I’ve recently been updating a website that was written a long time ago that has not been touched in a meaningful way in many years. In addition to the actual work I was asked to do, I took the opportunity to update the password hashing routines.
This site is so old that the passwords are stored using MD5 hashes. and that’s not really good enough today. So I included updating to bcrypt hashing with password_hash() and password_verify() in my statement of work.