Easy Encryption and Decryption in PHP

3 min readNov 17, 2020

What are Encryption and Decryption

Encryption is the process of converting a normal message (plaintext) into a meaningless message (Ciphertext). Whereas Decryption is the process of converting meaningless messages (Ciphertext) into its original form (Plaintext). The reason we do so is to hide the original data to be hidden indirect way of viewing and to protect the sensitive data. In simple it is like locking and unlocking the data.

Methods for Encryption and Decryption

There are two most popular methods in PHP which I personally like very much and recommend everyone for use whenever you see there is a requirement of encryption of any kind of sensitive data in PHP. These two methods are really handy and very easy to use as they do not require any kind of third part installation and any pre-requirement at the time of usage, These methods are straight forward and are inbuild function in PHP which do not require much knowledge on understanding and can be used directly on the code. The two methods are as follows...

Password_hash and OpenSSL

- PHP PASSWORD HASH

When it comes to passwords encryption, there is always a big confusing algorithm behind. Thankfully, PHP has a fuss-free password hash and password verify function. The usage is very straightforward, and they work in a pair. The password hash is only useful when do not need to decrypt the data back, like saving a user password at the time of sign-in.

Encryption

To encrypt the password, you simply use the password_hash() function in your library function before saving the user. For example:

hashUsingPassHash.php

function addUser($name, $email, $password){
  $sql = "INSERT INTO `users` (`name`, `email`, `password`) VALUES (?,?,?)";
  $this->stmt = $this->pdo->prepare($sql);
  $hash = password_hash($password, PASSWORD_DEFAULT);
  return $this->stmt->execute([$name, $email, $hash]);
}
$pass = addUser("John Doe", "john@doe.com", "password123");

Please take note that password_hash() is a one-way encryption. There is no way you can decrypt that easily, so you will have to ask the user for a new password for password recoveries.

Verification

To complete the password verification process, we simply use the sister password_verify() function in the login check:

verifyCheckUsingHash.php

function login($email, $password){
  $sql = "SELECT * FROM `users` WHERE `email`=?";
  $this->stmt = $this->pdo->prepare($sql);
  $this->stmt->execute([$email]);
  $user = $this->stmt->fetchAll();
  return password_verify($password, $user['password']);
}
$valid_user = login($_POST['email'], $_POST['password']);

- OpenSSL ENCRYPT AND DECRYPT

This next method uses the OpenSSL encrypt and decrypt functions, which I think are much more flexible since they are 2-way encryptions. You can use these to protect not just the passwords, but also use it to encrypt-decrypt sensitive data.

Encryption

To encrypt the data, you simply use the openssl_encrypt() function in your library function before saving the data. For example:

opensslEncrypt.php

// Keep your secret key somewhere safe
// In config file, in a secured folder not publically accessible
define ("SECRETKEY", "mysecretkey1234");// Encrypt the password using the openssl_encrypt function & your secret key
function addUser($name, $email, $password){
  $sql = "INSERT INTO `users` (`name`, `email`, `password`) VALUES (?,?,?)";
  $this->stmt = $this->pdo->prepare($sql);
  $hash = openssl_encrypt($password, "AES-128-ECB", SECRETKEY);
  return $this->stmt->execute([$name, $email, $hash]);
}
$pass = addUser("Jane Doe", "jane@doe.com", "password456");

Decryption

There is no password verification function with OpenSSL, but we will be decrypting the data from the database using openssl_decrypt().

opensslDecrypt.php

function login($email, $password){
  $sql = "SELECT * FROM `users` WHERE `email`=?";
  $this->stmt = $this->pdo->prepare($sql);
  $this->stmt->execute([$email]);
  $user = $this->stmt->fetchAll();
  $plain = openssl_decrypt($user['password'], "AES-128-ECB", SECRETKEY);
  return $password==$plain;
}
$valid_user = login($_POST['email'], $_POST['password']);

Conclusion

These are the two of the handiest method I crossed across and found very informative to work within PHP. Once again in the end I would like to say that programming is more than a job, it's an art. But this art becomes more and more effective as you more and more practice it. So happy coding.