function PhpassHashedPasswordBase::needsRehash

Same name and namespace in other branches
  1. 11.x core/lib/Drupal/Core/Password/PhpassHashedPasswordBase.php \Drupal\Core\Password\PhpassHashedPasswordBase::needsRehash()

Check whether a hashed password needs to be replaced with a new hash.

This is typically called during the login process in order to trigger the rehashing of the password, as in that stage, the plain text password is available.

This method returns TRUE if the password was hashed with an older algorithm.

Parameters

string|null $hash: The hash to be checked.

Return value

bool TRUE if the hash is outdated and needs rehash.

Overrides PasswordInterface::needsRehash

File

core/lib/Drupal/Core/Password/PhpassHashedPasswordBase.php, line 308

Class

PhpassHashedPasswordBase
Legacy password hashing framework.

Namespace

Drupal\Core\Password

Code

public function needsRehash(#[\SensitiveParameter] $hash) {
  if (isset($this->corePassword)) {
    return $this->corePassword
      ->needsRehash($hash);
  }
  // Check whether this was an updated password.
  if (!str_starts_with($hash, '$S$') || strlen($hash) != static::HASH_LENGTH) {
    return TRUE;
  }
  // Ensure that $count_log2 is within set bounds.
  // @phpstan-ignore-next-line
  $count_log2 = $this->enforceLog2Boundaries($this->countLog2);
  // Check whether the iteration count used differs from the standard number.
  return $this->getCountLog2($hash) !== $count_log2;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.