function login_user($username, $password) { $SQL = "SELECT * FROM user where username = '******'"; $result = mysql_query($SQL); while ($row = mysql_fetch_object($result)) { if (verify_password_hash($password, $row->password)) { return true; } } return false; }
<?php function get_password_hash($password) { // Generate a bcrypt encrypted password hash. // This hash will always be 60 characters long. return password_hash($password, PASSWORD_BCRYPT); } function verify_password_hash($password, $hash) { // Verify a bcrypt hashed password. return password_verify($password, $hash); } $password = ""; if (isset($_GET['password'])) { $password = $_GET['password']; } $hash = get_password_hash($password); $hash_verified = verify_password_hash($password, $hash); echo "Password: "******"<br>"; echo "Password hash: " . $hash . "<br>"; echo "Hash verified: " . ($hash_verified ? "True" : "False");