How to change login password in PHP and MYSQL | Update user account password


The password change operation is known as updating the user password during a session with the current password. We are creating a login and registration system from the scratch. In the previous tutorial, we had learned about user profile edit operation using the session. In this tutorial, we will create a password change form to update the user password using session-id(current session email Id). The password change operation is most important for a login system. It gives to ensures the security of the user which means users can change passwords anytime from their account. We are using bootstrap with PHP and MYSQL database. As you know, bootstrap is an HTML and CSS framework which is used to design websites using CSS classes and readymade modules. We will create a password change HTML form using bootstrap.

Let’s discuss the process to change user password –

Changing user password in PHP and MYSQL –

In the password changing operation, we create three fields listed below -

Current Password – The current password stands for the present time password that is used by the user to log in account. First of all, we will verify the current password. if the current password does not match then do not process more and if the current password match then processes for the password change operation (Password update operation using session-id ).
New Password – Enter the new password.
Confirm New Password –  Re-enter the new password to confirm.
In this user password update operation, we will use validation like – password length, password matches or not, password minimum, and maximum.

We had created a password change button on account page in part 1. You can start learning from part 1.

Let’s create a password change form with PHP code –

Create a PHP file. 

change-password.php

<?php require_once("config.php");
if(!isset($_SESSION["login_sess"])) 
{
    header("location:login.php"); 
}
  $email=$_SESSION["login_email"];

 ?> 
 <!DOCTYPE html>
<html>
<head>
    <title>Change Password</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css"> 
    <link rel="stylesheet" href="style.css">
</head>
<body>
<div class="container">
    <div class="row">
        <div class="col-sm-3">
        </div>
        <div class="col-sm-6">
           
     <form action="" method="POST">
  <div class="login_form">

 <img src="https://technosmarter.com/assets/images/logo.png" alt="Techno Smarter" class="logo img-fluid"> <br> <?php 
 if(isset($_POST['change_password'])){
 $currentPassword=$_POST['currentPassword']; 
  $password=$_POST['password'];  
 $passwordConfirm=$_POST['passwordConfirm']; 
$sql="SELECT password from users where email='$email'";
$res = mysqli_query($dbc,$sql);
      $res=mysqli_query($dbc,$sql);
        $row = mysqli_fetch_assoc($res);
       if(password_verify($currentPassword,$row['password'])){
if($passwordConfirm ==''){
            $error[] = 'Please confirm the password.';
        }
        if($password != $passwordConfirm){
            $error[] = 'Passwords do not match.';
        }
          if(strlen($password)<5){ // min 
            $error[] = 'The password is 6 characters long.';
        }
        
         if(strlen($password)>20){ // Max 
            $error[] = 'Password: Max length 20 Characters Not allowed';
        }
if(!isset($error))
{
      $options = array("cost"=>4);
    $password = password_hash($password,PASSWORD_BCRYPT,$options);

     $result = mysqli_query($dbc,"UPDATE users SET password='$password' WHERE email='$email'");
           if($result)
           {
       header("location:account.php?password_updated=1");
           }
           else 
           {
            $error[]='Something went wrong';
           }
}

        } 
        else 
        {
            $error[]='Current password does not match.'; 
        }   
    }
        if(isset($error)){ 

foreach($error as $error){ 
  echo '<p class="errmsg">'.$error.'</p>'; 
}
}
        ?> 
     <form method="post" enctype='multipart/form-data' action="">
          <div class="row">
            <div class="col"></div>
          
            <div class="col"><p><a href="logout.php"><span style="color:red;">Logout</span> </a></p>
         </div>
          </div>

          <div class="form-group">
          <div class="row"> 
             <div class="col">
                <label>Current Password:- </label>
                <input type="password" name="currentPassword" class="form-control">
            </div>
          </div>
      </div>
      <div class="form-group">
 <div class="row"> 
             <div class="col">
                 <label>New Password:- </label>
                <input type="password" name="password"  class="form-control">
            </div>
          </div>
      </div>
      <div class="form-group">
 <div class="row">  
             <div class="col">
                 <label>Confirm New Password:-</label>
                <input type="password" name="passwordConfirm"  class="form-control">
            </div>
          </div>
      </div>
           <div class="row">
            <div class="col-sm-6">
            </div>
            <div class="col-sm-6">
<button  class="btn btn-success" name="change_password">Change Password</button>
            </div>
           </div>
       </form>
        </div>
        <div class="col-sm-3">
        </div>
    </div>
</div> 
</body>
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js"></script>
</html>

In the code above –

We have created three text boxes for the current password, new password, and confirm password. These fields are important to change the password by the user after logging in.
When a user clicks on the password change button the values from the three text boxes hold by the POST method.
First of all, verify the current password in the database table where the current session email exists.
After verifying the current password, the password gets validated and update through the update query using PHP and MYSQL.
It’s a secure way to change passwords using PHP and MYSQL databases.
In this way, users can change login password using session id.


Please Share

Recommended Posts:-