Encrypt and decrypt password php

The best way to encrypt and decrypt passwords is to use a standard library in PHP because the method of properly encrypting and decrypting passwords from scratch is complex and involves multiple possibilities of security vulnerabilities. Using the standard library ensures that the hashing implementation is verified and trusted.

Note: This uses the PHP Password API available in version 5.5.0 and above.

Encryption of the password: To generate a hash from the string, we use the password_hash() function.

Syntax:

string password_hash(string $password, 
          mixed $algo, [array $options])

The password_hash() function creates a new password hash of the string using one of the available hashing algorithm. It returns the hash that is currently 60 character long, however, as new and stronger algorithms will be added to PHP, the length of the hash may increase. It is therefore recommended to allocate 255 characters for the column that may be used to store the hash in database.

The following algorithms are currently supported when using this function:

  • PASSWORD_DEFAULT
  • PASSWORD_BCRYPT
  • PASSWORD_ARGON2I
  • PASSWORD_ARGON2ID

Additional options can be passed to this function can be used to set the cost of encryption, the salt to be used during hashing, etc in the $options array.

The below example shows the method of using the password_hash() method:

Example:

php

  $plaintext_password = "Password@123";

  $hash = password_hash($plaintext_password

          PASSWORD_DEFAULT);

  echo "Generated hash: ".$hash;

?>

Output:

Generated hash: $2y$10$7rLSvRVyTQORapkDOqmkhetjF6H9lJHngr4hJMSM2lHObJbW5EQh6

Decryption of the password: To decrypt a password hash and retrieve the original string, we use the password_verify() function.

Syntax:

bool password_verify(string $password, string $hash)

The password_verify() function verifies that the given hash matches the given password, generated by the password_hash() function. It returns true if the password and hash match, or false otherwise.

php

  $plaintext_password = "Password@123";

  $hash

"$2y$10$8sA2N5Sx/1zMQv2yrTDAaOFlbGWECrrgB68axL.hBb78NhQdyAqWm";

  $verify = password_verify($plaintext_password, $hash);

  if ($verify) {

      echo 'Password Verified!';

  } else {

      echo 'Incorrect Password!';

  }

?>

Output:

Password Verified!

PHP is a server-side scripting language designed specifically for web development. You can learn PHP from the ground up by following this PHP Tutorial and PHP Examples.


Security Warning: This class is not secure. It's using Rijndael256-ECB, which is not semantically secure. Just because "it works" doesn't mean "it's secure". Also, it strips tailing spaces afterwards due to not using proper padding.

Found this class recently, it works like a dream!

class Encryption {
    var $skey = "yourSecretKey"; // you can change it

    public  function safe_b64encode($string) {
        $data = base64_encode($string);
        $data = str_replace(array('+','/','='),array('-','_',''),$data);
        return $data;
    }

    public function safe_b64decode($string) {
        $data = str_replace(array('-','_'),array('+','/'),$string);
        $mod4 = strlen($data) % 4;
        if ($mod4) {
            $data .= substr('====', $mod4);
        }
        return base64_decode($data);
    }

    public  function encode($value){ 
        if(!$value){return false;}
        $text = $value;
        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->skey, $text, MCRYPT_MODE_ECB, $iv);
        return trim($this->safe_b64encode($crypttext)); 
    }

    public function decode($value){
        if(!$value){return false;}
        $crypttext = $this->safe_b64decode($value); 
        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->skey, $crypttext, MCRYPT_MODE_ECB, $iv);
        return trim($decrypttext);
    }
}

And to call it:

$str = "My secret String";

$converter = new Encryption;
$encoded = $converter->encode($str );
$decoded = $converter->decode($encoded);    

echo "$encoded

$decoded";

How do you use encrypt and decrypt in PHP?

In PHP, Encryption and Decryption of a string is possible using one of the Cryptography Extensions called OpenSSL function for encrypt and decrypt. openssl_encrypt() Function: The openssl_encrypt() function is used to encrypt the data. Parameters: $data: It holds the string or data which need to be encrypted.

What is the best way to encrypt password in PHP?

PHP has a hash algorithm to encrypt the password. The most commonly used functions for password encrypting are md5(), crypt() and password_hash(). Assume we have the registration form data in the POST, which includes the username and password.

Can you Unhash a password PHP?

Decryption of the password: To decrypt a password hash and retrieve the original string, we use the password_verify() function. The password_verify() function verifies that the given hash matches the given password, generated by the password_hash() function.

How can we encrypt the username and password using PHP?

The functions which are generally used to encrypt the username and password in php are md5(), sha1() and base64_encode.