Page 2 of 3
Re: Encrypting a Field that is used for searching
Posted: Fri Feb 26, 2021 12:18 pm
by icoso
Thanks miasoft, I don't think making a temporary table will work. There will be 1000's of records in this table and up to about 10 people using this at the same time. Having the SSN's in an unencrypted format in the online database is not an option.
I need to know how to change the search criteria and for that to changed search criteria to be used to actually search. As of right now its not. I can change the search criteria after entering it, but it somehow reverts back to its original entry right before the search occurs. Anyone else have a solution?
Re: Encrypting a Field that is used for searching
Posted: Fri Feb 26, 2021 12:24 pm
by icoso
apmuthu wrote:Are you using the latest nuBuilder v4.5 git master? The
BeforeSave function code was updated to allow changes to the form data before saving to the database. In a similar manner, the search value can be encrypted / encoded before being sent for processing. The session variable that makes the search value persist across pages (and ajax requests) would need to be changed in the client side itself before a transmission to the server - php or ajax.
That is my question! How do I do that? "The session variable that makes the search value persist across pages (and ajax requests) would need to be changed in the client side itself before a transmission to the server" The code that kev1n provided does not work and it causes a syntax error.
ANyway I try to change the search value before it searches doesn't work. That's what my post is about.
Re: Encrypting a Field that is used for searching
Posted: Fri Feb 26, 2021 1:29 pm
by miasoft
Having the SSN's in an unencrypted format in the online database is not an option.
...A temporary table is only available and accessible to the client that creates it. Different clients can create temporary tables with the same name without causing errors because only the client that creates the temporary table can see it. However, in the same session, two temporary tables cannot share the same name....
There will be 1000's of records up to about 10 people
A temporary table will have two short fields for each record. Total size 10-20Mb is problem?
Re: Encrypting a Field that is used for searching
Posted: Fri Feb 26, 2021 3:46 pm
by icoso
Not the problem, its the functionality of it. Why have a database online all daylong that contains unencrypted SSNs in it? That's not what Im looking for. Im needing to know how to change the search value before it searches and it doesn't work. That's what my post is about.
Re: Encrypting a Field that is used for searching
Posted: Sat Feb 27, 2021 9:48 am
by apmuthu
The Wiki has a new
Search page that possibly addresses this issue.
Re: Encrypting a Field that is used for searching
Posted: Sat Feb 27, 2021 9:55 am
by kev1n
I think it's best to add a separate search button to search for an encrypted string (SSN).
In this way, searching for unencrypted values will still work as usual
In the form's Custom Code:
Code: Select all
function nuOnSearchAction() {
window.originalSearchString = undefined;
return true;
}
function searchSSN() {
// Store the Search String in a Hash Cookie nuSearchField
nuSetProperty('nuSearchField', $('#nuSearchField').val());
// Run the PHP Procedure searchSSN
nuRunPHPHidden("searchSSN",0);
}
if(nuFormType() == 'browse'){
// Add an additional button "Search SSN" next to the other action buttons
if (window.originalSearchString !== undefined) {
$('#nuSearchField').val(window.originalSearchString);
}
nuAddActionButton('nuRunPHPHidden', 'Search SSN', 'searchSSN();');
}
PHP Procedure with
Code: searchSSN
Code: Select all
function encryptString($text) {
// Use any encryption algorithm and return the encrypted string
// For demonstration purposes, add 123 to the search string
$text = $text. '123';
return $text;
}
$e = encryptString("#nuSearchField#");
$js =
"
window.originalSearchString = '#nuSearchField#';
nuForm(nuGetProperty('form_id'),'' , '', '$e', '1');
";
nuJavascriptCallback($js);
Re: Encrypting a Field that is used for searching
Posted: Sat Feb 27, 2021 6:13 pm
by icoso
Thanks! I'll try that and let you know how it goes.
Re: Encrypting a Field that is used for searching
Posted: Mon Mar 01, 2021 10:52 pm
by icoso
kev1n,
I was able to encrypt what was entered in the search screen and retrieve the record for that SSN. However what I entered in the Search field changed to the encrypted string.
Is there any way to make it the original entered string after the search? This is so the user doesn't get confused as to what they entered.
Can you explain what this does: window.originalSearchString = undefined; What is "originalSearchString" How does it affect the search screen?
Also, In the list of records that were retrieved, IS there any way to change what is displayed there for the SSNs? It is currently displaying the encrypted string and not the SSN from the database.
How can I display the unencrypted SSN field there? What functions and/or code section can I use to unencrypt the SSN when it's displayed?
I understand that nuJavascriptCallback($js); runs the Javascript in $js AFTER the encryptString("#nuSearchField#"); function is run. The nuJavascriptCallback($js) runs the "nuForm(nuGetProperty('form_id'),'' , '', '$e', '1'); " function which opens the form and uses the encrypted string as the search string. However, since the form opens up after the search occurs, should this (window.originalSearchString = '#nuSearchField#'; ) be done AFTER the nuForm function to set the search field back to what I entered originally?
This statement window.originalSearchString = '#nuSearchField#'; doesn't seem to be doing anything, whether I put it before or after the nuForm function.
Should I be using the DOM element to set that field back to the original search text? Such as: document.getElementById('nuSearchField').value = '#nuSearchField#';
Re: Encrypting a Field that is used for searching
Posted: Tue Mar 02, 2021 1:48 am
by kev1n
icoso wrote:
Is there any way to make it the original entered string after the search? This is so the user doesn't get confused as to what they entered.
In my example the original search string is shown again in the search field. Can you show both your Custom Code + PHP procedure code?
icoso wrote:
Can you explain what this does: window.originalSearchString = undefined; What is "originalSearchString" How does it affect the search screen?
originalSearchString is the unencrypted search string.
icoso wrote:
Also, In the list of records that were retrieved, IS there any way to change what is displayed there for the SSNs? It is currently displaying the encrypted string and not the SSN from the database.
How can I display the unencrypted SSN field there? What functions and/or code section can I use to unencrypt the SSN when it's displayed?
I'll have to think about what the best option is there.
Re: Encrypting a Field that is used for searching
Posted: Tue Mar 02, 2021 2:34 am
by icoso
Here is my Custom Code:
Code: Select all
if (nuFormType() == 'browse') {
$('#nuSearchField').on('change keydown paste input propertychange click keyup blur', function() {
nuSetProperty('SEARCH_FIELD', this.value );
})
nuAddActionButton('encrpytSearch', 'Search SSN Encrypted','searchSSN();');
}
function nuOnSearchAction() {
window.originalSearchString = undefined;
return true;
}
function searchSSN() {
// Store the Search String in a Hash Cookie nuSearchField
nuSetProperty('nuSearchField', $('#nuSearchField').val());
// I just put this here for testing to see If I could somehow see what it is after the nuRunPhpHidden
nuSetProperty('nuOrgSearchField', $('#nuSearchField').val());
// Run the PHP Procedure searchSSN
nuRunPHPHidden("srchEncSSN",0);
// alert($('#nuOrgSearchField'));
}
Here is my PHP Procedure:
Code: Select all
function encryptSSN($Str1) {
//remove dashes
$newStr="";
for ($l=0; $l<strlen($Str1); $l++) {
$decnum = ord(substr($Str1,$l,1));
if ($decnum > 47 && $decnum < 58) {
$newStr=$newStr.chr($decnum);
}
}
// the routein does some other things here to further encryt the data....
return $newStr;
} // ***** End Function *****
$e = encryptSSN("#nuSearchField#");
$js =
"
nuForm(nuGetProperty('form_id'),'' , '', '$e', '1');
// I tried both of these below. Neither set the Search field to what I originally entered. It changed it to the encrypted string...
window.nuSearchField = '#nuSearchField#';
// document.getElementById('nuSearchField').value = '#nuSearchField#';
";
nuJavascriptCallback($js);
Here is a pic of the search screen1:
CustomerSSNSearch.png
After entering the ssn (can be entered with or without dahses):
CustomerSSNSearch2.png
Result after search:
CustomerSSNSearch3.png
As you can see the search field gets replaced with the encrypted data not what I typed.
Additionally, When I unencrypt( which i have done in the BE code, I cant figure out how to set the form SSN form Field. I tried using the nuSetNuDataValue($nudata, '', 'cust_prissn', $SSN); after setting the $SSN variable, but that doesn't work. Any suggestions on how to set the actual form field on the screen to be the $SSN variable?