The Community forums are being phased out in favor of a new Slack group.
Add your email address below to get an invitation to join the community slack group

Slack Signup
Newsletter Optin
Help Desk

Encrypted Fields

Labels

This Discussion is public

Notifications

I've been working on a particular proof of concept the last few days. I don't have much experience with this tool, so I'm sure there may be some more efficient ways of doing this.

The good news - It worked, the support team was helpful and I really like this product.
The bad news - The documentation is THE WORST for a developer. I pretty much stumbled through code tidbits and the source code to piece this together. Oh, I also annoyed the help desk 😉

The idea for this is to encrypt certain fields inside Formidable using the same OpenSSL key used for some other tools. This way, all data is encrypted with the same key which will make the BI process more seamless. When the data is simply being viewed, it should be obfuscated. When editing, it should be decrypted and allowed to be changed.

Items of note...

  • This is a proof of concept. You will want to modify accordingly.
  • Limited testing... it's a proof of concept.
  • You will want to load and call the cryptor library. It is easy to do.
  • If you define a field as encrypted that already has data... that legacy data won't be encrypted until the entry has been updated. Just open it and hit update.
  • Lose your crypt key... you lose the data. Let someone else get the key... they have your data. Be responsible.
  • I've only played around in this product for a few days. I just hope it helps some other folks out since the docs are really bad.

STEP 1

  • Install and load the cryptor library located here.
  • Define a variable or a constant to represent your CRYPT_KEY.
  • An example on how to create a constant in your wp-config.php file below.
  • Change the actual crypt key value to something very complex. DON'T just put something in... use a random generator at random.org or something. Honestly, our random keyboard inputs aren't very random.

Example wp-config.php

define('LOGGED_IN_SALT', '0000000000000000000000000000000000000000000000000000000000000000');
define('NONCE_SALT', '0000000000000000000000000000000000000000000000000000000000000000');
define('CRYPT_KEY', '0000000000000000000000000000000000000000000000000000000000000000');

Step 2

  • Copy and paste the code below into your theme or a snippets plugin.
  • Change the CRYPT_KEY variable if you went with a different name.
  • Change/add the field ids for any field you want to be encrypted.


/* Add any field ids that should be encrypted to this array. We can figure out a good way to do this from the admin panel if we go this route. */
$frm_encrypted_fields = array (161, 164);


// When a new form is submitted, check fields and encrypt if needed.
add_filter('frm_add_entry_meta', 'change_due_date');
function change_due_date($new_values) {
global $frm_encrypted_fields;
if(in_array($new_values['field_id'], $frm_encrypted_fields)){
$new_values['meta_value'] = Cryptor::Encrypt($new_values['meta_value'], CRYPT_KEY);
}
return $new_values;
}


// When a encrypted data has been updated... uuhhh, encrypt it.
add_action('frm_after_update_entry', 'frm_encrypted_updates', 10, 2);
function frm_encrypted_updates($entry_id, $form_id){
global $frm_encrypted_fields;
// We need to loop through the fields to determine which are supposed to be enrypted.
$fields = FrmField::get_all_for_form($form_id);
foreach($fields as $key => $value){
if(in_array($value->id, $frm_encrypted_fields)){
$data = Cryptor::Encrypt($_POST['item_meta'][$value->id], CRYPT_KEY);
FrmEntryMeta::update_entry_meta( $entry_id, $value->id, '', $data );
}
}
}


// Replace encrypted blob with "Encrypted" wherever the simple shortcode is used on the front-end.
add_filter('frmpro_fields_replace_shortcodes', 'frm_encrypted_view_frontend', 10, 4);
function frm_encrypted_view_frontend($replace_with, $tag, $atts, $field){
global $frm_encrypted_fields;
if(in_array($tag, $frm_encrypted_fields)){
$replace_with = ' Encrypted';
}
return $replace_with;
}


// Replace encrypted blob with "Encrypted" on the back-end.
add_filter( 'frm_display_value', 'frm_encrypted_view_backend', 10, 3 );
function frm_encrypted_view_backend( $value, $field, $atts ) {
global $frm_encrypted_fields;
if(in_array($field->id, $frm_encrypted_fields) && is_admin()){
$value = ' Encrypted';
}
return $value;
}


// When editing a form, decrypt the data and display it for editing.
add_filter('frm_setup_edit_fields_vars', 'frm_show_encrypted_field', 20, 3);
function frm_show_encrypted_field($values, $field, $entry_id){
global $frm_encrypted_fields;
if (in_array($field->id, $frm_encrypted_fields)){
/* Need to pull value from db since values['value'] will contain unencrypted text from $_POST (I think) if "Show the form with confirmation message" is selected. You better be using ssl, because that data is just begging to be picked. */
global $wpdb;
$querystr = 'SELECT meta_value FROM wp_frm_item_metas WHERE field_id="' . $field->id . '" AND item_id="' . $entry_id . '"';
$meta_value = $wpdb->get_var($querystr);
if($meta_value){
/* We want to look for an exception from Cryptor. This may need to be expanded with some logic if we go this route. For now, we will assume the value passed wasn't encrypted. */
try {
$values['value'] = Cryptor::Decrypt($values['value'], CRYPT_KEY) . 'TEST';
} catch (Exception $e) {
//$values['value'] = $e->getMessage() . ' ' . $data; // Strictly for troubleshoot exceptions.
}
// If you have the bootstrap addon, you can change the snazzy little icon.
$values['btsp']['prepend'] = '';
}
}
return $values;
}

Yep, I think that should just about do it. I hope someone finds this useful and/or can use it as the start of a project.

P.S. I noticed that Gravity Forms will be offering openssl encryption in their next version.


Attachments:

This could be handy with the new GDPR "thing".

Thank you! :)

Antonio

Exactly why I did it.

Nice! :) Thank you for sharing it!

is the project still going?

Depends on what you mean. I’ve only made a few changes and it is working well in the environment I set it up for.

hello @Eddiemoto

Thanks for giving this code for Encryptions it is working but I am not able to Decrypt Value for all locations like Export csv and xml and view formate side so everywhere is possible to Decrypt for this type?

Hello @ Eddiemoto,

I have a business opportunity for something like this. I thinkg your product might work with further development.

Please email me at prestonbuckner@brandtroops.com to dicuss further.

Hi,

Can you view encrypted data in a view?

I did this as a proof of concept and haven't really looked at in since.  I think you will just need to put a wee bit of logic inside the frm_encrypted_view_backend function.  Possibly simply commenting the line that changes the value.

Hi Eddiemoto,

 

For front end views wouldn't i have to create the logic in frm_encrypted_view_frontend ?

 

For example decrypt all data in the front end view, since frmpro_fields_replace_shortcodes should be the filter to use?

@eddiemoto

This is really awesome stuff. I have been looking for something like this for a site I am working on.

Would you know if a field value is passed in a URL parameter into a view for editing/deletion if it will be encrypted in the URL and if it would work to be decrypted in the displayed view?

Thanks in advance.

I have implemented a slightly different version of this without using Cryptor without much problem, and the difficulty I am having with this approach definitely has me believing I am "holding my mouth wrong".

Getting a ton of "PHP Warning: in_array() expects parameter 2 to be array, null given in...." yada yada .

After that, there is no joy (or encryp[tion/decryption for that matter).

Should the form's ID be set or are the FieldIDs all we need to alter?

 

Thanks in advance.

Edit
Delete

[…] of encrypting/decrypting Formidable Form fields has been discussed. There is a "Tips and Tricks" post from Eddiemoto on the Formidable Help Desk explaining his proof of concept for encrypting/decrypting fields […]

Discussion closed.