Hello forum.
Seems like I take 2 steps forward and 1 step backward. Here is where I am at. I really would appreciate any help I can get. Seems to me, that many of us store information in a database that we wouldn't want an intruder to be able to view. So encrypt we must.
I have followed my own advice and tried to make this simple at first and build on success. Here is what I have. I have a BeforeAdd event that encrypts the data in 1 field. It is sucessfully encrypting the field.
Here is the code in the include/.._events.php program
function BeforeAdd(&$values)
{
// Parameters:
// $values - Array object.
// Each field on the Add form represented as 'Field name'-'Field value' pair
//** Custom code ****
// put your custom code here
$key = "C770634F437346D7";
$string = $values["sn"];
// Encryption Algorithm
$cipher_alg = MCRYPT_3DES;
// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, MCRYPT_MODE_ECB), MCRYPT_RAND);
$encrypted_string = mcrypt_encrypt($cipher_alg, $key, $string, MCRYPT_MODE_CBC, $iv);
$values["sn"] = $encrypted_string;
return true;
// return true if you like to proceed with adding new record
// return false in other case
}
Now I would love to have the field unencrypted on the List Page. I am not quite understanding how to do this. When searching the forum, I find a few examples and it looks as if I need to embed sql commands into my ListOnLoad page.
Anyway, that comes later. What I need to do now is decrypt the data when the "View" page is selected. It should just be a matter of decrypting the field. Here is my code:
function ViewOnLoad()
{
global $where;
// Parameters:
// $where - string with WHERE clause pointing to record to be viewed
//** Custom code ****
// put your custom code here
$key = "C770634F437346D7";
$encrypted_string = $where["sn"];
$cipher_alg = MCRYPT_3DES;
$iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, MCRYPT_MODE_ECB), MCRYPT_RAND);
$decrypted_string = mcrypt_decrypt($cipher_alg, $key, $encrypted_string, MCRYPT_MODE_CBC, $iv);
$where["sn"] = $decrypted_string;
}
?>
The "sn" field displays the encrypted data and not the decrypted data. Hmmm! I can run this simple php script outside of phpRunner and it works fine.
<?php
// Designate string to be encrypted
$string = "Applied Cryptography, by Bruce Schneier, is a wonderful cryptography reference.";
// Encryption/decryption key
$key = "C770634F437346D7";
// Encryption Algorithm
$cipher_alg = MCRYPT_3DES;
// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, MCRYPT_MODE_ECB), MCRYPT_RAND);
// Output original string
print "Original string: $string ";
// Encrypt $string
$encrypted_string = mcrypt_encrypt($cipher_alg, $key, $string, MCRYPT_MODE_CBC, $iv);
// Convert to hexadecimal and output to browser
print "Encrypted string: ".bin2hex($encrypted_string)." ";
$decrypted_string = mcrypt_decrypt($cipher_alg, $key, $encrypted_string, MCRYPT_MODE_CBC, $iv);
print "Decrypted string: $decrypted_string";
?>
Can anyone see something obvious that I am doing wrong??
Thanks for your time.
Dave