public function PhpassHashedPassword::needsRehash

public PhpassHashedPassword::needsRehash($hash)

Check whether a hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed by a modification of the password-service in the dependency injection container or if the user's password hash was generated in an update like user_update_7000() (see the Drupal 7 documentation).


string $hash: The existing hash to be checked.

Return value

bool TRUE if the hash is outdated and needs rehash.

Overrides PasswordInterface::needsRehash


core/lib/Drupal/Core/Password/ PhpassHashedPassword.php, line 257


Secure password hashing functions based on the Portable PHP password hashing framework.




public function needsRehash($hash) {
  // Check whether this was an updated password.
  if ((substr($hash, 0, 3) != '$S$') || (strlen($hash) != static::HASH_LENGTH)) {
    return TRUE;
  // Ensure that $count_log2 is within set bounds.
  $count_log2 = $this->enforceLog2Boundaries($this->countLog2);
  // Check whether the iteration count used differs from the standard number.
  return ($this->getCountLog2($hash) !== $count_log2);

