Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Introduction to User Authentication in PHP Setting Up Authorization Password Hashing

Jonathan Grieve
MOD
Jonathan Grieve
Treehouse Moderator 91,253 Points

Code challenge: Return a hashed password

I feel like I'm getting close as the password_hash and password_verify functions seem to pass but there's one final error I can't seem to get passed.

**Bummer:** If all parameters passed are valid, the function should return a hashed value of the $newPassword.

Which I've attempted on the last line. By the time we get to the last line, we've verified this already haven't we? Help! :-)

index.php
<?php

function newPasswordValid($userPassword, $currentPassword, $newPassword, $confirmNewPassword) {
    //add code here

    //perform password hashing on the data

    $verify = password_verify($currentPassword, $userPassword); 

    if(!$verify) {
      return false;
    }

    if ($newPassword != $confirmNewPassword) {
      return false;
    } else {
      return true;
    }

    $hashed = password_hash($newPassword, PASSWORD_DEFAULT);
    return $hashed;
    /**/
}

1 Answer

Dane Parchment
MOD
Dane Parchment
Treehouse Moderator 11,077 Points

I could be wrong but I think the problem is that your second if statement makes the rest of the code unreachable. Your code will either return true or false, not a hashed password. This is because $newPassword will be one of two values, either the same as the confirmed password or not the same. For both cases you exit the function with a return statement, I think you should only return false if the passwords don't match, you shouldn't be exiting the function if they match, instead you should be returning the hashed password.

Jonathan Grieve
Jonathan Grieve
Treehouse Moderator 91,253 Points

As ever, I'm overcomplicating things. :)) Thanks for the nudge in the right direction! I've got it now!

Dane Parchment
Dane Parchment
Treehouse Moderator 11,077 Points

No problem, at least overthinking a problem shows that you are still thinking about it. ;)