tranquangchau/check_pass_first.php

## check_pass_first.php
<?php

session_start();
$errorMsg = "";
$validUser = false;
if(isset($_SESSION['firstlogin'])) {
	$validUser = $_SESSION["firstlogin"] === true;
}
//$pass_has = password_hash("123456", PASSWORD_DEFAULT);
//echo $pass_has; //get password first
//	die;
if(isset($_POST["sub"])) {

  $pass_has = '$2y$10$zVju3gx3QLJuRUiOvyQvpuWNsJlq8IV3.0FLY9apM5KoypWIyyVKq';
  $validUser =  password_verify($_POST["firstpassword"], $pass_has);
  if(!$validUser) $errorMsg = "Invalid password.";
  else $_SESSION["firstlogin"] = true;
}
if($validUser) {
   //header("Refresh:0"); die();
}else{
	echo '<form name="input" action="" method="post">
    <label for="firstpassword">Password:</label><input type="password" value="" id="firstpassword" name="firstpassword" />
    <div class="error">'.$errorMsg.'</div>
    <input type="submit" value="login" name="sub" />
  </form>';die;
}

//can get $pass_has at here http://www.passwordtool.hu/php5-password-hash-generator
	<?php

	session_start();
	$errorMsg = "";
	$validUser = false;
	if(isset($_SESSION['firstlogin'])) {
	$validUser = $_SESSION["firstlogin"] === true;
	}
	//$pass_has = password_hash("123456", PASSWORD_DEFAULT);
	//echo $pass_has; //get password first
	// die;
	if(isset($_POST["sub"])) {

	$pass_has = '$2y$10$zVju3gx3QLJuRUiOvyQvpuWNsJlq8IV3.0FLY9apM5KoypWIyyVKq';
	$validUser = password_verify($_POST["firstpassword"], $pass_has);
	if(!$validUser) $errorMsg = "Invalid password.";
	else $_SESSION["firstlogin"] = true;
	}
	if($validUser) {
	//header("Refresh:0"); die();
	}else{
	echo '<form name="input" action="" method="post">
	<label for="firstpassword">Password:</label><input type="password" value="" id="firstpassword" name="firstpassword" />
	<div class="error">'.$errorMsg.'</div>
	<input type="submit" value="login" name="sub" />
	</form>';die;
	}

	//can get $pass_has at here http://www.passwordtool.hu/php5-password-hash-generator