In this article, I will explain How to Implement the Change Password Function in PHP.
In order to implement a change password function in PHP, you need to follow the steps below.
- To begin with, create a form in HTML to get the user’s current password, and the new password, and confirm the new password.
- Then, write a PHP script to validate the user’s input. Therefore, check if the current password is correct, and update the user’s password in the database.
- After that, display a success message if the password is updated successfully. Otherwise, display an error message if there is a validation error or the current password is incorrect.
The following code shows an example of how you can implement a change password function in PHP.
HTML code for the change password form
<form action="change_password.php" method="post">
<label for="current_password">Current Password:</label>
<input type="password" id="current_password" name="current_password"><br><br>
<label for="new_password">New Password:</label>
<input type="password" id="new_password" name="new_password"><br><br>
<label for="confirm_password">Confirm New Password:</label>
<input type="password" id="confirm_password" name="confirm_password"><br><br>
<input type="submit" value="Change Password">
</form>
PHP code for the change password script
<?php
session_start();
if(isset($_POST['current_password']) && isset($_POST['new_password']) && isset($_POST['confirm_password'])) {
//connect to database
$conn = mysqli_connect("localhost", "username", "password", "database_name");
//sanitize user input
$current_password = mysqli_real_escape_string($conn, $_POST['current_password']);
$new_password = mysqli_real_escape_string($conn, $_POST['new_password']);
$confirm_password = mysqli_real_escape_string($conn, $_POST['confirm_password']);
//check if new password and confirm password match
if($new_password != $confirm_password) {
echo "New password and confirm password do not match.";
}
else {
//check if current password is correct
$username = $_SESSION['username'];
$query = "SELECT password FROM users WHERE username='$username'";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
if($row['password'] != $current_password) {
echo "Incorrect current password.";
}
else {
//update password in database
$query = "UPDATE users SET password='$new_password' WHERE username='$username'";
mysqli_query($conn, $query);
echo "Password updated successfully.";
}
}
mysqli_close($conn);
}
?>
As can be seen, in the code above, replace “username”, “password”, and “database_name” with your actual credentials and database name.
So, the code checks if the current password, new password, and confirm password fields are filled in the HTML form. Then it connects to the database, sanitizes the user input to prevent SQL injection, and checks if the new password and confirm password match. If they match, it checks if the current password is correct by querying the database. So, if the current password is correct, it updates the user’s password in the database and displays a success message. Otherwise, if there is a validation error or the current password is incorrect, it displays an error message.
Further Reading
Examples of Array Functions in PHP
20+ Programming Problems on PHP Arrays
20+ Programming Problems on Control Statements in PHP
Registration Form Using PDO in PHP
How to Implement Forgot Password Function in PHP?
Inserting Information from Multiple CheckBox Selection in a Database Table in PHP
PHP Projects for Undergraduate Students
Architectural Constraints of REST API