wp_verify_fast_hash()
Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash().
The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash, the hash is treated as a phpass portable hash in order to provide backward compatibility for passwords and security keys which were hashed using phpass prior to WordPress 6.8.0.
No Hooks.
Returns
true|false. Whether the message matches the hashed message.
Usage
wp_verify_fast_hash( string $message, $hash ): bool;
- string $message(required)
.
It has the attribute #[\SensitiveParameter], which hides the value of the parameter from logs. It is used to protect sensitive data (for example, passwords). Documentation.
- $hash(string) (required)
- Hash of the message to check against.
Changelog
| Since 6.8.0 | Introduced. |
wp_verify_fast_hash() wp verify fast hash code WP 6.9.1
function wp_verify_fast_hash(
#[\SensitiveParameter]
string $message,
string $hash
): bool {
if ( ! str_starts_with( $hash, '$generic$' ) ) {
// Back-compat for old phpass hashes.
require_once ABSPATH . WPINC . '/class-phpass.php';
return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash );
}
return hash_equals( $hash, wp_fast_hash( $message ) );
}