Until then, I hope everyone is using a throwaway password for accounts that can be non-disastrously stolen, and using strong unique passwords for the important ones.
Nice catch, by the way.
hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
if bcrypt.hashpw(password, hashed_password) == hashed_password:
print 'Password is correct!'
print 'Wrong password.'
Edit: I'm wrong, sorry.
(I'm being serious, not snarky).
$salt = '$2a$08$' . $random_data;
$hash = crypt($password, $salt);
(08 is the cost factor - you can change it, but 8 seemed reasonable in my tests.)
If you google bcrypt and php you'll find a very complex and large class for doing this. It's no longer necessary - current versions of PHP have it built in.
What if you're integrating with something like a Windows VPN w/RADIUS, which needs the plaintext password?
Bcrypt, while trivial for many applications, is not the answer to everything.
I estimate that the average web user understands about 66% of those words. And that's if we give them 'password'.
Why even bother with the distinction. Use a unique password for every login. Use something to manage your passwords. If someone is unwilling to generate a password for an unimportant site, they're probably also too lazy to properly generate unique passwords for sites that matter.