PASSWORD_THROW_ON_ERROR password_verify ( string $password , string $hash, int $flags = 0 ) : bool
On Fri, 29 Jan 2021 at 16:01, Benjamin Morel <benjamin.mo...@gmail.com> wrote: > Hi all, thanks for the constructive feedback. > > On Fri, 29 Jan 2021 at 15:52, Marco Pivetta <ocram...@gmail.com> wrote: > > > > > Gonna be the usual person saying: let's not clutter functions with more > > behavior than what's needed :-) > > > > If you need to validate a hash for being "well formed" rather than > > "matching", then write a separate function dedicated to that, rather than > > increasing the complexity of a pre-existing symbol. > > > > Marco Pivetta > > > I would definitely vote for that, too. It feels to me like throwing an > exception on invalid algo / malformed hash should be the default behaviour, > and that the use case brought up by Anthony, although very relevant, should > be the one that should test for validity using another function (or pass an > extra parameter). > > That being said, it's indeed a BC break. Would it be small enough to be > allowed to hit 8.1? I don't know. > > — Benjamin >
