diff --git a/src/app/controllers/profile/get_profile.php b/src/app/controllers/profile/get_profile.php
index 755ce3d3d0b751d755bfe99aeb31e08eb2f02509..d60ff9ba44a53be21e763f9e4fe1a016ec23439e 100644
--- a/src/app/controllers/profile/get_profile.php
+++ b/src/app/controllers/profile/get_profile.php
@@ -4,37 +4,34 @@ class getProfileController
 {
   public function call()
   {
-    require_once __DIR__ . "/../../views/login/login.php";
     session_start();
-    // print_r($_SESSION);
-    // if (isset($_SESSION['user_id'])) {
-      $user_id = "4";
-      // if (isset($_GET["user_id"])) {
-      //   $user_id = $_GET["user_id"];
-      // } 
 
-      $userModel = new UserModel();
-      $profile = $userModel->getUserInfo(4);
-  
-      $data = [
-        "name" => $profile->name,
-        "username" => $profile->username,
-        "url_profpic" => $profile->url_profpic,
-        "is_admin" => $profile->is_admin,
-      ];
-      header("Access-Control-Allow-Origin: http://localhost:3000");
-      header("Access-Control-Allow-Credentials: true");
-      header("Max-Age: 86400");
-      header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
-      // header("Access-Control-Allow-Headers: $_SERVER[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]");
-      echo json_encode($data);
-    // } else {
-    //   session_destroy();
+    if (!isset($_SESSION["user_id"])) {
+      session_destroy();
+      http_response_code(403);
+      return;
+    }
 
-    //   http_response_code(403);
-    //   header("Location: " . BASE_URL . "/login");
+    $user_id = "";
+    if (isset($_GET["user_id"])) {
+      $user_id = $_GET["user_id"];
+    } 
 
-    //   return;
-    // }
+    $userModel = new UserModel();
+    $profile = $userModel->getUserInfo(4);
+
+    $data = [
+      "name" => $profile->name,
+      "username" => $profile->username,
+      "url_profpic" => $profile->url_profpic,
+      "is_admin" => $profile->is_admin,
+    ];
+    header("Access-Control-Allow-Origin: *");
+    header("Access-Control-Allow-Credentials: true");
+    header("Max-Age: 86400");
+    header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
+    // header("Access-Control-Allow-Headers: $_SERVER[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]");
+    http_response_code(200);
+    echo json_encode($data);
   }
 }
\ No newline at end of file
diff --git a/src/app/controllers/profile/update_profile.php b/src/app/controllers/profile/update_profile.php
new file mode 100644
index 0000000000000000000000000000000000000000..94da7a191ca858ecca2fbe3782702f39423b2092
--- /dev/null
+++ b/src/app/controllers/profile/update_profile.php
@@ -0,0 +1,47 @@
+<?php
+
+class UpdateProfileController
+{
+    public function call()
+    {
+        session_start();
+
+        if (!isset($_SESSION["user_id"])) {
+          session_destroy();
+          http_response_code(403);
+          return;
+        }
+
+        if (isset($_POST['name']) && isset($_POST['username']) && isset($_POST['password'])) {
+
+            $name = $_POST['name'];
+            $username = $_POST['username'];
+            $password = $_POST['password'];
+
+            try {
+                if (!isset($_SERVER["user_id"])) {
+                    http_response_code(401);
+                    exit;
+                } else {
+                    $model = new UserModel();
+                    $status = $model->updateProfile($_SESSION["user_id"], $name, $username, $password); 
+
+                    if ($status == 200) {
+                        http_response_code(200);
+                        echo json_encode(["message" => "Profile updated successfully"]);
+                        exit;
+                    } else {
+                        http_response_code(500);
+                        echo json_encode(["message" => "Internal server error"]);
+                        exit;
+                    }
+                }
+            } catch (PDOException $e) {
+                echo $e->getCode();
+                http_response_code(500);
+                echo json_encode(["message" => "Internal server error"]);
+                exit;
+            }
+        }
+    }
+}
diff --git a/src/app/core/app.php b/src/app/core/app.php
index 2b08fb582639226cf9a8473a3ebd4a10d5c8708f..0c09f339c255d6e9eebd4ce85604e8ba1529bf59 100644
--- a/src/app/core/app.php
+++ b/src/app/core/app.php
@@ -8,6 +8,7 @@ class App
     $router = new Router();
 
     $router->get("public/profile", new getProfileController());
+    $router->post("public/profile", new UpdateProfileController());
 
     $router->get("public", new AppController());
     $router->get("public/home", new AppController());
diff --git a/src/app/models/user.php b/src/app/models/user.php
index 0f8bf19ebd2b8bb3d3e147b8affc97fe10e677c5..015dd9d6c1495f9368f9a9f34d8fd775be74aac2 100644
--- a/src/app/models/user.php
+++ b/src/app/models/user.php
@@ -67,4 +67,25 @@ class UserModel
 
     return $rowAffected;
   }
+
+  public function updateProfile($id_user, $name, $username, $password) {
+    $query = "UPDATE user( name, username, password)
+              SET user=:name, username=:username, password=:password
+              WHERE id_user=:id_user";
+
+    $this->db->query($query);
+    $this->db->bind('name', $name);
+    $this->db->bind('username', $username);
+    $this->db->bind('password', $password);
+    $this->db->bind('id_user', $id_user);
+
+    $status = 200;
+    try {
+      $user = $this->db->execute();
+    } catch (PDOException $e) {
+      $status = 500;
+    }
+
+    return $status;
+  }
 }