Menu Adam R Brown

WP hooks navigation: Home/browseActions indexFilters index

Source View: wp_hash_password_options

To save our bandwidth, we show only a snippet of code around each occurence of the hook. View complete file in SVN (without highlighting).

Understanding Source Code

The best way to understand what a hook does is to look at where it occurs in the source code.

Remember, this hook may occur in more than one file. Moreover, the hook's context may change from version to version.

Source View

This hook occurs 2 times in this file.

Line Code
2689            * filter. You must ensure that the options are appropriate for the algorithm in use.
2690            *
2691            * @since 6.8.0
2692            *
2693            * @param array $options    Array of options to pass to the password hashing functions.
2694            *                          By default this is an empty array which means the default
2695            *                          options will be used.
2696            * @param string $algorithm The hashing algorithm in use.
2697            */
2698           $options = apply_filters( 'wp_hash_password_options', array(), $algorithm );
2699
2700           // Algorithms other than bcrypt don't need to use pre-hashing.
2701           if ( PASSWORD_BCRYPT !== $algorithm ) {
2702                return password_hash( $password, $algorithm, $options );
2703           }
2704
2705           // Use SHA-384 to retain entropy from a password that's longer than 72 bytes, and a `wp-sha384` key for domain separation.
2706           $password_to_hash = base64_encode( hash_hmac( 'sha384', trim( $password ), 'wp-sha384', true ) );
2707
 
Line Code
2806
2807           if ( ! empty( $wp_hasher ) ) {
2808                return false;
2809           }
2810
2811           /** This filter is documented in wp-includes/pluggable.php */
2812           $algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );
2813
2814           /** This filter is documented in wp-includes/pluggable.php */
2815           $options = apply_filters( 'wp_hash_password_options', array(), $algorithm );
2816
2817           $prefixed = str_starts_with( $hash, '$wp' );
2818
2819           if ( ( PASSWORD_BCRYPT === $algorithm ) && ! $prefixed ) {
2820                // If bcrypt is in use and the hash is not prefixed then it needs to be rehashed.
2821                $needs_rehash = true;
2822           } else {
2823                // Otherwise check the hash minus its prefix if necessary.
2824                $hash_to_check = $prefixed ? substr( $hash, 3 ) : $hash;