USing PHP to refer to Form fields in BS AS BB BE fields

[apmuthu]

Attachment missing.

[icoso]

What attachment? Were you going to include an attachment showing how to do what you suggested?

[apmuthu]

The attachment in the post is already in the official repo as of commit 335.

[icoso]

Im sorry, @apmuthu. I still don't understand what you're saying here. I am using that core.php and am using the BS code to encrypt my data to store it.

What Im asking about is your comment here:

It should be easier to put in a trigger right in the DB itself with some user function in MySQL doing the encrypting job. Decrypting can be PHP.

Im trying to figure out what you mean by this and if you know of a way to encrypt a field, save it in the database, THEN by using the standard search field on the search form, use that same field to search for the record int he database. I've already accomplished this by saving the data encrypted. But the searching ability has me stumped. Since the current search will search by partial characters (using LIKE) when searching an encrypted field, that just won't work unless I enter the entire field exactly like its store. For example, I have an SSN field that I want to store encrypted (I've done this) Then I used what kev1n suggested to unencrypt it for searching. It will work but ONLY if I enter the entire SSN in the search field. If I enter say the last 4 of the SSN that will never be found in an encrypted field because it simply wont follow the same pattern when encrypting a 4 digit field compared to a 11 or 9 digit field.

Your comment made me think that you have a way to do this in the Database itself.

I also looked at this post:
https://forums.nubuilder.cloud/viewtopic.php?f=20&t=10482

Which I installed it on my nuBuilder site, but dont see how to use it. I asked about that in that post but got no reply. Any help is very much appreciated.

[kev1n]

Is SSN the only field that is encrypted?

[icoso]

I'll probably encrypt the cust_DOB field and maybe the cust_email fields. But those arent going to be used as searched fields. Im using SSN as the primary searched field. Encrypting the data and saving it as an encrypted field then unencrypting it it do display on the form in an unencrypted format is not the issue. Its searching for it that is the issue.

You mentioned to to use this earlier.

function nuOnSearchAction() {
nuRunPHPHidden('your_php_procedure_to_encrypt_the_search_value','0);
result = false;
}

Which I think will work but only if I enter the SSN in full. If I enter a partial like the 1st 3 digits or the last 4 it won't find it in the DB. I'd have to enter the full SSN in the search to be able to find it, right? So since most people refer to the last 4 of the SSN, I think I'll create a new field for the last 4, pull it out of the SSN when saving it, encrypt it as well, then have the user ONLY search using the last 4 and use this routine to encrypt the search criteria when searching for it, then unencrypt it when displaying it.

When using that function you said to then use nuJavascriptCallback($string1) to "Refresh the Browse Screen". I assume that means that nuJavascriptCallback($string1) will change what was entered into the search field (ie: the encrypted data from the function nuOnSearchAction()) and then perform the search, right? However, how do I get the encrypted data that was generated in "your_php_procedure_to_encrypt_the_search_value" procedure when nuRunPHPHidden() doesn't appear to return anything? or does it?

therefore would I do this?
Declared in Custom Code:

function nuOnSearchAction() {
Sstring1=nuRunPHPHidden('encryptString($('#nuSearchField'))','0);
nuJavascriptCallback($string1);
result = false;
}

[apmuthu]

If you use one way encryption like MD5 or SHA1, there is no way to search in parts.

If you use base64_encoding, you will be able to do so mostly....

Code: Select all

$SSN = '123456789';
echo base64_encode($SSN) . '<br>'; //MTIzNDU2Nzg5
echo base64_encode(substr($SSN,0,3)) . '<br>'; // 123 => MTIz
echo base64_encode(substr($SSN, -3)) . '<br>'; // 789 => Nzg5

You will notice that each character of the SSN will be encrypted as 2 bytes and the search can be done for the base64_encoded value in the base64_encoded string. Pre-arranged salt interspersion can be used for obfuscation.

[steven]

Hi people,

If you want to change values in the database it is easier to do so on After Save.

with a simple UPDATE statement.

Code: Select all

nuRunQuery("UPDATE thetable SET thefield = 'newvalue' WHERE theprimarykey = '#RECORD_ID#'");

This will result in any updated values being displayed on the Edit Form as it reloads after After Save.


steven

[kev1n]

function nuOnSearchAction() {
Sstring1=nuRunPHPHidden('encryptString($('#nuSearchField'))','0);
nuJavascriptCallback($string1);
result = false;
}

nuRunPHPHidden() doesn't return anything. See the documentation: https://wiki.nubuilder.cloud/ ... nPHPHidden

nuJavascriptCallback() is a PHP function. Wiki: https://wiki.nubuilder.cloud/ ... ptCallback

[icoso]

kev1n,

Thats why I asked this in my post:

When using that function you said to then use nuJavascriptCallback($string1) to "Refresh the Browse Screen". I assume that means that nuJavascriptCallback($string1) will change what was entered into the search field (ie: the encrypted data from the function nuOnSearchAction()) and then perform the search, right? However, how do I get the encrypted data that was generated in "your_php_procedure_to_encrypt_the_search_value" procedure when nuRunPHPHidden() doesn't appear to return anything? or does it?

I was following your example that you made earlier in this post. So Im wondering how I then use " nuJavascriptCallback($string1) to "Refresh the Browse Screen""
to refresh the Browse screen (the search screen?)