Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP Introduction to User Authentication in PHP Setting Up Authorization Password Hashing

Jonathan Grieve
MOD
Jonathan Grieve
Treehouse Moderator 90,717 Points

Code challenge: Return a hashed password

I feel like I'm getting close as the password_hash and password_verify functions seem to pass but there's one final error I can't seem to get passed.

**Bummer:** If all parameters passed are valid, the function should return a hashed value of the $newPassword.

Which I've attempted on the last line. By the time we get to the last line, we've verified this already haven't we? Help! :-)

index.php
<?php

function newPasswordValid($userPassword, $currentPassword, $newPassword, $confirmNewPassword) {
    //add code here

    //perform password hashing on the data

    $verify = password_verify($currentPassword, $userPassword); 

    if(!$verify) {
      return false;
    }

    if ($newPassword != $confirmNewPassword) {
      return false;
    } else {
      return true;
    }

    $hashed = password_hash($newPassword, PASSWORD_DEFAULT);
    return $hashed;
    /**/
}

1 Answer

Dane Parchment
MOD
Dane Parchment
Treehouse Moderator 11,003 Points

I could be wrong but I think the problem is that your second if statement makes the rest of the code unreachable. Your code will either return true or false, not a hashed password. This is because $newPassword will be one of two values, either the same as the confirmed password or not the same. For both cases you exit the function with a return statement, I think you should only return false if the passwords don't match, you shouldn't be exiting the function if they match, instead you should be returning the hashed password.

Jonathan Grieve
Jonathan Grieve
Treehouse Moderator 90,717 Points

As ever, I'm overcomplicating things. :)) Thanks for the nudge in the right direction! I've got it now!

Dane Parchment
Dane Parchment
Treehouse Moderator 11,003 Points

No problem, at least overthinking a problem shows that you are still thinking about it. ;)