Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
function login($username, $password) {
$options = array('cost' => 10);
$userdata = 'query to find the user in your framework/PDO prepared query';
$plainText = $password;
if ($userdata['legacy']) {
$password = md5($password);
if (!password_verify($password, $userdata['password'])) {
return false; // or a not-authorised error or whatever.
if ($user['legacy'] || password_needs_rehash($userdata['password'], PASSWORD_DEFAULT, $options)) {
$hash = password_hash($plainText, PASSWORD_DEFAULT, $options);
// store $hash in the password field
// set the legacy value to 0
return true; //or an authorised flag, etc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment