I need to decrypt a password. The password is crypted with password_hash function.
$password = 'examplepassword';
$crypted = password_hash($password, PASSWORD_DEFAULT);
$sql_script = 'select * from USERS where username="'.$username.'" and password="'.$inputpassword.'"';
Bcrypt is a one-way hashing algorithm, you can't decrypt hashes. Use password_verify to check whether a password matches the stored hash:
<?php
// See the password_hash() example to see where this came from.
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
In your case, run the SQL query using only the username:
$sql_script = 'select * from USERS where username="'.$username.'"';
And do the password validation in PHP using a code that is similar to the example above.
Edit: Constructing the query this way is very dangerous. If you don't escape the input properly, the code will be vulnerable to SQL injection attacks. See this SO answer on how to prevent SQL injection.