Can you encrypt an href link from within DataTables using Render?

Gstg

http://live.datatables.net/dohilawi/1/edit?html,output

Is it possible to encrypt an href using Render, so that you don't show the actual "row.user_id" from the example below? This way the actual user id would be encrypted and decrypted on the receiving page? So it would look like

Without Encryption:
"/profile/?user=123"

With Encryption:
"/profile/?user=lkasfiJUAfg09ASGFlkASkdhjl"

Code Example:

{ data: 'user_name',
render: function ( data, type, row ) {
return '<a href="/profile/?user='+row.user_id" style="color:blue">'+row.user_name;
}

Thanks for any help on this issue.

colin

Yep, you can do whatever you want with the data in columns.render, so yep, you can encrypt the data anyway you like. The only issue with doing that encryption on the client is that any tech-savvy user would be able to get the encrypted value still, so it might be better to use do that on a server and pass the encrypted fields with Ajax.

Colin

Gstg

Thanks. Do you have an example of how that can be done in Ajax?

Our current Ajax looks like this:

// Build our Editor instance and process the data coming from _POST
 Editor::inst( $db, 'usere', 'user_name' )
    ->fields(
        Field::inst( 'user_name' ),
        Field::inst( 'introduction' ),
        Field::inst( 'country' ),
        Field::inst( 'user_id' )->setValue($wp_userID)
    )
//  ->where('wp_user_id', $wp_userID)
    ->process( $_POST )
    ->json();

Where would the encryption take place?

Thanks

Edited by Colin - Syntax highlighting. Details on how to highlight code using markdown can be found in this guide.

allan

You would use a formatter function to do it.

You'd need to change your encryption key per session as well - there is no point in just encrypting it using some static method, since the encrypted id would just be a direct replacement for your actual id.

You'll also need to decode the id on the server-side. But to be honest, if someone has already got into the system to the point where they can use ids, then this might be the least of your worries .

Allan

Gstg

I was looking into doing a a custom format.

Field::inst( 'status' )
->getFormatter( function ( $val, $data ) {
return $val ?
? 'Done'
: 'To Do';
} )

But not sure how to get the encryption into the custom formatter? 'm, sort of thinking of something like this?

            { data: 'user_name',
                                  ->getFormatter( function ( $val, $data ) {
                                         render: function ( data, type, row ) {
                                         return '<a href="/profile/?user='+row.user_id+' " style="color:blue">'+row.user_name;
                                        }
                                      }                                      
                                    )                            
                            },

But looking to change:

<?php user='+row.user_id+' ?>

Into something like this:

$iv_len = openssl_cipher_iv_length("AES-256-CBC");
$encr_iv = random_bytes($iv_len);
$encr_key = openssl_digest(php_uname(), 'MD5', TRUE);

$encr = openssl_encrypt(row.use_id, "AES-256-CBC", $encr_key, 0, $encr_iv);

<?php user='+$encr+' ?>

How would a custom function be written to allow for the PHP conversion that would allow for an encryption to be done and fed back into the custom formatter? I've read the documentation, but don't understand an example of how to use it. I looked in the forums but was unable to see a good example.

I purchased credits through the Editor and would gladly purchase more or use some outstanding ones to create this function, so that I could use some form of encryption into the tables to allow for Href formatting.

allan

The code block there mixes bot Javascript and PHP, so that wouldn't work I'm afraid.

However, what you could do is something like:

$iv_len = openssl_cipher_iv_length("AES-256-CBC");
$encr_iv = random_bytes($iv_len);
$encr_key = openssl_digest(php_uname(), 'MD5', TRUE);

...

Field::inst( 'use_id' )
  ->getFormatter( function ( $val, $data ) use ($encr_key, $encr_iv) {
    return openssl_encrypt($val, "AES-256-CBC", $encr_key, 0, $encr_iv);
  } )

Then the encrypted string can be used on the client-side as simply:

data: 'use_id'

Let me know how you get on with that!

Allan

Gstg

...

Gstg

I think I got it working ... very excited. Do you know if there is anyway for the encrypted key to NOT have things that might screw up an HTML link?

So the intention is to use this as an encrypted key from the DataTables to allow for a user to click and see another user's profile. But I don't want the user clicking the table to be able to see the user's ID number so I just want to mask it or hide it. Would be great if it could be sent via POST or SESSION, but I can't seem to figure out a way to do that inside an Href on the tables ... so I'm opting for some form of encryption

Gstg

I found a simple solution. Just wanted to post it here for others:

Field::inst( 'user' )->getFormatter( function ( $val, $data ) use ($encr_key, $encr_iv) { return urlencode(openssl_encrypt($val, "AES-256-CBC", $encr_key, 0, $encr_iv)); } )

And then on the other side:

$userID = urldecode(openssl_decrypt ($_GET['u'], "AES-256-CBC", $encr_key, 0, $encr_iv));

Thanks so much for all the help. Allan has been a major help in this project and just wanted to say what an amazing job the team has done in helping out. 8-)

allan

Hi,

Thanks for your kind words, and great to hear that you for this working now! Yes, urlencode would be the correct way to do this.

Regards,
Allan

Shivani Vyas

@Gstg Hi.. I have a similar issue. Can you please help me by checking below link ? I will really appreciate your help.

https://datatables.net/forums/discussion/71184