-3

creating a passwording using password_hash() is easy, how to reset this password probably is still not a clear process.

Is there a way to reset the password that is hashed, or is there another proper way of doing it?

creating password:

$password = $_POST['password'];
$hash_password = password_hash($password, PASSWORD_DEFAULT);
$sql=("INSERT INTO .....

resetting password:

$new_password = $_POST['new_password'];
$hash_new_password = password_hash($new_password, PASSWORD_DEFAULT);
$sql=("UPDATE .....

I believe there is something missing . . . Please advice

Thank you for your help. Here is the updated code:

$pass = $_POST['password'];
$password = password_hash($pass, PASSWORD_DEFAULT);
A. Kiyoshi
  • 61
  • 1
  • 13
  • What means *reset* ? I think you mean set a new ohne? – Jens Oct 25 '17 at 05:28
  • Yes, you just send a new password or beter you send a link where an user can reset his own password – DarkBee Oct 25 '17 at 05:35
  • What I mean by reset is to change the password.... – A. Kiyoshi Oct 25 '17 at 05:54
  • @DarkBee thanks for the suggestion. . . I really appreciate your help. It seems like when I change the password, with which the new password is hashed `password_hash()`. . . when the new password is verified at login `password_verify()` the new password is wrong. I`m missing something here.... – A. Kiyoshi Oct 25 '17 at 06:11
  • Update your question with your new attempt – DarkBee Oct 25 '17 at 06:33
  • @DarkBee I have updated my question ... – A. Kiyoshi Oct 25 '17 at 07:32
  • Variables between single quotes don't get [evaluated](https://stackoverflow.com/questions/3446216/what-is-the-difference-between-single-quoted-and-double-quoted-strings-in-php) – DarkBee Oct 25 '17 at 07:34
  • `$hash_password = password_hash($password, PASSWORD_DEFAULT);` – DarkBee Oct 25 '17 at 07:34
  • look here http://php.net/manual/en/function.password-verify.php double quotes do not work – A. Kiyoshi Oct 25 '17 at 07:40
  • That comment has nothing to do with your problem. You are resetting the password now to `$new_password` instead of the content inside `$new_password` – DarkBee Oct 25 '17 at 07:43
  • Purpose of my comment is that I hash the password and store when creating a new user, . . . I also use the same process when resetting or changing the user password....somewhere in the process is missing, . . Perhaps the `PASSWORD_DEFAULT` may be.... – A. Kiyoshi Oct 25 '17 at 07:52
  • I told you what is wrong. The single quotes around `$new_password` and `$password` are incorrect, either remove them or switch to double quotes – DarkBee Oct 25 '17 at 07:56

1 Answers1

1

Edited

I am not sure if you understand what password_hash actually do.

It is one-way hashing algorithm.That means that you can only encrypt it but you can't decrypt it.

Here is a situation:

1) A user is signing up, he sets his login and password. Then you use password_hash to encrypt the password and save the hash to your database.

2) Later he comes and wants to log in. Well, he writes his password, you verify the password and saved hash with password_verify

$test = password_hash('test',PASSWORD_BCRYPT); var_dump(password_verify('test',$test));

3) If the user forgets the password (if that is the case you mean) you send him an email to reset his password and you save a new hash of his password. (This is a process I bet you know.)

Although, if you are not dealing with passwords but let's say messages you might want to be able to decrypt the message someone is sending you. In that case, you want to you something like public / private key. I found this video helpful in understanding the theory.

tomc
  • 76
  • 6
  • thanks @tomc . . . I really appreciate your help. It seems like when I change the password, with which the new password is `password_hash()`. . . when the new password is verified `password_verify()` the new password is wrong... – A. Kiyoshi Oct 25 '17 at 06:10
  • I have updated the response. However, if you set the same password then you will get **true** from `password_verify` – tomc Oct 25 '17 at 06:36
  • thank you for the reply, even if I set the same password, it gives wrong password...something is missing.... – A. Kiyoshi Oct 25 '17 at 07:12
  • When I create the new user with the password with the quote around the password like this `password_hash('$password', PASSWORD_DEFAULT);` even with `password_verify('$password', $hashed_password);` no problem logging in....but when changing password with still single quotes, it did not work... Thank you very much... I have removed from both and it works fine......I really appreciate it.... – A. Kiyoshi Oct 25 '17 at 23:28