m17hr1l/nibiru-framework.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add encryption handling to updateRowById method

Browse Source 
Extended the updateRowById method across mysql, pdo, and IDb to support encrypted fields. Updated the PDO update logic to conditionally encrypt data using DES_ENCRYPT when specified. This ensures sensitive data is managed securely during updates.
This commit is contained in:
Stephan Kasdorf
2024-10-25 13:59:41 +02:00
parent f1ebcef60f
commit a68a1970c8
3 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/a/mysql.db.php
View File

@@ -75,11 +75,12 @@ abstract class Db implements IDb
* @desc will update the a row with the $rowset parameter by the given id * @desc will update the a row with the $rowset parameter by the given id
* @param array $rowData * @param array $rowData
* @param int $id * @param int $id
* @param string $encrypted
* @return bool * @return bool
*/ */
public function updateRowById(array $rowData, int $id): bool public function updateRowById(array $rowData, int $id, string $encrypted = ""): bool
{ {
return Pdo::updateRowById( self::getTable()['table'], self::getTable()['fields'], $rowData, $id ); return Pdo::updateRowById( self::getTable()['table'], self::getTable()['fields'], $rowData, $id, $encrypted );
} }
/** /**

23
core/c/pdo.php
View File

@@ -187,17 +187,19 @@ final class pdo extends Mysql implements IPdo
* @param string $tableName The name of the table to update. * @param string $tableName The name of the table to update.
* @param array $data An associative array where keys are column names and values are the new values for those columns. * @param array $data An associative array where keys are column names and values are the new values for those columns.
* @param int $id The value of the primary key for the row to update. * @param int $id The value of the primary key for the row to update.
* @param string $encrypted The field that has encrypted data for handling correct field encryption
* *
* @return bool Returns true on success or false on failure. * @return bool Returns true on success or false on failure.
*/ */
public static function updateRowById(string $tableName, array $columnNames, array $data, int $id): bool public static function updateRowById(string $tableName, array $columnNames, array $data, int $id, string $encrypted = IMysql::PLACE_DES_ENCRYPT): bool
{ {
try { try {
// Inside a method of the mysql.db.php class or its subclass // Inside a method of the mysql.db.php class or its subclass
$validTables = self::loadTableNames(); $validTables = self::loadTableNames();
// Validate the table name // Validate the table name
if (!in_array($tableName, $validTables, true)) { if (!in_array($tableName, $validTables, true))
{
throw new \InvalidArgumentException("FATAL ERROR in main CORE updateRowById: Invalid table name: {$tableName}"); throw new \InvalidArgumentException("FATAL ERROR in main CORE updateRowById: Invalid table name: {$tableName}");
} }
@@ -214,8 +216,8 @@ final class pdo extends Mysql implements IPdo
// Fetch the primary key field name // Fetch the primary key field name
$queryPrimaryKey = "SELECT COLUMN_NAME FROM information_schema.COLUMNS $queryPrimaryKey = "SELECT COLUMN_NAME FROM information_schema.COLUMNS
WHERE TABLE_NAME = :tableName WHERE TABLE_NAME = :tableName
AND COLUMN_KEY = 'PRI' LIMIT 1;"; AND COLUMN_KEY = 'PRI' LIMIT 1;";
$stmtPrimaryKey = $pdo->prepare($queryPrimaryKey); $stmtPrimaryKey = $pdo->prepare($queryPrimaryKey);
$stmtPrimaryKey->bindValue(':tableName', $tableName); $stmtPrimaryKey->bindValue(':tableName', $tableName);
$stmtPrimaryKey->execute(); $stmtPrimaryKey->execute();
@@ -229,7 +231,13 @@ final class pdo extends Mysql implements IPdo
$query = "UPDATE " . $tableName . " SET "; $query = "UPDATE " . $tableName . " SET ";
$updateParts = []; $updateParts = [];
foreach ($data as $column => $value) { foreach ($data as $column => $value) {
$updateParts[] = $column . " = :" . $column; if ($column === $encrypted)
{
// Encrypt the value using DES_ENCRYPT function
$updateParts[] = "$column = DES_ENCRYPT(:$column, :key)";
} else {
$updateParts[] = "$column = :$column";
}
} }
$query .= implode(', ', $updateParts); $query .= implode(', ', $updateParts);
$query .= " WHERE " . $primaryKeyField . " = :primaryKeyValue"; $query .= " WHERE " . $primaryKeyField . " = :primaryKeyValue";
@@ -237,6 +245,11 @@ final class pdo extends Mysql implements IPdo
foreach ($data as $column => $value) { foreach ($data as $column => $value) {
$stmt->bindValue(':' . $column, $value); $stmt->bindValue(':' . $column, $value);
} }
if ($encrypted != "")
{
$key = Config::getInstance()->getConfig()[View::NIBIRU_SECURITY]["password_hash"];
$stmt->bindValue(':key', $key);
}
$stmt->bindValue(':primaryKeyValue', $id); $stmt->bindValue(':primaryKeyValue', $id);
return $stmt->execute(); return $stmt->execute();
} catch (\PDOException $e) { } catch (\PDOException $e) {

3
core/i/IDb.php
View File

@@ -13,9 +13,10 @@ interface IDb
* @desc will update the a row with the $rowset parameter by the given id * @desc will update the a row with the $rowset parameter by the given id
* @param array $rowData * @param array $rowData
* @param int $id * @param int $id
* @param string $encrypted
* @return mixed * @return mixed
*/ */
public function updateRowById( array $rowData, int $id ); public function updateRowById( array $rowData, int $id, string $encrypted = "" );
/** /**
* @desc updates a row by a given field and field where search value * @desc updates a row by a given field and field where search value