[SOLVED] Crypt custom Field content

2 years 10 months ago - 1 year 7 months ago #324713 by laurent.peythieux
[SOLVED] Crypt custom Field content was created by laurent.peythieux
Hi,

I use community builder to store sensible content (like passwords).
Custum fields are not crypted in database.
How can I crypt my datas when the user save his prifile and uncrypt when profile is loaded (I ca manage the crypt/uncrypt script) ?

Thanks.

Please Log in to join the conversation.

2 years 10 months ago #324714 by krileon
Replied by krileon on topic Crypt custom Field content
We've no feature to encrypt before storage and decrypt before display any field value. It's possible to encrypt before storage with CB Auto Actions, but decrypting before display could be tricky and you of course won't be able to use userlist searching on encrypted fields. The below should work to encrypt a fields value.

Global
Triggers: onAfterUserRegistration, onAfterNewUser, onAfterUserUpdate, onAfterUpdateUser
Type: Code
User: Automatic
Access: Everybody
Conditions
Field: Custom > Value
Custom Value: [var1_FIELD_NAME]
Operator: Not Equal To
Value: [var3_FIELD_NAME]
Action
Method: PHP
Code:
$variablies['var1']->FIELD_NAME = ENCRYPTION_CODE_HERE;
$variablies['var1']->store();
Parameters
References: Variable 1

The above would let you modify a fields value after it was stored using PHP. The field being FIELD_NAME and ENCRYPTION_CODE_HERE being your PHP code to encrypt its value. It should only apply this code if the fields value changes. Below is an explanation of the triggers used.

onAfterUserRegistration = frontend registration
onAfterNewUser = backend registration
onAfterUserUpdate = frontend edit
onAfterUpdateUser = backend edit

I don't have a solution for decrypting before display beyond maybe just using a CB Code Field to handle the display where you can use custom PHP to reverse the encryption if you used an encryption that can be reversed (e.g. openssl encrypt).


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

1 year 7 months ago #330193 by laurent.peythieux
Replied by laurent.peythieux on topic Crypt custom Field content
Hi,
I'm working again on this subjet.
I use the password field (with a ********** in replacement value) and it works almost fine but ....
The first time, a user input informations in the form, he input his password, and save. The password is stored crypted in database.
The second time, the user want to change a field value (not the password but another one). When he save the crypted value in db is changed (even if the user did not touch this field).

Question :
1/ is it possible to change something in configuration ?
2/ if not, is it possible :
* Case A : to force the password field to empty each time i edit my profile ?
* Case B : or to force the user to re-input the password ?

Thanks !

Please Log in to join the conversation.

1 year 7 months ago #330197 by krileon
Replied by krileon on topic Crypt custom Field content
There is no field type for what you're wanting to do. You ideally should be decrypting on profile edit and anywhere you need the decrypted value. This really should just be a completely new fieldtype plugin ideally. Additionally why do you need to do this? There maybe a better solution to whatever you're trying to accomplish.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

1 year 7 months ago #330269 by laurent.peythieux
Replied by laurent.peythieux on topic Crypt custom Field content
Hello,
All i want to do is to crypt passwords in database (just in case of database hacking).
I just need to to store password secuely (i don't need to see.them anymore once they are stored)..
Stored password are used by scrypts that decrypt them and make automatic actions. 'excuted thru crontab).
Thanks.

Please Log in to join the conversation.

1 year 7 months ago #330275 by krileon
Replied by krileon on topic Crypt custom Field content
We don't have a field type for doing that as explained above. The only way to do that is to use a Password fieldtype then use the above CB Auto Actions behavior to encrypt it however you're needing. Password fieldtypes don't re-display in profile edit so it won't double encrypt on profile update and the auto action should only apply if the password field value is changed.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.204 seconds

Facebook Twitter LinkedIn