password_get_info

(PHP 5 >= 5.5.0, PHP 7, PHP 8)

password_get_info — 返回指定散列（hash）的相关信息

说明

password_get_info(string $hash): array

如果传入的散列值（hash）是由 password_hash() 支持的算法生成的，这个函数就会返回关于此散列的信息数组。

参数

hash: 一个由 password_hash() 创建的散列值。

返回值

返回三个元素的关联数组：

algo，匹配密码算法的常量
algoName，人类可读的算法名称
options，调用 password_hash() 时提供的选项。

改进此页面

了解如何改进此页面 • 提交拉取请求 • 报告一个错误

＋添加备注

用户贡献的备注 1 note

down

cbungholio at gmail dot com ¶

7 years ago

If you're curious to use this method to determine if there is someway to evaluate if a given string is NOT a password_hash() value...

<?php

// Our password.. the kind of thing and idiot would have on his luggage:
$password_plaintext = "12345";

// Hash it up, fuzzball!
$password_hash = password_hash( $password_plaintext, PASSWORD_DEFAULT, [ 'cost' => 11 ] );

// What do we get?
print_r( password_get_info( $password_hash ) );

/* returns:
Array ( 
    [algo] => 1 
    [algoName] => bcrypt  // Your server's default.
    [options] => Array ( [cost] => 11 ) 
)
*/

// What about if it's un-hashed?...
print_r( password_get_info( $password_plaintext ) );

/* returns:
Array ( 
    [algo] => 0 
    [algoName] => unknown 
    [options] => Array ( ) 
) 
*/
?>

... Looks like it's up to each of us to personally decide if it's safe to compare against the final returned array.