How to Decrypt a Password Hash in PHP

How can I decrypt a password hash in PHP?

Bcrypt is a one-way hashing algorithm, you can't decrypt hashes. Use password_verify to check whether a password matches the stored hash:

<?php
// See the password_hash() example to see where this came from.
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';

if (password_verify('rasmuslerdorf', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

In your case, run the SQL query using only the username:

$sql_script = 'SELECT * FROM USERS WHERE username=?';

And do the password validation in PHP using a code that is similar to the example above.

The way you are constructing the query is very dangerous. If you don't parameterize the input properly, the code will be vulnerable to SQL injection attacks. See this Stack Overflow answer on how to prevent SQL injection.

How to decrypt the hashed password in php ? password hashed with password_hash() method

You don't need to

The used algorithm, cost and salt are returned as part of the hash.
Therefore, all information that's needed to verify the hash is
included in it. This allows the password_verify() function to verify
the hash without needing separate storage for the salt or algorithm
information.

    $passwordEnteredFirstTime = '12345';
    $passwordEnteredSecondTime = '12345';

    $passwordHash = password_hash($passwordEnteredFirstTime, PASSWORD_BCRYPT);
    $passIsValid = password_verify($passwordEnteredSecondTime, $passwordHash);
    echo $passIsValid ? 'correct password' : 'wrong password';

Converting php password hash to original value is that possible?

No, you can't revert back to the original values. If you are using any encryption algorithm. Otherwise, Hackers would blow up your sites in seconds. The sole purpose of using hashing algorithms is to save and encrypt data using a very large value. There are many algorithms which do encryption some of them are md1 and sha1. Many websites offer that they can retrieve original value but not in an instant. It requires a brute force to retrieve original passwords.

How to decrypt hashed password using php?

MD5 and SHA-1 are one-way hash functions, meaning you can't get back an original string from a hash value.

How to decrypt Hash Password in Laravel

Short answer is that you don't 'decrypt' the password (because it's not encrypted - it's hashed).

The long answer is that you shouldn't send the user their password by email, or any other way. If the user has forgotten their password, you should send them a password reset email, and allow them to change their password on your website.

Laravel has most of this functionality built in (see the Laravel documentation - I'm not going to replicate it all here. Also available for versions 4.2 and 5.0 of Laravel).

For further reading, check out this 'blogoverflow' post: Why passwords should be hashed.

Perfect way to encrypt & decrypt password, files in PHP?

Checkout this well documented article A reversible password encryption routine for PHP, intended for those PHP developers who want a password encryption routine that is reversible.

Even though this class is intended for password encryption, you can use it for encryption/decryption of any text.

function encryption_class() {
    $this->errors = array();

    // Each of these two strings must contain the same characters, but in a different order.
    // Use only printable characters from the ASCII table.
    // Do not use single quote, double quote or backslash as these have special meanings in PHP.
    // Each character can only appear once in each string.
    $this->scramble1 = '! #$%&()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~';
    $this->scramble2 = 'f^jAE]okIOzU[2&q1{3`h5w_794p@6s8?BgP>dFV=m D<TcS%Ze|r:lGK/uCy.Jx)HiQ!#$~(;Lt-R}Ma,NvW+Ynb*0X';

    if (strlen($this->scramble1) <> strlen($this->scramble2)) {
        trigger_error('** SCRAMBLE1 is not same length as SCRAMBLE2 **', E_USER_ERROR);
    } // if

    $this->adj = 1.75;  // this value is added to the rolling fudgefactors
    $this->mod = 3;     // if divisible by this the adjustment is made negative
}

Caution:

If you are using PHP version >= 5.3.3, then you have to change the class name from encryption_class to __construct

Reason:

As of PHP 5.3.3, methods with the same name as the last element of a namespaced class name will no longer be treated as constructor.

Usage:

$crypt = new encryption_class();

$crypt->setAdjustment(1.75); // 1st adjustment value (optional)
$crypt->setModulus(3); // 2nd adjustment value (optional)

/**
 * 
 * @param string $key - Your encryption key
 * @param string $sourceText - The source text to be encrypted
 * @param integer $encLen - positive integer indicating the minimum length of encrypted text
 * @return string - encrypted text
 */
$encrypt_result = $crypt->encrypt($key, $sourceText, $encLen);

/**
 * 
 * @param string $key - Your encryption key (same used for encryption)
 * @param string $encrypt_result - The text to be decrypted
 * @return string - decrypted text
 */
$decrypt_result = $crypt->decrypt($key, $encrypt_result);

Update:

Above class is not intended for encrypting files, but you can!!!

  1. base64_encode your source text (file contents)
  2. for actual encryption, apply above enc/dec class over base64-encoded text
  3. for decryption, apply above enc/dec class over actually encrypted text
  4. base64_decode will give you the actual file contents (you can save a copy of file with this content)

I've encrypted an image, decrypted back and saved to a new file!!! checkout the code.

//class for encrypt/decrypt routines 
require 'class.encryption.php';

//configuring your security levels
$key = 'This is my secret key; with symbols (@$^*&<?>/!#_+), cool eh?!!! :)';
$adjustment = 1.75;
$modulus = 2;

//customizing
$sourceFileName = 'source-image.png';
$destFileName = 'dest-image.png';
$minSpecifiedLength = 512;

//base64 encoding file contents, to get all characters in our range
//binary too!!!
$sourceText = base64_encode(file_get_contents($sourceFileName));

$crypt = new encryption_class();
$crypt->setAdjustment($adjustment); //optional
$crypt->setModulus($modulus); //optional

//encrypted text
$encrypt_result = $crypt->encrypt($key, $sourceText, $minSpecifiedLength);

//receive initial file contents after decryption
$decrypt_result = base64_decode($crypt->decrypt($key, $encrypt_result));

//save as new file!!!
file_put_contents($destFileName, $decrypt_result);

Related Topics

PHP Variable Inside Echo 'HTML Code'

How to Pass Js Variable to PHP

Laravel 5.2 Not Reading Env File

How to Create a Custom Admin Page in Opencart

How to Force Laravel Project to Use Https for All Routes

How to Fix "Set Samesite Cookie to None" Warning

How to Convert Ipv6 from Binary for Storage in MySQL

Should My PHP Functions Accept an Array of Arguments or Should I Explicitly Request Arguments

Php's Preg_Match() and Preg_Match_All() Functions

In PHP, What Is the Differences Between Null and Setting a String to Equal 2 Single Quotes

Convert Persian/Arabic Numbers to English Numbers

Cannot Use String Offset as an Array in PHP

How to Re-Format Datetime String in PHP

"PHP Fatal Error: Class 'Httprequest' Not Found"

PHP Error: Function Name Must Be a String

Executing PHP Code Inside a .Js File

How to Convert a Docx Document to HTML Using PHP

Decode a Quoted Printable Message in PHP


Leave a reply



Submit