PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Encrypt data or prevent its being stored to DB

Gravity Support Forums » Plugin Support » Gravity Forms

  1. BIGLIFE
    Member

    I am gathering personal data in a donation form and I would like to either keep certain fields (credit card) from posting to the database at all or encrypt them via "Gform save field value." First let me state that I am a noobie, so bear with me. I would place this in my WP functions.php file right?

    OK, I understand most of the arguments but I'm a bit lost on the "$lead." Could someone enlighten me? How would I gather this info? Is this part of the POST from a submission?

    To encrypt multiple fields do I call this function again or can I combine into one call? Lastly, is there a way to keep certain fields from even being saved in database?

    Posted 12 years ago on Monday August 29, 2011 | Permalink

  2. Carl Hancock
    Administrator

    You have described two different things. You can either encrypt the data, or you can delete it from the entry after it's been processed so it is not stored. If it's a Credit Card number I would suggest either deleting it, or changing it's value so it only retains the last 4 digits.

    Which method you choose is going to depend on what you are doing with this data.

    If you need it visible in the entry details by an admin then you'd have to encrypt and decrypt it.

    If you are processing the credit card when the form is submitted via a customization, then you would just store a portion of the card data and not the entire card number after it's been processed.... but only if you are processing the card automatically when the form is submitted via a customization.

    Let me know which you would prefer and I can point you in the right direction.

    Posted 12 years ago on Tuesday August 30, 2011 | Permalink

  3. BIGLIFE
    Member

    I would like to go with the deletion method.

    Posted 12 years ago on Tuesday August 30, 2011 | Permalink

  4. Carl Hancock
    Administrator

    You would write custom PHP and add it to your themes functions.php (or create a custom plugin if you know how to do that) that uses the gform_post_submission hook to manipulate the value of the field you are using for the credit card.

    Here is documentation on the gform_post_submission hook:

    http://www.gravityhelp.com/documentation/page/Gform_post_submission

    It has access to the Entry object for accessing and changing entry data.

    This hook is fired after the entire form process is complete and an entry exists. So it would be fine to do what you need to do at this point.

    Posted 12 years ago on Tuesday August 30, 2011 | Permalink

  5. BIGLIFE
    Member

    Thanks Carl,
    I am currently using that hook to send data to a third party, so I'm familiar with it. What I don't understand is how to access the entry in the database once its been submitted to change it. I do not want to keep credit card info in my WP database. Once I get a hold of it I would apply this code to strip the number and leave only the last four:

    $entry['22'] = str_repeat('x', (strlen($entry['22']) - 4)) . substr($entry['22'],-4,4);

    Could I not use the "Gform save field value" to change the value?

    Posted 12 years ago on Wednesday August 31, 2011 | Permalink

  6. Carl Hancock
    Administrator

    When you use the gform_post_submission hook to access and manipulate the entry object you ARE accessing the entry in the database once it's been submitted.

    The gform_save_field_value hook happens BEFORE the value is stored in the database. So yes, you could use that too as long as you are processing the credit card field to do whatever you need to do with it before this hook is fired.

    Posted 12 years ago on Wednesday August 31, 2011 | Permalink

  7. BIGLIFE
    Member

    Ok...What am I missing?

    add_action("gform_post_submission_9", "donation", 10, 2);
function donation($entry, $form){
	include("donate.php"); //This has a bunch of my third party processing stuff
	$entry['22'] = str_repeat('x', (strlen($ccNumber) - 4)) . substr($ccNumber,-4,4);
}
    Posted 12 years ago on Wednesday August 31, 2011 | Permalink

  8. Alex Cancado
    Administrator

    I think the best way to handle this is using a combination of hooks. Use the gform_save_field_value to truncate the credit card number and then use the gform_post_submission to do your third party integration. The only thing you have to be aware of, is that you will need to use the $_POST variable in the gform_post_submission hook in order to access the full credit card number. If you use the $entry variable, you will only get the truncated number.

    add_action("gform_post_submission_9", "donation", 10, 2);
function donation($entry, $form){

    //NOTE: need to access credit card via the $_POST global variable because the $entry variable will only have the last 4 characters
    $full_credit_card = $_POST["input_22"];    

    include("donate.php"); //This has a bunch of my third party processing stuff
}

add_filter("gform_save_field_value", "save_field_value", 10, 4);
function save_field_value($value, $lead, $field, $form){

    //trimming credit card field to last 4 digits
    if($form["id"] == 9 && $field["id"] == 22)
        $value = str_repeat('x', (strlen($value) - 4)) . substr($value,-4,4);

    return $value;
}
    Posted 12 years ago on Wednesday August 31, 2011 | Permalink

  9. BIGLIFE
    Member

    Alex,
    You're the man! That worked great.
    Thanks so much.

    Posted 12 years ago on Thursday September 1, 2011 | Permalink

  10. Alex Cancado
    Administrator

    Very nice! I am glad it worked out for you.

    Posted 12 years ago on Thursday September 1, 2011 | Permalink

This topic has been resolved and has been closed to new replies.