Easy Encryption and Decryption in PHP
What are Encryption and Decryption
Encryption is the process of converting a normal message (plaintext) into a meaningless message (Ciphertext). Whereas Decryption is the process of converting meaningless messages (Ciphertext) into its original form (Plaintext). The reason we do so is to hide the original data to be hidden indirect way of viewing and to protect the sensitive data. In simple it is like locking and unlocking the data.

Methods for Encryption and Decryption
There are two most popular methods in PHP which I personally like very much and recommend everyone for use whenever you see there is a requirement of encryption of any kind of sensitive data in PHP. These two methods are really handy and very easy to use as they do not require any kind of third part installation and any pre-requirement at the time of usage, These methods are straight forward and are inbuild function in PHP which do not require much knowledge on understanding and can be used directly on the code. The two methods are as follows...
Password_hash and OpenSSL
- PHP PASSWORD HASH
When it comes to passwords encryption, there is always a big confusing algorithm behind. Thankfully, PHP has a fuss-free password hash and password verify function. The usage is very straightforward, and they work in a pair. The password hash is only useful when do not need to decrypt the data back, like saving a user password at the time of sign-in.
Encryption
To encrypt the password, you simply use the password_hash()
function in your library function before saving the user. For example:
hashUsingPassHash.php
function addUser($name, $email, $password){
$sql = "INSERT INTO `users` (`name`, `email`, `password`) VALUES (?,?,?)";
$this->stmt = $this->pdo->prepare($sql);
$hash = password_hash($password, PASSWORD_DEFAULT);
return $this->stmt->execute([$name, $email, $hash]);
}
$pass = addUser("John Doe", "john@doe.com", "password123");
Please take note that
password_hash()
is a one-way encryption. There is no way you can decrypt that easily, so you will have to ask the user for a new password for password recoveries.
Verification
To complete the password verification process, we simply use the sister password_verify()
function in the login check:
verifyCheckUsingHash.php
function login($email, $password){
$sql = "SELECT * FROM `users` WHERE `email`=?";
$this->stmt = $this->pdo->prepare($sql);
$this->stmt->execute([$email]);
$user = $this->stmt->fetchAll();
return password_verify($password, $user['password']);
}
$valid_user = login($_POST['email'], $_POST['password']);
- OpenSSL ENCRYPT AND DECRYPT
This next method uses the OpenSSL encrypt and decrypt functions, which I think are much more flexible since they are 2-way encryptions. You can use these to protect not just the passwords, but also use it to encrypt-decrypt sensitive data.
Encryption
To encrypt the data, you simply use the openssl_encrypt()
function in your library function before saving the data. For example:
opensslEncrypt.php
// Keep your secret key somewhere safe
// In config file, in a secured folder not publically accessible
define ("SECRETKEY", "mysecretkey1234");// Encrypt the password using the openssl_encrypt function & your secret key
function addUser($name, $email, $password){
$sql = "INSERT INTO `users` (`name`, `email`, `password`) VALUES (?,?,?)";
$this->stmt = $this->pdo->prepare($sql);
$hash = openssl_encrypt($password, "AES-128-ECB", SECRETKEY);
return $this->stmt->execute([$name, $email, $hash]);
}
$pass = addUser("Jane Doe", "jane@doe.com", "password456");
Decryption
There is no password verification function with OpenSSL, but we will be decrypting the data from the database using openssl_decrypt()
.
opensslDecrypt.php
function login($email, $password){
$sql = "SELECT * FROM `users` WHERE `email`=?";
$this->stmt = $this->pdo->prepare($sql);
$this->stmt->execute([$email]);
$user = $this->stmt->fetchAll();
$plain = openssl_decrypt($user['password'], "AES-128-ECB", SECRETKEY);
return $password==$plain;
}
$valid_user = login($_POST['email'], $_POST['password']);
Conclusion
These are the two of the handiest method I crossed across and found very informative to work within PHP. Once again in the end I would like to say that programming is more than a job, it's an art. But this art becomes more and more effective as you more and more practice it. So happy coding.