Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP PHP User Authentication Adding Authentication to Your Application Password Hashing

Help with the latest task of PHP User Authentication

This are the instructions of the task:

We are going to be changing a users password, I am creating a function to verify and hash the new password. The function will accept 4 parameters: $userPassword (as the hash that is stored in the database) $currentPassword (submitted by a user) $newPassword (the password to which we want to change) $confirmNewPassword (double check for the newPassword) This function should returned a hashed password if the passwords are valid. If there is an issue with any of the passwords, it should return false.

According to me, the logic of my answer is correct, but still it keeps telling me that there is some detail in it, could support me would be much appreciated, greetings.

index.php
<?php

function newPasswordValid($userPassword, $currPassword, $newPassword, $confirmNewPassword) {
  if($newPassword == $confirmNewPassword && password_verify($userPassword, $currPassword)) {
    return password_hash($newPassword, PASSWORD_DEFAULT); 
  } else {
    return false;
  }
}

And this is the result message from the task

Bummer! If all parameters passed are valid, the function should return a hashed value of the $newPasswor.

Have you already able to parse out the challenge?

2 Answers

Try the code below, the issue is that the verify_password requires the password as 1st parameter and the hash as the second one, it won't work the other way around.

function newPasswordValid($userPassword, $currPassword, $newPassword, $confirmNewPassword) {
  if($newPassword == $confirmNewPassword && password_verify($currPassword, $userPassword)) {
    return password_hash($newPassword, PASSWORD_DEFAULT); 
  } else {
    return false;
  }
}
Jacob Herper
Jacob Herper
94,150 Points

I am also looking for a solution here, does anyone have one?