Create Change Password Screen for Custom Authentication in Oracle Apex

In my previous post, I have given an example to create custom authentication in Oracle Apex. And after creating a custom authentication, there would be a need to give the change password option to the user, so that he can change his password anytime.  So in this tutorial, I am demonstrating the steps to create the Change Password screen in Oracle Apex.

Create Change Password Screen in Oracle Apex for Custom Authentication

Step-1: Create a page in Oracle Apex and set the following properties:

  • Title: Change Password
  • Page Mode: Normal
  • Page Template: Login

Step-2: Create a region on that page and set the following properties:

  • Title: Change Password
  • Type: Static Content
  • Template: Login
  • Icon: fa-lg fa-lock-password

Also, check the below image and set the Template options as shown in the image:

Apex Template Options

Step-3: Create a field USER (as shown in above image for reference P25_USER) and set the following properties:

  • Type: Text Field
  • Label: User
  • Disabled: Yes
  • Template: Hidden
  • Icon: fa-user
  • Default > Type: Item
  • Default > Item: SESSION_USER (or type your session user name created in application items)

Step-4: Create a field CURRENT_PASSWORD and set the following properties:

  • Type: Password
  • Label: Enter Current Password
  • Template: Required - Above
  • Icon: fa-key
  • Validation > Value Required: Yes

Then create a validation rule for the CURRENT_PASSWORD field and set the type as PL/SQL function returning Boolean, and Always Execute to Yes and put the following code in it to check if the current password is correct:

declare
v_currpsw app_users.password%type;
begin
  select password into v_currpsw from app_users
    where upper(username) = upper(V('SESSION_USERNAME'))
    AND password = V('P25_CURRENT_PASSWORD');
    
    RETURN TRUE;
    EXCEPTION
      WHEN OTHERS THEN
            RETURN FALSE;
end;

Note: I am writing this post in reference to the previous post I mentioned above. The table I am using in the above code has been created in that post. You can use your user table if different.

Step-5: Create a field NEW_PASSWORD and set the following properties:

  • Type: Password
  • Label: Enter New Password
  • Template: Required - Above
  • Icon: fa-key
  • Validation > Value Required: Yes

Then create a validation rule for the NEW_PASSWORD field and set the type as PL/SQL function returning Boolean, and Always Execute to Yes and put the following code in it to check that the new password should not be the same as the current password:

declare
v_currpsw app_users.password%type;
begin
  select password into v_currpsw from app_users
    where upper(username) = upper(V('SESSION_USERNAME'));

if V('P25_NEW_PASSWORD') = v_currpsw then
   return false;
end if;

    RETURN TRUE;
    EXCEPTION
      WHEN OTHERS THEN
         RETURN FALSE;
end;

Create another validation with settings same as PL/SQL Expression and put the following PL/SQL code in it to check the minimum and maximum length of the password:

length(:P25_NEW_PASSWORD) >= 6 AND length(:P25_NEW_PASSWORD) <= 20

Step-6: Create another field CONFIRM_PASSWORD and set the following properties:

  • Type: Password
  • Label: Confirm Password
  • Template: Required - Above
  • Icon: fa-key
  • Validation > Value Required: Yes

Then create a validation rule as PL/SQL expression and put the following code in it to check if both new passwords are the same:

V('P25_NEW_PASSWORD') = V('P25_NEW_PASSWORD_1')

Step-7: Create a button Apply Changes and set the following properties:

  • Button Name: changepsw
  • Label: Apply Changes
  • Button Template: Text
  • Hot: Yes
  • Action: Submit Page

Step-8: Create another button Cancel and set the following properties:

  • Button Name: cancel
  • Label: Cancel
  • Button Template: Text
  • Hot: No
  • Action: Redirect to the page in this application
  • Target: 1 (home page)

Step-9: Now click on the Process tab and create a process in the Processing section and set the following properties:

  • Name: update_psw
  • Type: PL/SQL Code
  • Server Side Condition > When Button Pressed: changepsw (select the button you created in the 7th step)

Then in the Source put the following PL/SQL code:

Begin
   Update app_users
      set password = V('P25_NEW_PASSWORD')
      WHERE USERNAME = V('SESSION_USERNAME');
end;

Step-10: Then create a Branch under After Processing > Branches and set the following properties to log out from the application after the successful change password:

  • Name: logout
  • Point: After Processing
  • Type: PL/SQL Procedure
  • PL/SQL Code: apex_authentication.logout(:SESSION, :APP_ID);
  • Server Side Condition > When Button Pressed: changepsw (select the button you created in the 7th step)

Now what will happen is, when the user will click on the Apply Changes button, the Apex will validate all the validations you created and if all validations passed then it will update the new password in the table APP_USERS and will log out so that the user can log in using its new password.

And if the user will click on the Cancel button then it will redirect it to the Home page without making any changes.

The output of the screen would be as shown in the featured image of this article.

See also:

Vinish Kapoor
Vinish Kapoor

Vinish Kapoor is a seasoned software development professional and a fervent enthusiast of artificial intelligence (AI). His impressive career spans over 20 years, marked by a relentless pursuit of innovation and excellence in the field of information technology. As an Oracle ACE, Vinish has distinguished himself as a leading expert in Oracle technologies, a title awarded to individuals who have demonstrated their deep commitment, leadership, and expertise in the Oracle community.

Related Posts

One comment

  1. My APEX end users may have to change their password after 45 days, but APEX’s original password change screen should be wrong. After they change their password, they cannot log in. If I want to change the password after N days Turn off settings, what should I do

Comments are closed.