Go to the source code of this file.
Enumerations | |
enum | DRUPAL_HASH_COUNT |
enum | DRUPAL_MIN_HASH_COUNT |
enum | DRUPAL_MAX_HASH_COUNT |
Functions | |
_password_itoa64 () | |
_password_base64_encode ($input, $count) | |
_password_generate_salt ($count_log2) | |
_password_crypt ($password, $setting) | |
_password_get_count_log2 ($setting) | |
user_hash_password ($password, $count_log2=0) | |
user_check_password ($password, $account) | |
user_needs_new_hash ($account) |
Based on the Portable PHP password hashing framework.
Definition in file password.inc.
enum DRUPAL_HASH_COUNT |
The standard log2 number of iterations for password stretching. This should increase by 1 at least every other Drupal version in order to counteract increases in the speed and power of computers available to crack the hashes.
Definition at line 22 of file password.inc.
The maximum allowed log2 number of iterations for password stretching.
Definition at line 32 of file password.inc.
The minimum allowed log2 number of iterations for password stretching.
Definition at line 27 of file password.inc.
_password_base64_encode | ( | $ | input, | |
$ | count | |||
) |
Encode bytes into printable base 64 using the *nix standard from crypt().
$input | The string containing bytes to encode. | |
$count | The number of characters (bytes) to encode. |
Definition at line 52 of file password.inc.
References $output, $value, and _password_itoa64().
Referenced by _password_crypt(), and _password_generate_salt().
_password_crypt | ( | $ | password, | |
$ | setting | |||
) |
Hash a password using a secure stretched hash.
By using a salt and repeated hashing the password is "stretched". Its security is increased because it becomes much more computationally costly for an attacker to try to break the hash by brute-force computation of the hashes of a large number of plain-text words or strings to find a match.
$password | The plain-text password to hash. | |
$setting | An existing hash or the output of _password_generate_salt(). |
Definition at line 124 of file password.inc.
References $output, _password_base64_encode(), and _password_get_count_log2().
Referenced by user_check_password(), and user_hash_password().
_password_generate_salt | ( | $ | count_log2 | ) |
Generates a random base 64-encoded salt prefixed with settings for the hash.
Proper use of salts may defeat a number of attacks, including:
$count_log2 | Integer that determines the number of iterations used in the hashing process. A larger value is more secure, but takes more time to complete. |
Definition at line 95 of file password.inc.
References $output, _password_base64_encode(), _password_itoa64(), and drupal_random_bytes().
Referenced by user_hash_password().
_password_get_count_log2 | ( | $ | setting | ) |
Parse the log2 iteration count from a stored hash or setting string.
Definition at line 163 of file password.inc.
References _password_itoa64().
Referenced by _password_crypt(), and user_needs_new_hash().
_password_itoa64 | ( | ) |
Returns a string for mapping an int to the corresponding base 64 character.
Definition at line 37 of file password.inc.
Referenced by _password_base64_encode(), _password_generate_salt(), and _password_get_count_log2().
user_check_password | ( | $ | password, | |
$ | account | |||
) |
Check whether a plain text password matches a stored hashed password.
Alternative implementations of this function may use other data in the $account object, for example the uid to look up the hash in a custom table or remote database.
$password | A plain-text password | |
$account | A user object with at least the fields from the {users} table. |
Definition at line 203 of file password.inc.
References _password_crypt().
user_hash_password | ( | $ | password, | |
$ | count_log2 = 0 | |||
) |
Hash a password using a secure hash.
$password | A plain-text password. | |
$count_log2 | Optional integer to specify the iteration count. Generally used only during mass operations where a value less than the default is needed for speed. |
Definition at line 180 of file password.inc.
References _password_crypt(), _password_generate_salt(), and variable_get().
user_needs_new_hash | ( | $ | account | ) |
Check whether a user's hashed password needs to be replaced with a new hash.
This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable password_count_log2 or DRUPAL_HASH_COUNT or if the user's password hash was generated in an update like user_update_7000().
Alternative implementations of this function might use other criteria based on the fields in $account.
$account | A user object with at least the fields from the {users} table. |
Definition at line 235 of file password.inc.
References _password_get_count_log2(), and variable_get().