I have a set of passwords in my database that I had earlier hashed using sha512 and now that I have upgraded my server to PHP 5.5, I would like to use the bcrypt password hashing. So my idea is to have the user's login and then call this password_needs_rehash function described here to check the password and then update the password hash in database:
http://php.net/manual/en/function.password-needs-rehash.php
I'm not sure how to use this function though,there are no examples listed here and it doesn't really clarify what the options array is for. Do I just need to call the password_needs_rehash function like this:
if (password_needs_rehash ($current_hash, PASSWORD_BCRYPT)) {
// update the password using password_hash
}
Yes, that's the general idea.
If the password needs to be rehashed, then you just call password_hash()
to rehash it. And, of course, save the new hash in your database.
if (password_needs_rehash ($current_hash, PASSWORD_BCRYPT)) {
// update the password using password_hash
$new_hash = password_hash($cleartext_password, PASSWORD_BCRYPT)
// update the database
...
}