user_needs_new_hash
function user_needs_new_hash
user_needs_new_hash($account)
Check whether a user's hashed password needs to be replaced with a new hash.
This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable password_count_log2 or DRUPAL_HASH_COUNT or if the user's password hash was generated in an update like user_update_7000().
Alternative implementations of this function might use other criteria based on the fields in $account.
Parameters
$account: A user object with at least the fields from the {users} table.
Return value
TRUE or FALSE.
File
- includes/password.inc, line 282
- Secure password hashing functions for user authentication.
Code
function user_needs_new_hash($account) { // Check whether this was an updated password. if ((substr($account->pass, 0, 3) != '$S$') || (strlen($account->pass) != DRUPAL_HASH_LENGTH)) { return TRUE; } // Ensure that $count_log2 is within set bounds. $count_log2 = _password_enforce_log2_boundaries(variable_get('password_count_log2', DRUPAL_HASH_COUNT)); // Check whether the iteration count used differs from the standard number. return (_password_get_count_log2($account->pass) !== $count_log2); }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/includes!password.inc/function/user_needs_new_hash/7.x