PHP Encrypt, Decrypt, Generate Random Passwords with mcrypt
function random_password($length = 8)
{
// start with a blank password
$password = "";
// define possible characters - any character in this string can be
// picked for use in the password, so if you want to put vowels back in
// or add special characters such as exclamation marks, this is where
// you should do it
$possible = "2346789bcdfghjkmnpqrtvwxyzBCDFGHJKLMNPQRTVWXYZ";
// we refer to the length of $possible a few times, so let's grab it now
$maxlength = strlen($possible);
// check for length overflow and truncate if necessary
if ($length > $maxlength) {
$length = $maxlength;
}
// set up a counter for how many characters are in the password so far
$i = 0;
// add random characters to $password until $length is reached
while ($i < $length) {
// pick a random character from the possible ones
$char = substr($possible, mt_rand(0, $maxlength-1), 1);
// have we already used this character in $password?
if (!strstr($password, $char)) {
// no, so it's OK to add it onto the end of whatever we've already got...
$password .= $char;
// ... and increase the counter by one
$i++;
}
}
// done!
return $password;
}
function encrypt($plaintext, $salt)
{
$td = mcrypt_module_open('cast-256', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $salt, $iv);
$encrypted_data = mcrypt_generic($td, $plaintext);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$encoded_64 = base64_encode($encrypted_data);
return trim($encoded_64);
}
function decrypt($crypttext, $salt)
{
$decoded_64=base64_decode($crypttext);
$td = mcrypt_module_open('cast-256', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $salt, $iv);
$decrypted_data = mdecrypt_generic($td, $decoded_64);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return trim($decrypted_data);
}** USAGE **
// encrypt
$salt = random_password();
$crypted_password = encrypt("YOUR_PASSWORD", $salt);
// decrypt
echo decrypt($crypted_password, $salt);Written by Pedro Luz
Related protips
4 Responses
Passwords should never be decyrptable. Use a 1 way hash.
over 1 year ago
·
passwords should be decyrptable when the client that pay's say they should.
over 1 year ago
·
besides u can use that no for access passwords to some place... but for thousand other things.. .that later need to be decrypted
over 1 year ago
·
clients are generally idiots when it comes to data security. there is no need to ever decrypt a users password even for integration with 3rd party things (use oauth or some means of tokening). thats just asking for trouble especially when you are a newbie trying to build your first app.
over 1 year ago
·
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Best
#Php
Authors
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#