Last Updated: February 25, 2016
·
10.88K
· narven

PHP Encrypt, Decrypt, Generate Random Passwords with mcrypt

function random_password($length = 8)
{
    // start with a blank password
    $password = "";

    // define possible characters - any character in this string can be
    // picked for use in the password, so if you want to put vowels back in
    // or add special characters such as exclamation marks, this is where
    // you should do it
    $possible = "2346789bcdfghjkmnpqrtvwxyzBCDFGHJKLMNPQRTVWXYZ";

    // we refer to the length of $possible a few times, so let's grab it now
    $maxlength = strlen($possible);

    // check for length overflow and truncate if necessary
    if ($length > $maxlength) {
            $length = $maxlength;
}

// set up a counter for how many characters are in the password so far
    $i = 0;

    // add random characters to $password until $length is reached
    while ($i < $length) {

    // pick a random character from the possible ones
    $char = substr($possible, mt_rand(0, $maxlength-1), 1);

    // have we already used this character in $password?
    if (!strstr($password, $char)) {
    // no, so it's OK to add it onto the end of whatever we've already got...
            $password .= $char;
            // ... and increase the counter by one
            $i++;
}
}

// done!
return $password;
}

    function encrypt($plaintext, $salt)
    {
    $td = mcrypt_module_open('cast-256', '', 'ecb', '');
    $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
    mcrypt_generic_init($td, $salt, $iv);
    $encrypted_data = mcrypt_generic($td, $plaintext);
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);
    $encoded_64 = base64_encode($encrypted_data);
    return trim($encoded_64);
    }

    function decrypt($crypttext, $salt)
    {
    $decoded_64=base64_decode($crypttext);
    $td = mcrypt_module_open('cast-256', '', 'ecb', '');
    $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
    mcrypt_generic_init($td, $salt, $iv);
    $decrypted_data = mdecrypt_generic($td, $decoded_64);
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);
    return trim($decrypted_data);
    }

** USAGE **

// encrypt
$salt = random_password();
$crypted_password = encrypt("YOUR_PASSWORD", $salt);

// decrypt
echo decrypt($crypted_password, $salt);

4 Responses
Add your response

Passwords should never be decyrptable. Use a 1 way hash.

over 1 year ago ·

passwords should be decyrptable when the client that pay's say they should.

over 1 year ago ·

besides u can use that no for access passwords to some place... but for thousand other things.. .that later need to be decrypted

over 1 year ago ·

clients are generally idiots when it comes to data security. there is no need to ever decrypt a users password even for integration with 3rd party things (use oauth or some means of tokening). thats just asking for trouble especially when you are a newbie trying to build your first app.

over 1 year ago ·