diff --git a/changepass.php b/changepass.php
new file mode 100644
index 0000000..25100d5
--- /dev/null
+++ b/changepass.php
@@ -0,0 +1,109 @@
+
+<?php 
+echo "not implemented yet!";
+   /*
+   session_start();
+include 'db.inc.php';
+ 
+if(isset($_GET['changed'])) {
+    $username = $_POST['username'];
+    $oldpassword = $_POST['oldpassword'];
+    $password = $_POST('password');
+    $password_confirm = $_POST('password_confirm');
+    
+    $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
+    $result = $statement->execute(array('username' => $username));
+    $user = $statement->fetch();
+     
+    if ($user !== false && password_verify($oldpassword, $user['password'])) {
+        if(isset($_GET['send'])) {
+            $password = $_POST['password'];
+            $password_confirm = $_POST['password_confirm'];
+             //regexes for passvalidation:
+               $REuppercase = preg_match('@[A-Z]@', $password);
+               $RElowercase = preg_match('@[a-z]@', $password);
+               $REnumber    = preg_match('@[0-9]@', $password);
+               $REspecialChars = preg_match('@[^\w]@', $password);
+            if($password != $password_confirm) {
+            echo "password or confirmed password wrong";
+            }
+            if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) {
+               echo '<color="red">Password needs to be more complex.</color><br />';
+               echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i><br />';
+               $error = true;
+           }  else { 
+            $passwordhash = password_hash($password, PASSWORD_DEFAULT);
+            $statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");
+            $result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid ));
+            
+            if($result) {
+            die('Changed password. Going to <a href="secure.php">secure</a> now.<meta http-equiv="refresh" content="1; URL=secure.php">');
+            }
+            }
+           }
+        die('<div class="alert alert-success" role="alert"> successfull. go to: <a href="secure.php">secure page</a></div> <meta http-equiv="refresh" content="0; URL=secure.php">');
+    } else {
+        $errorMessage = '<div class="alert alert-danger" role="alert">somethings wrong (maybe wrong password or wrong user)</div><br>';
+    }
+    
+}
+
+?>
+<!DOCTYPE html> 
+<html> 
+<head>
+<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
+   
+  <title>Change Password</title>    
+</head> 
+<body>
+ 
+<?php 
+if(isset($errorMessage)) {
+    echo $errorMessage;
+}
+
+?>
+ <script src="ressources/js/bootstrap.min.js"></script>
+ <div class="jumbotron jumbotron-fluid">
+  <div class="container">
+
+<form action="?changed=1" method="post">
+<div class="form-group">
+<label for="username">Username</label>
+<input type="text" class="form-control" size="40" id="username" placeholder="Username" name="username"><br><br>
+</div>
+ <div class="form-group">
+<label for="oldpassword">Current Password</label>
+<input type="password" class="form-control" size="40" id="oldpassword" placeholder="Your old password" name="oldpassword"><br>
+ </div>
+ <div class="form-group">
+<label for="password">New Password</label>
+<input type="password" class="form-control" size="40" id="password" placeholder="Your new password" name="password"><br>
+ </div>
+ <div class="form-group">
+<label for="password_confirm">Confirm New^ Password</label>
+<input type="password" class="form-control" size="40" id="password_confirm" placeholder="Your new password" name="password_confirm"><br>
+ </div>
+ <button type="submit" class="btn btn-primary">Change Password</button>
+</form> 
+<br />
+<br />
+<a href="forgotpass.php"><button class="btn btn-warning">I forgot my password</button></a>
+<br /> <br />
+</div>
+</div>
+</div>
+
+</main><!-- /.container -->
+
+<!-- Bootstrap core JavaScript
+================================================== -->
+<!-- Placed at the end of the document so the pages load faster -->
+<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
+<script>window.jQuery || document.write('<script src="../../../../assets/js/vendor/jquery-slim.min.js"><\/script>')</script>
+<script src="../../../../assets/js/vendor/popper.min.js"></script>
+<script src="../../../../dist/js/bootstrap.min.js"></script>
+</body>
+</html>
+*/
\ No newline at end of file