You need to retrieve the password from the database matching on the username.
SELECT password FROM members WHERE psuedo = ?
Then validate the supplied password matching the username.
if (password_verify($_POST['password'], $userInfo['password'])) {
//... valid user
} else {
//... invalid user
}
If it returns true, it means the username and password entered matches the user in the database.
If your pseudo column is not unique (which I see you check for), you would need to iterate over all of the users to find the password that passes password_verify.
The reason is password_hash generates a unique salt every time it is called, causing the generated hashed password to be different. Making it impossible to query the password stored in the database.
So this will not work
var_dump(password_hash('test', \PASSWORD_DEFAULT) === password_hash('test', \PASSWORD_DEFAULT)); //false
Result: https://3v4l.org/jM4YH
Additionally, you need to change your password_hash usage to:
$hash = password_hash($password, \PASSWORD_DEFAULT, ['cost' => 12]);
As it is currently, every user’s password would be the word password and not the password they supplied.
As a note, you should also utilize password_needs_rehash after verification, of which an example of a successful login is on the page. This will ensure passwords are maintained for security updates released by PHP.
Updated
With the question modified to match my suggestions.
You need to retrieve the password from the database, by matching the user to the one supplied.
$repnom = $connect->prepare("SELECT password FROM membres WHERE pseudo = ?");
$repnom->execute(array($passwordconnect));
Should be sending the pseudo param, not the password param
$repnom->execute(array($pseudoconnect));
Also since you run htmlspecialchars on the password saved in the database, you should use the same on password_verify
$passwordconnect = htmlspecialchars($_POST['passwordconnect']);
//...
password_verify($passwordconnect, $userinfo['password']);
solved password_verify() does not work