Send a form with a hashed password

Question

I need to submit a form with a "hash" function for the password. The question is, how can I change the initial value of the password textbox by the hashed value to insert in a DB?

I´m understanding the following. When I click the submit button, the form sends the values of textboxes to a php file. Particularly, as I said before, what I need is to send the new hashed password instead of original value.

I´m sorry if I´m not very clear but I´m very raw on this.

Thank you in advance

Part of the code I am using is the next:

...
<input type="password" id="upwd" name="upwd" onChange="validatePassword()">
<input id="submit" type="submit" value="Sign up!" onsubmit="sending()">
...
<script>
...
function sending () {
    z = document.getElementById("upwd").value;
    upwd = hashCode();
} 

function hashCode() {
var hash = 0;
if (z.length === 0) return hash;
for (var i = 0; i < z.length; i++) {
var character = z.charCodeAt(i);
hash = ((hash<<5)-hash)+character;
hash &= hash; // Convert to 32bit integer
}
    return hash;
}
</script>

Answer 1

Password hashing is done server side, in your case in the PHP script. You can use the PHP function password_hash() to calculate a safe BCrypt hash.

If you calculate the hash client side, a ManInTheMiddle will see the password hash, and could use it directly to get access to the user account. The hash would become the actual password.

Password hashing is done for the case that an attacker has read access to your database. In this case he would see the hashes, but would still not know the real passwords. Without the real password he cannot use the user account.