PHP Warning: Use of undefined constant PASSWORD_ARGON2ID when using password_hash() in php 7.3

萝らか妹 提交于 2019-12-12 11:35:15

问题


I recently installed PHP 7.3.6 through Plesk's web GUI for a development copy of a web app, as I intend to update our production environment from php 7.0 to 7.3. I decided to take the opportunity to upgrade our password hashing from PBKDF2 to Argon2ID since the PHP core has it already included. I was surprised to get a warning stating that the PASSWORD_ARGON2ID constant is undefined, since I understand it was added in php 7.3.0.

I tried searching for any instance of this error and the only thing I found that was relevant was this undetailed post in a Laravel forum:

https://laracasts.com/discuss/channels/laravel/use-of-undefined-constant-password-argon2id-assumed-password-argon2id?page=1

The application is hosted on a shared vps with MediaTemple. Centos 7, using nginx as a reverse proxy over Apache. It is a subdomain for development running 7.3.6 along side the main domain which is running the production version of the app, 7.0.33.

$this->password = password_hash('password123', PASSWORD_ARGON2ID, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));

I expected the PASSWORD_ARGON2ID constant to be defined but it was reported as undefined:

Use of undefined constant PASSWORD_ARGON2ID - assumed 'PASSWORD_ARGON2ID' (this will throw an Error in a future version of PHP)

回答1:


This algorithm is only available if PHP has been compiled with Argon2 support. - password_hash

If you want to use it whenever it is available, I would recommend to check with defined or else fallback to a default algorithm.

if(defined('PASSWORD_ARGON2ID')) {
    $hash = password_hash('password123', PASSWORD_ARGON2ID, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
} else {
    $hash = password_hash('password123', PASSWORD_DEFAULT, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
}


来源:https://stackoverflow.com/questions/56497578/php-warning-use-of-undefined-constant-password-argon2id-when-using-password-has

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!