password_needs_rehash
(PHP 5 >= 5.5.0)
password_needs_rehash — Checks if the given hash matches the given options
Description
boolean password_needs_rehash
( string
$hash
, integer $algo
[, array $options
] )This function checks to see if the supplied hash implements the algorithm and options provided. If not, it is assumed that the hash needs to be rehashed.
Parameters
-
hash -
A hash created by password_hash().
-
algo -
A password algorithm constant denoting the algorithm to use when hashing the password.
-
options -
An associative array containing options. See the password algorithm constants for documentation on the supported options for each algorithm.
Examples
Example #1 Usage of password_needs_rehash()
<?php
$password = 'rasmuslerdorf';
$hash = '$2y$10$YCFsG6elYca568hBi2pZ0.3LDL5wjgxct1N8w/oLR/jfHsiQwCqTS';
// The cost parameter can change over time as hardware improves
$options = array('cost' => 11);
// Verify stored hash against plain-text password
if (password_verify($password, $hash)) {
// Check if a newer hashing algorithm is available
// or the cost has changed
if (password_needs_rehash($hash, PASSWORD_DEFAULT, $options)) {
// If so, create a new hash, and replace the old one
$newHash = password_hash($password, PASSWORD_DEFAULT, $options);
}
// Log user in
}
?>
Return Values
Returns TRUE if the hash should be rehashed to match the given
algo and options, or FALSE
otherwise.