Skip to content

formtools/module-submission_accounts#11 enabling encryption of passwords #617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

formtools/module-submission_accounts#11 enabling encryption of passwords #617

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f18496a
formtools/module-submission_accounts#11 enabling encryption of passwords
kubajal Sep 30, 2019
019889e
formtools/module-submission_accounts#11 hiding password value in user…
kubajal Oct 2, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions global/code/field_types/Password.class.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,20 @@
class Password
{

private static function getPhpProcessing()
{
$content =<<< END
\$field_name = \$vars["field_info"]["field_name"];
\$password = \$vars["data"][\$field_name];
\$encryptedPassword = \$General.encode(\$password);
return \$encryptedPassword;
END;
return $content;
}
public static function get()
{
$password_edit_field =<<< END
<input type="password" name="{\$NAME}" value="{\$VALUE|escape}" class="cf_password" />
<input type="password" name="{\$NAME}" value="{\$VALUE|escape}" class="cf_password" placeholder="password"/>
{if \$comments}
<div class="cf_field_comments">{\$comments}</div>
{/if}
Expand All @@ -33,7 +43,7 @@ public static function get()
"view_field_php_function" => "",
"view_field_smarty_markup" => "",
"edit_field_smarty_markup" => $password_edit_field,
"php_processing" => "",
"php_processing" => getPhpProcessing(),
"resources_css" => "input.cf_password {\r\n width: 120px;\r\n}",
"resources_js" => ""
),
Expand Down
11 changes: 9 additions & 2 deletions global/smarty_plugins/function.edit_custom_field.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,11 @@ function smarty_function_edit_custom_field($params, &$smarty)

// TODO make sense of this. Both are required in different contexts
// - in form builder, review page - the latter is needed.
if (isset($field_info["submission_value"]) || is_null($field_info["submission_value"])) {

// hide password
if($field_type_info["field_type_identifier"] == "password")
echo "********";
else if (isset($field_info["submission_value"]) || is_null($field_info["submission_value"])) {
echo $field_info["submission_value"];
} else {
echo $field_info["submission_info"]["value"];
Expand All @@ -51,14 +55,17 @@ function smarty_function_edit_custom_field($params, &$smarty)
}

// now construct all available placeholders
// note that we don't send the encrypted value of password, instead "********" is sent
$placeholders = array(
"FORM_ID" => $form_id,
"VIEW_ID" => $field_info["view_id"],
"SUBMISSION_ID" => $submission_id,
"FIELD_ID" => $field_info["field_id"],
"NAME" => $field_info["field_name"],
"COLNAME" => $field_info["col_name"],
"VALUE" => isset($field_info["submission_value"]) ? $field_info["submission_value"] : "",
"VALUE" => $curr_field_type["field_type_identifier"] != "password" ?
(isset($field_info["submission_value"]) ? $field_info["submission_value"] : "")
: "********",
"SETTINGS" => $settings,
"CONTEXTPAGE" => "edit_submission",
"ACCOUNT_INFO" => Sessions::getWithFallback("account", array()),
Expand Down