How to use the password field?

[julianschmuckli]

Hello everyone,

I'm a bit confused about the password field type:

There is actually no where documented, how we can use this field. If I use the password field in a collection, the password will be shown hashed:

And in the JSON, there is no password to compare actually, which makes somehow sense.

So how do we have to use this field or what is the purpose of it?

[abernh]

Cockpit uses password_hash($string, $algorithm) to save any values in a password field as a hash and later you can use password_verify($string, $savedHash) in order to verify, that a specific value matches the saved hash.

You can see this in action in the auth module https://github.com/agentejo/cockpit/blob/568b0124352f6d27df359e8c19a70d2dd1961e87/modules/Cockpit/module/auth.php#L35