云策 WordPress 开发者社区

函数文档

wp_verify_fast_hash()

查看官方原文 ↗
💡 云策文档标注

概述

wp_verify_fast_hash() 函数用于验证明文消息是否与哈希值匹配,主要用于验证通过 wp_fast_hash() 生成的哈希值。它支持向后兼容,能处理旧版 phpass 哈希。

关键要点

  • 函数使用 Sodium 库对消息进行哈希并比较哈希值。
  • 如果哈希值不以 '$generic$' 开头,则视为 phpass 便携哈希,以兼容 WordPress 6.8.0 之前版本。
  • 接受两个必需参数:$message(明文消息)和 $hash(哈希值),返回布尔值表示是否匹配。
  • 在 WordPress 6.8.0 版本中引入。

代码示例

function wp_verify_fast_hash(
#[SensitiveParameter]
string $message,
string $hash
): bool {
    if ( ! str_starts_with( $hash, '$generic$' ) ) {
        // Back-compat for old phpass hashes.
        require_once ABSPATH . WPINC . '/class-phpass.php';
        return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash );
    }

    return hash_equals( $hash, wp_fast_hash( $message ) );
}
📄 原文内容

Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash() .

Description

The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash, the hash is treated as a phpass portable hash in order to provide backward compatibility for passwords and security keys which were hashed using phpass prior to WordPress 6.8.0.

Parameters

$messagestringrequired
The plaintext message.
$hashstringrequired
Hash of the message to check against.

Return

bool Whether the message matches the hashed message.

Source

function wp_verify_fast_hash(
	#[SensitiveParameter]
	string $message,
	string $hash
): bool {
	if ( ! str_starts_with( $hash, '$generic$' ) ) {
		// Back-compat for old phpass hashes.
		require_once ABSPATH . WPINC . '/class-phpass.php';
		return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash );
	}

	return hash_equals( $hash, wp_fast_hash( $message ) );
}

View all references View on Trac View on GitHub

Uses Description
wp_fast_hash()wp-includes/functions.php

Returns a cryptographically secure hash of a message using a fast generic hash function.
Used by Description
WP_Application_Passwords::check_password()wp-includes/class-wp-application-passwords.php

Checks a plaintext application password against a hashed password.
WP_Recovery_Mode_Key_Service::validate_recovery_mode_key()wp-includes/class-wp-recovery-mode-key-service.php

Verifies if the recovery mode key is correct.
wp_validate_user_request_key()wp-includes/user.php

Validates a user request by comparing the key with the request’s key.
check_password_reset_key()wp-includes/user.php

Retrieves a user row based on password reset key and login.

Changelog

Version Description
6.8.0 Introduced.