PHP

How to Implement the Change Password Function in PHP?

In this article, I will explain How to Implement the Change Password Function in PHP.

In order to implement a change password function in PHP, you need to follow the steps below.

  1. To begin with, create a form in HTML to get the user’s current password, and the new password, and confirm the new password.
  2. Then, write a PHP script to validate the user’s input. Therefore, check if the current password is correct, and update the user’s password in the database.
  3. After that, display a success message if the password is updated successfully. Otherwise, display an error message if there is a validation error or the current password is incorrect.

The following code shows an example of how you can implement a change password function in PHP.

HTML code for the change password form

<form action="change_password.php" method="post">
  <label for="current_password">Current Password:</label>
  <input type="password" id="current_password" name="current_password"><br><br>
  <label for="new_password">New Password:</label>
  <input type="password" id="new_password" name="new_password"><br><br>
  <label for="confirm_password">Confirm New Password:</label>
  <input type="password" id="confirm_password" name="confirm_password"><br><br>
  <input type="submit" value="Change Password">
</form>

PHP code for the change password script

<?php
session_start();
if(isset($_POST['current_password']) && isset($_POST['new_password']) && isset($_POST['confirm_password'])) {
    //connect to database
    $conn = mysqli_connect("localhost", "username", "password", "database_name");
    
    //sanitize user input
    $current_password = mysqli_real_escape_string($conn, $_POST['current_password']);
    $new_password = mysqli_real_escape_string($conn, $_POST['new_password']);
    $confirm_password = mysqli_real_escape_string($conn, $_POST['confirm_password']);
    
    //check if new password and confirm password match
    if($new_password != $confirm_password) {
        echo "New password and confirm password do not match.";
    }
    else {
        //check if current password is correct
        $username = $_SESSION['username'];
        $query = "SELECT password FROM users WHERE username='$username'";
        $result = mysqli_query($conn, $query);
        $row = mysqli_fetch_assoc($result);
        
        if($row['password'] != $current_password) {
            echo "Incorrect current password.";
        }
        else {
            //update password in database
            $query = "UPDATE users SET password='$new_password' WHERE username='$username'";
            mysqli_query($conn, $query);
            echo "Password updated successfully.";
        }
    }
    mysqli_close($conn);
}
?>

As can be seen, in the code above, replace “username”, “password”, and “database_name” with your actual credentials and database name.

So, the code checks if the current password, new password, and confirm password fields are filled in the HTML form. Then it connects to the database, sanitizes the user input to prevent SQL injection, and checks if the new password and confirm password match. If they match, it checks if the current password is correct by querying the database. So, if the current password is correct, it updates the user’s password in the database and displays a success message. Otherwise, if there is a validation error or the current password is incorrect, it displays an error message.


Further Reading

Examples of Array Functions in PHP

20+ Programming Problems on PHP Arrays

20+ Programming Problems on Control Statements in PHP

Basic Programs in PHP

Registration Form Using PDO in PHP

How to Implement Forgot Password Function in PHP?

Inserting Information from Multiple CheckBox Selection in a Database Table in PHP

PHP Projects for Undergraduate Students

Architectural Constraints of REST API

REST API Concepts

Creating a Classified Ads Application in PHP

programmingempire

princites.com

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *