Menu Adam R Brown

WP hooks navigation: Home/browseActions indexFilters index

Source View: wp_hash_password_options

To save our bandwidth, we show only a snippet of code around each occurence of the hook. View complete file in SVN (without highlighting).

Understanding Source Code

The best way to understand what a hook does is to look at where it occurs in the source code.

Remember, this hook may occur in more than one file. Moreover, the hook's context may change from version to version.

Source View

This hook occurs 2 times in this file.

Line Code
2792            * The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier.
2793            *
2794            * @since 6.8.0
2795            *
2796            * @param array      $options   Array of options to pass to the password hashing functions.
2797            *                              By default this is an empty array which means the default
2798            *                              options will be used.
2799            * @param string|int $algorithm The hashing algorithm in use.
2800            */
2801           $options = apply_filters( 'wp_hash_password_options', array(), $algorithm );
2802
2803           // Algorithms other than bcrypt don't need to use pre-hashing.
2804           if ( PASSWORD_BCRYPT !== $algorithm ) {
2805                return password_hash( $password, $algorithm, $options );
2806           }
2807
2808           // Use SHA-384 to retain entropy from a password that's longer than 72 bytes, and a `wp-sha384` key for domain separation.
2809           $password_to_hash = base64_encode( hash_hmac( 'sha384', trim( $password ), 'wp-sha384', true ) );
2810
 
Line Code
2909
2910           if ( ! empty( $wp_hasher ) ) {
2911                return false;
2912           }
2913
2914           /** This filter is documented in wp-includes/pluggable.php */
2915           $algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );
2916
2917           /** This filter is documented in wp-includes/pluggable.php */
2918           $options = apply_filters( 'wp_hash_password_options', array(), $algorithm );
2919
2920           $prefixed = str_starts_with( $hash, '$wp' );
2921
2922           if ( ( PASSWORD_BCRYPT === $algorithm ) && ! $prefixed ) {
2923                // If bcrypt is in use and the hash is not prefixed then it needs to be rehashed.
2924                $needs_rehash = true;
2925           } else {
2926                // Otherwise check the hash minus its prefix if necessary.
2927                $hash_to_check = $prefixed ? substr( $hash, 3 ) : $hash;