$username = mysqli_real_escape_string($sql_conn, $_POST['username']);

1. $username = mysqli_real_escape_string($sql_conn, $_POST['username']);
2.  
3. $password = mysqli_real_escape_string($sql_conn, $_POST['password']);
4. $password_hashed = password_hash($password, PASSWORD_BCRYPT);
5. /*if(mysqli_query($sql_conn, "INSERT INTO cs490_logins(username,password) VALUES('$username','$password_hashed')") == true) {
6. print "<br>successfully inserted a row!";
7. }
8. else
9. print "<br>Query failed...";*/
10.  
11.  
12. $loginValid = false; //flag for login
13.  
14. $query = "SELECT * FROM `cs490_logins` WHERE `username` = '$username' ";
15. $rehash_query = mysqli_query($sql_conn, "UPDATE `cs490_logins` SET `password` = '$password_hashed' WHERE `username` = '$username'");
16. $get_hash = mysqli_fetch_array($query, MYSQLI_ASSOC); //getter for hashed password in db
17. //$ifPassValid = password_verify($password, $get_hash['password']);
18. //echo $get_hash'password'];
19. if($result=mysqli_query($sql_conn, $query)) { //check if query works
20. if(mysqli_num_rows($result) > 0) { //check if username and password matches and exists
21. echo "<br>Found you in the database!";
22. if($ifPassValid) {
23. $loginValid = true;
24. echo "Logged in!";
25. }
26. if(password_needs_rehash($password_hashed, PASSWORD_BCRYPT)) { //rehash password since it's void after 'password_verify'
27. $password_hashed = password_hash($password, PASSWORD_BCRYPT);
28. mysqli_query($sql_conn, $rehash_query);
29. echo "<br>password has been rehashed...";
30. }
31. }
32. }