PhpassHashedPassword::needsRehash

public PhpassHashedPassword::needsRehash($hash)

Check whether a hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed by a modification of the password-service in the dependency injection container or if the user's password hash was generated in an update like user_update_7000() (see the Drupal 7 documentation).

Parameters

string $hash: The existing hash to be checked.

Return value

bool TRUE if the hash is outdated and needs rehash.

Overrides PasswordInterface::needsRehash

File

core/lib/Drupal/Core/Password/PhpassHashedPassword.php, line 257

Class

PhpassHashedPassword
Secure password hashing functions based on the Portable PHP password hashing framework.

Namespace

Drupal\Core\Password

Code

public function needsRehash($hash) {
  // Check whether this was an updated password.
  if ((substr($hash, 0, 3) != '$S$') || (strlen($hash) != static::HASH_LENGTH)) {
    return TRUE;
  }
  // Ensure that $count_log2 is within set bounds.
  $count_log2 = $this->enforceLog2Boundaries($this->countLog2);
  // Check whether the iteration count used differs from the standard number.
  return ($this->getCountLog2($hash) !== $count_log2);
}
doc_Drupal
2016-10-29 09:33:51
Comments
Leave a Comment

Please login to continue.