password_needs_rehash

    (PHP 5 >= 5.5.0, PHP 7, PHP 8)

    password_needs_rehashChecks if the given hash matches the given options

    Description

    password_needs_rehash(string$hash, string|int|null$algo, array$options = []): bool

    This function checks to see if the supplied hash implements the algorithm and options provided. If not, it is assumed that the hash needs to be rehashed.

    Parameters

    hash

    A hash created by password_hash().

    algo

    A password algorithm constant denoting the algorithm to use when hashing the password.

    options

    An associative array containing options. See the password algorithm constants for documentation on the supported options for each algorithm.

    Return Values

    Returns true if the hash should be rehashed to match the given algo and options, or false otherwise.

    Changelog

    VersionDescription
    7.4.0 The algo parameter expects a string now, but still accepts ints for backward compatibility.

    Examples

    Example #1 Usage of password_needs_rehash()

    <?php

    $password     = 'rasmuslerdorf';
    $hash = '$2y$10$YCFsG6elYca568hBi2pZ0.3LDL5wjgxct1N8w/oLR/jfHsiQwCqTS';

    $algorithm = PASSWORD_BCRYPT;
    // bcrypt's cost parameter can change over time as hardware improves
    $options = ['cost' => 12];

    // Verify stored hash against plain-text password
    if (password_verify($password, $hash)) {
    // Check if either the algorithm or the options have changed
    if (password_needs_rehash($hash, $algorithm, $options)) {
    // If so, create a new hash, and replace the old one
    $newHash = password_hash($password, $algorithm, $options);

    // Update the user record with the $newHash
    }

    // Perform the login.
    }
    ?>
    To Top