Request Password Change (PHP+MYSQL)

I'm unsure if you are applying yourself here. Given https://www.google.com/search?q=PHP+PASSWORD+CHANGE+EXAMPLES&gl=US are plentiful I worry that you are not doing much research.

That aside, there are a lot of BAD EXAMPLES out there that teach password storage in insecure ways. Now your code does not reveal the usual problem where passwords are stored in the clear but if you ever find some code where the password is stored in a database then you found a bad exxample.

https://www.google.com/search?q=how+to+store+passwords+for+your+website&gl=US finds articles on that subject.

You need to provide some more information in order for us to be able to help you. I see here you are giving us an HTML form that asks a user for an old password, and to enter a new password twice. I understand what you want to do is update the password in the database, when the form is submitted. However, you are giving no insight to what your PHP application code currently looks like, what database you're using, how passwords are stored in the database, etc.

Basically the steps that would be involved would be:

• Retrieve the old password from the form
• Check to see if the new password and repeat new password fields are the same
• If they aren't a match, show an error that the passwords are not the same
• If they are a match, compare the old password to the encrypted password for the user in the database
• If they aren't a match, show an error that the old password is incorrect
• If they are a match, encrypt the new password and overwrite the encrypted password field in the database

Now, how that algorithm actually gets translated into PHP code has a lot to do with what PHP framework (if any) you're using, what database you're using, what library you're using to connect to the database, the database schema, etc.

sorry my english not very well here is my config files

<?php

 $host = "localhost";
 $user = "root";
 $pass = "";
 $dbname = "conquer";

 try{

  $con = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8",$user,$pass);
  $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

 }catch(PDOException $ex){

  die($ex->getMessage());
 }

using accounts table i have no encryption password

OK, so you're connecting to MySQL via PDO. I'm personally not familiar with PDO. Is there a reason you're not using something like MySQLi?

It seems as if you don't have very much experience at all with web development. Did you write this PHP yourself? Where is your PHP code to log in? Your database schema? Is this part of a larger PHP application?

yes i dont have very much experience code php. And yes i write myself this php just buy html template. my website just for test http://www.siriusclassic.xyz

So I’m confused. You’re asking for help writing the PHP code that can be used to do a lost password reset, but you don’t have code for a signup or login?

i have everything done login register just i cant make password change

That’s the thing. We need to see your register and login code in order to give you the code for password change.

Otherwise, without it, the best we can offer us the pseudo code I provided in my first reply above.

<?php
require('config.php');
session_start();
$username=htmlspecialchars(trim($_POST['username']));
$email=htmlspecialchars(trim($_POST['email']));
$password=htmlspecialchars(trim($_POST['password']));
$name=htmlspecialchars(trim($_POST['name']));

if($_POST['type'] == 'register') {

    $user = $con->query("SELECT * FROM accounts WHERE username = '{$username}'")->fetch(PDO::FETCH_ASSOC);
    if ( $user){
        echo json_encode(array(
            'success' => false,
            'error' => 'The username is already in use.'
        ));
    } else {
        $query =  $con->prepare("INSERT INTO accounts SET
        username = ?,
        email = ?,
        password = ?,
        name = ?");
        $insert = $query->execute(array(
             $username, $email, $password, $name
        ));
        if($insert) {
            $_SESSION['username'] = $username;
            echo json_encode(array(
            'success' => true
            ));
        }
    }
}

if($_POST['type'] == 'logout') {

    unset($_SESSION['username']);
    session_destroy();
     echo json_encode(array(
            'success' => true
            ));
}
if($_POST['type'] == 'login') {
    $user = $con->query("SELECT * FROM accounts WHERE password = '{$password}' AND username = '{$username}'")->fetch(PDO::FETCH_ASSOC);
    if($user) {
        $_SESSION['username'] = $username;
        echo json_encode(array(
        'success' => true
        ));
    } else {
         echo json_encode(array(
        'success' => false,
        'error' => 'Invalid username Or Wrong Password.'
        ));
    }
}

?>

here sorry :))

So it looks like you are storing passwords in plain text in the database. NEVER. EVER. DO. THIS. It is incredibly insecure. Please look into PHP's password_hash() function.

thank you

I see you marked this thread as solved. Do you still need help with code to change password? I suggest you begin by using the password_hash() function for joining and logging in, and then use the pseudocode I provided. Let us know if you need more assistance.