diff --git a/html/inc/user_util.inc b/html/inc/user_util.inc
index dcdb6ac3c5..59f9f2ff2e 100644
--- a/html/inc/user_util.inc
+++ b/html/inc/user_util.inc
@@ -69,7 +69,7 @@ function make_user(
     $email_addr = BoincDb::escape_string($email_addr);
     $name = sanitize_tags($name);
     $name = BoincDb::escape_string($name);
-    $database_passwd_hash = password_hash( $passwd_hash, PASSWORD_DEFAULT);
+    $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
 
     $country = BoincDb::escape_string($country);
     $postal_code = sanitize_tags(BoincDb::escape_string($postal_code));
diff --git a/html/ops/login_action.php b/html/ops/login_action.php
index 1fc82687a1..e18fa47c09 100644
--- a/html/ops/login_action.php
+++ b/html/ops/login_action.php
@@ -24,11 +24,9 @@ require_once("../inc/email.inc");
 require_once("../inc/user.inc");
 require_once("../inc/password.php");
 
-function do_passwd_rehash($user,$passwd_hash) {
-    $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
-    $result = $user->update(
-        "passwd_hash='$database_passwd_hash'"
-    );
+function do_passwd_rehash($user, $passwd_hash) {
+    $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
+    $result = $user->update(" passwd_hash='$database_passwd_hash' ");
 }
 
 // check for email/password case
@@ -42,16 +40,16 @@ if ($email_addr && $passwd) {
         admin_error_page("No account found with email address $email_addr");
     }
     $passwd_hash = md5($passwd.$email_addr);
-    if ( password_verify($passwd_hash,$user->passwd_hash) ) {
+    if (password_verify($passwd_hash, $user->passwd_hash)) {
         // on valid login, rehash password if necessary to upgrade hash overtime
         // as the defaults change. 
-        if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) {
-            do_passwd_rehash($user,$passwd_hash);
+        if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) {
+            do_passwd_rehash($user, $passwd_hash);
         }
-    } else if ( $passwd_hash == $user->passwd_hash ) {
+    } else if ($passwd_hash == $user->passwd_hash) {
         // if password is the legacy md5 hash, then rehash to update to
         // a more secure hash
-        do_passwd_rehash($user,$passwd_hash);
+        do_passwd_rehash($user, $passwd_hash);
     } else {
         admin_error_page("Login failed");
     }
diff --git a/html/user/am_set_info.php b/html/user/am_set_info.php
index 602ab41460..0c28762be3 100644
--- a/html/user/am_set_info.php
+++ b/html/user/am_set_info.php
@@ -177,7 +177,7 @@ if ($email_addr && $email_addr!=$user->email_addr) {
     $query .= " email_addr='$email_addr', ";
 }
 if ($password_hash) {
-    $database_passwd_hash = password_hash($password_hash , PASSWORD_DEFAULT);
+    $database_passwd_hash = password_hash($password_hash, PASSWORD_DEFAULT);
     $query .= " passwd_hash='$database_passwd_hash', ";
 }
 
diff --git a/html/user/create_account.php b/html/user/create_account.php
index 65fcecb542..3ba6aaab67 100644
--- a/html/user/create_account.php
+++ b/html/user/create_account.php
@@ -70,7 +70,7 @@ if (strlen($passwd_hash) != 32) {
 
 $user = BoincUser::lookup_email_addr($email_addr);
 if ($user) {
-    if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) {
+    if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) {
         xml_error(ERR_DB_NOT_UNIQUE);
     } else {
         $authenticator = $user->authenticator;
diff --git a/html/user/edit_email_action.php b/html/user/edit_email_action.php
index 7445bba430..1c706a1e85 100644
--- a/html/user/edit_email_action.php
+++ b/html/user/edit_email_action.php
@@ -47,15 +47,15 @@ if (!is_valid_email_addr($email_addr)) {
         // deal with the case where user hasn't set passwd
         // (i.e. passwd is account key)
         //
-        if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) {
+        if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) {
             $passwd = $user->authenticator;
             $passwd_hash = md5($passwd.$user->email_addr);
         }
-        if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) {
+        if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) {
             echo tra("Invalid password.");
         } else {
             $passwd_hash = md5($passwd.$email_addr);
-            $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT );
+            $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
             $email_addr = BoincDb::escape_string($email_addr);
             $result = $user->update(
                 "email_addr='$email_addr', passwd_hash='$database_passwd_hash', email_validated=0"
diff --git a/html/user/edit_passwd_action.php b/html/user/edit_passwd_action.php
index f06d3a222c..ddae5ac65e 100644
--- a/html/user/edit_passwd_action.php
+++ b/html/user/edit_passwd_action.php
@@ -46,8 +46,8 @@ if (strlen($passwd) < $min_passwd_length) {
 }
 
 $passwd_hash = md5($passwd.$user->email_addr);
-$database_passwd_hash = password_hash( $passwd_hash, PASSWORD_DEFAULT);
-$result = $user->update("passwd_hash='$database_passwd_hash'");
+$database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
+$result = $user->update(" passwd_hash='$database_passwd_hash' ");
 if (!$result) {
     error_page(tra("We can't update your password due to a database problem. Please try again later."));
 }
diff --git a/html/user/login_action.php b/html/user/login_action.php
index 0348f5d95d..3f2a1457d3 100644
--- a/html/user/login_action.php
+++ b/html/user/login_action.php
@@ -32,11 +32,9 @@ require_once("../inc/password.php");
 
 check_get_args(array("id", "t", "h", "key"));
 
-function do_passwd_rehash($user,$passwd_hash) {
-    $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
-    $result = $user->update(
-        "passwd_hash='$database_passwd_hash'"
-    );
+function do_passwd_rehash($user, $passwd_hash) {
+    $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
+    $result = $user->update(" passwd_hash='$database_passwd_hash' ");
 }
 
 // login with email addr / passwd
@@ -57,18 +55,18 @@ function login_with_email($email_addr, $passwd, $next_url, $perm) {
         error_page("This account has been administratively disabled.");
     }
     // allow authenticator as password
-    if ($passwd != $user->authenticator ) {
+    if ($passwd != $user->authenticator) {
         $passwd_hash = md5($passwd.$email_addr);
-        if ( password_verify($passwd_hash,$user->passwd_hash) ) {
+        if (password_verify($passwd_hash, $user->passwd_hash)) {
             // on valid login, rehash password if necessary to upgrade hash overtime
             // as the defaults change. 
-            if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) {
-                do_passwd_rehash($user,$passwd_hash);
+            if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) {
+                do_passwd_rehash($user, $passwd_hash);
             }
-        } else if ( $passwd_hash == $user->passwd_hash ) {
+        } else if ($passwd_hash == $user->passwd_hash) {
             // if password is the legacy md5 hash, then rehash to update to
             // a more secure hash
-            do_passwd_rehash($user,$passwd_hash);
+            do_passwd_rehash($user, $passwd_hash);
         } else {
             sleep(LOGIN_FAIL_SLEEP_SEC);
             page_head("Password incorrect");
diff --git a/html/user/lookup_account.php b/html/user/lookup_account.php
index 9c32c076b0..d003a8be36 100644
--- a/html/user/lookup_account.php
+++ b/html/user/lookup_account.php
@@ -25,11 +25,9 @@ require_once("../inc/xml.inc");
 require_once("../inc/ldap.inc");
 require_once("../inc/password.php");
 
-function do_passwd_rehash($user,$passwd_hash) {
-    $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
-    $result = $user->update(
-        "passwd_hash='$database_passwd_hash'"
-    );
+function do_passwd_rehash($user, $passwd_hash) {
+    $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
+    $result = $user->update(" passwd_hash='$database_passwd_hash' ");
 }
 
 xml_header();
@@ -80,21 +78,21 @@ if (LDAP_HOST && $ldap_auth) {
     // if no password set, set password to account key
     //
     if (!strlen($user->passwd_hash)) {
-        $user->passwd_hash = password_hash($auth_hash , PASSWORD_DEFAULT);
-        $user->update("passwd_hash='$user->passwd_hash'");
+        $user->passwd_hash = password_hash($auth_hash, PASSWORD_DEFAULT);
+        $user->update(" passwd_hash='$user->passwd_hash' ");
     }
     
-    if ( password_verify($passwd_hash,$user->passwd_hash) ) {
+    if (password_verify($passwd_hash, $user->passwd_hash)) {
         // on valid login, rehash password if necessary to upgrade hash overtime
         // as the defaults change. 
-        if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) {
-            do_passwd_rehash($user,$passwd_hash);
+        if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) {
+            do_passwd_rehash($user, $passwd_hash);
         }
-    } else if ( $passwd_hash == $user->passwd_hash ) {
+    } else if ($passwd_hash == $user->passwd_hash) {
         // if password is the legacy md5 hash, then rehash to update to
         // a more secure hash
-        do_passwd_rehash($user,$passwd_hash);
-    } else if ( $auth_hash == $passwd_hash ) {
+        do_passwd_rehash($user, $passwd_hash);
+    } else if ($auth_hash == $passwd_hash) {
         // if the passed hash matches the auth hash, then allow it
     } else {
         // if none of the above match, the password is invalid