Argon2idPasswordHash extends AbstractArgon2PasswordHash
This class implements the 'argon2id' flavour of the php password api.
Hashes are identified by the prefix '$argon2id$'.
The length of an argon2id password hash (in the form it is received from PHP) depends on the environment.
Tags
Table of Contents
Properties
- $options : array<string|int, mixed>
- The PHP defaults are rather low ('memory_cost' => 65536, 'time_cost' => 4, 'threads' => 1) We raise that significantly by default. At the time of this writing, with the options below, password_verify() needs about 130ms on an I7 6820 on 2 CPU's (argon2i).
Methods
- __construct() : mixed
- Constructor sets options if given
- checkPassword() : bool
- Checks if a given plaintext password is correct by comparing it with a given salted hashed password.
- getHashedPassword() : string|null
- Creates a salted hash for a given plaintext password
- getPasswordAlgorithmName() : string
- getPasswordHashPrefix() : string
- isAvailable() : bool
- Returns true if PHP is compiled '--with-password-argon2' so the hash algorithm is available.
- isHashUpdateNeeded() : bool
- Checks whether a user's hashed password needs to be replaced with a new hash, for instance if options changed.
- isValidSaltedPW() : bool
- Determines if a given string is a valid salted hashed password.
- getPasswordAlgorithm() : int|string|null
- Returns password algorithm constant from name
Properties
$options
The PHP defaults are rather low ('memory_cost' => 65536, 'time_cost' => 4, 'threads' => 1) We raise that significantly by default. At the time of this writing, with the options below, password_verify() needs about 130ms on an I7 6820 on 2 CPU's (argon2i).
protected
array<string|int, mixed>
$options
= ['memory_cost' => 65536, 'time_cost' => 16]
We are not raising the amount of threads used, as that might lead to problems on various systems - see #90612
Methods
__construct()
Constructor sets options if given
public
__construct([array<string|int, mixed> $options = [] ]) : mixed
Parameters
- $options : array<string|int, mixed> = []
Tags
checkPassword()
Checks if a given plaintext password is correct by comparing it with a given salted hashed password.
public
checkPassword(string $plainPW, string $saltedHashPW) : bool
Parameters
- $plainPW : string
-
plain text password to compare with salted hash
- $saltedHashPW : string
-
Salted hash to compare plain-text password with
Return values
bool —TRUE, if plaintext password is correct, otherwise FALSE
getHashedPassword()
Creates a salted hash for a given plaintext password
public
getHashedPassword(string $password) : string|null
Parameters
- $password : string
-
Plaintext password to create a salted hash from
Return values
string|null —Salted hashed password
getPasswordAlgorithmName()
public
getPasswordAlgorithmName() : string
Return values
stringgetPasswordHashPrefix()
public
getPasswordHashPrefix() : string
Return values
stringisAvailable()
Returns true if PHP is compiled '--with-password-argon2' so the hash algorithm is available.
public
isAvailable() : bool
Return values
boolisHashUpdateNeeded()
Checks whether a user's hashed password needs to be replaced with a new hash, for instance if options changed.
public
isHashUpdateNeeded(string $passString) : bool
Parameters
- $passString : string
-
Salted hash to check if it needs an update
Return values
bool —TRUE if salted hash needs an update, otherwise FALSE
isValidSaltedPW()
Determines if a given string is a valid salted hashed password.
public
isValidSaltedPW(string $saltedPW) : bool
Parameters
- $saltedPW : string
-
String to check
Return values
bool —TRUE if it's valid salted hashed password, otherwise FALSE
getPasswordAlgorithm()
Returns password algorithm constant from name
protected
getPasswordAlgorithm() : int|string|null
Since PHP 7.4 Password hashing algorithm identifiers are nullable strings rather than integers.