PHP Introduction to User Authentication in PHP Setting Up Authorization Password Hashing

Jonathan Grieve
MOD
Jonathan Grieve
Treehouse Moderator 86,628 Points

Code challenge: Return a hashed password

I feel like I'm getting close as the password_hash and password_verify functions seem to pass but there's one final error I can't seem to get passed.

**Bummer:** If all parameters passed are valid, the function should return a hashed value of the $newPassword.

Which I've attempted on the last line. By the time we get to the last line, we've verified this already haven't we? Help! :-)

index.php
<?php

function newPasswordValid($userPassword, $currentPassword, $newPassword, $confirmNewPassword) {
    //add code here

    //perform password hashing on the data

    $verify = password_verify($currentPassword, $userPassword); 

    if(!$verify) {
      return false;
    }

    if ($newPassword != $confirmNewPassword) {
      return false;
    } else {
      return true;
    }

    $hashed = password_hash($newPassword, PASSWORD_DEFAULT);
    return $hashed;
    /**/
}

1 Answer

Dane Parchment
Dane Parchment
9,752 Points

I could be wrong but I think the problem is that your second if statement makes the rest of the code unreachable. Your code will either return true or false, not a hashed password. This is because $newPassword will be one of two values, either the same as the confirmed password or not the same. For both cases you exit the function with a return statement, I think you should only return false if the passwords don't match, you shouldn't be exiting the function if they match, instead you should be returning the hashed password.

Jonathan Grieve
Jonathan Grieve
Treehouse Moderator 86,628 Points

As ever, I'm overcomplicating things. :)) Thanks for the nudge in the right direction! I've got it now!

Dane Parchment
Dane Parchment
9,752 Points

No problem, at least overthinking a problem shows that you are still thinking about it. ;)