public function PhpassHashedPassword::needsRehash in Drupal 10
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Password/PhpassHashedPassword.php \Drupal\Core\Password\PhpassHashedPassword::needsRehash()
- 9 core/lib/Drupal/Core/Password/PhpassHashedPassword.php \Drupal\Core\Password\PhpassHashedPassword::needsRehash()
Check whether a hashed password needs to be replaced with a new hash.
This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed by a modification of the password-service in the dependency injection container or if the user's password hash was generated in an update like user_update_7000() (see the Drupal 7 documentation).
Parameters
string $hash: The existing hash to be checked.
Return value
bool TRUE if the hash is outdated and needs rehash.
Overrides PasswordInterface::needsRehash
File
- core/
lib/ Drupal/ Core/ Password/ PhpassHashedPassword.php, line 260
Class
- PhpassHashedPassword
- Secure password hashing functions based on the Portable PHP password hashing framework.
Namespace
Drupal\Core\PasswordCode
public function needsRehash($hash) {
// Check whether this was an updated password.
if (substr($hash, 0, 3) != '$S$' || strlen($hash) != static::HASH_LENGTH) {
return TRUE;
}
// Ensure that $count_log2 is within set bounds.
$count_log2 = $this
->enforceLog2Boundaries($this->countLog2);
// Check whether the iteration count used differs from the standard number.
return $this
->getCountLog2($hash) !== $count_log2;
}