Your secreto
function should "work". With your login code I don't see where you initialize $passsalt
. So either there is a part of your code that you aren't showing, or $passsalt
isn't actually set.
Your encryption is insecure though:
You shouldn't be using a password as your encryption key. Human passwords typically don't have enough entropy.
You are somewhat exposing your key by using a hashed version of it as your IV.
An IV is meant to protect your key by "randomizing" the first encrypted block. This ensures that even when you encrypt the same text with the same key, the output will be different. Because you use a constant IV, you are not getting any benefit from it.
If possible your key should be random, using a character range of 0 - 255. Your IV must always be different when you encrypt. The IV can be public, so you can even store it with the encrypted text.
You should also avoid storing the encryption key in the database along with the encrypted data.
If you are encrypting passwords, I would use a one-way hash designed for passwords instead, like scrypt or bcrypt.