How to Change Password using PHP

Submitted by nurhodelta_17 on Tuesday, May 22, 2018 - 18:55.

Getting Started

I've used Bootstrap in this tutorial which is included in the downloadable but if you want, you can download it yourself using this link. Take not that I'm using password_hash and password verify function which is available on PHP >=5.

Creating our Database

First we create our database which contains our sample user. I've included a SQL file in the downloadable of this tutorial. All you have to do is import the said file. If you have no idea on how to import, please visit my tutorial How import .sql file to restore MySQL database. You should be able to create a database named dbase.

Creating our Login Form

Next, we create our sample login form. Create a new file, name it as index.php and paste the codes below.
  1. <?php
  2.         session_start();
  3.  
  4.         //redirect to home if session has been set
  5.         if(isset($_SESSION['user'])){
  6.                 header('location:home.php');
  7.                 exit();
  8.         }
  9. ?>
  10. <!DOCTYPE html>
  11. <html>
  12. <head>
  13.         <meta charset="utf-8">
  14.         <title>How to Change Password using PHP</title>
  15.         <link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css">
  16. </head>
  17. <body>
  18. <div class="container">
  19.         <h1 class="page-header text-center">Change Password using PHP</h1>
  20.         <div class="row">
  21.                 <div class="col-sm-4 col-sm-offset-4 panel panel-default" style="padding:20px;">
  22.                         <form method="POST" action="login.php">
  23.                                 <p class="text-center" style="font-size:30px;"><b>Login</b></p>
  24.                                 <hr>
  25.                                 <div class="form-group">
  26.                                         <label for="username">Username:</label>
  27.                                         <input type="text" name="username" id="username" class="form-control">
  28.                                 </div>
  29.                                 <div class="form-group">
  30.                                         <label for="password">Password:</label>
  31.                                         <input type="password" name="password" id="password" class="form-control">
  32.                                 </div>
  33.                                 <button type="submit" name="login" class="btn btn-primary"><span class="glyphicon glyphicon-log-in"></span> Login</button>
  34.                         </form>
  35.                         <?php
  36.                                 if(isset($_SESSION['error'])){
  37.                                         ?>
  38.                                         <div class="alert alert-danger text-center" style="margin-top:20px;">
  39.                                                 <?php echo $_SESSION['error']; ?>
  40.                                         </div>
  41.                                         <?php
  42.  
  43.                                         unset($_SESSION['error']);
  44.                                 }
  45.                         ?>
  46.                 </div>
  47.         </div>
  48. </div>
  49. </body>
  50. </html>

Creating our Login Script

Lastly, we create our login script that checks our user. Create a new file, name it as login.php and paste the codes below.
  1. <?php
  2.         session_start();
  3.  
  4.         if(isset($_POST['login'])){
  5.                 //connection
  6.                 $conn = new mysqli('localhost', 'root', '', 'dbase');
  7.  
  8.                 //get the user with the username
  9.                 $sql = "SELECT * FROM users WHERE username = '".$_POST['username']."'";
  10.                 $query = $conn->query($sql);
  11.                 if($query->num_rows > 0){
  12.                         $row = $query->fetch_assoc();
  13.                         //verify password
  14.                         if(password_verify($_POST['password'], $row['password'])){
  15.                                 $_SESSION['user'] = $row['id'];
  16.                         }
  17.                         else{
  18.                                 $_SESSION['error'] = 'Password incorrect';
  19.                         }
  20.                 }
  21.                 else{
  22.                         $_SESSION['error'] = 'No account with that username';
  23.                 }
  24.  
  25.         }
  26.         else{
  27.                 $_SESSION['error'] = 'Fill up login form first';
  28.         }
  29.  
  30.         header('location: index.php');
  31.  
  32. ?>

Creating our Homepage

Next, we create the page where our verified users are directed. It also contains our change password form. Create a new file, name it as home.php and paste the codes below.
  1. <?php
  2.         session_start();
  3.  
  4.         //redirect ot login page if not logged in
  5.         if(!isset($_SESSION['user'])){
  6.                 header('location:index.php');
  7.                 exit();
  8.         }
  9.  
  10.         //connection
  11.         $conn = new mysqli('localhost', 'root', '', 'dbase');
  12.  
  13.         //get user details
  14.         $sql = "SELECT * FROM users WHERE id = '".$_SESSION['user']."'";
  15.         $query = $conn->query($sql);
  16.         $row = $query->fetch_assoc();
  17.  
  18. ?>
  19. <!DOCTYPE html>
  20. <html>
  21. <head>
  22.         <meta charset="utf-8">
  23.         <title>How to Change Password using PHP</title>
  24.         <link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css">
  25. </head>
  26. <body>
  27. <div class="container">
  28.         <h1 class="page-header text-center">Change Password using PHP</h1>
  29.         <div class="row">
  30.                 <div class="col-sm-4 col-sm-offset-4 panel panel-default" style="padding:20px;">
  31.                         <h3>Welcome, <?php echo $row['username']; ?>
  32.                                 <span class="pull-right">
  33.                                         <a href="logout.php" class="btn btn-danger btn-sm"><span class="glyphicon glyphicon-log-out"></span> Logout</a>
  34.                                 </span>
  35.                         </h3>
  36.                         <hr>
  37.                         <form method="POST" action="change_password.php">
  38.                                 <div class="form-group">
  39.                                         <label for="old">Old Password:</label>
  40.                                         <input type="password" name="old" id="old" class="form-control" value="<?php echo (isset($_SESSION['old'])) ? $_SESSION['old'] : ''; ?>">
  41.                                 </div>
  42.                                 <div class="form-group">
  43.                                         <label for="new">New Password:</label>
  44.                                         <input type="password" name="new" id="new" class="form-control" value="<?php echo (isset($_SESSION['new'])) ? $_SESSION['new'] : ''; ?>">
  45.                                 </div>
  46.                                 <div class="form-group">
  47.                                         <label for="retype">Retype New Password:</label>
  48.                                         <input type="password" name="retype" id="retype" class="form-control" value="<?php echo (isset($_SESSION['retype'])) ? $_SESSION['retype'] : ''; ?>">
  49.                                 </div>
  50.                                 <button type="submit" name="update" class="btn btn-success"><span class="glyphicon glyphicon-check"></span> Update</button>
  51.                         </form>
  52.                         <?php
  53.                                 if(isset($_SESSION['error'])){
  54.                                         ?>
  55.                                         <div class="alert alert-danger text-center" style="margin-top:20px;">
  56.                                                 <?php echo $_SESSION['error']; ?>
  57.                                         </div>
  58.                                         <?php
  59.  
  60.                                         unset($_SESSION['error']);
  61.                                 }
  62.                                 if(isset($_SESSION['success'])){
  63.                                         ?>
  64.                                         <div class="alert alert-success text-center" style="margin-top:20px;">
  65.                                                 <?php echo $_SESSION['success']; ?>
  66.                                         </div>
  67.                                         <?php
  68.  
  69.                                         unset($_SESSION['success']);
  70.                                 }
  71.                         ?>
  72.                 </div>
  73.         </div>
  74. </div>
  75. </body>
  76. </html>

Creating our Change Password Script

Next, we create the script that changes the users password. Create a new file, name it as change_password.php.
  1. <?php
  2.         session_start();
  3.  
  4.         if(isset($_POST['update'])){
  5.                 //get POST data
  6.                 $old = $_POST['old'];
  7.                 $new = $_POST['new'];
  8.                 $retype = $_POST['retype'];
  9.  
  10.                 //create a session for the data incase error occurs
  11.                 $_SESSION['old'] = $old;
  12.                 $_SESSION['new'] = $new;
  13.                 $_SESSION['retype'] = $retype;
  14.  
  15.                 //connection
  16.                 $conn = new mysqli('localhost', 'root', '', 'dbase');
  17.  
  18.                 //get user details
  19.                 $sql = "SELECT * FROM users WHERE id = '".$_SESSION['user']."'";
  20.                 $query = $conn->query($sql);
  21.                 $row = $query->fetch_assoc();
  22.  
  23.                 //check if old password is correct
  24.                 if(password_verify($old, $row['password'])){
  25.                         //check if new password match retype
  26.                         if($new == $retype){
  27.                                 //hash our password
  28.                                 $password = password_hash($new, PASSWORD_DEFAULT);
  29.  
  30.                                 //update the new password
  31.                                 $sql = "UPDATE users SET password = '$password' WHERE id = '".$_SESSION['user']."'";
  32.                                 if($conn->query($sql)){
  33.                                         $_SESSION['success'] = "Password updated successfully";
  34.                                         //unset our session since no error occured
  35.                                         unset($_SESSION['old']);
  36.                                         unset($_SESSION['new']);
  37.                                         unset($_SESSION['retype']);
  38.                                 }
  39.                                 else{
  40.                                         $_SESSION['error'] = $conn->error;
  41.                                 }
  42.                         }
  43.                         else{
  44.                                 $_SESSION['error'] = "New and retype password did not match";
  45.                         }
  46.                 }
  47.                 else{
  48.                         $_SESSION['error'] = "Incorrect Old Password";
  49.                 }
  50.         }
  51.         else{
  52.                 $_SESSION['error'] = "Input needed data to update first";
  53.         }
  54.  
  55.         header('location: home.php');
  56.        
  57. ?>

Creating our Logout Script

Lastly, we create our logout script. Create a new file, name it as logout.php and paste the codes below.
  1. <?php
  2.         session_start();
  3.         session_destroy();
  4.         header('location: index.php');
  5. ?>
That ends this tutorial. Happy Coding :)
Tags
php
MySQLi
login
Password
reset password
change password

Comments

Submitted by mcfi on Tue, 04/27/2021 - 00:14

Thanks a lot, your code really helped me. Thank you

Submitted by Neilbert Lood (not verified) on Sun, 07/04/2021 - 17:41

what is the username and password ? so that I can login

Submitted by asdasqwe (not verified) on Sat, 01/07/2023 - 06:33

Creating our Database First we create our database which contains our sample user. I've included a SQL file in the downloadable of this tutorial. All you have to do is import the said file. If you have no idea on how to import, please visit my tutorial How import .sql file to restore MySQL database. You should be able to create a database named dbase.

Submitted by what is the pa… (not verified) on Wed, 05/31/2023 - 11:56

what is the password to test change password ??? username : nurhodelta pass: $2y$10$AP027M5jhULJPIBAUiCa0e0phP1UAQBlKqTLLQZ2.UL44x5DdUwHq

Add new comment

About text formats