Skip to main content

Encrypt and Decrypt password using PHP

In PHP, you can use AES password encryption if you want to be able to store passwords securely and decrypt them when needed.
Be sure to put your secret key in an ENV file – if a hacker gets your secret key, they can decrypt the password.

You can use a random long string as the secret key for AES encryption in PHP. The key should be a random string of characters that is at least as long as the block size of the AES algorithm you are using. For AES-128, the key length should be 128 bits (16 bytes), for AES-192, the key length should be 192 bits (24 bytes), and for AES-256, the key length should be 256 bits (32 bytes). It’s important to note that the key must be kept secret and should be generated randomly and securely.

In PHP, you can use the built-in openssl_random_pseudo_bytes() function to generate a random key of the appropriate length.
It’s also important to use a good library that implements AES encryption properly, like OpenSSL or sodium (extension for PHP 7.2+), and make sure to use a proper mode of operation for AES.

It’s also worth noting that, for better security, it’s a good practice to use a key derivation function (KDF) to derive a key from the password. It’s also important to update the key regularly, for example by using a key rotation scheme.

 $secret_key = 'xj1X7O0FaAYDsNB4bU60YjdlrpIGMp9mkIMmGZoQGaQrDyPfmCqAWEU2u1nciHhWyvDVd276HAwywuIWlma3hd24fWNq8RG6kwahqt5iMZMlZFOdqSnVjq9NKeebzBPKJO6CN04z8Gi4j9wVmrp5tmO9KRKmryCQIykeb5NwcrCsZOvhQTAwO4oXevwtHQdEfrM5YI2XUohIfSSKozFcVIwms9HRuN1Fwyj9pP1voPW9zjb3kTF7ayxhSahLhoHv';

    // The data to be encrypted
    $plaintext = "MySecretPassword";
    // Encryption
    $cipher = "AES-128-CBC";
    $ivlen = openssl_cipher_iv_length($cipher);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $secret_key, OPENSSL_RAW_DATA, $iv);
    $ciphertext = base64_encode($iv . $ciphertext_raw);
    // Decryption
    $ciphertext_dec = base64_decode($ciphertext);
    $iv_dec = substr($ciphertext_dec, 0, $ivlen);
    $ciphertext_raw_dec = substr($ciphertext_dec, $ivlen);
    $plaintext_dec = openssl_decrypt($ciphertext_raw_dec, $cipher, $secret_key, OPENSSL_RAW_DATA, $iv_dec);
    echo "Encrypted: " . $ciphertext . "\n";
    echo "Decrypted: " . $plaintext_dec . "\n";

Laravel session value not persisting when using AJAX requests

I had a very weird issue in Laravel where a specific session value was not persisting after an AJAX request.

To give it some context, I did two AJAX requests, one after the other.

The first AJAX request sets the session value.

The second AJAX request was then not seeing that value.

The issue is a known limitation with sessions in Laravel and the way to fix this is to enable SESSION_BLOCK.

Go into your session.php and if it doesn’t exist, add this:

'block' => env('SESSION_BLOCK', false),

Then, add SESSION_BLOCK=true to your ENV file.

Disk space almost full on cPanel server

I had an issue where my cPanel server was quickly running out of space. All user accounts combined were a fraction of the disk space, so I had to look in the server to see what was causing the disk usage to increase rapidly each day.

To find the issue, SSH’d into the server and ran this:

Find largest files
du -hs * | sort -rh | head -5

Once the files are found, remove them:
rm <filename>

or clear them, instead of deleting:
cat /dev/null > {FILENAME}

The culprit for me was “messages-” log files in /var/log.

Attach unique in BelongsToMany Laravel/Eloquent

As you probably know, you can use the attach() method to relate two models within a BelongsToMany relationship. The only problem with attach() is that it doesn’t check to see if the relationship already exists. So, essentially, you could attach the same model more than once to a relationship, which isn’t ideal.

For instance, you have pizzas and ingredients.

You could always do something like this:

$relationship = $pizza->ingredients()->where('ingredient_id', $ingredient->id)->get();

Or, you could use this method, which checks if the relationship exists and it doesn’t double up:


What this will do is sync the ingredient with the pizza (like the sync() method), however, if the relationship already exists, it won’t do anything. The relationship will stay, and nothing else will detach.

Unique email validation in Laravel when re-saving model

When you validate an email in Laravel, you have the ability to specify whether you want a specific model to be excluded. The reason why you would exclude a model is for example, if you have a user account and the user needs to update their first name, but their email stays the same. Typically, Laravel would re-save the whole form and also validate the email, but because that user is already using the email, it will spit back a “unique” validation error mentioning the email already exists in the system (even though it is still being used by said user.

Read More

Download from Google Drive direct from cPanel server

I store cPanel backups on Google Drive and needed to restore a backup of a website which was 9GB.

Instead of downloading the file to my computer and re-uploading it to the server (which could take a considerable amount of time), I wanted to download the file straight from Google Drive to the server, this will download faster due to the connection of the server.

Unfortunately, a standard WGET does not work.

To do this, I went into Terminal for my cPanel server and downloaded pip:

Read More