I used similar process for users to update username and email, but password is giving me a headache

<?php
        if(isset($_SESSION['id'])){
          if(isset($_POST['change_password_submit'])){
             $usersId = $_SESSION['id'];
             include 'includes/dbh.inc.php';//connection to database
            $currentpassword = $_POST['currentpassword'];
            $newpassword = $_POST['newpassword']; 
            $newpasswordagain = $_POST['newpasswordagain'];
            $currentHash = password_hash($currentpassword,PASSWORD_DEFAULT);
            $newHash = password_hash($newpassword,PASSWORD_DEFAULT);

            if(empty($currentpassword)){
            echo '<p id="sorry">Please enter your current password</p>';        
            }
             if(empty($newpassword)){
                echo '<p id="sorry">Choose a new password!</p>'; 
             }
             if(strlen($newpassword)<6){
                 echo '<p id="sorry">Password cannot be less than 6 characters!</p>';
             }
             if(!preg_match("#[0-9]+#",$newpassword)){
                 echo '<p id="sorry">Password should have at least one number!</p>';
             }
             if(!preg_match("#[A-Z]+#",$newpassword)){
                 echo '<p id="sorry">Password should have at least one UpperCase letter!</p>';
             }
             if(!preg_match("#[\W]+#",$newpassword)){
                 echo '<p id="sorry">Password must have at least one special character!</p>';
             }
             if(empty($newpasswordagain)){
                 echo '<p id="sorry">Please repeat new password!</p>';
             }
             if($newpasswordagain !== $newpassword){
                 echo '<p sorry">Password does not match!</p>';
             }
             $sql = "SELECT * FROM users WHERE usersPassword=? AND usersID=?";
             $stmt = mysqli_stmt_init($conn);
             if(!mysqli_stmt_prepare($stmt,$sql)){
                 echo '<p id="sorry">Cannot connect to database!</p>';
             }else{
                 mysqli_stmt_bind_param($stmt,"ss",$currentHash,$usersId);
                 mysqli_stmt_execute($stmt);
                 $action = mysqli_stmt_get_result($stmt);
                 if($row = mysqli_fetch_assoc($action)){
                     if(password_verify($row['usersPassword'],$currentHash) == true){
                        $sql = "UPDATE users SET usersPassword=? WHERE usersID=?";
                        $stmt = mysqli_stmt_init($conn);
                        if(!mysqli_stmt_prepare($stmt,$sql)){
                            echo '<p id="sorry">Cannot connect to database!</p>';
                        }else{
                            mysqli_stmt_bind_param($stmt,"ss",$newHash,$usersId);
                            mysqli_stmt_execute($stmt);
                            echo '<p id="success">Password Change is successful!</p>';
                        }
                     }else if(password_verify($row['usersPassword'],$currentHash)== false){
                         echo '<p id="sorry">Current Password is wrong!</p>';
                     }
                 }
             }
             mysqli_stmt_close($stmt);
             mysqli_close($conn);
          } 
        }
        ?>

html form is this

<form action="https://marksmandigital.net/change_password.php" method="post">
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="password" name="currentpassword" class="form-control" placeholder="Enter Current Password">
     </div>
    </div>
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="password" name="newpassword" class="form-control" placeholder="Enter new Password">
     </div>
    </div>
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="password" name="newpasswordagain" class="form-control" placeholder="Enter new password again">
     </div>
    </div>
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="submit" name="change_password_submit" class="form-control btn btn-success" value="Save New Password">
     </div>
    </div>
    </form>

Thanks for your eagle eyes

Re: A script to allow users to change their password 80 80

What exactly is causing your headache? Explain your issue(s).

commented: The problem is that, the script runs, but password does not change +0
Re: A script to allow users to change their password 80 80

The problem is that, the script runs but password does not change. I don't get any error messages iether

Re: A script to allow users to change their password 80 80

Debug your code. The simplest way is to echo something every step of the way, so you can see to where the code goes.

If you have a decent debugger, even better.

Re: A script to allow users to change their password 80 80

He has a lot of echo statements in there already. Which ones are printed out?

Re: A script to allow users to change their password 80 80

I found a way around it. I realized that

<?php
$row['usersPassword'];
$pwdHashed = password_hash($pwd,PASSWORD_DEFAULT);
 PASSWORD_VERIFY($pwdHashed,$row['usersPassword'] == true);// was actually false,
?>

Could not be verified. Because both gave different values when I created a dummy database.

The string is @Bmedia4000;

DBPass is :$2y$10$XP6TRhqkmrIFR4nheLReIuTaQJZKFiq/Qz4fDIV/F7y.P3gRfOzOO //hashed results from database
Hashed is :$2y$10$GLw2Dkd5ybnphlqgFo2SIePk2tlNXfutz7a708rRzJdUl9Zp78fh2 //hashed result not from database

Clearly ,the results were different.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.