php – A script to allow users to change their …

I used similar process for users to update username and email, but password is giving me a headache <?php if(isset($_SESSION[‘id’])){ if(isset($_POST[‘change_password_submit’])){ $usersId = $_SESSION[‘id’]; include ‘includes/dbh.inc.php’;//connection to database $currentpassword = $_POST[‘currentpassword’]; $newpassword = $_POST[‘newpassword’]; $newpasswordagain = $_POST[‘newpasswordagain’]; $currentHash = password_hash($currentpassword,PASSWORD_DEFAULT); $newHash = password_hash($newpassword,PASSWORD_DEFAULT); if(empty($currentpassword)){ echo ‘<p id=”sorry”>Please enter your current […]

I used similar process for users to update username and email, but password is giving me a headache

<?php
        if(isset($_SESSION['id'])){
          if(isset($_POST['change_password_submit'])){
             $usersId = $_SESSION['id'];
             include 'includes/dbh.inc.php';//connection to database
            $currentpassword = $_POST['currentpassword'];
            $newpassword = $_POST['newpassword']; 
            $newpasswordagain = $_POST['newpasswordagain'];
            $currentHash = password_hash($currentpassword,PASSWORD_DEFAULT);
            $newHash = password_hash($newpassword,PASSWORD_DEFAULT);

            if(empty($currentpassword)){
            echo '<p id="sorry">Please enter your current password</p>';        
            }
             if(empty($newpassword)){
                echo '<p id="sorry">Choose a new password!</p>'; 
             }
             if(strlen($newpassword)<6){
                 echo '<p id="sorry">Password cannot be less than 6 characters!</p>';
             }
             if(!preg_match("#[0-9]+#",$newpassword)){
                 echo '<p id="sorry">Password should have at least one number!</p>';
             }
             if(!preg_match("#[A-Z]+#",$newpassword)){
                 echo '<p id="sorry">Password should have at least one UpperCase letter!</p>';
             }
             if(!preg_match("#[W]+#",$newpassword)){
                 echo '<p id="sorry">Password must have at least one special character!</p>';
             }
             if(empty($newpasswordagain)){
                 echo '<p id="sorry">Please repeat new password!</p>';
             }
             if($newpasswordagain !== $newpassword){
                 echo '<p sorry">Password does not match!</p>';
             }
             $sql = "SELECT * FROM users WHERE usersPassword=? AND usersID=?";
             $stmt = mysqli_stmt_init($conn);
             if(!mysqli_stmt_prepare($stmt,$sql)){
                 echo '<p id="sorry">Cannot connect to database!</p>';
             }else{
                 mysqli_stmt_bind_param($stmt,"ss",$currentHash,$usersId);
                 mysqli_stmt_execute($stmt);
                 $action = mysqli_stmt_get_result($stmt);
                 if($row = mysqli_fetch_assoc($action)){
                     if(password_verify($row['usersPassword'],$currentHash) == true){
                        $sql = "UPDATE users SET usersPassword=? WHERE usersID=?";
                        $stmt = mysqli_stmt_init($conn);
                        if(!mysqli_stmt_prepare($stmt,$sql)){
                            echo '<p id="sorry">Cannot connect to database!</p>';
                        }else{
                            mysqli_stmt_bind_param($stmt,"ss",$newHash,$usersId);
                            mysqli_stmt_execute($stmt);
                            echo '<p id="success">Password Change is successful!</p>';
                        }
                     }else if(password_verify($row['usersPassword'],$currentHash)== false){
                         echo '<p id="sorry">Current Password is wrong!</p>';
                     }
                 }
             }
             mysqli_stmt_close($stmt);
             mysqli_close($conn);
          } 
        }
        ?>

html form is this

<form action="https://marksmandigital.net/change_password.php" method="post">
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="password" name="currentpassword" class="form-control" placeholder="Enter Current Password">
     </div>
    </div>
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="password" name="newpassword" class="form-control" placeholder="Enter new Password">
     </div>
    </div>
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="password" name="newpasswordagain" class="form-control" placeholder="Enter new password again">
     </div>
    </div>
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="submit" name="change_password_submit" class="form-control btn btn-success" value="Save New Password">
     </div>
    </div>
    </form>

Thanks for your eagle eyes

Next Post

Best cloud storage services: From Google Drive to Dropbox, the top options for business

These days, when so many of us are working from home, having reliable cloud storage is more important than ever.  It all started in 2007, when Drew Houston, Dropbox’s CEO, got sick and tired of losing his USB drive. So, he created the first personal and small business cloud storage […]