I don't think this is something that would require a plugin. In this case I would write something along the lines of this.
This script is assuming the user is making a http POST request to this page, probably by submitting a form somewhere on your website.
If any of this looks foreign to you feel free to ask and I'll be happy to clarify :)
<?php
//Create new database connection
$idForPassword = 5;
$mysqli = new mysqli("localhost", "DBusername", "DBpassword", "DBName");
//Create new prepared statement
$stmt = $mysqli->prepare("SELECT password FROM sometable WHERE id = ?");
$stmt->bind_param("i", $idForPassword);
// execute query
$stmt->execute();
// bind result variables
$stmt->bind_result($result);
$stmt->fetch();
// Hash the password so we aren't storing a password as plain text in the database
// ideally you also add a salt to your password but since this is just an example
// I'll leave that part out
$password = md5($_POST['password']);
if($password == $result)
{
//allow user access
}
else
{
//deny user access
}
edit: A little more info on Salting and Hasing passwords. I'd recommend reading it whenever you get the chance since its a fairly easy way to implement basic level of security if you plan on storing passwords in a database.
The security issue with simple hashing (md5 et al) isn't really the speed, so much as the fact that it's idempotent; two different people with the same password will have the same hash, and so if one person's hash is brute-forced, the other one will as well. This facilitates rainbow attacks. Simply slowing the hash down isn't a very useful tactic for improving security. It doesn't matter how slow and cumbersome your hash algorithm is - as soon as someone has a weak password that's in a dictionary, EVERYONE with that weak password is vulnerable.
Also, hash algorithms such as md5 are for the purpose of generating a digest and checking if two things are probably the same as each other; they are not intended to be impossible to generate a collision for. Even if an underlying password itself requires a lot of brute forcing to determine, that doesn't mean it will be impossible to find some other bit pattern that generates the same hash in a trivial amount of time.
As such: please, please, PLEASE only use salted hashes for password storage. There is no reason to implement your own salted hash mechanism, either, as crypt() already does an excellent job of this.