<body class="bg-dark"> <div class="container"> <div class="card card-login mx-auto mt-5"> <div class="card-header">Change Password</div> <div class="card-body"> <form method="post" action="change-password.php"> <div class="form-group"> <label for="username">Username</label> <input class="form-control" id="username" type="text" name="username" aria-describedby="nameHelp" placeholder="Enter username" required> </div> <div class="form-group"> <label for="New Password">New Password</label> <input class="form-control" id="newpass" type="text" name="newpass" placeholder="Enter new password" required> </div> <div class="form-group"> <label for="Confirm Password">Confirm Password</label> <input class="form-control" id="confpass" type="text" name="confpass" placeholder="Enter confirm password" required> </div> <div class="form-group"> <div class="form-check"> <label class="form-check-label"> <input class="form-check-input" type="checkbox"> Remember Password</label> </div> </div> <div class="form-group"> <button type="submit" name="submit" class="btn">Submit</button> <br> </div> </form> <div class="text-center"> <a class="d-block small mt-3" href="login.php">Login</a> </div> </div> </div> </div> <?php 

$con=mysqli_connect("localhost","root","","goods_management_system") or die(mysqli_error());
$db=mysqli_select_db($con, 'goods_management_system' ) or die(mysqli_error());

if(isset($_POST['submit'])){
  $username=$_POST['username'];
  $newpass = $_POST['newpass'];
  $confpass = $_POST['confpass'];

  $query = "SELECT username FROM user_details WHERE username='$username'";
  $run = mysqli_query($con, $query);
  $row = mysqli_fetch_row($run);

  if($row['username']==$username)// UNDEFINED. WHY IS THAT SO ?
  {
    if($newpass == confpass)
    {
      $update_query = "UPDATE user_details SET password='$newpass' WHERE username='$username'";

      if($update_query)
      {
        echo "<script>alert('Password change successfully')</script>";
      }
      else
      {
        "<script>alert('Password change failed')</script>";
      }
    }
    else 
    {
      echo "<script>alert('password doesnt match')</script>";
    }
  }
}
?>

Try changing line #11 to:

 $query = "SELECT username FROM user_details WHERE username='"+$username+"'";

DO NOT use this code. You are wide open to SQL injection. Use a prepared statement or at least clean your input variables (POST). See the tutorial here: https://www.daniweb.com/programming/web-development/tutorials/499320/common-issues-with-mysql-and-php and see items: #2 and #11.

The item $row['username'] does not exist - two most likely reasons:

1) Your table does not contain a column (field) called 'username' - check the spelling.
2) You have an empty resultset (no records match) - which mysqli_fetch_row() returns as NULL.

You should include error checking in your routine.

check this too, you forgot the $ sign

if($newpass == confpass)