Encrypted Fields

Est. Reading: 4 minutes
By: eddiemoto
Created: 10/13/2017
Category:
Difficulty: Advanced

Encrypted Fields

×Warning: This tutorial was created 2559 days ago. Some of the information may be out of date with more recent versions of Formidable. Please proceed with caution and always perform a backup before adding custom code.

I've been working on a particular proof of concept the last few days. I don't have much experience with this tool, so I'm sure there may be some more efficient ways of doing this.

The good news - It worked, the support team was helpful and I really like this product.
The bad news - The documentation is THE WORST for a developer. I pretty much stumbled through code tidbits and the source code to piece this together. Oh, I also annoyed the help desk 😉

The idea for this is to encrypt certain fields inside Formidable using the same OpenSSL key used for some other tools. This way, all data is encrypted with the same key which will make the BI process more seamless. When the data is simply being viewed, it should be obfuscated. When editing, it should be decrypted and allowed to be changed.

Items of note...

  • This is a proof of concept. You will want to modify accordingly.
  • Limited testing... it's a proof of concept.
  • You will want to load and call the cryptor library. It is easy to do.
  • If you define a field as encrypted that already has data... that legacy data won't be encrypted until the entry has been updated. Just open it and hit update.
  • Lose your crypt key... you lose the data. Let someone else get the key... they have your data. Be responsible.
  • I've only played around in this product for a few days. I just hope it helps some other folks out since the docs are really bad.

STEP 1

  • Install and load the cryptor library located here.
  • Define a variable or a constant to represent your CRYPT_KEY.
  • An example on how to create a constant in your wp-config.php file below.
  • Change the actual crypt key value to something very complex. DON'T just put something in... use a random generator at random.org or something. Honestly, our random keyboard inputs aren't very random.

Example wp-config.php

define('LOGGED_IN_SALT',   '0000000000000000000000000000000000000000000000000000000000000000');
define('NONCE_SALT',       '0000000000000000000000000000000000000000000000000000000000000000');
define('CRYPT_KEY',        '0000000000000000000000000000000000000000000000000000000000000000');

Step 2

  • Copy and paste the code below into your theme or a snippets plugin.
  • Change the CRYPT_KEY variable if you went with a different name.
  • Change/add the field ids for any field you want to be encrypted.
/*  Add any field ids that should be encrypted to this array. We can figure out a good way to do this from the admin panel if we go this route. */
$frm_encrypted_fields = array (161, 164);
        
//  When a new form is submitted, check fields and encrypt if needed.
add_filter('frm_add_entry_meta', 'change_due_date');
function change_due_date($new_values) {
    global $frm_encrypted_fields;
    if(in_array($new_values['field_id'], $frm_encrypted_fields)){
        $new_values['meta_value'] = Cryptor::Encrypt($new_values['meta_value'], CRYPT_KEY);
    }
    return $new_values;
}
//  When a encrypted data has been updated... uuhhh, encrypt it.
add_action('frm_after_update_entry', 'frm_encrypted_updates', 10, 2);
function frm_encrypted_updates($entry_id, $form_id){
    global $frm_encrypted_fields;
    //  We need to loop through the fields to determine which are supposed to be enrypted.
    $fields = FrmField::get_all_for_form($form_id);
    foreach($fields as $key => $value){
        if(in_array($value->id, $frm_encrypted_fields)){
            $data = Cryptor::Encrypt($_POST['item_meta'][$value->id], CRYPT_KEY);
            FrmEntryMeta::update_entry_meta( $entry_id, $value->id, '', $data );
        }   
    }   
}
//  Replace encrypted blob with "Encrypted" wherever the simple shortcode is used on the front-end.
add_filter('frmpro_fields_replace_shortcodes', 'frm_encrypted_view_frontend', 10, 4);
function frm_encrypted_view_frontend($replace_with, $tag, $atts, $field){
    global $frm_encrypted_fields;
    if(in_array($tag, $frm_encrypted_fields)){
        $replace_with = ' Encrypted';
    }   
    return $replace_with;
}
//  Replace encrypted blob with "Encrypted" on the back-end.
add_filter( 'frm_display_value', 'frm_encrypted_view_backend', 10, 3 );
function frm_encrypted_view_backend( $value, $field, $atts ) {
    global $frm_encrypted_fields;
    if(in_array($field->id, $frm_encrypted_fields) && is_admin()){
        $value = ' Encrypted';
    }   
     return $value;
}   
//  When editing a form, decrypt the data and display it for editing.
add_filter('frm_setup_edit_fields_vars', 'frm_show_encrypted_field', 20, 3);
function frm_show_encrypted_field($values, $field, $entry_id){
    global $frm_encrypted_fields;
     if (in_array($field->id, $frm_encrypted_fields)){
        /*  Need to pull value from db since values['value'] will contain unencrypted text from $_POST (I think) if "Show the form with confirmation message" is selected. You better be using ssl, because that data is just begging to be picked. */
        global $wpdb;
        $querystr = 'SELECT meta_value FROM wp_frm_item_metas WHERE field_id="' . $field->id . '" AND item_id="' . $entry_id . '"';
        $meta_value = $wpdb->get_var($querystr);
         if($meta_value){
            /*  We want to look for an exception from Cryptor. This may need to be expanded with some logic if we go this route. For now, we will assume the value passed wasn't encrypted. */
            try {
                $values['value'] = Cryptor::Decrypt($values['value'], CRYPT_KEY) . 'TEST';
            } catch (Exception $e) {
                 //$values['value'] = $e->getMessage() . ' ' . $data;    //  Strictly for troubleshoot exceptions.
            }   
             //  If you have the bootstrap addon, you can change the snazzy little icon.
            $values['btsp']['prepend'] = '';
        }   
    }   
        return $values;
}

Yep, I think that should just about do it. I hope someone finds this useful and/or can use it as the start of a project.

P.S. I noticed that Gravity Forms will be offering openssl encryption in their next version.

Leave a Reply

Making the Best WordPress Plugin even better - Together

Take on bigger projects with confidence knowing you have access to an entire community of Formidable Experts and Professionals who have your back when the going gets tough. You got this!
Join the community
crosschevron-leftchevron-rightarrow-right