Skip to main content

Encrypt and Decrypt password using PHP

In PHP, you can use AES password encryption if you want to be able to store passwords securely and decrypt them when needed.
Be sure to put your secret key in an ENV file – if a hacker gets your secret key, they can decrypt the password.

You can use a random long string as the secret key for AES encryption in PHP. The key should be a random string of characters that is at least as long as the block size of the AES algorithm you are using. For AES-128, the key length should be 128 bits (16 bytes), for AES-192, the key length should be 192 bits (24 bytes), and for AES-256, the key length should be 256 bits (32 bytes). It’s important to note that the key must be kept secret and should be generated randomly and securely.

In PHP, you can use the built-in openssl_random_pseudo_bytes() function to generate a random key of the appropriate length.
It’s also important to use a good library that implements AES encryption properly, like OpenSSL or sodium (extension for PHP 7.2+), and make sure to use a proper mode of operation for AES.

It’s also worth noting that, for better security, it’s a good practice to use a key derivation function (KDF) to derive a key from the password. It’s also important to update the key regularly, for example by using a key rotation scheme.

 $secret_key = 'xj1X7O0FaAYDsNB4bU60YjdlrpIGMp9mkIMmGZoQGaQrDyPfmCqAWEU2u1nciHhWyvDVd276HAwywuIWlma3hd24fWNq8RG6kwahqt5iMZMlZFOdqSnVjq9NKeebzBPKJO6CN04z8Gi4j9wVmrp5tmO9KRKmryCQIykeb5NwcrCsZOvhQTAwO4oXevwtHQdEfrM5YI2XUohIfSSKozFcVIwms9HRuN1Fwyj9pP1voPW9zjb3kTF7ayxhSahLhoHv';

    // The data to be encrypted
    $plaintext = "MySecretPassword";
    
    // Encryption
    $cipher = "AES-128-CBC";
    $ivlen = openssl_cipher_iv_length($cipher);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $secret_key, OPENSSL_RAW_DATA, $iv);
    $ciphertext = base64_encode($iv . $ciphertext_raw);
    
    // Decryption
    $ciphertext_dec = base64_decode($ciphertext);
    $iv_dec = substr($ciphertext_dec, 0, $ivlen);
    $ciphertext_raw_dec = substr($ciphertext_dec, $ivlen);
    $plaintext_dec = openssl_decrypt($ciphertext_raw_dec, $cipher, $secret_key, OPENSSL_RAW_DATA, $iv_dec);
    
    echo "Encrypted: " . $ciphertext . "\n";
    echo "Decrypted: " . $plaintext_dec . "\n";

Use Advanced Custom Fields (ACF) to create a slider in WordPress

Advanced Custom fields is an awesome must-have WordPress plugin for any WordPress developer. It makes the setup of custom fields and functionality a breeze. In this video, I’ll show you how to use ACF and Flexslider to make an easy to update and maintain slider in WordPress.

Read More

Remove gravity forms unlicensed message

Gravity forms is a great forms plugin for WordPress. I purchased a licence and it lapsed, but I still use it on my website. The problem is, because the licence is lapsed, I am seeing an ugly, annoying message saying that my copy is unlicensed. Just to clarify, I did buy a licence, and I am allowed to use the copy, I just don’t want to renew it for a new version.

To remove the nag, it’s a bit tricky, Gravity Forms have gone above and beyond to make it difficult for people to do to protect their bottom line and just annoy someone to eventually re-licence.

However, with that being said, just add this to your functions.php file.

Read More

Install PDFTk on Ubuntu 18.04 Bionic

pdftk is missing from the official repository right now. That’s an issue for many people.

I needed PDFTK to be installed on Ubuntu (18.04) due to the need to manipulate PDFs. Unfortunately, because I used Laravel Forge, they only allow Ubuntu, and apparently PDFtk is not longer working with Ubuntu 18.04. There is a workaround! Follow the below to get it working.

There’s a workaround here: How can I install pdftk in Ubuntu 18.04 Bionic?

Quick and easy workaround

 

 

UPDATED 8/2/2020

Try sudo snap install pdftk

Set up symlink so it works!

sudo ln -fs /snap/pdftk/current/usr/bin/pdftk /usr/bin/pdftk

The below seems not to work any more.

In SSH on your Ubuntu 18.04 server, do the below:

wget http://archive.ubuntu.com/ubuntu/pool/universe/p/pdftk/pdftk_2.02-4build1_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/main/g/gcc-6/libgcj17_6.4.0-8ubuntu1_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/main/g/gcc-defaults/libgcj-common_6.4-3ubuntu1_all.deb
sudo dpkg -i pdftk_2.02-4build1_amd64.deb libgcj17_6.4.0-8ubuntu1_amd64.deb libgcj-common_6.4-3ubuntu1_all.deb

Then type ‘pdftk’, it should come up.

Hope that helps!

WordPress SMTP without any plugins

WordPress is a very good CMS, BUT! I hate plugin bloat. I’ve seen so many websites use a huge amount of plugins to cover every little feature, which contributes to speed issues and can cause problems down the track.

There are heaps of SMTP Plugins for WordPress available so that you can use AMAZON SES , SendGrid, MailGun, etc. The easiest way to set up SMTP is to add this snippet to your functions.php file, this will ensure that WordPress uses SMTP instead of the standard PHP Mail.

Add this to your functions.php file and configure how you need to. Then save it.

// USE SMTP
add_action( 'phpmailer_init', 'setup_phpmailer_init' );
function setup_phpmailer_init( PHPMailer $phpmailer ) {
    $phpmailer->Host = 'HOSTNAME'; // eg. email-smtp.us-west-2.amazonaws.com
    $phpmailer->Port = 587; // could be different
    $phpmailer->Username = 'ENTERUSERNAME'; // SMTP Username
    $phpmailer->Password = 'ENTERPASSWORD'; // SMTP Password
    $phpmailer->SMTPAuth = true; // Set to true if login is required
    $phpmailer->SMTPSecure = 'tls'; // enable if required, 'tls' is another possible value
    $phpmailer->IsSMTP();
}

Hope that helps!

Load an AJAX PHP file from WordPress

On my website, I have a caching plugin called WP Rocket, which is an awesome plugin, but one downside is that if you have dynamically generated content, it will be cached.
For example, on my website, I have a cool PHP widget that figures out the current time, and then displays a message based on the time. With caching, that plugin will no longer be dynamic because it will just show the result from the time that it was cached.

Read More