pbismad Use php's password_hash() and password_verify().
Have to admit that -- for mainly subjective reasons -- I'm not a big fan of that, in that it means I have to do an extra step after submitting a log-in query to do the password_verify()
, as opposed to just checking if I got a row returned by the query or not. However, I am a fan of the fact that using those functions probably help prevent devs who don't keep up with all the possible security loopholes of doing all the hashing yourself from doing something insecure. So maybe I'll join you soon, as I really don't want to keep up with those things if I don't have to. 🙂