nuBuilder Forum

does nuBuilder have a way built in to encrypt a field (for example a password), and unencrypt. as obviosly keeping passwords (or other sensitive info) unencrpted in a database is a security no no

Im a bit of a n00b regards php, but i have read its got something to do with hashes.

or is there any readily available code that will do this?

thanks a lot to anyone that can help

Hi,
User passwords by default are hashed with md5 and are stored only as hashed - so admin for example will never see directly original user passwords.

Janusz wrote:Hi,
User passwords by default are hashed with md5 and are stored only as hashed - so admin for example will never see directly original user passwords.

no by username and passwords, i mean if i create a table and used a fieldname "password", when i check the table its not encrpted the password field, I also require a "notes" field with medical data to be encrpted for gdpr purposes.

[See next post]

Please find attached a sample.

[Attachment removed. Please see next posts]

It uses the PHP AS (After Save) event to encrypt a password field with AES 256 encryption (using a secrect password) and decrypts it when the form is loaded.
That means that the password is stored encrypted in the database.

Import the SQL File into your existing nuBuilder Database (using phpMyAdmin).
The dump contains a form, its objects and a table (encrypt_data). It will not overwrite/modify/delete any other data.

How to import the file:
1. Log into phpMyAdmin (in nuBuilder, go to the tab Builders and click on the "Database" button.
4. In phpMyAdmin, Click "Import" in the top menu
5. Under File to Import, click "Browse" and select the sql file (from the attachment)
6. Click "Go" at the bottom right to import the database file.
7. When the database has been imported successfully, you should see a message at the top of the page similar to: "Import has been successfully finished".

thanks a lot for your help (and sooo quick)

ive imported the sql file, it has updated a table and form,
it was still saving unecrypted, so i looked at the aftersave customcode which was blank

so i typed it out from the example

Function encrypstring ($text)
{
$secret = defined(“encrypt_secret”) ? encrypt_secret : “something”;
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(“aes-256-cbc”));
Return base64_encode($iv . Openssl_encrypt($text, ‘aes-256-cbc’ , $secret, 0, $iv));
}
$qry = “update ‘encrypt_data’ set ‘enc_password’ = ? Where encrypt_data_id = ?”;
Nurunquery($qry, [encryptstring(“#enc_password#”) , “#RECORD_ID#”]);


its coming up with the following error

After Save of Form encrypt_dataBE

/home/carecomp/public_html/nubuilder/nucommon.php(1258) : eval()'d code
syntax error, unexpected '‘encrypt_data’' (T_STRING)

Traced from...

(line:52) /home/carecomp/public_html/nubuilder/nuapi.php - nuUpdateDatabase

(line:403) /home/carecomp/public_html/nubuilder/nudata.php - nuEval

it may be a typo?

shouldnt there also be a script the the browse part of the form used to unencrypt the data and put it in the form field? (when browsing data?)

again many thanks for your help

Sorry, I must have uploaded a faulty file. Please execute this query to remove the form & objects and then use the new db dump from the attachment.

Works fine , good to know

gerese wrote:Works fine , good to know

The problem with this approach is, that the key is also stored in the database. If someone was able to get access to the database and see encrypted passwords, they would also be able to browse the database and retrieve the key to decrypt them.

fantastic!
Thanks a lot

will be making a regular monthly donation to this brilliant project