How to protect user’s sensitive / private data in URL using php

by Posted on

In this tutorial I am going to talk about how can you protect user’s sensitive data in url, Sometime we create a application where we need to pass some user’s sensitive data on url by GET request, And we generally use php base64_encode() and base64_decode() method to encrypt and decrypt the data on URL’s but this is not secure because this normal encryption can easily judge-able by hacker, And they can easily extract data behind this encryption, But if you apply some extra security layer this will make user’s data more secure.



encrypt-decrypt-php

Encryption and Description with php

Here i am going to write simple php class by with two method by witch you can easily encrypt and decrypt your string/number etc and pass these encrypted data on url and access in other page and use decrypt method in more secure way.

secure.php

<?php
/*
* Author: Rohit Kumar
* Website: iamrohit.in
* Date: 31-05-2016
* App Name: encrypt, decrypt data
* Description: A simple OOPS based call to encrypt, decrypt your data
*/
class secure {
   // Set your unique has keys	
   private static $secretKey = 'Rohit'; 
   private static $secretIv = 'www.iamrohit.in';
   // Encryption method
   private static $encryptMethod = "AES-256-CBC"; 
 
   // pass string/number which you want to encrypt
   public static function encrypt($data) {
   	  $key = hash('sha256', self::$secretKey);
   	  $iv = substr(hash('sha256', self::$secretIv), 0, 16);
   	  $result = openssl_encrypt($data, self::$encryptMethod, $key, 0, $iv);
      return $result= base64_encode($result);
   }
 
   // pass encrypted data to decrypt
   public static function decrypt($data) {
   	  $key = hash('sha256', self::$secretKey);
   	  $iv = substr(hash('sha256', self::$secretIv), 0, 16);
   	  $result = openssl_decrypt(base64_decode($data), self::$encryptMethod, $key, 0, $iv);
      return $result;
   }
}
?>

Note: Don’t forget to change my secret key on above file and add your own secret key.

Save this file in your project library and use any where.



First include secure.php class one page where you want to use it after that calling it’s function.

Encrypting data (string/number) 

<?php
include_once('secure.php');
echo $has = secure::encrypt("IAMROHIT");
?>

You can send encrypted string in url www.iamrohit.in/?has=”$has”

Decrypting data (string/number) 

<?php
include_once('secure.php');
$has = $_REQUEST['has'];
echo secure::decrypt($has);
?>

DOWNLOAD

I hope this tutorial will help you to make more secure encryption and description of data using php.

If you like this post please don’t forget to subscribe my public notebook for more useful stuff

Posted in PHP

Published by admin