SQL PHP HTML ASP JavaScript articles and free scripts to download
Custom Search
Contact Us
 
 

PHP Change Password script using mysql

Change password feature is a common requirement for any membership management script. Here members can change their password after logging in to the member area. Here we will check the session of the member to allow or disallow the access the change password page of the site. Here we can ask the member to enter the old password once and then enter new password twice. Since the member has already used his or her old password to login so there is no point in asking the same again for verification. You can include this step also if required but here we will skip the step involving entering the old password.

We know the user-id if the member as he has logged in so we will not ask the member to enter userid again. It is not a good practice to allow the member change his or her userid.
Related Tutorial
PHP Login script
Forgot password script
PHP Login Logout
PHP Signup script


The new password will be effective from the next login of the member.

We will ask the member to enter the new password twice. Both the entered password should match and must pass the validation. If all the checks passed well then we will update the record of the member with new password.

Let us start with the form. You can download the code at the end of this tutorial but here is the form for change password.
 Change Password
 New Password
 Re-enter New Password


Now this form will submit to another page where all the values will be validated and then table will be updated with new password. First we will see the member has opened this page after logging in, if not then we will stop the execuation of the page by using exit command. Here is the part of the code to do that.

This checking of session is common in many pages where a login member can only access for example the pages where the profile to be updated or present page where password to be changed. So we have kept this common code in a separate file check.php and include that file in all required pages.

// check the login details of the user and stop execution if not logged in
require "check.php";


Inside the file check.php we have only few lines of code to check the session. Here it is for your reference.

<? if(!isset($_SESSION['userid'])){
echo "<center><font face='Verdana' size='2' color=red>
Sorry, Please login and use this page </font></center>";
exit;
}
?>


Now let us collec all the form posted data of the user

$todo=$_POST['todo'];
$password=$_POST['password'];
$password2=$_POST['password2'];


Now let us check the data and sanitize the data entered by user by using mysql_real_escape_string function

if(isset($todo) and $todo=="change-password"){
$password=mysql_real_escape_string($password);



Now we will set the flags for validation of the variables. Please note that we have used limited validation here and you can go for more checking as per your requirements. ( like allowing only numbers or chars in the password etc )

$status = "OK";
$msg="";


After this we will see that our entered password is not less than 3 char and more that 8 char length.
if ( strlen($password) < 3 or strlen($password) > 8 ){
$msg=$msg."Password must be more than 3 char legth and maximum 8 char lenght<BR>";
$status= "NOTOK";}


Now let us check wheter both the passwords are equal or not

if ( $password <> $password2 ){
$msg=$msg."Both passwords are not matching<BR>";
$status= "NOTOK";}


Now if our validation is ok then we will go for updation sql and if validation is not ok then we will display the error message. In our query we are using sql update statement and based on the success of the sql update statement we can display the message. Here is the code for the updation of the member table.

if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
if(mysql_query("update plus_signup set password='$password' where userid='$session[userid]'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>";
}
}


Download PHP script with signup,login,change password and forgot password
Download Modified PHP signup with login script if register_global is off for PHP 5

Here we are storing password as a simple text in a varchar field. But it is always better to encrypt the password and store. In case of encrypted password system the changed password is to be encrypted before storing in our table.
This is a basic script only for easy understanding
Read the tutorial on online membership management script with encrypted password system

Discuss this tutorial at forum

Further readings
Online membership management script
Posting Activation key for lost encrypted password to the email address
Creating a signup page and storing member details in MySQL
Storing signup data in a table
Collecting the data if register global is off for signup script
Changing or updating password by the logged in member
Forgot password feature in member signup script
Basic login form
Login script to authenticate user from a mysql table data
Checking the status of user for login or logged out
Updating member profile inside member area
Finding out who are online








 

Subscribe
Submit your email address and receive article and product notifications. Your email is safe with us.

Scripts
PHP
JavaScript
PHP Tutorial Index
Popular Tutorials
Drop down list
File Upload
Signup script
Member Login
Line Graph
PHP MySQL Paging
PHP Calendar
PHP Tutorials
PHP Introduction
Loops & structure
Array
Date & Time
Functions
Form Handling
File Handling
Math Functions
String Functions
GD Functions
Comment Posting
Content Management
Subscribe
Submit your email address and receive article and product notifications. Your email is safe with us.

HTML . MySQL. PHP. JavaScript. ASP. Photoshop. Articles. FORUM Contact us
© 2008 plus2net.com