PHP: change password

Question 1

Try this on your form:

 <form method='post' action='account.php'>

UPDATE:

I went through and made the script for my database, works fine. change values where needed:

<?php
$dbc = new mysqli("localhost", "db-user", "db-pass", "db-name");
if (isset($_POST['newpw'])){
    $pw=@$dbc->query("select passwort from kundenaccount where accname= '" . $_SESSION["accname"] . "'");
                $row = $pw->fetch_object();
                $pawo = $row->password ; 

    if (md5($_POST['oldpw'])== $pawo){

        if ($_POST['newpw']==$_POST['conpw']){
         @$dbc->query("UPDATE kundenaccount SET passwort='" . md5($_POST['newpw']) . "' WHERE accname='" . $_SESSION['accname'] . "'");
         }
        else { echo "Passwords do not match"; }
        }

    else { echo "Wrong password entered";}
    }
    ?>

Question 2

if ($_POST['oldpw']==md5($pawo))

should be

if (md5($_POST['oldpw']) == $pawo)

Question 3

md5 is a one way hash so you cannot undo it, you should compare the other way.

if (md5($_POST['oldpw'])==$pawo){

NOTE: MD5 is not considered secure, I would upgrade to some other algorithm..

Question 4

Another solution to the problem

 <?php

 include ('connect_db.php');
 if(isset($_POST['submit']))
     {
       $oldpw = $_POST ['oldpw'];
 $newpw = $_POST ['newpw'];
 $retypepw = $_POST ['retypepw'];

 $sql = mysql_query("SELECT * FROM users WHERE password = '$oldpw'") or die (mysql_error());
   if ($sql)

   {
       $row = mysql_fetch_array($sql);
       extract ($row);

       if ($oldpw <> $password) {
           echo "Passwords dont match";}

           else

       if ($newpw == $retypepw){
        $update = mysql_query("UPDATE users SET  password = '$newpw' WHERE password = '$oldpw' ") or die (mysql_error());
            if($update)

    {

        echo "Successfully changed password"; }
        }

    else { echo "Password dont match";}

       }

   }
    ?>