public PhpassHashedPassword::check($password, $hash)
Check whether a plain text password matches a hashed password.
Parameters
string $password: A plain-text password
string $hash: A hashed password.
Return value
bool TRUE if the password is valid, FALSE if not.
Overrides PasswordInterface::check
File
- core/lib/Drupal/Core/Password/PhpassHashedPassword.php, line 221
Class
- PhpassHashedPassword
- Secure password hashing functions based on the Portable PHP password hashing framework.
Namespace
Drupal\Core\Password
Code
public function check($password, $hash) { if (substr($hash, 0, 2) == 'U$') { // This may be an updated password from user_update_7000(). Such hashes // have 'U' added as the first character and need an extra md5() (see the // Drupal 7 documentation). $stored_hash = substr($hash, 1); $password = md5($password); } else { $stored_hash = $hash; } $type = substr($stored_hash, 0, 3); switch ($type) { case '$S$': // A normal Drupal 7 password using sha512. $computed_hash = $this->crypt('sha512', $password, $stored_hash); break; case '$H$': // phpBB3 uses "$H$" for the same thing as "$P$". case '$P$': // A phpass password generated using md5. This is an // imported password or from an earlier Drupal version. $computed_hash = $this->crypt('md5', $password, $stored_hash); break; default: return FALSE; } // Compare using hashEquals() instead of === to mitigate timing attacks. return $computed_hash && Crypt::hashEquals($stored_hash, $computed_hash); }
Please login to continue.