Prevent users setting/hashing an empty password

post/profile.php

@@ -92,6 +92,11 @@ if (isset($_POST['edit_your_user_password'])) {
 
     $new_password = trim($_POST['new_password']);
 
+    if (empty($new_password)) {
+        header('Location: user_security.php');
+        exit;
+    }
+
     // Email notification when password or email is changed
     $user_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE user_id = $session_user_id"));
     $name = sanitizeInput($user_sql['user_name']);

user_security.php

@@ -12,12 +12,12 @@ require_once "inc_all_user.php";
             <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
             <div class="form-group">
-                <label>Your New Password</label>
+                <label>Your New Password <strong class="text-danger">*</strong></label>
                 <div class="input-group">
                     <div class="input-group-prepend">
                         <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
                     </div>
-                    <input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8">
+                    <input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8" required>
                     <div class="input-group-append">
                         <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
                     </div>