Storing Hashes to Password in PHP

Question

I am new to hashes password storage. Can someone point of what I might be doing wrong. I'm using specially PHP, not C or any deviation of C.

Storing Hash:

1. Receive password
2. Send it to password_hash() function with an algorithm like sha-512, and a cost factor.
3. Little stuck here. When iterating do I use the received password hash?
4. Length it with pbkdf2 key deviation function.
5. Store in database.

Retrieving Hash:

1. Get user's attempt at password.
2. Stuck here also but I assume you use the password_verify function.
3. If a match validate other deny.

If someone could post a correct solution that would be much obliged.

Answer 1

Why bother with while() loops if you can just use the build-in options?

$password = $_POST['password'];
$hash = password_hash($password,PASSWORD_DEFAULT, array('cost' => 12));
echo $hash;

This is the correct way to do it. And to verify the password all you have to do is the following.

if(password_verify($password, $hash)){
    //valid password
}