class PhpPassword

Same name in other branches
  1. 10 core/lib/Drupal/Core/Password/PhpPassword.php \Drupal\Core\Password\PhpPassword

Secure PHP password hashing functions.

Hierarchy

Expanded class hierarchy of PhpPassword

See also

https://www.php.net/manual/en/book.password.php

2 files declare their use of PhpPassword
PasswordVerifyTest.php in core/modules/phpass/tests/src/Unit/PasswordVerifyTest.php
PhpPasswordTest.php in core/tests/Drupal/Tests/Core/Password/PhpPasswordTest.php
1 string reference to 'PhpPassword'
user_custom_pass_hash_params_test.services.yml in core/modules/user/tests/modules/user_custom_pass_hash_params_test/user_custom_pass_hash_params_test.services.yml
core/modules/user/tests/modules/user_custom_pass_hash_params_test/user_custom_pass_hash_params_test.services.yml
1 service uses PhpPassword
password in core/modules/user/tests/modules/user_custom_pass_hash_params_test/user_custom_pass_hash_params_test.services.yml
Drupal\Core\Password\PhpPassword

File

core/lib/Drupal/Core/Password/PhpPassword.php, line 10

Namespace

Drupal\Core\Password
View source
class PhpPassword implements PasswordInterface {
    
    /**
     * Constructs a new password hashing instance.
     *
     * @param string $algorithm
     *   The hashing algorithm to use. Defaults to PHP default.
     * @param array $options
     *   List of options. Refer to password_hash() for available options.
     *
     * @see https://www.php.net/password_hash
     */
    public function __construct(string $algorithm = PASSWORD_DEFAULT, array $options = []) {
    }
    
    /**
     * {@inheritdoc}
     */
    public function hash($password) {
        // Prevent DoS attacks by refusing to hash large passwords.
        if (strlen($password) > static::PASSWORD_MAX_LENGTH) {
            return FALSE;
        }
        return password_hash($password, $this->algorithm, $this->options);
    }
    
    /**
     * {@inheritdoc}
     */
    public function check($password, $hash) {
        // Prevent DoS attacks by refusing to check large passwords.
        if (strlen($password) > static::PASSWORD_MAX_LENGTH) {
            return FALSE;
        }
        // Newly created accounts may have empty passwords.
        if ($hash === NULL || $hash === '') {
            return FALSE;
        }
        return password_verify($password, $hash);
    }
    
    /**
     * {@inheritdoc}
     */
    public function needsRehash($hash) {
        return password_needs_rehash($hash, $this->algorithm, $this->options);
    }

}

Members

Title Sort descending Modifiers Object type Summary Overriden Title
PasswordInterface::PASSWORD_MAX_LENGTH constant Maximum password length.
PhpPassword::check public function Check whether a plain text password matches a hashed password. Overrides PasswordInterface::check
PhpPassword::hash public function Hash a password using a secure hash. Overrides PasswordInterface::hash
PhpPassword::needsRehash public function Check whether a hashed password needs to be replaced with a new hash. Overrides PasswordInterface::needsRehash
PhpPassword::__construct public function Constructs a new password hashing instance.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.