password_verify() alternative? - PHP

Question

I am trying to make a simple login thing, if you will call it. I'm using MySQLi and so far it looks good.

<?php
    ob_start();

    $myusername = @$_POST['username'];
    $mypassword = @$_POST['password'];

    if (isset($_POST['logged'])) {
        $link->escape_string($myusername);
        $link->escape_string($mypassword);
        $stmt = $link->prepare("SELECT * FROM members WHERE username=?") or die ($link->error);
        $stmt->bind_param('s', $myusername);
        $stmt->execute() or die($stmt->error);
        $stmt->store_result();
        $count = $stmt->num_rows();

        if (!empty($myusername) && !empty($mypassword)) {
            if($count == 1) {
                $rs = $link->query("SELECT * FROM members WHERE username='$myusername'");
                $row = $rs->fetch_array(MYSQLI_ASSOC);
                if (password_verify($mypassword, $row['password'])) {
                    $_SESSION['username'] = $myusername;
                    $_SESSION['first_name'] = $row['first_name'];
                    $_SESSION['last_name'] = $row['last_name'];
                    $_SESSION['email'] = $row['email'];
                    $_SESSION['loggedIn'] = true;
                    header("Location: login.php");
                }
                else {
                    echo "<p style=\"color: red\">Wrong Password</p>";
                }
            }
            else {
                echo "<p style=\"color: red\">Wrong Username</p>";
            }
        }
        else {
            echo "<p style=\"color: red\">Fill in all fields</p>";
        }
    }
?>

It works good on localhost, but sadly does not work on my domain because whenever I press the login button, the form disappears and I'm left with nothing. I contacted the domain provider and they told me it might be something in my code. I'm pretty sure my code is good to go, as it works on a localhost server.

To save hassle, I thought maybe I can just use an alternative. But I remembered I'm using crypt() to store passwords into the database, and I believe those generate randomly. Is there any other way to see if the encrypted version of whatever the user types in matches what's in the database?

Answer 1

password_verify is available for PHP >= 5.5.0, so your hosting might not have the required PHP version.

See: http://docs.php.net/manual/en/function.password-verify.php

You could try something like this:

crypt($row['password'], $mypassword) == $mypassword

Answer 2

password_hash and its companion password_verify are available in PHP >= 5.5

But there is a compatibility library / backport that makes them available for PHP >= 5.3.10 at https://github.com/ircmaxell/password_compat