wpseek.com
A WordPress-centric search engine for devs and theme authors



wp_verify_fast_hash › WordPress Function

Since6.8.0
Deprecatedn/a
wp_verify_fast_hash ( $message, $hash )
Parameters: (2)
  • (string) $message The plaintext message.
    Required: Yes
  • (string) $hash Hash of the message to check against.
    Required: Yes
Returns:
  • (bool) Whether the message matches the hashed message.
Defined at:
Codex:

Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash().

The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash, the hash is treated as a phpass portable hash in order to provide backward compatibility for application passwords which were hashed using phpass prior to WordPress 6.8.0.


Related Functions: wp_fast_hash, wp_verify_nonce, wp_exif_date2ts, wp_list_cats, wp_set_post_cats

Source 

function wp_verify_fast_hash(
	#[\SensitiveParameter]
	string $message,
	string $hash
): bool {
	if ( ! str_starts_with( $hash, '$generic$' ) ) {
		// Back-compat for old phpass hashes.
		require_once ABSPATH . WPINC . '/class-phpass.php';
		return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash );
	}

	return hash_equals( $hash, wp_fast_hash( $message ) );
}