password_hash($_POST['wachtwoord'], PASSWORD_DEFAULT); code example
Example 1: php hash password
/* Include the database connection script. */
include 'pdo.php';
/* Login status: false = not authenticated, true = authenticated. */
$login = FALSE;
/* Username from the login form. */
$username = $_POST['username'];
/* Password from the login form. */
$password = $_POST['password'];
/* Remember to validate $username and $password. */
/* Look for the username in the database. */
$query = 'SELECT * FROM accounts WHERE (account_name = :name)';
/* Values array for PDO. */
$values = [':name' => $username];
/* Execute the query */
try
{
$res = $pdo->prepare($query);
$res->execute($values);
}
catch (PDOException $e)
{
/* Query error. */
echo 'Query error.';
die();
}
$row = $res->fetch(PDO::FETCH_ASSOC);
/* If there is a result, check if the password matches using password_verify(). */
if (is_array($row))
{
if (password_verify($password, $row['account_passwd']))
{
/* The password is correct. */
$login = TRUE;
}
}
Example 2: php hash password
/* Include the database connection script. */
include 'pdo.php';
/* Set the "cost" parameter to 12. */
$options = ['cost' => 12];
/* Login status: false = not authenticated, true = authenticated. */
$login = FALSE;
/* Username from the login form. */
$username = $_POST['username'];
/* Password from the login form. */
$password = $_POST['password'];
/* Remember to validate $username and $password. */
/* Look for the username in the database. */
$query = 'SELECT * FROM accounts WHERE (account_name = :name)';
/* Values array for PDO. */
$values = [':name' => $username];
/* Execute the query */
try
{
$res = $pdo->prepare($query);
$res->execute($values);
}
catch (PDOException $e)
{
/* Query error. */
echo 'Query error.';
die();
}
$row = $res->fetch(PDO::FETCH_ASSOC);
/* If there is a result, check if the password matches using password_verify(). */
if (is_array($row))
{
if (password_verify($password, $row['account_passwd']))
{
/* The password is correct. */
$login = TRUE;
/* You can also use password_needs_rehash() here, as shown in the previous example. */
}
else
{
/* Check if the database contains the MD5 hash of the password. */
if (md5($password) == $row['account_passwd'])
{
/* The password is correct. */
$login = TRUE;
/* Update the database with a new, secure hash. */
$hash = password_hash($password, PASSWORD_DEFAULT, $options);
$query = 'UPDATE accounts SET account_passwd = :passwd WHERE account_id = :id';
$values = [':passwd' => $hash, ':id' => $row['account_id']];
try
{
$res = $pdo->prepare($query);
$res->execute($values);
}
catch (PDOException $e)
{
/* Query error. */
echo 'Query error.';
die();
}
}
}
}