⚠ In case you've missed it, we have migrated to our new website, with a brand new forum. For more details about the migration you can read our blog post for website migration. This is an archived forum. ⚠

  •     

profile picture

[EXAMPLE] Password field and password encryption/decryption



wclark

wclark
  • profile picture
  • Member

Posted 30 January 2012 - 16:38 PM

Hi there,

Great library. I have everything working except:

One of my text fields is a password field. When my user hits update or add, I need to md5 encode the password before updating or inserting into the db.

Can you give an example of how to do this with the appropriate callback?

Also, if I want to decode the password to display to the user, how would I do that?

many thanks!
Bill

web-johnny

web-johnny
  • profile picture
  • Administrator
  • 1,166 posts

Posted 30 January 2012 - 20:55 PM

[quote name='wclark' timestamp='1327941520' post='378']
Hi there,

Great library. I have everything working except:

One of my text fields is a password field. When my user hits update or add, I need to md5 encode the password before updating or inserting into the db.

Can you give an example of how to do this with the appropriate callback?

Also, if I want to decode the password to display to the user, how would I do that?

many thanks!
Bill
[/quote]

Hello Bill,
Believe it or not , I have answer many times this question. But I really don't find ANY example to give you . So I will have a full example of what to do step by step so other people can use this post and help them.

First of all just to mention that it's not a good way to encrypt and decrypt a password. The best way it's just to encrypt your code and if someone wants to just reset his password. Below I have an example of a very simple encryption and decryption. The thing is to get the idea of how to use callbacks and of course you can change it with your needs.


Step 1. Let's do our field a password field . This will be with a simple line of code.

$crud->change_field_type('password_field','password');

So for now we just need to encrypt and decrypt our password. We have to use two callbacks. The first one is the: callback_before_insert and the callback_before_update. A quick way to use the same callback twice is this:

$crud->callback_before_insert(array($this,'encrypt_password_callback'));
$crud->callback_before_update(array($this,'encrypt_password_callback'));

and the callback will be:

function encrypt_password_callback($post_array, $primary_key = null)
{
$this->load->library('encrypt');

$key = 'super-secret-key';
$post_array['password_field'] = $this->encrypt->encode($post_array['password_field'], $key);
return $post_array;
}
.
Now the only thing we need is a callback_edit_field just to decrypt the password. So your callback will be:

$crud->callback_edit_field('password_field',array($this,'decrypt_password_callback'));

and the callback will be:

function decrypt_password_callback($value)
{
$this->load->library('encrypt');
$key = 'super-secret-key';
$decrypted_password = $this->encrypt->decode($value, $key);
return "<input type='password' name='password_field' value='$decrypted_password' />";
}


And of course because I understand that everyone (included me) want just a copy paste I have a full example below:

public function users(){
$crud = new grocery_CRUD();
$crud->set_table('db_user');
$crud->set_subject('User');
$crud->required_fields('user_name');

$crud->columns('user_name','email','real_name','active', 'groups');
$crud->fields('user_name','email','password','real_name','active', 'groups');
$crud->change_field_type('password', 'password');

$crud->callback_before_insert(array($this,'encrypt_password_callback'));
$crud->callback_before_update(array($this,'encrypt_password_callback'));

$crud->callback_edit_field('password',array($this,'decrypt_password_callback'));

$output = $crud->render();
$this->_example_output($output);
}

function encrypt_password_callback($post_array, $primary_key = null)
{
$this->load->library('encrypt');
$key = 'super-secret-key';
$post_array['password'] = $this->encrypt->encode($post_array['password'], $key);
return $post_array;
}

function decrypt_password_callback($value)
{
$this->load->library('encrypt');
$key = 'super-secret-key';
$decrypted_password = $this->encrypt->decode($value, $key);
return "<input type='password' name='password' value='$decrypted_password' />";
}


I have to mention that the example is not a working example and i just created for this topic so if you find something wrong just send it.

wclark

wclark
  • profile picture
  • Member

Posted 01 February 2012 - 00:18 AM

Thanks man! I agree that passwords should be one way hashed. I asked for an example of encode/decode for fields like credit card numbers.
Here is a working callback function for hashing passwords:

function encode_password_callback($post_array, $primary_key = null)
{
$params = array(0 => 8, 1 => TRUE);
$this->load->library('passwordhash', $params);
$post_array['mypassword'] = $this->passwordhash->HashPassword($post_array['mypassword']);
return $post_array;
}

kenvogt

kenvogt
  • profile picture
  • Member

Posted 24 May 2012 - 19:12 PM

Couldn't you just do something as simple as:

->set_rules('password','Password','md5')

?

wclark

wclark
  • profile picture
  • Member

Posted 24 May 2012 - 19:50 PM

Maybe. If you have existing data already encrypted, you may want to use an existing encryption/decryption function.

wclark

wclark
  • profile picture
  • Member

Posted 24 May 2012 - 20:08 PM

What about the case where you have stored the hashed value of a password field using callback_before_update?

Then later, in edit, the password field should be loaded as blank instead of loading the hash and the rest of the fields should be able to be saved without providing a new password, and without overwriting the existing password in the db.
Finally, if a new password is entered, then the password is updated in the db.

Any ideas how to accomplish this?

web-johnny

web-johnny
  • profile picture
  • Administrator
  • 1,166 posts

Posted 26 May 2012 - 20:14 PM

Well you can do it with easily with callback_before_update and callback_before_insert. Perhaps when I will find some time I will add an example for this.

xcoder

xcoder
  • profile picture
  • Member

Posted 01 June 2012 - 15:51 PM

[quote name='kenvogt' timestamp='1337886737' post='1951']
Couldn't you just do something as simple as:

->set_rules('password','Password','md5')

?
[/quote]

You cant do that to save the password in encrypted form

Ibaris

Ibaris
  • profile picture
  • Member

Posted 11 June 2012 - 14:05 PM

Hello,

for encode the password in md5 I used this in my controller

function encrypt_password($post_array, $primary_key = null)
{

$this->load->helper('security');
$post_array['password'] = do_hash($post_array['password'], 'md5');
return $post_array;

}

function usuarios_management()
{
$crud = new grocery_CRUD();
$crud->set_table('users');
$crud->columns('name','email','password','conocido','fecha_alta');
$crud->set_subject('Usuarios');

$crud->callback_before_insert(array($this,'encrypt_password'));

$output = $crud->render();

$this->_main_output($output);
}



I hope that's useful

fdias

fdias
  • profile picture
  • Member

Posted 11 June 2012 - 19:56 PM

As pointed by web-johnny in case of password is best to use hash.

Here's how Im dealing with it:

on the crud funtion I have:


$crud->callback_before_insert(array($this,'encrypt_pw'));


Then I have the encrypt_pw function as below:


function encrypt_pw($post_array) {
if(!empty($post_array['password'])) {
$post_array['password'] = SHA1($_POST['password']);
}
return $post_array;
}

rikoy

rikoy
  • profile picture
  • Member

Posted 28 June 2012 - 16:59 PM

[quote name='Ibaris' timestamp='1339423554' post='2248']
Hello,

for encode the password in md5 I used this in my controller

function encrypt_password($post_array, $primary_key = null)
{

$this->load->helper('security');
$post_array['password'] = do_hash($post_array['password'], 'md5');
return $post_array;

}

function usuarios_management()
{
$crud = new grocery_CRUD();
$crud->set_table('users');
$crud->columns('name','email','password','conocido','fecha_alta');
$crud->set_subject('Usuarios');

$crud->callback_before_insert(array($this,'encrypt_password'));

$output = $crud->render();

$this->_main_output($output);
}



I hope that's useful
[/quote]

thanks it work

Phichya Laemluang

Phichya Laemluang
  • profile picture
  • Member

Posted 19 February 2013 - 16:00 PM

Hello,

for encode the password in md5 I used this in my controller

function encrypt_password($post_array, $primary_key = null)
    {
	  
	    $this->load->helper('security');
	    $post_array['password'] = do_hash($post_array['password'], 'md5');
	    return $post_array;
	   
    }
   
    function usuarios_management()
    {
		    $crud = new grocery_CRUD();
		    $crud->set_table('users');
		    $crud->columns('name','email','password','conocido','fecha_alta');
		    $crud->set_subject('Usuarios');
		   
		    $crud->callback_before_insert(array($this,'encrypt_password'));
	   
		    $output = $crud->render();
		   
		    $this->_main_output($output);
    }


I hope that's useful

Thank you 


wclark

wclark
  • profile picture
  • Member

Posted 19 February 2013 - 16:04 PM


Thanks Phichya,

 

I will try this. Also, I will add callback_before_update code to handle updates of existing records.

 

:D


mascha

mascha
  • profile picture
  • Member

Posted 04 October 2017 - 23:04 PM

Hi There,

i add line as below, but nor work and show error "an error has occured on insert", but when i remove row 1 or 2 error not show, how to add 2 callback_before_insert? 

 

 

 $crud->callback_before_insert(array($this,'unset_verification'));
 $crud->callback_before_insert(array($this,'encrypt_password_callback'));
 $crud->callback_before_update(array($this,'unset_verification'));

 

 


Chan Chea

Chan Chea
  • profile picture
  • Member

Posted 19 October 2018 - 09:49 AM

Hi admin, 

 

I already copy your code and replace it into my function, but it still doesn't work.

Could you help on this?

 

 

public function testing_grocery2()
{
$crud = new grocery_CRUD();
$this->load->config('grocery_crud');
$this->config->set_item('grocery_crud_file_upload_allow_file_types',
'gif|jpeg|jpg|png');
$crud->set_theme('flexigrid');
$crud->set_table('testing_grocery');
$crud->fields('Name','Age','Gender','password','Description','photo');
$crud->unset_columns('password');
$crud->display_as('Name','Student Name')
->display_as('Age','Student Age')
->display_as('Gender','Student Gender');
 
 
$crud->change_field_type('password', 'password');
 
$crud->callback_before_insert(array($this,'encrypt_password_callback'));
$crud->callback_before_update(array($this,'encrypt_password_callback'));
$crud->callback_edit_field('password',array($this,'decrypt_password_callback'));
function encrypt_password_callback($post_array, $primary_key = null)
  {
    $this->load->library('encrypt');
    $key = 'super-secret-key';
    $post_array['password'] = $this->encrypt->encode($post_array['password'], $key);
    return $post_array;
  }
 
  function decrypt_password_callback($value)
  {
    $this->load->library('encrypt');
    $key = 'super-secret-key';
    $decrypted_password = $this->encrypt->decode($value, $key);
    return "<input type='password' name='password' value='$decrypted_password' />";
  }