diff --git a/core/a/mysql.db.php b/core/a/mysql.db.php index 0631350..0b3b23e 100644 --- a/core/a/mysql.db.php +++ b/core/a/mysql.db.php @@ -75,11 +75,12 @@ abstract class Db implements IDb * @desc will update the a row with the $rowset parameter by the given id * @param array $rowData * @param int $id + * @param string $encrypted * @return bool */ - public function updateRowById(array $rowData, int $id): bool + public function updateRowById(array $rowData, int $id, string $encrypted = ""): bool { - return Pdo::updateRowById( self::getTable()['table'], self::getTable()['fields'], $rowData, $id ); + return Pdo::updateRowById( self::getTable()['table'], self::getTable()['fields'], $rowData, $id, $encrypted ); } /** diff --git a/core/c/pdo.php b/core/c/pdo.php index 511c764..3def1e2 100755 --- a/core/c/pdo.php +++ b/core/c/pdo.php @@ -187,17 +187,19 @@ final class pdo extends Mysql implements IPdo * @param string $tableName The name of the table to update. * @param array $data An associative array where keys are column names and values are the new values for those columns. * @param int $id The value of the primary key for the row to update. + * @param string $encrypted The field that has encrypted data for handling correct field encryption * * @return bool Returns true on success or false on failure. */ - public static function updateRowById(string $tableName, array $columnNames, array $data, int $id): bool + public static function updateRowById(string $tableName, array $columnNames, array $data, int $id, string $encrypted = IMysql::PLACE_DES_ENCRYPT): bool { try { // Inside a method of the mysql.db.php class or its subclass $validTables = self::loadTableNames(); // Validate the table name - if (!in_array($tableName, $validTables, true)) { + if (!in_array($tableName, $validTables, true)) + { throw new \InvalidArgumentException("FATAL ERROR in main CORE updateRowById: Invalid table name: {$tableName}"); } @@ -214,8 +216,8 @@ final class pdo extends Mysql implements IPdo // Fetch the primary key field name $queryPrimaryKey = "SELECT COLUMN_NAME FROM information_schema.COLUMNS - WHERE TABLE_NAME = :tableName - AND COLUMN_KEY = 'PRI' LIMIT 1;"; + WHERE TABLE_NAME = :tableName + AND COLUMN_KEY = 'PRI' LIMIT 1;"; $stmtPrimaryKey = $pdo->prepare($queryPrimaryKey); $stmtPrimaryKey->bindValue(':tableName', $tableName); $stmtPrimaryKey->execute(); @@ -229,7 +231,13 @@ final class pdo extends Mysql implements IPdo $query = "UPDATE " . $tableName . " SET "; $updateParts = []; foreach ($data as $column => $value) { - $updateParts[] = $column . " = :" . $column; + if ($column === $encrypted) + { + // Encrypt the value using DES_ENCRYPT function + $updateParts[] = "$column = DES_ENCRYPT(:$column, :key)"; + } else { + $updateParts[] = "$column = :$column"; + } } $query .= implode(', ', $updateParts); $query .= " WHERE " . $primaryKeyField . " = :primaryKeyValue"; @@ -237,6 +245,11 @@ final class pdo extends Mysql implements IPdo foreach ($data as $column => $value) { $stmt->bindValue(':' . $column, $value); } + if ($encrypted != "") + { + $key = Config::getInstance()->getConfig()[View::NIBIRU_SECURITY]["password_hash"]; + $stmt->bindValue(':key', $key); + } $stmt->bindValue(':primaryKeyValue', $id); return $stmt->execute(); } catch (\PDOException $e) { diff --git a/core/i/IDb.php b/core/i/IDb.php index 040daae..0e8ff35 100755 --- a/core/i/IDb.php +++ b/core/i/IDb.php @@ -13,9 +13,10 @@ interface IDb * @desc will update the a row with the $rowset parameter by the given id * @param array $rowData * @param int $id + * @param string $encrypted * @return mixed */ - public function updateRowById( array $rowData, int $id ); + public function updateRowById( array $rowData, int $id, string $encrypted = "" ); /** * @desc updates a row by a given field and field where search value