I used similar process for users to update username and email, but password is giving me a headache

<?php
        if(isset($_SESSION['id'])){
          if(isset($_POST['change_password_submit'])){
             $usersId = $_SESSION['id'];
             include 'includes/dbh.inc.php';//connection to database
            $currentpassword = $_POST['currentpassword'];
            $newpassword = $_POST['newpassword']; 
            $newpasswordagain = $_POST['newpasswordagain'];
            $currentHash = password_hash($currentpassword,PASSWORD_DEFAULT);
            $newHash = password_hash($newpassword,PASSWORD_DEFAULT);

            if(empty($currentpassword)){
            echo '<p id="sorry">Please enter your current password</p>';        
            }
             if(empty($newpassword)){
                echo '<p id="sorry">Choose a new password!</p>'; 
             }
             if(strlen($newpassword)<6){
                 echo '<p id="sorry">Password cannot be less than 6 characters!</p>';
             }
             if(!preg_match("#[0-9]+#",$newpassword)){
                 echo '<p id="sorry">Password should have at least one number!</p>';
             }
             if(!preg_match("#[A-Z]+#",$newpassword)){
                 echo '<p id="sorry">Password should have at least one UpperCase letter!</p>';
             }
             if(!preg_match("#[\W]+#",$newpassword)){
                 echo '<p id="sorry">Password must have at least one special character!</p>';
             }
             if(empty($newpasswordagain)){
                 echo '<p id="sorry">Please repeat new password!</p>';
             }
             if($newpasswordagain !== $newpassword){
                 echo '<p sorry">Password does not match!</p>';
             }
             $sql = "SELECT * FROM users WHERE usersPassword=? AND usersID=?";
             $stmt = mysqli_stmt_init($conn);
             if(!mysqli_stmt_prepare($stmt,$sql)){
                 echo '<p id="sorry">Cannot connect to database!</p>';
             }else{
                 mysqli_stmt_bind_param($stmt,"ss",$currentHash,$usersId);
                 mysqli_stmt_execute($stmt);
                 $action = mysqli_stmt_get_result($stmt);
                 if($row = mysqli_fetch_assoc($action)){
                     if(password_verify($row['usersPassword'],$currentHash) == true){
                        $sql = "UPDATE users SET usersPassword=? WHERE usersID=?";
                        $stmt = mysqli_stmt_init($conn);
                        if(!mysqli_stmt_prepare($stmt,$sql)){
                            echo '<p id="sorry">Cannot connect to database!</p>';
                        }else{
                            mysqli_stmt_bind_param($stmt,"ss",$newHash,$usersId);
                            mysqli_stmt_execute($stmt);
                            echo '<p id="success">Password Change is successful!</p>';
                        }
                     }else if(password_verify($row['usersPassword'],$currentHash)== false){
                         echo '<p id="sorry">Current Password is wrong!</p>';
                     }
                 }
             }
             mysqli_stmt_close($stmt);
             mysqli_close($conn);
          } 
        }
        ?>

html form is this

<form action="https://marksmandigital.net/change_password.php" method="post">
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="password" name="currentpassword" class="form-control" placeholder="Enter Current Password">
     </div>
    </div>
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="password" name="newpassword" class="form-control" placeholder="Enter new Password">
     </div>
    </div>
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="password" name="newpasswordagain" class="form-control" placeholder="Enter new password again">
     </div>
    </div>
    <div class="form-row">
     <div class="form-group col-md-12">
       <input type="submit" name="change_password_submit" class="form-control btn btn-success" value="Save New Password">
     </div>
    </div>
    </form>

Thanks for your eagle eyes

What exactly is causing your headache? Explain your issue(s).

commented: The problem is that, the script runs, but password does not change +0

The problem is that, the script runs but password does not change. I don't get any error messages iether

Debug your code. The simplest way is to echo something every step of the way, so you can see to where the code goes.

If you have a decent debugger, even better.

He has a lot of echo statements in there already. Which ones are printed out?

I found a way around it. I realized that

<?php
$row['usersPassword'];
$pwdHashed = password_hash($pwd,PASSWORD_DEFAULT);
 PASSWORD_VERIFY($pwdHashed,$row['usersPassword'] == true);// was actually false,
?>

Could not be verified. Because both gave different values when I created a dummy database.

The string is @Bmedia4000;

DBPass is :$2y$10$XP6TRhqkmrIFR4nheLReIuTaQJZKFiq/Qz4fDIV/F7y.P3gRfOzOO //hashed results from database
Hashed is :$2y$10$GLw2Dkd5ybnphlqgFo2SIePk2tlNXfutz7a708rRzJdUl9Zp78fh2 //hashed result not from database

Clearly ,the results were different.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.