So I tried to test out the following code:

Submitting the data in plaintext via a simple testform:

Code: Select all

<cms:template order ="99" hidden="1" access_level='4' clonable="1" hidden="1" >

<cms:editable type="text" label="Vorname" name="vv_vorname" />

</cms:template>

<main>
   <div class="container">
      <h2>
         <cms:show vv_vorname/>
      </h2>

      <form action="actiontest.php" method="post">
      Vorname <input type="text" value="<cms:show vv_vorname/>" name="vorname"><br>
      <input type="submit">
      </form>
   </div>
</main>

Which then gets pushed to another page which encrypts the plaintext data:

Code: Select all

<cms:template order ="99" hidden="1" access_level='4' clonable="1" hidden="1" />

<?php
   $cipher = new Crypt_Twofish();
   $cipher->setKey('2W76Q6fMX2Wp031tnZjR6f63IVrXHpjO');

   $enc_vorname = $cipher->encrypt($_POST["vorname"]);

   global $CTX;
   $CTX->set('db_vorname', $enc_vorname, 'global');
?>

And till that point it works quite well, <cms:dump> spits out the db_vorname variable as the encrypted string.
I can even decrypt it, using some simple php and <cms:show>.

The problem is, I can't get it to save to the database as the initial variable set by the editable 'vv_vorname'
I googled back and forth and found the db_persist tag and came up with the following code:

Code: Select all

<cms:pages masterpage="test.php">
   <cms:db_persist 
       _masterpage=k_template_name
       _mode='edit'
       _page_id=k_page_id
       _separator='|'
       _invalidate_cache='0'
       _auto_title='0'
       vv_vorname = db_vorname
   />
      <main>
         <h2>
            <cms:php>
               $cipher = new Crypt_Twofish();
               $cipher->setKey('2W76Q6fMX2Wp031tnZjR6f63IVrXHpjO');
               echo $cipher->decrypt('<cms:show vv_vorname />');
            </cms:php>
         </h2>
      </main>
</cms:pages>

Which does nothing, or at least not what I want it to do, since the variable vv_vorname is empty, every time I test it.
So some part of the code apparently works, since it overwrites the variable with empty space.
But the content of db_vorname does not get passed to vv_vorname of the initial template.

What might I be doing wrong? I've tried to solve that problem with a lot of forum reading and google for some time now, but I can't get it working. Thanks in advance for the help.

[trendoman]

With your provided code, each cloned page of test.php should have the vv_vorname overwritten. There is no doubt in my opinion your code works as intended.

However, the part where you try to show the variable after updating will work differently from what perhaps was planned.

After db_persist completes inside of <cms:pages />, it doesn't make db automatically re-quered for freshest values. It should be done separately with get_custom_field or in a new <cms:pages/> loop or plainly display last inserted value as it is almost inevitably pushed to template.

Last option below

Code: Select all

       <cms:db_persist
           _masterpage=k_template_name
           _mode='edit'
           _page_id=k_page_id
           _separator='|'
           _invalidate_cache='0'
           _auto_title='0'
           vv_vorname = db_vorname
       >
           <cms:if k_persist_error>
              <!-- error while updating variable -->
           <cms:else />
              <!-- All OK, show  db_vorname -->
              <main>
                 <h2>
                    <cms:php>
                       //$cipher = new Crypt_Twofish();
                       //$cipher->setKey('2W76Q6fMX2Wp031tnZjR6f63IVrXHpjO');
                       //echo $cipher->decrypt('<cms:show db_vorname />');
                       echo ('<cms:show db_vorname />');
                    </cms:php>
                 </h2>
              </main>
            </cms:if>
        </cms:db_persist>

Attached is a working (in 1.4.7) template, I tested whole thing in a single template for brevity. Can you try that and confirm it's saving/loading correctly?

Attached is a working (in 1.4.7) template, I tested whole thing in a single template for brevity. Can you try that and confirm it's saving/loading correctly?

I tested your code in my dev environment (witch couch 2.0) and it works flawlessly there.

[trendoman]

Thanks, my code has improved a lot
Mysql log can also help shed some light in debugging process.

Looks like it was not solved as easily as I thought.
Your unmodified code worked flawlessly and I tried to add the encryption afterwards.

But then I ran into the same problem as before, Couch does not pass the encrypted string to the other variable.

The encryption library which I am using: http://phpseclib.sourceforge.net/index.html

The updated code:

Code: Select all

<?php require_once( 'couch/cms.php' ); ?>

<?php include('Crypt/Twofish.php'); ?>

<cms:template order ="99" hidden="1" access_level='4' clonable="1" hidden="1" >

<cms:editable type="text" label="Vorname" name="vv_vorname" />

</cms:template>

<main>
   <div class="container">
      <h2>
         <cms:show vv_vorname/>
      </h2>

      <form action="test.php" method="post">
      Vorname <input type="text" value="<cms:show vv_vorname/>" name="vorname"><br>
      <input type="submit">
      </form>
   </div>
</main>

<cms:php>

   error_log( print_r($_REQUEST, true));

   $cipher = new Crypt_Twofish();
   $cipher->setKey('495n3v40r4c9kpM45s3rLL5BfHemJe8S');

   $enc_vorname = $cipher->encrypt($_POST["vorname"]);

   global $CTX;
   $CTX->set('db_vorname', $enc_vorname, 'global');

</cms:php>

<cms:if db_vorname >
    db_vorname is set: <cms:show db_vorname />


    <h1 style="color:green">Now showing variable if successfully saved:</h1>
    <cms:pages masterpage=k_template_name >
       <cms:db_persist
           _masterpage=k_template_name
           _mode='edit'
           _page_id=k_page_id
           _separator='|'
           _invalidate_cache='0'
           _auto_title='0'
           vv_vorname = db_vorname
       >
           <cms:if k_persist_error>
              <!-- error while updating variable -->
           <cms:else />
              <!-- All OK, show  db_vorname -->
              <main>
                 <h2>
                    <cms:php>
                       $cipher = new Crypt_Twofish();
                       $cipher->setKey('2W76Q6fMX2Wp031tnZjR6f63IVrXHpjO');
                       echo $cipher->decrypt('<cms:show db_vorname />');
                       echo ('<cms:show db_vorname />' . '<span style="color: #dddddd;"> - <i><cms:show k_page_title /></i></span>');
                    </cms:php>
                 </h2>
              </main>
            </cms:if>
        </cms:db_persist>
    </cms:pages>

    <h1 style="color:green">Now fetching updated variable from db:</h1>

    <cms:pages masterpage=k_template_name >
        <cms:if vv_vorname>
            <h2><cms:show vv_vorname /><span style="color: #dddddd;"> - <i><cms:show k_page_title /></i></span></h2>
        <cms:else />
            <h2 style="color:red">Nuthin in "<cms:show k_page_title />"</h2>
        </cms:if>
    </cms:pages>

</cms:if>

<?php COUCH::invoke(); ?>

While testing out different stuff I got an error sometimes that an unexpected character showed up in tags.php.
Maybe the encrypted sting trips some part of the scripts against SQL injection?

[trendoman]

I wonder what does the encrypted string look like?
I'm lazy to download this lib, please post a series of sample encoded strings.

Also in your posted code encryption-keys are different. Is this normal?

The different encryption keys was just me forgetting to copy the test key over to the decryption script.
I should change that anyway, since the key shouldn't be hardcoded. But it is good enough for testing purposes.

Here some encrypted strings:
��s�n�i�^�J�Lz~
��y����T�2�~
H�v�|��(�x�o

A lot of placeholders in them, since my browser apparently can't display all symbols that are used.

[trendoman]

As per MySQL manual, https://dev.mysql.com/doc/refman/5.5/en ... tions.html,

Many encryption and compression functions return strings for which the result might contain arbitrary byte values. ... potential problems with trailing space removal or character set conversion that would change data values..

CouchCMS storage is configured to be text-based, not binary-based. Means, your "naked" encrypted data is not text, hence problems with saving.

General solutions, I learned, include changing the column type or using internal mysql functions to sanitize the string before storing it. All of these are not applicable for CouchCMS. So, the only way out would be to convert encrypted data to text-representation temporarily with base64 encoding, then store in db and upon read - first decode from base64 and then decipher.

Following should help:

Code: Select all

$enc_vorname = $cipher->encrypt($_POST["vorname"]);
$enc_vorname = base64_encode($enc_vorname); // encode the encrypted

Code: Select all

$cipher = new Crypt_Twofish();
$cipher->setKey('123456');
echo $cipher->decrypt(base64_decode('<cms:show db_vorname />')); // decrypt the decoded

src: http://stackoverflow.com/a/6012651

And with that it works. Thanks you very much.