PHP Change Password script using MySQL
Change password feature is a common requirement for any membership management script. Here members can change their password after logging in to the member area. Here we will check the session of the member to allow or disallow the access the change password page of the site. Here we can ask the member to enter the old password once and then enter new password twice.
Change Password by updating MySQL record using old and new password after validation in PHP
This is a basic script and we can create a change password script by using Ajax ( with PHP MySQL) and update the new passwords. Our new membership management script uses this and there is a demo available to check the functionality.
Demo of Change Password script using Ajax
Using JQuery
DEMO of password change using JQuery
Password validation script using JQuery & Bootstrap
We know the user-id if the member as he has logged in so we will not ask the member to enter userid again. It is not a good practice to allow the member change his or her userid.
The new password will be effective from the next login of the member.
We will ask the member to enter the new password twice. Both the entered password should match and must pass the validation. If all the checks passed well then we will update the record of the member with new password.
Let us start with the form. You can download the code at the end of this tutorial but here is the form for change password. Now this form will submit to another page where all the values will be validated and then table will be updated with new password. First we will see the member has opened this page after logging in, if not then we will stop the execution of the page by using exit command. Here is the part of the code to do that.
Checking user Session status
This checking of session is common in many pages where a login member can only access for example the pages where the profile to be updated or present page where password to be changed. So we have kept this common code in a separate file check.php and include that file in all required pages.
// check the login details of the user and stop execution if not logged in
require "check.php";
<?Php
if(!isset($_SESSION['userid'])){
echo "<center><font face='Verdana' size='2' color=red>
Sorry, Please login and use this page </font></center>";
exit;
}
?>$todo=$_POST['todo'];
$password=$_POST['password'];
$password2=$_POST['password2'];
$old_password=$_POST['old_password'];$status = "OK";
$msg="";$count=$dbo->prepare("select password from plus_signup where userid=:userid");
$count->bindParam(":userid",$_SESSION[userid],PDO::PARAM_STR, 15);
$count->execute();
$row = $count->fetch(PDO::FETCH_OBJ);
if($row->password<>md5($old_password)){
$msg=$msg."Your old password is not matching as per our record.<BR>";
$status= "NOTOK";
} if ( strlen($password) < 3 or strlen($password) > 8 ){
$msg=$msg."Password must be more than 3 char legth and maximum 8 char lenght<BR>";
$status= "NOTOK";}Now let us check whether both the passwords are equal or not
if ( $password <> $password2 ){
$msg=$msg."Both passwords are not matching<BR>";
$status= "NOTOK";}
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font>
<br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
$password=md5($password); // Encrypt the password before storing
//if(mysql_query("update plus_signup set password='$password' where userid='$_SESSION[userid]'")){
$sql=$dbo->prepare("update plus_signup set password=:password where userid='$_SESSION[userid]'");
$sql->bindParam(':password',$password,PDO::PARAM_STR, 32);
if($sql->execute()){
echo "<font face='Verdana' size='2' ><center>Thanks <br>
Your password changed successfully. Please keep changing your password for better security</font></center>";
}else{
echo "<font face='Verdana' size='2' color=red><center>Sorry <br>
Failed to change password Contact Site Admin</font></center>";
}
To keep the script simple we have used md5 encryption for password and storing in database. For better security it is advisable to use mcrypt() platform to store password.
By using jQuery we need not reload the page to pass the data to backend script.
Login Script
PHP Signup 1 Login / Logout script
Subscribe to our YouTube Channel here
This article is written by plus2net.com team.
https://www.plus2net.com
PHP Session: Creating , using destroying Session variables
PHP Session ID: generating session id and re-generating
Online membership management script
Posting Activation key for lost encrypted password to the email address
Creating a signup page and storing member details in MySQL
Storing signup data in a table
Changing or updating password by the logged in member
Forgot password feature in member signup script
Basic login form
Login script to authenticate user from a mysql table data
Checking the status of user for login or logged out
Updating member profile inside member area
Adding Profile Photo by Members after login
Finding out who are online
| flora | 15-11-2011 |
| how about adding javascript in changing password? can u pls help me.. thanks in advance :) | |
| Nitin patil | 06-09-2012 |
| Thanks u really help me. | |
| John Akuse | 23-09-2013 |
| Process for changing password interesting | |
| Prasad | 29-01-2014 |
| Thanks... it realy works...! | |
| Jue | 22-09-2014 |
| why error at config.php ? Error!: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) | |
| smo | 24-09-2014 |
| Enter correct login details for MySQL. userid , password and database name | |
| nis | 24-09-2014 |
| Error!: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) There is no databases in that code file | |