password_get_info - PHP code example

The php Function Password_Get_Info()

PHP has many functions to handle different types of data. Some functions take information as input via arguments. Arguments are specified after the function name and enclosed in parentheses. Usually, each argument is a variable with a specific data type. The function will return a value based on the input. For example, the following function returns an array of information about the given password hash.

The php function password_get_info() returns an array of information about the hash passed to it as input. The array contains details about the algorithm that was used to create it, as well as its options. This is a very useful function for testing passwords and verifying that passwords are correctly hashed.

Currently, PHP supports several algorithms for hashing passwords. The most popular and widely deployed is bcrypt. If you’re using a database with columns that are set to be truncated at 60 characters, this is a good algorithm to use since it can be expanded to handle longer passwords.

If you want to try something a bit stronger, PHP also supports Argon2id as a potential successor to bcrypt. You can enable its support by adding the --with-password-argon2[=DIR] configure argument when compiling PHP.

However, for now, bcrypt is still the default algorithm in PHP. Its sane defaults are defined in the PASSWORD_BCRYPT constant which is set to integer 1. There’s also three named constants that define some sane defaults for Argon2: PASSWORD_ARGON2_DEFAULT_MEMORY_COST, PASSWORD_ARGON2_DEFAULT_TIME_COST and PASSWORD_ARGON2_DEFAULT_THREADS.

password_get_info example

KeyValuePair $data,
        WriteParameterBag $parameters
    ): \Generator {
        if (!$field instanceof PasswordField) {
            throw DataAbstractionLayerException::invalidSerializerField(PasswordField::class, $field);
        }

        $this->validateIfNeeded($field, $existence, $data, $parameters);

        $value = $data->getValue();
        if ($value) {
            $info = password_get_info($value);
            // if no password algorithm is detected, it might be plain text which needs to be encoded.             // otherwise, passthrough the possibly encoded string             if (!$info['algo']) {
                $value = password_hash((string) $value, $field->getAlgorithm(), $field->getHashOptions());
            }
        }

        yield $field->getStorageName() => $value;
    }

    public function decode(Field $field, mixed $value): ?string
    {

else {
            $this->systemConfigService->expects(static::never())->method('getInt');
        }

        $this->validator
            ->expects(static::exactly(\count($constraints)))->method('validate')
            ->willReturn($constraintViolations);

        $result = $this->serializer->encode($field, $existence, $kv, $params)->current();

        if ($inputPassword) {
            $inputPasswordHashed = !empty(password_get_info($inputPassword)['algo']);

            if ($inputPasswordHashed) {
                static::assertEquals($inputPassword, $result);
            } else {
                static::assertTrue(password_verify($inputPassword, $result));
            }
        }
    }

    /** * @return iterable<string, array<int|string|array<int, Constraint>|bool|null>> */