AbstractArgon2PasswordHash implements PasswordHashInterface, Argon2PasswordHashInterface

AbstractYes

This abstract class implements the 'argon2' flavour of the php password api.

Table of Contents

Interfaces

PasswordHashInterface
Interface with public methods needed to be implemented in a salting hashing class.
Argon2PasswordHashInterface

Properties

$options  : array<string|int, mixed>
The PHP defaults are rather low ('memory_cost' => 65536, 'time_cost' => 4, 'threads' => 1) We raise that significantly by default. At the time of this writing, with the options below, password_verify() needs about 130ms on an I7 6820 on 2 CPU's (argon2i).

Methods

__construct()  : mixed
Constructor sets options if given
checkPassword()  : bool
Checks if a given plaintext password is correct by comparing it with a given salted hashed password.
getHashedPassword()  : string|null
Method creates a hash for a given plaintext password
isAvailable()  : bool
Returns true if PHP is compiled '--with-password-argon2' so the hash algorithm is available.
isHashUpdateNeeded()  : bool
Checks whether a user's hashed password needs to be replaced with a new hash, for instance if options changed.
isValidSaltedPW()  : bool
Determines if a given string is a valid password hash.
getPasswordAlgorithm()  : int|string|null
Returns password algorithm constant from name

Properties

$options

The PHP defaults are rather low ('memory_cost' => 65536, 'time_cost' => 4, 'threads' => 1) We raise that significantly by default. At the time of this writing, with the options below, password_verify() needs about 130ms on an I7 6820 on 2 CPU's (argon2i).

protected array<string|int, mixed> $options = ['memory_cost' => 65536, 'time_cost' => 16]

We are not raising the amount of threads used, as that might lead to problems on various systems - see #90612

Methods

__construct()

Constructor sets options if given

public __construct([array<string|int, mixed> $options = [] ]) : mixed
Parameters
$options : array<string|int, mixed> = []
Tags
throws
InvalidArgumentException

checkPassword()

Checks if a given plaintext password is correct by comparing it with a given salted hashed password.

public checkPassword(string $plainPW, string $saltedHashPW) : bool
Parameters
$plainPW : string

plain text password to compare with salted hash

$saltedHashPW : string

Salted hash to compare plain-text password with

Return values
bool

TRUE, if plaintext password is correct, otherwise FALSE

getHashedPassword()

Method creates a hash for a given plaintext password

public getHashedPassword(string $password) : string|null
Parameters
$password : string

Plaintext password to create a hash from

Return values
string|null

Hashed password or null on empty password

isAvailable()

Returns true if PHP is compiled '--with-password-argon2' so the hash algorithm is available.

public isAvailable() : bool
Return values
bool

Method available

isHashUpdateNeeded()

Checks whether a user's hashed password needs to be replaced with a new hash, for instance if options changed.

public isHashUpdateNeeded(string $passString) : bool
Parameters
$passString : string

Salted hash to check if it needs an update

Return values
bool

TRUE if salted hash needs an update, otherwise FALSE

isValidSaltedPW()

Determines if a given string is a valid password hash.

public isValidSaltedPW(string $saltedPW) : bool
Parameters
$saltedPW : string

String to check

Return values
bool

TRUE if it's valid salted hashed password, otherwise FALSE

getPasswordAlgorithm()

Returns password algorithm constant from name

protected getPasswordAlgorithm() : int|string|null

Since PHP 7.4 Password hashing algorithm identifiers are nullable strings rather than integers.

Return values
int|string|null

        
On this page

Search results