phpmysqlphp-password-hashstring-hashing

How to use the password_needs_rehash function in PHP 5.5


I have a set of passwords in my database that I had earlier hashed using sha512 and now that I have upgraded my server to PHP 5.5, I would like to use the bcrypt password hashing. So my idea is to have the user's login and then call this password_needs_rehash function described here to check the password and then update the password hash in database:

http://php.net/manual/en/function.password-needs-rehash.php

I'm not sure how to use this function though,there are no examples listed here and it doesn't really clarify what the options array is for. Do I just need to call the password_needs_rehash function like this:

if (password_needs_rehash ($current_hash, PASSWORD_BCRYPT)) {
  // update the password using password_hash
}

Solution

  • Yes, that's the general idea.

    If the password needs to be rehashed, then you just call password_hash() to rehash it. And, of course, save the new hash in your database.

    if (password_needs_rehash ($current_hash, PASSWORD_BCRYPT)) {
      // update the password using password_hash
      $new_hash = password_hash($cleartext_password, PASSWORD_BCRYPT)
      // update the database
      ...
    }