Something wrong with checking return values of password_hash?

[ghost]

Bug report

Code snippet that reproduces the problem

See the discussion here: #5976

And reproduced here: https://phpstan.org/r/1ab1e0c7-e641-4e54-9037-46af0e4f37fa

Expected output

PHPStan should not report the if-check.

Did PHPStan help you today? Did it make you happy in any way?

Thanks for making PHPStan. It has helped my work a lot.

[henneboele]

I bumped into a similar issue today. It's just the reverse from the reproduced playground mentioned here. On 7.3 it is fine, on 7.4.25 i get this error message "Parameter #2 $algo of function password_hash expects int, string given."

Any ideas?

[henneboele]

I figured out, what was wrong with my described issue above.

We switched recently to php7.4, but installing vendor libraries by emulating the php platform config in composer.json still on 7.3. PHPStan seems to recognize this value ant thus shows the mentioned error message.

Either adding the phpVersion config parameter or switching the composer.json platform value does solve it.

[phpstan-bot]

@mkoske After the latest commit in dev-master, PHPStan now reports different result with your code snippet:

@@ @@
 PHP 8.0 – 8.1 (3 errors)
 ==========
 
-5: Result of || is always false.
 5: Strict comparison using === between string and false will always evaluate to false.
 5: Strict comparison using === between string and null will always evaluate to false.
+5: Result of || is always false.
 
 PHP 7.4 (1 error)
 ==========

Full report

PHP 8.0 – 8.1 (3 errors)

Line	Error
5	Strict comparison using === between string and false will always evaluate to false.
5	Strict comparison using === between string and null will always evaluate to false.
5	`Result of

PHP 7.4 (1 error)

Line	Error
5	Strict comparison using === between string and null will always evaluate to false.

PHP 7.1 – 7.3 (2 errors)

Line	Error
4	Parameter #2 $algo of function password_hash expects int, string given.
5	Strict comparison using === between string and null will always evaluate to false.

[phpstan-bot]

@mkoske After the latest commit in 1.6.x, PHPStan now reports different result with your code snippet:

@@ @@
 ==========
 
 4: Parameter #2 $algo of function password_hash expects int, string given.
-5: Strict comparison using === between string and null will always evaluate to false.
+5: Strict comparison using === between non-empty-string and null will always evaluate to false.

Full report

PHP 8.0 – 8.1 (3 errors)

Line	Error
5	`Result of
5	Strict comparison using === between string and false will always evaluate to false.
5	Strict comparison using === between string and null will always evaluate to false.

PHP 7.4 (1 error)

Line	Error
5	Strict comparison using === between string and null will always evaluate to false.

PHP 7.1 – 7.3 (2 errors)

Line	Error
4	Parameter #2 $algo of function password_hash expects int, string given.
5	Strict comparison using === between non-empty-string and null will always evaluate to false.

[VincentLanglet]

In https://www.php.net/manual/en/function.password-hash.php it's said that password_hash returns string|false on PHP < 8 and string on PHP 8+.

But lot of examples are showing that null is a valid value for PHP < 8
https://3v4l.org/DMv87

I opened phpstan/phpstan-src#2260 to fix the return type.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.