diff --git a/core/models/glb.py b/core/models/glb.py
index 10bd7f7..3f8a579 100644
--- a/core/models/glb.py
+++ b/core/models/glb.py
@@ -4,7 +4,7 @@ from django.conf import settings
 class Glb(models.Model):
     user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
     url = models.URLField(max_length=250, blank=True)  # For storing external URLs
-    glb = models.ImageField(upload_to='user_glbs/', blank=True, null=True)  # For file uploads
+    glb = models.FileField(upload_to='user_glbs/', blank=True, null=True)  # For file uploads
     name = models.CharField(max_length=100)
     created_at = models.DateTimeField(auto_now_add=True)
     
diff --git a/core/models/pdf.py b/core/models/pdf.py
index d0778a3..18a6da1 100644
--- a/core/models/pdf.py
+++ b/core/models/pdf.py
@@ -4,7 +4,7 @@ from django.conf import settings
 class Pdf(models.Model):
     user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
     url = models.URLField(max_length=250, blank=True)  # For storing external URLs
-    pdf = models.ImageField(upload_to='user_pdfs/', blank=True, null=True)  # For file uploads
+    pdf = models.FileField(upload_to='user_pdfs/', blank=True, null=True)  # For file uploads
     name = models.CharField(max_length=100)
     created_at = models.DateTimeField(auto_now_add=True)
     
diff --git a/core/models/video.py b/core/models/video.py
index 04e00b3..d2e80d2 100644
--- a/core/models/video.py
+++ b/core/models/video.py
@@ -4,7 +4,7 @@ from django.conf import settings
 class Video(models.Model):
     user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
     url = models.URLField(max_length=250, blank=True)  # For storing external URLs
-    video = models.ImageField(upload_to='user_videos/', blank=True, null=True)  # For file uploads
+    video = models.FileField(upload_to='user_videos/', blank=True, null=True)  # For file uploads
     name = models.CharField(max_length=100)
     created_at = models.DateTimeField(auto_now_add=True)
     
diff --git a/core/urls.py b/core/urls.py
index 52451a3..2f4a572 100644
--- a/core/urls.py
+++ b/core/urls.py
@@ -17,6 +17,11 @@ urlpatterns = [
  
     re_path('signup', userView.signup , name="signup"),
     re_path('login', userView.login),
+
+    re_path('editProfile/', userView.editProfile, name='edit-profile'),
+    re_path('resetPassword/', userView.resetPassword, name='reset-password'),
+
+
     re_path('getInfo', userView.getInfo),
 
     re_path('sendSmsVerification', userView.sendSmsVerification),
diff --git a/core/views/userView.py b/core/views/userView.py
index 70092c6..4973562 100644
--- a/core/views/userView.py
+++ b/core/views/userView.py
@@ -579,4 +579,137 @@ def upload_pdf(request):
     )
     
     serializer = GlbSerializer(pdf)
-    return Response(serializer.data, status=status.HTTP_201_CREATED)
\ No newline at end of file
+    return Response(serializer.data, status=status.HTTP_201_CREATED)
+
+
+
+
+
+
+from django.core.files.storage import default_storage
+from datetime import datetime
+import os
+from django.core.files.uploadedfile import UploadedFile, InMemoryUploadedFile
+
+@api_view(['POST'])
+@authentication_classes([SessionAuthentication, TokenAuthentication])
+@permission_classes([IsAuthenticated])
+def editProfile(request):
+    user = request.user
+    
+    try:
+        customer = Customer.objects.get(user=user)
+    except Customer.DoesNotExist:
+        return Response({'error': 'Customer profile not found'}, status=status.HTTP_404_NOT_FOUND)
+
+    # Update user fields
+    if 'first_name' in request.data:
+        user.first_name = request.data['first_name']
+    if 'last_name' in request.data:
+        user.last_name = request.data['last_name']
+    
+    # Initialize customer data dict
+    customer_data = {}
+    
+    # Handle mobile number update
+    if 'mobile_number' in request.data:
+        if User.objects.exclude(pk=user.pk).filter(username=request.data['mobile_number']).exists():
+            return Response({'mobile_number': ['This mobile number is already in use.']}, status=status.HTTP_400_BAD_REQUEST)
+        user.username = request.data['mobile_number']
+        customer_data['mobile_number'] = request.data['mobile_number']
+    
+    # Handle profile image upload
+    if 'profile_img' in request.FILES:
+        uploaded_img = request.FILES['profile_img']
+        today = datetime.now()
+        img_path = os.path.join(
+            str(today.year), 
+            str(today.month), 
+            str(today.day), 
+            f"profile_img_{user.id}_{uploaded_img.name}"
+        )
+        saved_img_path = default_storage.save(img_path, uploaded_img)
+        customer_data['profile_img'] = saved_img_path
+        
+        # Delete old image if it exists
+        if customer.profile_img:
+            try:
+                default_storage.delete(customer.profile_img)
+            except:
+                pass
+    
+    # Handle profile GLB upload
+    if 'profile_glb' in request.FILES:
+        uploaded_glb = request.FILES['profile_glb']
+        today = datetime.now()
+        glb_path = os.path.join(
+            str(today.year), 
+            str(today.month), 
+            str(today.day), 
+            f"profile_glb_{user.id}_{uploaded_glb.name}"
+        )
+        saved_glb_path = default_storage.save(glb_path, uploaded_glb)
+        customer_data['profile_glb'] = saved_glb_path
+        
+        # Delete old GLB if it exists
+        if customer.profile_glb:
+            try:
+                default_storage.delete(customer.profile_glb)
+            except:
+                pass
+    
+    # Also allow text-based updates (in case client sends path instead of file)
+    if 'profile_img' in request.data and not isinstance(request.data['profile_img'], (UploadedFile, InMemoryUploadedFile)):
+        customer_data['profile_img'] = request.data['profile_img']
+    
+    if 'profile_glb' in request.data and not isinstance(request.data['profile_glb'], (UploadedFile, InMemoryUploadedFile)):
+        customer_data['profile_glb'] = request.data['profile_glb']
+    
+    # Serialize and validate customer data
+    customer_serializer = CustomerSerializer(customer, data=customer_data, partial=True)
+    if customer_serializer.is_valid():
+        user.save()
+        customer_serializer.save()
+        user_serializer = UserSerializer(user)
+        return Response({
+            'user': user_serializer.data,
+            'customer': customer_serializer.data
+        }, status=status.HTTP_200_OK)
+    else:
+        return Response(customer_serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+
+
+
+
+@api_view(['POST'])
+@authentication_classes([SessionAuthentication, TokenAuthentication])
+@permission_classes([IsAuthenticated])
+def resetPassword(request):
+    user = request.user
+    
+    # Validate required fields
+    if 'old_password' not in request.data or 'new_password' not in request.data:
+        return Response(
+            {'error': 'Both old_password and new_password are required'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+    
+    old_password = request.data['old_password']
+    new_password = request.data['new_password']
+    
+    # Verify old password
+    if not user.check_password(old_password):
+        return Response(
+            {'old_password': ['Wrong password.']},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+    
+    # Set new password
+    user.set_password(new_password)
+    user.save()
+    
+    # If using JWT, you might want to blacklist the old token here
+    # and optionally return a new token
+    
+    return Response({'message': 'Password updated successfully'}, status=status.HTTP_200_OK)
\ No newline at end of file
diff --git a/media/2025/4/27/profile_glb_21_67fa74cbb2eab89e59274320.glb b/media/2025/4/27/profile_glb_21_67fa74cbb2eab89e59274320.glb
new file mode 100644
index 0000000..93edb15
Binary files /dev/null and b/media/2025/4/27/profile_glb_21_67fa74cbb2eab89e59274320.glb differ
diff --git a/media/2025/4/27/profile_img_21_images.jpg b/media/2025/4/27/profile_img_21_images.jpg
new file mode 100644
index 0000000..d7c9fb7
Binary files /dev/null and b/media/2025/4/27/profile_img_21_images.jpg differ
diff --git a/media/2025/4/27/profile_img_21_images_6Q2ouHy.jpg b/media/2025/4/27/profile_img_21_images_6Q2ouHy.jpg
new file mode 100644
index 0000000..d7c9fb7
Binary files /dev/null and b/media/2025/4/27/profile_img_21_images_6Q2ouHy.jpg differ
diff --git a/media/user_pdfs/سناریو_حادثه.pdf b/media/user_pdfs/سناریو_حادثه.pdf
new file mode 100644
index 0000000..59036e6
Binary files /dev/null and b/media/user_pdfs/سناریو_حادثه.pdf differ
diff --git a/test.rest b/test.rest
index 2137a41..107316a 100644
--- a/test.rest
+++ b/test.rest
@@ -16,7 +16,7 @@ Content-Type: application/json
 
 GET  http://127.0.0.1:8000/sendSmsVerification 
 Content-Type: application/json
-Authorization: token cb8c2ef7913df31085e749398f22da5b43f419b2
+Authorization: token 224648840820ad0948ddee5b00d53ae67c040c49
  
 ###
 
@@ -68,4 +68,13 @@ Authorization: token c362581117e209735d412226e54596867e370892
 
 { "question_id": "1", "answer_text": "answer1" }
 
-###
\ No newline at end of file
+###
+
+ 
+###
+
+POST   http://127.0.0.1:8000/editProfile 
+Content-Type: application/json
+Authorization: token d3f1b03996140c8f7561d67221953ff704b482cb
+
+{ "verification_sms_code": "807806" }