle output based on truthy values
Example:
<?php if ($user->bio()->allowsUpdate()): ?>
<textarea name="bio"><?= $user->bio() ?></textarea>
<?php endif ?>Delete account
POST /klub/account/delete deletes the current member if the user has permission to delete.
<form method="post" action="<?= site()->url() ?>/klub/account/delete">
<input type="hidden" name="token" value="<?= csrf() ?>">
<input type="hidden" name="redirect" value="<?= url('/') ?>">
<button type="submit">Delete account</button>
</form>