Petit test avec password_hash() et password_verify() (PHP 5.5+)
<?php $hash = false; if (file_exists('hash.php')) { $hash = str_replace('<?php die; ?>', '', file_get_contents('hash.php')); if (!empty($_POST)) { if(isset($_POST['login']) && isset($_POST['password'])) { if (password_verify($_POST['login'].$_POST['password'], $hash)) { echo '++ valid credentials !! \o/ ++'; } else { echo '--- invalid credentials ---'; } } } } else { if (!empty($_POST)) { if(isset($_POST['login']) && isset($_POST['password'])) { $options = ['cost' => 12]; $hash = password_hash($_POST['login'].$_POST['password'], PASSWORD_DEFAULT, $options); file_put_contents('hash.php', '<?php die; ?>'.$hash); echo 'hash stored: '.$hash; } } else echo "no hash: a new one will be stored"; } ?> <!doctype html> <html> <head><meta charset="UTF-8" /></head> <body> <form method=post action="."> <input placeholder="Login" type="text" tabindex="1" name="login" value=""> <input placeholder="Password" type="password" tabindex="2" name="password"> <input type="submit" tabindex="3"> </form> </body> </html>