doufusi2013 2015-07-25 05:36 采纳率: 0%
浏览 223
已采纳

Laravel - 你如何使用Hash :: needsRehash()?

I'm wondering how to use Hash::needsRehash() as I'm struggling to see using the documentation exactly what it's for.

if (Hash::needsRehash($hashed)) {
    $hashed = Hash::make('plain-text');
}

What exactly causes Hash::needsRehash() to return true or false, does it return true if the hashed password is in another hash (such as MD5, SHA1 etc)?

In the case that your database is full of hashes in another algorithm and Hash::needsRehash() returns true, how would you rehash the users password so that it's they're up to date? You can't rely on the "login" password because it needs to be compared first to validate, right?

I guess maybe I'm overthinking things but I'm confused right now. Luckily my users passwords are using password_hash() anyway so shouldn't be a problem.

  • 写回答

3条回答 默认 最新

  • douzhi3779 2015-07-25 05:47
    关注

    Hash::needsReHash() just calls php's built-in password_needs_rehash function. A helpful comment in the docs is:

    // Check if a newer hashing algorithm is available
// or the cost has changed
if (password_needs_rehash($hash, PASSWORD_DEFAULT, $options)) {

    So Hash::needsReHash() will return false if and only if hashing algorithm has changed (since you're not passing any options such as cost).

    As for how and when to use this, you can only rehash a user's password when you have it -- e.g. when they're logging in. So during the login process, you check if their stored password's algorithm differs from your current algorithm, and if so, you replace their stored password hash with a new one.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)
编辑
预览

报告相同问题?

手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

 客服 返回
顶部