7.x password.inc user_hash_password($password, $count_log2 = 0)

Hash a password using a secure hash.


$password: A plain-text password.

$count_log2: Optional integer to specify the iteration count. Generally used only during mass operations where a value less than the default is needed for speed.

Return value

A string containing the hashed password (and a salt), or FALSE on failure.

5 calls to user_hash_password()
PasswordHashingTest::testLongPassword in modules/simpletest/tests/password.test
Verifies that passwords longer than 512 bytes are not hashed.
PasswordHashingTest::testPasswordHashing in modules/simpletest/tests/password.test
Test password hashing.
UpdateScriptFunctionalTest::testUpdateAccess in modules/system/system.test
Tests access to the update script.
UserCancelTestCase::testUserCancelUid1 in modules/user/user.test
Tests that user account for uid 1 cannot be cancelled.
user_save in modules/user/user.module
Save changes to a user account or add a new user.


includes/password.inc, line 211
Secure password hashing functions for user authentication.


function user_hash_password($password, $count_log2 = 0) {
  if (empty($count_log2)) {

    // Use the standard iteration count.
    $count_log2 = variable_get('password_count_log2', DRUPAL_HASH_COUNT);
  return _password_crypt('sha512', $password, _password_generate_salt($count_log2));


flaviovs’s picture

To use this function you have to include password.inc, which should be done indirectly through the password_inc variable, so that custom password hashing can be used.

In other words, your code should look like this:

require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
$hash = user_hash_password($password);

See user_save() for a example.