Is there a way i can unhash a password, or atleast check if two hashes (hashed with password_hash()) give the same value if unhashed ?
Because i have a token page which contains a hashed password and a users table which also contains a hashed password and i want to check if the password are the same but the problem is that password_hash() does not always give the same value even if the password is the same and password_verify() need one value to be normal text, so how can I verify that the token password and user password are the same ?
You can't, period. That's the entire point of password_hash and its random salt: if you have two hashes, you don't know if they're for the same password. That prevents brute-forcing an entire database of hashes by an attacker, since the attacker can't amortise brute-force time invested into one hash by matching other hashes.