diff --git a/login.php b/login.php
index fb8f7b7..a6380b2 100644
--- a/login.php
+++ b/login.php
@@ -52,8 +52,10 @@
 
 if(!empty($_SESSION['username'])) {
     if (isset($_GET['changepassword']) AND !empty($_POST['old_password']) AND !empty($_POST['new_password'])) {
-        $req = $connexion->prepare('UPDATE users SET password = ? WHERE username = ? AND password = ?');
-        $req->execute(array($_POST['new_password'], $_SESSION['username'], $_POST['old_password']));
+        $req = $connexion->prepare('UPDATE users SET password = ? WHERE username = ?');
+	$options = ['cost' => 12,];
+        $pwd_hash = password_hash($_POST['new_password'], PASSWORD_BCRYPT, $options);
+        $req->execute(array($pwd_hash, $_SESSION['username']));
         echo "PASSWORD UPDATED";
         header("refresh:5;url=" . DEFAULT_URL);
     }