PHP password_needs_rehash() Function Usage and Example

PHP Password Hashing Algorithm

The password_hash() function is used to check if the hash value matches the specified options.

PHP Version Requirement: PHP 5 >= 5.5.0, PHP 7

Syntax

bool password_needs_rehash ( string $hash , int $algo [, array $options ] )

Parameter Description:

• hash: A hash value created by password_hash().
• algo: A constant used to indicate the password hashing algorithm when hashing passwords.
• options: An associative array containing options. Currently supports two options: salt, the干扰string added when hashing passwords, and cost, used to indicate the number of levels of recursion of the algorithm. Examples of these values can be found on the crypt() page. Omitted, it will use a random salt value and default cost.

Return Value

This function checks if the specified hash value has implemented the provided algorithm and options. If not, the hash value needs to be regenerated.

Online Examples

<?php
$password = 'rasmuslerdorf';
$hash = '$2y$10$YCFsG6elYca568hBi2pZ0.3LDL5wjgxct1N8w/oLR/jfHsiQwCqTS';
// The cost parameter can be modified again when the hardware performance is improved
$options = array('cost' => 11);
// Verify the stored hash according to the plain text password
if (password_verify($password, $hash)) {
    // Check if there are any updated hash algorithms available
    // or the cost changes
    if (password_needs_rehash($hash, PASSWORD_DEFAULT, $options)) {
        // If so, create a new hash to replace the old hash
        $newHash = password_hash($password, PASSWORD_DEFAULT, $options);
    }
    // Enables user login
}
?>

PHP Password Hashing Algorithm