function user_needs_new_hash

1 password.inc user_needs_new_hash($account)

Check whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable password_count_log2 or BACKDROP_HASH_COUNT.

Alternative implementations of this function might use other criteria based on the fields in $account.

Parameters

$account: A user object with at least the fields from the {users} table.

Return value

TRUE or FALSE.:

2 calls to user_needs_new_hash()

PasswordHashingTest::testPasswordHashing in core/modules/simpletest/tests/password.test: Test password hashing.
user_authenticate in core/modules/user/user.module: Try to validate the user's login credentials locally.

File

core/includes/password.inc, line 278: Secure password hashing functions for user authentication.

Code

function user_needs_new_hash($account) {
  // Check whether this was an updated password.
  if ((substr($account->pass, 0, 3) != '$S$') || (strlen($account->pass) != BACKDROP_HASH_LENGTH)) {
    return TRUE;
  }
  // Ensure that $count_log2 is within set bounds.
  $count_log2 = _password_enforce_log2_boundaries(settings_get('password_count_log2', BACKDROP_HASH_COUNT));
  // Check whether the iteration count used differs from the standard number.
  return (_password_get_count_log2($account->pass) !== $count_log2);
}