how can i create a page where my users can change their password

Question

if($rePassord==$password){
 $query= "INSERT INTO myUsers (username, email, password) VALUES ('$username' , '$email', '$pass')";
$result = mysqli_query($conn, $query);
}
else{
 //passwords do not match

};

This is my query which already inserts data into a database in MySQL. How would i go about making a page where users could change their password once they login.

Answer 1

If you're working with something like this, where the User can personally set the $password variable, then you should be using prepared statements (MySQLI or PDO).

For database structure when using user accounts, it is probably best to use a unique User ID as the primary key for the myUsers table, this means that you can refer to a specific user account as a number- rather than a username (which, depending on your system, could be changed?).

Depending on your password storage method, you may want to look into the password_verify function for validating hashes of passwords (never store passwords as plain text)

The code is (using MySQLi) as follows:

/*
* If $password is their current account password
* If $rePassword is the check to confirm it is the right password
*
* Using $newPassword for the new password provided
* Using $username for their username
*/

if ( $rePassword == $password ) {
    $statement = $conn -> prepare( "UPDATE myUsers SET password = ? WHERE username = ?" );
    $statement -> bind_param( 'ss', $newPassword, $username );
    $statement -> execute();
    return true;
} else {
    die( 'Permission Denied' );
}

Answer 2

Assuming you need the sql query only (we're not going to write the complete php file), you will have to try a query like this:

update myUsers set password = $password where username = $username

or assuming you have an id field this would be a better option

update myUsers set password = $password where id= $id