Try this:
$passwordFromDatabase = "A1D292F556AA661B720847487960860F17086A0BD11A4320368E9447FF7139DE089AA88B6159420814F10194F1AA55A3379FB80EA26BA6397BA75CEC811B241A"; // sha512 hash of "somepassword"
$passwordFromForm = $_POST['password']; // $_POST['password'] == "somepassword"
if(password_needs_rehash($passwordFromDatabase, PASSWORD_BCRYPT, ["cost" => 12]) && hash("sha512", $passwordFromForm) === $passwordFromDatabase){
// generate new password hash
$newPasswordHash = password_hash($passwordFromForm, PASSWORD_BCRYPT, ["cost" => 12]);
// update hash from database - replace old hash $passwordFromDatabase with new hash $newPasswordHash
// after update login user
if(password_verify($passwordFromForm, $newPasswordHash)){
// user has logged in successful and hash was updated
// redirect to user area
}else{
// ups something went wrong Exception
}
}else{
if(password_verify($passwordFromForm, $passwordFromDatabase)){
// user password hash from database is already BCRYPTed no need to rehash
// user has logged in successfully
// redirect to user area
}else{
// wrong password
// no access granted - stay where you are
}
}
Ps. If you think about setting your own salt... please don't do that. You won't do it better than a native password_hash(...) php function. Just set the cost which provides balance between check speed and security against brute forcing. If you leave options blank, the cost will by default get set to 10.