diff --git a/database/changeAccountPassword.php b/database/changeAccountPassword.php
new file mode 100644
index 0000000..26a381f
--- /dev/null
+++ b/database/changeAccountPassword.php
@@ -0,0 +1,45 @@
+<?php
+require __DIR__ . '/../incl/util.php';
+setJsonHeader();
+checkClientDatabaseVersion();
+$conn = newConnection();
+
+$post = getPostData();
+$oldpassword = $post['oldpassword'] ?? '';
+$newpassword = $post['newpassword'] ?? '';
+$token = $post['token'] ?? '';
+$username = $post['username'] ?? '';
+
+if (!preg_match('/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/', $newpassword)) {
+    exitWithMessage(json_encode(["success" => false, "message" => "New password must be at least 8 characters with at least one letter and one number"]));
+}
+
+$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? AND token = ?");
+$stmt->bind_param("ss", $username, $token);
+$stmt->execute();
+$result = $stmt->get_result();
+
+if ($result->num_rows > 0) {
+    $user = $result->fetch_assoc();
+    if (!password_verify($oldpassword, $user['password'])) {
+        exitWithMessage(json_encode(["success" => false, "message" => "Old password is incorrect"]));
+    }
+    if (password_verify($newpassword, $user['password'])) {
+        exitWithMessage(json_encode(["success" => false, "message" => "New password cannot be the same as the old password"]));
+    }
+    $id = $user['id'];
+} else {
+    exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
+}
+
+$hashednewpassword = password_hash($newpassword, PASSWORD_DEFAULT);
+$token = bin2hex(random_bytes(256));
+
+$stmt = $conn->prepare("UPDATE users SET token = ?, password = ? WHERE id = ?");
+$stmt->bind_param("sss", $token, $hashednewpassword, $id);
+
+$stmt->execute();
+$stmt->close();
+$conn->close();
+
+echo encrypt(json_encode(["success" => true, "token" => $token]));
\ No newline at end of file
diff --git a/database/changeAccountUsername.php b/database/changeAccountUsername.php
new file mode 100644
index 0000000..07c4e7a
--- /dev/null
+++ b/database/changeAccountUsername.php
@@ -0,0 +1,33 @@
+<?php
+require __DIR__ . '/../incl/util.php';
+setJsonHeader();
+checkClientDatabaseVersion();
+$conn = newConnection();
+
+$postData = getPostData();
+$newusername = $post['newusername'] ?? '';
+$token = $post['token'] ?? '';
+$username = $post['username'] ?? '';
+
+if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $newusername)) {
+    exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"]));
+}
+
+$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
+$stmt->bind_param("s", $newusername);
+$stmt->execute();
+$result = $stmt->get_result();
+
+if ($result->num_rows > 0) {
+    exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
+}
+
+$stmt = $conn->prepare("UPDATE users SET username = ? WHERE username = ? AND token = ?");
+$stmt->bind_param("sss", $newusername, $username, $token);
+$stmt->execute();
+
+if ($stmt->affected_rows === 0) {
+    exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
+}
+
+echo encrypt(json_encode(["success" => true]));
\ No newline at end of file