I use the MD5 / Hash and BASE64 ENCODE functions for passwords, so I really don't care what they enter if they meet the minimum requirements ... It is recommended that you use strongly typed passwords.
function get_rnd_iv($iv_len) { $iv = ''; while ($iv_len-- > 0) { $iv .= chr(mt_rand() & 0xff); } return $iv; } function md5_encrypt($string_value, $salt_key, $iv_len = 16) { $string_value .= "\x13"; $n = strlen($string_value); if ($n % 16) $string_value .= str_repeat("\0", 16 - ($n % 16)); $i = 0; $enc_text = get_rnd_iv($iv_len); $iv = substr($salt_key ^ $enc_text, 0, 512); while ($i < $n) { $block = substr($string_value, $i, 8) ^ pack('H*', md5($iv)); $enc_text .= $block; $iv = substr($block . $iv, 0, 512) ^ $salt_key; $i += 16; } return urlencode(base64_encode($enc_text)); } function md5_decrypt($enc_text, $salt_key, $iv_len = 16) { $enc_text = urldecode(base64_decode($enc_text)); $n = strlen($enc_text); $i = $iv_len; $string_value = ''; $iv = substr($salt_key ^ substr($enc_text, 0, $iv_len), 0, 512); while ($i < $n) { $block = substr($enc_text, $i, 8); $string_value .= $block ^ pack('H*', md5($iv)); $iv = substr($block . $iv, 0, 512) ^ $salt_key; $i += 16; } return preg_replace('/\\x13\\x00*$/', '', $string_value); }