password_get_info()

(PHP 5 >= 5.5.0, PHP 7)

返回指定散列（hash）的相关信息

说明

password_get_info(string $hash): array

如果传入的散列值（hash）是由password_hash()支持的算法生成的，这个函数就会返回关于此散列的信息数组。

参数

$hash

一个由password_hash()创建的散列值。

返回值

返回三个元素的关联数组：

• algo，匹配密码算法的常量
• algoName，人类可读的算法名称
• options，调用password_hash()时提供的选项。

If you're curious to use this method to determine if there is someway to evaluate if a given string is NOT a password_hash() value...
<?php
// Our password.. the kind of thing and idiot would have on his luggage:
$password_plaintext = "12345";
// Hash it up, fuzzball!
$password_hash = password_hash( $password_plaintext, PASSWORD_DEFAULT, [ 'cost' => 11 ] );
// What do we get?
print_r( password_get_info( $password_hash ) );
/* returns:
Array ( 
  [algo] => 1 
  [algoName] => bcrypt // Your server's default.
  [options] => Array ( [cost] => 11 ) 
)
*/
// What about if it's un-hashed?...
print_r( password_get_info( $password_plaintext ) );
/* returns:
Array ( 
  [algo] => 0 
  [algoName] => unknown 
  [options] => Array ( ) 
) 
*/
?>
... Looks like it's up to each of us to personally decide if it's safe to compare against the final returned array.

<?php 
$a= password_hash("rasmuslerdorf", PASSWORD_DEFAULT);
var_dump(password_get_info($a));
//change every refresh
var_dump($a);
?>
//Output like
array(3) {
 ["algo"]=>
 int(1)
 ["algoName"]=>
 string(6) "bcrypt"
 ["options"]=>
 array(1) {
  ["cost"]=>
  int(10)
 }
}
string(60) "$2y$10$wKEZs6W//QDoOeTKSCXx7.Y9Q7duFEtJpFFuJn1G5GhyWTTit/tL2"

<?php
var_dump(password_get_info($hash));
// Example
array(3) {
 ["algo"]=>
 int(1)
 ["algoName"]=>
 string(6) "bcrypt"
 ["options"]=>
 array(1) {
  ["cost"]=>
  int(10)
 }
}
?>