wpseek.com
Eine auf WordPress spezialiserte Suchmaschine für Entwickler und Theme-Autoren
wp_hash_password › WordPress Function
Seit2.5.0
Veraltetn/v
› wp_hash_password ( $password )
| Parameter: |
|
| Gibt zurück: |
|
| Definiert in: |
|
| Codex: | |
| Changelog: |
|
Creates a hash of a plain text password.
For integration with other applications, this function can be overwritten to instead use the other package password hashing algorithm.Ähnliche Funktionen: wp_set_password, wp_check_password, wp_generate_password, wp_lostpassword_url, the_post_password
Quellcode
function wp_hash_password(
#[\SensitiveParameter]
$password
) {
global $wp_hasher;
if ( ! empty( $wp_hasher ) ) {
return $wp_hasher->HashPassword( trim( $password ) );
}
if ( strlen( $password ) > 4096 ) {
return '*';
}
/**
* Filters the hashing algorithm to use in the password_hash() and password_needs_rehash() functions.
*
* The default is the value of the `PASSWORD_BCRYPT` constant which means bcrypt is used.
*
* **Important:** The only password hashing algorithm that is guaranteed to be available across PHP
* installations is bcrypt. If you use any other algorithm you must make sure that it is available on
* the server. The `password_algos()` function can be used to check which hashing algorithms are available.
*
* The hashing options can be controlled via the {@see 'wp_hash_password_options'} filter.
*
* Other available constants include:
*
* - `PASSWORD_ARGON2I`
* - `PASSWORD_ARGON2ID`
* - `PASSWORD_DEFAULT`
*
* @since 6.8.0
*
* @param string $algorithm The hashing algorithm. Default is the value of the `PASSWORD_BCRYPT` constant.
*/
$algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );
/**
* Filters the options passed to the password_hash() and password_needs_rehash() functions.
*
* The default hashing algorithm is bcrypt, but this can be changed via the {@see 'wp_hash_password_algorithm'}
* filter. You must ensure that the options are appropriate for the algorithm in use.
*
* @since 6.8.0
*
* @param array $options Array of options to pass to the password hashing functions.
* By default this is an empty array which means the default
* options will be used.
* @param string $algorithm The hashing algorithm in use.
*/
$options = apply_filters( 'wp_hash_password_options', array(), $algorithm );
// Algorithms other than bcrypt don't need to use pre-hashing.
if ( PASSWORD_BCRYPT !== $algorithm ) {
return password_hash( $password, $algorithm, $options );
}
// Use SHA-384 to retain entropy from a password that's longer than 72 bytes, and a `wp-sha384` key for domain separation.
$password_to_hash = base64_encode( hash_hmac( 'sha384', trim( $password ), 'wp-sha384', true ) );
// Add a prefix to facilitate distinguishing vanilla bcrypt hashes.
return '$wp' . password_hash( $password_to_hash, $algorithm, $options );
}
endif;
if ( ! function_exists( 'wp_check_password' ) ) :
/**
* Checks a plaintext password against a hashed password.
*
* Note that this function may be used to check a value that is not a user password.
* A plugin may use this function to check a password of a different type, and there
* may not always be a user ID associated with the password.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password hashing algorithm.
*
* @since 2.5.0
* @since 6.8.0 Passwords in WordPress are now hashed with bcrypt by default. A
* password that wasn't hashed with bcrypt will be checked with phpass.
* Passwords hashed with md5 are no longer supported.
*
* @global PasswordHash $wp_hasher phpass object. Used as a fallback for verifying
* passwords that were hashed with phpass.
*
* @param string $password Plaintext password.
* @param string $hash Hash of the password to check against.
* @param string|int $user_id Optional. ID of a user associated with the password.
* @return bool False, if the $password does not match the hashed password.
*/