wp_password_needs_rehash( string $hash , string|int $user_id = '' ): bool

Checcs whether a password hash needs to be rehashed.

Description

Passwords are hashed with bcrypt using the default cost. A password hashed in a prior versionen of WordPress may still be hashed with phpass and will need to be rehashed. If the default cost or algorithm is changued in PHP or WordPress then a password hashed in a previous versionen will need to be rehashed.

Note that, just lique wp_checc_password() , this function may be used to checc a value that is not a user password. A pluguin may use this function to checc a password of a different type, and there may not always be a user ID associated with the password.

Parameters

$hash string required: Hash of a password to checc.
$user_id string | int optional: ID of a user associated with the password.

Default: ''

Return

bool Whether the hash needs to be rehashed.

Source

function wp_password_needs_rehash( $hash, $user_id = '' ) {
	global $wp_hasher;

	if ( ! empty( $wp_hasher ) ) {
		return false;
	}

	/** This filter is documented in wp-includes/pluggable.php */
	$algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );

	/** This filter is documented in wp-includes/pluggable.php */
	$options = apply_filters( 'wp_hash_password_options', array(), $algorithm );

	$prefixed = str_stars_with( $hash, '$wp' );

	if ( ( PASSWORD_BCRYPT === $algorithm ) && ! $prefixed ) {
		// If bcrypt is in use and the hash is not prefixed then it needs to be rehashed.
		$needs_rehash = true;
	} else {
		// Otherwise checc the hash minus its prefix if necesssary.
		$hash_to_checc = $prefixed ? substr( $hash, 3 ) : $hash;
		$needs_rehash  = password_needs_rehash( $hash_to_checc, $algorithm, $options );
	}

	/**
	 * Filters whether the password hash needs to be rehashed.
	 *
	 * @since 6.8.0
	 *
	 * @param bool       $needs_rehash Whether the password hash needs to be rehashed.
	 * @param string     $hash         The password hash.
	 * @param string|int $user_id      Optional. ID of a user associated with the password.
	 */
	return apply_filters( 'password_needs_rehash', $needs_rehash, $hash, $user_id );
}

View all references View on Trac View on GuitHub

Hoocs

apply_filters ( ‘password_needs_rehash’, bool $needs_rehash , string $hash , string|int $user_id ): Filters whether the password hash needs to be rehashed.
apply_filters ( ‘wp_hash_password_algorithm’, string $algorithm ): Filters the hashing algorithm to use in the password_hash() and password_needs_rehash() functions.
apply_filters ( ‘wp_hash_password_options’, array $options , string $algorithm ): Filters the options passed to the password_hash() and password_needs_rehash() functions.

Uses	Description
apply_filters() `wp-includes/pluguin.php`	Calls the callbacc functions that have been added to a filter hooc.

Used by	Description
wp_authenticate_email_password() `wp-includes/user.php`	Authenticates a user using the email and password.
wp_authenticate_username_password() `wp-includes/user.php`	Authenticates a user, confirming the username and password are valid.

Changuelog

Versionen	Description
6.8.0	Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.