How to protect user’s sensitive / private data in URL using php

by Posted on

In this tutorial I am going to talk about how can you protect user’s sensitive data in url, Sometime we create a application where we need to pass some user’s sensitive data on url by GET request, And we generally use php base64_encode() and base64_decode() method to encrypt and decrypt the data on URL’s but this is not secure because this normal encryption can easily judge-able by hacker, And they can easily extract data behind this encryption, But if you apply some extra security layer this will make user’s data more secure.



encrypt-decrypt-php

Encryption and Description with php

Here i am going to write simple php class by with two method by witch you can easily encrypt and decrypt your string/number etc and pass these encrypted data on url and access in other page and use decrypt method in more secure way.

secure.php

<?php

class secure {
   
   private static $secretKey = 'Rohit'; 
   private static $secretIv = 'www.iamrohit.in';
   
   private static $encryptMethod = "AES-256-CBC"; 
 
   
   public static function encrypt($data) {
   	  $key = hash('sha256', self::$secretKey);
   	  $iv = substr(hash('sha256', self::$secretIv), 0, 16);
   	  $result = openssl_encrypt($data, self::$encryptMethod, $key, 0, $iv);
      return $result= base64_encode($result);
   }
 
   
   public static function decrypt($data) {
   	  $key = hash('sha256', self::$secretKey);
   	  $iv = substr(hash('sha256', self::$secretIv), 0, 16);
   	  $result = openssl_decrypt(base64_decode($data), self::$encryptMethod, $key, 0, $iv);
      return $result;
   }
}
?>

Note: Don’t forget to change my secret key on above file and add your own secret key.

Save this file in your project library and use any where.



First include secure.php class one page where you want to use it after that calling it’s function.

Encrypting data (string/number) 

<?php
include_once('secure.php');
echo $has = secure::encrypt("IAMROHIT");
?>

You can send encrypted string in url www.iamrohit.in/?has=”$has”

Decrypting data (string/number) 

<?php
include_once('secure.php');
$has = $_REQUEST['has'];
echo secure::decrypt($has);
?>

DOWNLOAD

I hope this tutorial will help you to make more secure encryption and description of data using php.

If you like this post please don’t forget to subscribe my public notebook for more useful stuff

Posted in PHP

Published by admin