Setting password programatically

I’m attempting to add a basic password reset to my site. I’m probably missing something simple, but I can’t seem to get the password to update. The code to update the password:

    $newpass = get('newpassword');
    error_log(print_r($newpass, true));
    //This prints the expected string.
    $pass_hash = password::hash($newpass);
    error_log(print_r($pass_hash, true));
    //This prints a hash as expected.
    $user->update(array(
          'password' => $pass_hash
    ));

After running this, my user’s account file shows a modification. However, the password hash that appears in the file doesn’t match the error_log. Is that expected? Is the password re-hashed before it is added to the text file?

In any event, my new password doesn’t work. Am I oversimplifying the password update process? I’ve tried reading through the relevant core and the panel code, but I can’t figure out what I might be missing. Any insight? TIA.

The password is indeed rehashed in the update functions.

you can open kirby/core/user.php and look for the update function to see what exactly happens there.

Btw, another way to test it, is give it a plain password and see if it hashes it

That is good to know, thank you. Perhaps that means I shouldn’t be hashing it myself?

Ok, yes, this is the answer. I didn’t realize at what point I was interacting with the core code. Thanks!

I hope you are using hashed passwords for testing purpose and not in production. Hashing a password is not safe at all.

edit: never mind i miss understood you there sorry for confusion

Well, I’m not now. I thought I had to mimic the code in core but I now understand that I should leave that up to Kirby. I’m just updating the user array with the chosen password. (I’m not sure if this is what you mean, but I’m not emailing the passwords at all. This is just for a user reset form on the site.)