PHP Change Password script using mysql

Change password feature is a common requirement for any membership management script. Here members can change their password after logging in to the member area. Here we will check the session of the member to allow or disallow the access the change password page of the site. Here we can ask the member to enter the old password once and then enter new password twice.

Password update This is a basic script and we can create a change password script by using Ajax ( with PHP MySQL) and update the new passwords. Our new membership management script uses this and there is a demo available to check the functionality.

Demo of Change Password script using Ajax

We know the user-id if the member as he has logged in so we will not ask the member to enter userid again. It is not a good practice to allow the member change his or her userid.

The new password will be effective from the next login of the member.

We will ask the member to enter the new password twice. Both the entered password should match and must pass the validation. If all the checks passed well then we will update the record of the member with new password.

Let us start with the form. You can download the code at the end of this tutorial but here is the form for change password.
 Change Password
 Old Password
 New Password
 Re-enter New Password
Now this form will submit to another page where all the values will be validated and then table will be updated with new password. First we will see the member has opened this page after logging in, if not then we will stop the execuation of the page by using exit command. Here is the part of the code to do that.

Checking user Session status

This checking of session is common in many pages where a login member can only access for example the pages where the profile to be updated or present page where password to be changed. So we have kept this common code in a separate file check.php and include that file in all required pages.




// check the login details of the user and stop execution if not logged in
require "check.php";

Inside the file check.php we have only few lines of code to check the session. Here it is for your reference.


<?Php
if(!isset($_SESSION['userid'])){
echo "<center><font face='Verdana' size='2' color=red>
Sorry, Please login and use this page </font></center>";
exit;
}
?>

Now let us collect all the form posted data of the user


$todo=$_POST['todo'];
$password=$_POST['password'];
$password2=$_POST['password2'];
$old_password=$_POST['old_password'];

Now we will set the flags for validation of the variables. Please note that we have used limited validation here and you can go for more checking as per your requirements. ( like allowing only numbers or chars in the password etc )


$status = "OK";
$msg="";

Now check the old password

$count=$dbo->prepare("select password from plus_signup where userid=:userid");
$count->bindParam(":userid",$_SESSION[userid],PDO::PARAM_STR, 15);
$count->execute();
$row = $count->fetch(PDO::FETCH_OBJ);

if($row->password<>md5($old_password)){
$msg=$msg."Your old password is not matching as per our record.<BR>";
$status= "NOTOK";
}

After this we will see that our entered password is not less than 3 char and more that 8 char length.



if ( strlen($password) < 3 or strlen($password) > 8 ){
$msg=$msg."Password must be more than 3 char legth and maximum 8 char lenght<BR>";
$status= "NOTOK";}

Now let us check wheter both the passwords are equal or not




if ( $password <> $password2 ){
$msg=$msg."Both passwords are not matching<BR>";
$status= "NOTOK";}

Now if our validation is ok then we will go for updation sql and if validation is not ok then we will display the error message. In our query we are using sql update statement and based on the success of the sql update statement we can display the message. Here is the code for the updation of the member table.




if($status<>"OK"){ 
echo "<font face='Verdana' size='2' color=red>$msg</font>
<br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
$password=md5($password); // Encrypt the password before storing
//if(mysql_query("update plus_signup set password='$password' where userid='$_SESSION[userid]'")){
$sql=$dbo->prepare("update plus_signup set password=:password where userid='$_SESSION[userid]'");
$sql->bindParam(':password',$password,PDO::PARAM_STR, 32);
if($sql->execute()){
echo "<font face='Verdana' size='2' ><center>Thanks <br>
Your password changed successfully. Please keep changing your password for better security</font></center>";
}else{
echo "<font face='Verdana' size='2' color=red><center>Sorry <br>
Failed to change password Contact Site Admin</font></center>"; }

If the database updating is successful then the user has to use new password for next time login. Or the user can be redirected to logout page and can be asked to login again.




Number of User Comments : 7


Google+
flora

15-11-2011

how about adding javascript in changing password? can u pls help me.. thanks in advance :)
Nitin patil

06-09-2012

Thanks u really help me.
John Akuse

23-09-2013

Process for changing password interesting
Prasad

29-01-2014

Thanks... it realy works...!
Jue

22-09-2014

why error at config.php ?
Error!: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES)
smo

24-09-2014

Enter correct login details for MySQL. userid , password and database name
nis

24-09-2014

Error!: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES)

There is no databases in that code file

Post Comment This is for short comments only. Use the forum for more discussions.






HTML . MySQL. PHP. JavaScript. ASP. Photoshop. Articles. FORUM Contact us
©2000-2015 plus2net.com All rights reserved worldwide Privacy Policy Disclaimer