bgreatfit bgreatfit - 4 months ago 16
PHP Question

Php password hash()

What method can I apply if I want a user to edit their original password after storing as hash.

Answer

DO NOT store an unhashed password in the database.

DO NOT show passwords in the 'change password form'

DO NOT show password hashes anywhere.

Provide the user with a form to edit the password but do not provide the previous one. Just show the user an empty text box for inserting a new password while also having a text box for the user to input their current password.

You can check any password hashed with password_hash() using password_verify().

If password_verify() returns true just use an UPDATE query to change the stored hash.