diff --git a/public/js/skin3d.js b/public/js/skin3d.js
index 5a705be..1606767 100644
--- a/public/js/skin3d.js
+++ b/public/js/skin3d.js
@@ -38,10 +38,34 @@ const uploadCape = async (event) => {
        window.location = window.location.href+'?eraseCache=true';
 }
 
+const changePassword = async (event) => {
+	event.preventDefault();
+
+	const oldPassword = document.getElementById("oldPassword").value
+	const newPassword = document.getElementById("newPassword").value
+
+	if (oldPassword == newPassword) {
+		alert("You cannod change your password to the same!")
+		return;
+	}
+
+	await fetch(`/api/changePassword`, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/json"
+		},
+		body: JSON.stringify({
+			oldPassword,
+			newPassword
+		})
+	});
+	alert("Password has been changed!");
+}
+
 
 window.onload = async function() {
 	document.getElementById("skinForm").addEventListener("submit", uploadSkin)
-
+	document.getElementById("passwordChangeForm").addEventListener("submit", changePassword);
 	if (document.getElementById("cape")) {
     	document.getElementById("cape").addEventListener("click", () => { set_cape_type("cape") }, false);
     	document.getElementById("cape").checked = true;
diff --git a/src/controllers/user.js b/src/controllers/user.js
index 0c5e8a5..4191d55 100644
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@@ -15,7 +15,7 @@ class UserController {
 
         if (password != passwordConfirm) return res.status(400).send("Passwords do not match");
 
-        let hashedPassword = await bcrypt.hash(password, 8);
+        const hashedPassword = await bcrypt.hash(password, 8);
 
         await UserService.register(username, hashedPassword);
 
@@ -39,6 +39,24 @@ class UserController {
         return res.redirect("/index");
     }
 
+    async changePassword(req, res) {
+        const token = req.session.jwt;
+        const username = jwt.decode(token).username;
+        const { oldPassword, newPassword } = req.body;
+
+        const storedPassword = await UserService.getPassword(username);
+
+        if (!bcrypt.compareSync(oldPassword, storedPassword)) {
+            return res.status(403).send("Password is not correct");
+        }
+
+        const newHashedPassword = await bcrypt.hash(newPassword, 8);
+
+        await UserService.changePassword(username, newHashedPassword);
+
+        return res.status(200).send("Successful");
+    }
+
     async logout(req, res) {
         req.session.destroy();
         return res.redirect("/login");
diff --git a/src/routers/api.js b/src/routers/api.js
index 1c54e55..6744c44 100644
--- a/src/routers/api.js
+++ b/src/routers/api.js
@@ -12,7 +12,9 @@ const ApiRouter = new Router();
 ApiRouter.post('/register', requiredParameters.requireUsername, requiredParameters.requirePassword, auth.validateInviteToken, existance.userDoesNotExist, UserController.register);
 ApiRouter.post('/login', requiredParameters.requireUsername, requiredParameters.requirePassword, existance.userExist, UserController.login);
 ApiRouter.get('/logout', auth.authenticate, UserController.logout);
+ApiRouter.post('/changepassword', auth.authenticate, existance.userExist, UserController.changePassword);
 ApiRouter.post('/uploadSkin', existance.userExist, auth.authenticate, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadSkin);
 ApiRouter.post('/uploadCape', existance.userExist, auth.authenticate, auth.canHaveCloak, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadCape);
 ApiRouter.get('/getUsername', existance.userExist, auth.authenticate, UserController.getUsername);
+
 export default ApiRouter;
\ No newline at end of file
diff --git a/src/services/user.js b/src/services/user.js
index 2887053..3330d07 100644
--- a/src/services/user.js
+++ b/src/services/user.js
@@ -16,6 +16,10 @@ class UserService {
     async canHaveCloak(username) {
         return (await db.query("SELECT can_have_cloak FROM users WHERE username = $1", [username])).rows[0].can_have_cloak;
     }
+
+    async changePassword(username, newPassword) {
+        await db.query("UPDATE users SET password = $1 WHERE username = $2", [newPassword, username]);
+    }
 };
 
 export default new UserService();
\ No newline at end of file
diff --git a/views/index.pug b/views/index.pug
index e56c1f5..d2179e2 100644
--- a/views/index.pug
+++ b/views/index.pug
@@ -28,5 +28,13 @@ html
                     form(target="hiddenFrame" id="capeForm")
                         input(type="file" name="file" id="capeFile")
                         input(type="submit" value="Загрузить")
+                form(target="hiddenFrame" id="passwordChangeForm")
+                    input(type="password", name="oldPassword", id="oldPassword")
+                    label(for="oldPassword") Старый пароль
+                    br()
+                    input(type="password", name="newPassword", id="newPassword")
+                    label(for="oldPassword") Новый пароль
+                    br()
+                    input(type="submit" value="Сменить")
                 button(onclick="window.location.href='/api/logout'" value="Выйти" id="exitButton") Выйти
     
\ No newline at end of file