wpseek.com
A WordPress-centric search engine for devs and theme authors



wp_password_needs_rehash › WordPress Function

Since6.8.0
Deprecatedn/a
wp_password_needs_rehash ( $hash, $user_id = '' )
Parameters: (2)
  • (string) $hash Hash of a password to check.
    Required: Yes
  • (string|int) $user_id Optional. ID of a user associated with the password.
    Required: No
    Default: (empty)
Returns:
  • (bool) Whether the hash needs to be rehashed.
Defined at:
Codex:

Checks whether a password hash needs to be rehashed.

Passwords are hashed with bcrypt using the default cost. A password hashed in a prior version of WordPress may still be hashed with phpass and will need to be rehashed. If the default cost or algorithm is changed in PHP or WordPress then a password hashed in a previous version will need to be rehashed. Note that, just like wp_check_password(), this function may be used to check a value that is not a user password. A plugin may use this function to check a password of a different type, and there may not always be a user ID associated with the password.


Related Functions: wp_lostpassword_url, wp_ajax_send_password_reset, wp_get_password_hint, post_password_required, get_password_reset_key

Source 

function wp_password_needs_rehash( $hash, $user_id = '' ) {
		global $wp_hasher;

		if ( ! empty( $wp_hasher ) ) {
			return false;
		}

		/** This filter is documented in wp-includes/pluggable.php */
		$algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );

		/** This filter is documented in wp-includes/pluggable.php */
		$options = apply_filters( 'wp_hash_password_options', array(), $algorithm );

		$prefixed = str_starts_with( $hash, '$wp' );

		if ( ( PASSWORD_BCRYPT === $algorithm ) && ! $prefixed ) {
			// If bcrypt is in use and the hash is not prefixed then it needs to be rehashed.
			$needs_rehash = true;
		} else {
			// Otherwise check the hash minus its prefix if necessary.
			$hash_to_check = $prefixed ? substr( $hash, 3 ) : $hash;
			$needs_rehash  = password_needs_rehash( $hash_to_check, $algorithm, $options );
		}

		/**
		 * Filters whether the password hash needs to be rehashed.
		 *
		 * @since 6.8.0
		 *
		 * @param bool       $needs_rehash Whether the password hash needs to be rehashed.
		 * @param string     $hash         The password hash.
		 * @param string|int $user_id      Optional. ID of a user associated with the password.
		 */
		return apply_filters( 'password_needs_rehash', $needs_rehash, $hash, $user_id );
	}
endif;

if ( ! function_exists( 'wp_generate_password' ) ) :
	/**
	 * Generates a random password drawn from the defined set of characters.
	 *
	 * Uses wp_rand() to create passwords with far less predictability
	 * than similar native PHP functions like `rand()` or `mt_rand()`.
	 *
	 * @since 2.5.0
	 *
	 * @param int  $length              Optional. The length of password to generate. Default 12.
	 * @param bool $special_chars       Optional. Whether to include standard special characters.
	 *                                  Default true.
	 * @param bool $extra_special_chars Optional. Whether to include other special characters.
	 *                                  Used when generating secret keys and salts. Default false.
	 * @return string The random password.
	 */