My script to Encrypt/Decrypt data using PHP

I made these scripts to Encrypt/Decrypt data, example: Messages or a simple string and be able to transform the encrypted data to plain text again. At the end, I am going to explain why I think these scripts are safe/secure and please write your comments about what you think. First of all, please read what a Pepper is, click here https://en.wikipedia.org/wiki/Pepper_(cryptography) In simple words, a Pepper is a file saved in the server (not in the database) and the content of that file is added to a string. For example if the string is This is a demo and the Pepper is 1234567890 the output will be This is a demo1234567890. My scripts File: peppers.php File: login.php File: encrypt.php File: decrypt.php My opinion I think these scripts are really secure because: To Encrypt When the user does login in the website, a SHA256 passphrase is generated combining the user email + PEPPER_PASSPHRASE. If the database is hacked, the hacker is missing the PEPPER_PASSPHRASE to be able to encrypt/decrypt data. See that PEPPER_SALTS has 9 different values. To generate the key is the combination of the passphrase + 1 random value of PEPPER_SALTS + PEPPER_KEY. If the hacker has the database, he is missing the PEPPER_PASSPHRASE, the 9 PEPPER_SALTS and the PEPPER_KEY. To generate the iv is a combination of the passphrase + 1 random value of PEPPER_SALTS + PEPPER_IV. If the hacker has the database, he is missing the PEPPER_PASSPHRASE, the 9 PEPPER_SALTS, the PEPPER_KEY and the PEPPER_IV. To Decrypt The process is the same for the decryption but to guest the key and the iv, the script is going to execute the functions with each one of the 9 PEPPER_SALTS until one of them matches and the output is not empty. Let me know what you think.
http://dlvr.it/Shy7gz