问题
I recently installed PHP 7.3.6 through Plesk's web GUI for a development copy of a web app, as I intend to update our production environment from php 7.0 to 7.3. I decided to take the opportunity to upgrade our password hashing from PBKDF2 to Argon2ID since the PHP core has it already included. I was surprised to get a warning stating that the PASSWORD_ARGON2ID constant is undefined, since I understand it was added in php 7.3.0.
I tried searching for any instance of this error and the only thing I found that was relevant was this undetailed post in a Laravel forum:
https://laracasts.com/discuss/channels/laravel/use-of-undefined-constant-password-argon2id-assumed-password-argon2id?page=1
The application is hosted on a shared vps with MediaTemple. Centos 7, using nginx as a reverse proxy over Apache. It is a subdomain for development running 7.3.6 along side the main domain which is running the production version of the app, 7.0.33.
$this->password = password_hash('password123', PASSWORD_ARGON2ID, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
I expected the PASSWORD_ARGON2ID constant to be defined but it was reported as undefined:
Use of undefined constant PASSWORD_ARGON2ID - assumed 'PASSWORD_ARGON2ID' (this will throw an Error in a future version of PHP)
回答1:
This algorithm is only available if PHP has been compiled with Argon2 support. - password_hash
If you want to use it whenever it is available, I would recommend to check with defined
or else fallback to a default algorithm.
if(defined('PASSWORD_ARGON2ID')) {
$hash = password_hash('password123', PASSWORD_ARGON2ID, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
} else {
$hash = password_hash('password123', PASSWORD_DEFAULT, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
}
来源:https://stackoverflow.com/questions/56497578/php-warning-use-of-undefined-constant-password-argon2id-when-using-password-has