In this tutorial I am going to talk about how can you protect user’s sensitive data in url, Sometime we create a application where we need to pass some user’s sensitive data on url by GET request, And we generally use php base64_encode() and base64_decode() method to encrypt and decrypt the data on URL’s but this is not secure because this normal encryption can easily judge-able by hacker, And they can easily extract data behind this encryption, But if you apply some extra security layer this will make user’s data more secure.
Encryption and Description with php
Here i am going to write simple php class by with two method by witch you can easily encrypt and decrypt your string/number etc and pass these encrypted data on url and access in other page and use decrypt method in more secure way.
secure.php
/*
* Author: Rohit Kumar
* Website: iamrohit.in
* Date: 31-05-2016
* App Name: encrypt, decrypt data
* Description: A simple OOPS based call to encrypt, decrypt your data
*/
class secure {
// Set your unique has keys
private static $secretKey = 'Rohit';
private static $secretIv = 'www.iamrohit.in';
// Encryption method
private static $encryptMethod = "AES-256-CBC";
// pass string/number which you want to encrypt
public static function encrypt($data) {
$key = hash('sha256', self::$secretKey);
$iv = substr(hash('sha256', self::$secretIv), 0, 16);
$result = openssl_encrypt($data, self::$encryptMethod, $key, 0, $iv);
return $result= base64_encode($result);
}
// pass encrypted data to decrypt
public static function decrypt($data) {
$key = hash('sha256', self::$secretKey);
$iv = substr(hash('sha256', self::$secretIv), 0, 16);
$result = openssl_decrypt(base64_decode($data), self::$encryptMethod, $key, 0, $iv);
return $result;
}
}
?>
|
Note: Don’t forget to change my secret key on above file and add your own secret key.
Save this file in your project library and use any where.
First include secure.php class one page where you want to use it after that calling it’s function.
Encrypting data (string/number)
include_once('secure.php');
echo $has = secure::encrypt("IAMROHIT");
?>
|
You can send encrypted string in url www.iamrohit.in/?has=”$has”
Decrypting data (string/number)
include_once('secure.php');
$has = $_REQUEST['has'];
echo secure::decrypt($has);
?>
|
I hope this tutorial will help you to make more secure encryption and description of data using php.