Hello PHP friends,
today i decided to work on my login scripts. I am a beginner and i just learned how to create a database and use pdo prepared statements this year. My database login is very simple for testing. Thus, i wanted to add a password hash for storing passwords in the database. My code is working but i have questions about the password_needs_rehash function.
my code to hash:
$Hash = password_hash($password, PASSWORD_BCRYPT);
code to compare hashes at login:
if ($username == $userField && password_verify($password, $passField)) {
I see that people use PASSWORD_DEFAULT but i don’t understand how this option is stored. What i mean is that if a new version of PHP changed the default algorithm, then how is PHP supposed to know what it was before? is that in the ini file? should i use PASSWORD_DEFAULT or should i specify an algorithm?
I ask this because I do not know how to implement password_needs_rehash. I don’t really know if i could increase the cost because i don’t have a server yet. I’m still designing my site. Thus, what is the correct way to implement a password_needs_rehash?