Home » API reference » password.inc

user_needs_new_hash

Versions
7
user_needs_new_hash($account)

Check whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable password_count_log2 or DRUPAL_HASH_COUNT or if the user's password hash was generated in an update like user_update_7000().

Alternative implementations of this function might use other criteria based on the fields in $account.

Parameters

$account A user object with at least the fields from the {users} table.

Return value

TRUE or FALSE.

▸ 1 function calls user_needs_new_hash()

▾ 1 function calls user_needs_new_hash()

user_authenticate in modules/user/user.module
Try to validate the user's login credentials locally.

Code

includes/password.inc, line 234

<?php
function user_needs_new_hash($account) {
  // Check whether this was an updated password.
  if ((substr($account->pass, 0, 3) != '$P$') || (strlen($account->pass) != 34)) {
    return TRUE;
  }
  // Check whether the iteration count used differs from the standard number.
  return (_password_get_count_log2($account->pass) != variable_get('password_count_log2', DRUPAL_HASH_COUNT));
}
?>
Login or register to post comments
 
 

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.