[Resolved] Custom field encryption

[Author]

Posts

[jorgeB-3]

I have created a custom field to store personal data.

I would like to store this custom field data encrypted in the database and decrypted data will be only displayed to certain user roles.

Is there any way to encrypt/decrypt custom fields data?

Thank you for your help.

[Minesh]

Hello. Thank you for contacting the Toolset support.

There is no such native feature to encrypt/decrypt custom field consent.

However - if you want to encrypt/decrypt custom field consent while add/edit post from backend admin then you can use WordPress native save_post hook:
=> https://toolset.com/documentation/customizing-sites-using-php/updating-types-fields-using-php/

If you have Toolset form then you can use the Toolset form hook "cred_save_data" or "cred_submit_complete" or "cred_before_save_data":
=> https://toolset.com/documentation/programmer-reference/cred-api/#cred_before_save_data
=> https://toolset.com/documentation/programmer-reference/cred-api/#cred_save_data
=> https://toolset.com/documentation/programmer-reference/cred-api/#cred_submit_complete

And you can add your own logic to encrypt/decrypt custom field consent within any of the above hook that you should use as per your requirement.

Later you can use conditional display to check the current user role and based on that role you can again add a custom shortcode to decrypt your desired custom field content that should return the actual content to display on the frontend.

More info:
- https://toolset.com/documentation/programmer-reference/adding-custom-code/using-toolset-to-add-custom-code/
- https://toolset.com/documentation/programmer-reference/adding-custom-code/how-to-create-a-custom-shortcode/

[jorgeB-3]

Hi Minesh,

I have tried to implement this function to encrypt wpcf-nombre field:

add_action('cred_save_data', 'my_save_data_action',10,2);
function my_save_data_action($post_id, $form_data)
{
// if a specific form
if ($form_data['id']==1004 || $form_data['id']==1000)
{
if (isset($_POST['wpcf-nombre']))
{
$ciphertext = encrypt_dato ($post_id, $_POST['wpcf-nombre']);

// add it to saved post meta
update_post_meta($post_id, 'wpcf-nombre', $ciphertext, true);
}
}
}

function encrypt_dato( $post_id, $dato ) {
// Get the encryption key.
$key = get_option( 'encryption_key' );
$ciphering = "aes-128-gcm";
$nonce = random_bytes(12);
$tag = null;

// Encrypt the dato.
$ciphertext = openssl_encrypt( $dato, $ciphering, $key, 0, $nonce, $tag );

return $ciphertext;

}

but stores the wpcf-nombre as is and not encrypted.

Any suggestion?

[jorgeB-3]

Ok course, encryption_key has been created in the options table.

Thank you so much.

[Minesh]

I need problem URL of the form as well as admin access details and also tell me where you added the code you shared.

*** Please make a FULL BACKUP of your database and website.***
I would also eventually need to request temporary access (WP-Admin and FTP) to your site. Preferably to a test site where the problem has been replicated if possible in order to be of better help and check if some configurations might need to be changed.

I have set the next reply to private which means only you and I have access to it.

[Waqar]

Hi Jorge,

Thank you for sharing these details.

Just wanted to let you know that Minesh is on holiday today.

He'll be back tomorrow and will be able to follow up on this ticket, accordingly.

Thank you for your patience.

regards,
Waqar

[Minesh]

Can you please check now.

I've adjusted the code snippet code as given under:

add_action('cred_save_data', 'my_save_data_action',99,2);
function my_save_data_action($post_id, $form_data) {
	// if a specific form
    if ($form_data['id']==1004 || $form_data['id']==1000)
    {
        if (isset($_POST['wpcf-nombre']))
        {
			$ciphertext = encrypt_dato($post_id, $_POST['wpcf-nombre']);
			// add it to saved post meta
            update_post_meta($post_id, 'wpcf-nombre', $ciphertext);
        }
    }
}

Where I changed the priority of the hook to 99 and set the update_post_meta() code line from:

 update_post_meta($post_id, 'wpcf-nombre', $ciphertext,true);

To

 update_post_meta($post_id, 'wpcf-nombre', $ciphertext);

I can see in the backend the name field value is encrypted.
- hidden link

[jorgeB-3]

Thank you so much, Minesh.

Now I need to decrypt the string and show it in a Views loop.

The action I have coded is:

add_action('show_post_meta', 'decrypt_dato', 99, 2);
function decrypt_dato( $post_id ) {
// Get the encryption key.
$key = get_option( 'encryption_key' );
$ciphering = "aes-128-gcm";
$nonce = random_bytes(12);
$tag = null;
$ciphertext = get_post_meta( $post_id, 'wpcf-nombre', true );
// Decrypt the dato.
$dato = openssl_decrypt( $ciphertext, $ciphering, $key, 0, $nonce, $tag );

return $dato;
}

But, how to apply it to a view?

Best,

Jorge

[Minesh]

You should add a custom shortcode.

Can you please tell me to what view you want to display the decrypt field value.

Can you please share problem URL of the view and where on what page I can see the output of that view on the frontend.

[jorgeB-3]

Yes, of course.

There will be many views which will need to decrypt string but we can use View 709 as a example.

Here yo have a link to the page where this view is displayed: hidden link. You will se some Nombre already encrypted.

Thank you so much for your help.

[Minesh]

I've to rewrite the encrypt and decrypt function as what you wrote is not helpful.

With the following code snippet of WP Code:
- hidden link

I've adjusted the encrypt function as given under:

add_action('cred_save_data', 'my_save_data_action',99,2);
function my_save_data_action($post_id, $form_data) {
	// if a specific form
    if ($form_data['id']==1004 || $form_data['id']==1000)
    {
        if (isset($_POST['wpcf-nombre']))
        {
			$ciphertext = encrypt_dato($post_id, $_POST['wpcf-nombre']);
			// add it to saved post meta
            update_post_meta($post_id, 'wpcf-nombre', $ciphertext);
			
        }
    }
}

// función de encriptación
	function encrypt_dato( $post_id, $dato ) {
	  
	  $key = get_option( 'encryption_key' );
	  $ciphering = "AES-128-CTR";
 		// Use OpenSSl Encryption method
		$iv_length = openssl_cipher_iv_length($ciphering);
		$options = 0;
 
	// Non-NULL Initialization Vector for encryption
	$encryption_iv = '1234567891011121';
 
	// Use openssl_encrypt() function to encrypt the data
	$encryption = openssl_encrypt($dato, $ciphering,$key, $options, $encryption_iv);
				
		return $encryption;
}

To decrypt the value of the custom field, I've added the following code snippet to "Custom Code" section offered by Toolset:
=> hidden link

add_shortcode('show_decrypt_value', 'func_decrypt_dato');
function func_decrypt_dato($atts) {
	global $post;
	
	  $decryption = '';
	  $key = get_option( 'encryption_key' );
	  //$ciphering = "aes-128-gcm";
      $ciphering = "AES-128-CTR";
	 $decryption_iv = '1234567891011121';
     $options = 0;
  
	 
	  $ciphertext = get_post_meta( $post->ID, 'wpcf-'.$atts['field'], true );
      $decryption=openssl_decrypt ($ciphertext, $ciphering,$key, $options, $decryption_iv);
      

  return $decryption;
}

Then I've added the following entry using the form: hidden link
=> hidden link

Then with your view's "Loop item in Buscador de pacientes" section I've added the above shortcode as given under:
=> hidden link

<td>[types field="nombre"][/types]==[show_decrypt_value field="nombre"]</td>

It displays as given under on the frontend with your view:
- hidden link

As you can see it displays first the original value and then decrypted value using the shortcode:
- [show_decrypt_value field="nombre"]

You can adjust the output as required.

[jorgeB-3]

Thank you so much, Minesh.

Your solution works really well.

Best regards.