function PhpassHashedPassword::needsRehash

Same name and namespace in other branches
  1. 8.9.x core/lib/Drupal/Core/Password/PhpassHashedPassword.php \Drupal\Core\Password\PhpassHashedPassword::needsRehash()

Check whether a hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed by a modification of the password-service in the dependency injection container or if the user's password hash was generated in an update like user_update_7000() (see the Drupal 7 documentation).

Parameters

string $hash: The existing hash to be checked.

Return value

bool TRUE if the hash is outdated and needs rehash.

Overrides PasswordInterface::needsRehash

File

core/lib/Drupal/Core/Password/PhpassHashedPassword.php, line 261

Class

PhpassHashedPassword
Secure hashing functions based on Portable PHP password hashing framework.

Namespace

Drupal\Core\Password

Code

public function needsRehash($hash) {
    // Check whether this was an updated password.
    if (substr($hash, 0, 3) != '$S$' || strlen($hash) != static::HASH_LENGTH) {
        return TRUE;
    }
    // Ensure that $count_log2 is within set bounds.
    $count_log2 = $this->enforceLog2Boundaries($this->countLog2);
    // Check whether the iteration count used differs from the standard number.
    return $this->getCountLog2($hash) !== $count_log2;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.