we should use password_hash on php code example
Example 1: hash a password php
password_hash("MySuperSafePassword!", PASSWORD_DEFAULT)
password_verify("MySuperSafePassword!", $hashed_password)
Example 2: php hash password
include 'pdo.php';
$options = ['cost' => 12];
$login = FALSE;
$username = $_POST['username'];
$password = $_POST['password'];
$query = 'SELECT * FROM accounts WHERE (account_name = :name)';
$values = [':name' => $username];
try
{
$res = $pdo->prepare($query);
$res->execute($values);
}
catch (PDOException $e)
{
echo 'Query error.';
die();
}
$row = $res->fetch(PDO::FETCH_ASSOC);
if (is_array($row))
{
if (password_verify($password, $row['account_passwd']))
{
$login = TRUE;
}
else
{
if (md5($password) == $row['account_passwd'])
{
$login = TRUE;
$hash = password_hash($password, PASSWORD_DEFAULT, $options);
$query = 'UPDATE accounts SET account_passwd = :passwd WHERE account_id = :id';
$values = [':passwd' => $hash, ':id' => $row['account_id']];
try
{
$res = $pdo->prepare($query);
$res->execute($values);
}
catch (PDOException $e)
{
echo 'Query error.';
die();
}
}
}
}