Encryption Service

Need to encrypt potentially sensitive data, while still being able to retrieve it for later? Use the encryption service!

First, retrieve the service:

$encryptor = \Core::make("helper/encryption");

Now, you can use

$encrypted = $encryptor->encrypt('This text will be encrypted.');

And

print $encryptor->decrypt($encrypted); // "This text will be encrypted."

Important Note: These functions rely on the mcrypt library; if the library is not installed, the output will not be encrypted. It will just be passed back as unencrypted text.

Encrypting User Passwords

Note: this is NOT to be used for user passwords! It's not secure enough. In general, you should never encrypt user passwords with anything that can be reversed. Instead, encrypt it using a one-way hashing algorithm, and any time the user enters their password, compare the value of the hashed provided password with the one you're storing. This is all taken care of by concrete5 when dealing with the standard User model, but if you need to encrypt user passwords yourself for business purposes, here's the secure, standardized method by which concrete5 accomplishes this.

First, retrieve the global password hasher from the User object:

$u = new User();
$hasher = $u->getUserPasswordHasher();

This will return an instance of the Hautelook\Phpass\PasswordHash object, with the proper configuration values set for portability and proper encryption of data. Then, it's a simple matter of either calling

return $hasher->HashPassword($password);

to generate an encrypted password for storage, or

$hasher->checkPassword($inputPassword, $storedPassword)

to check an inputted password against the password stored in the database.

Loading Conversation