You can use password hashing but there is also php's crypt() function http://php.net/manual/en/function.crypt.php
They essentially do the same thing but crypt is a little neater IMO. Make sure you also get a good salt generation script so when you save the password in the database here is my password encryption function, notice this isn't that secure without the salt function
function crypt_password($password)
{
if($password){
//blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 base 64
$blowfish = '$2a$10$';
//get the random bytes and makes a salt
$salt = $this->get_salt();
//append salt2 data to the password, and crypt using salt, results in a 60 char output
$crypt_pass = crypt($password,$blowfish . $salt);
//blowfish comes out as 60, check
$len = strlen($crypt_pass);
if($len == 60)
{
return $crypt_pass;
}
else {
throw new Exception('encryption failed');
return false;
}
}
else {
throw new Exception('encryption failed, missing password');
return false;
}
}
and then when you want to verify this password you simply query the database for the login email or user id then to verify its as simple as
if (crypt($input_pass, $stored_pass) == $stored_pass) {
return true;
}