- password_hash: documentation ( source)
<?php
echo "<!doctype html>\n";
$username = $_GET['username'];
//wouldnt use GET for passing username and password;
$password = $_GET['password'];
$password = password_hash($password, PASSWORD_BCRYPT, 12);
$pdo = new PDO('sqlite::memory:');
//assume we don't really want to drop our users table on every run of this script.
//$pdo->exec("DROP TABLE IF EXISTS users");
//$pdo->exec("CREATE TABLE users (username VARCHAR(255), password VARCHAR(255))");
$sql = "INSERT INTO users (username,password) VALUES (:username,:password)";
$q = $conn->prepare($sql);
$q->execute(array(':username'=>$username,':password'=>$password));
//this would always return a result as we've just inserted a new user with those values, so I'd totally seperate out the user //registration and login code.
$statement = $pdo->query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
if (count($statement->fetchAll())) {
echo "Access granted to $username!<br>\n";
} else {
echo "Access denied for $username!<br>\n";
}