• Hello Fabrik Community

    Fabrik is now in the hands of the development team that brought you Fabrik for Joomla 4. We have recently transitioned the Fabrik site over to a new server and are busy trying to clean it up. We have upgraded the site to Joomla 4 and are running the latest version of Fabrik 4. We have also upgraded the Xenforo forum software to the latest version. Many of the widgets you might have been used to on the forum are no longer operational, many abandoned by the developers. We hope to bring back some of the important ones as we have time.

    Exciting times to be sure.

    The Fabrik 4.0 Official release is now available. In addition, the Fabrik codebase is now available in a public repository. See the notices about these in the announcements section

    We wish to shout out a very big Thank You to all of you who have made donations. They have really helped. But we can always use more...wink..wink..

    Also a big Thank You to those of you who have been assisting others in the forum. This takes a very big burden off of us as we work on bugs, the website and the future of Fabrik.

Encrypt Fabrik Connection Password

hvarun

New Member
Hi..In what format is the fabrik connection password encrypted and stored in the database? is there a reference php code for encrypting it and storing in database manually?

Thanks in advance :)

Regards,
Varun
 
Interesting you should ask that, I was actually in the middle of working on some changes to it, to use a more secure crypto method.

When you say "storing it manually", do you mean outside of J! entirely?

We currently do this:

Code:
$crypt = FabrikWorker::getCrypt();
$data['password'] = $crypt->encrypt($data['password']);

... prior to storing the #__fabrik_connections data.

The FabrikWorker::getCrypt() does this:

Code:
    public static function getCrypt()
    {
        jimport('joomla.crypt.crypt');
        jimport('joomla.crypt.key');
        $config = JFactory::getConfig();
        $secret = $config->get('secret', '');

        if (trim($secret) == '')
        {
            throw new RuntimeException('You must supply a secret code in your Joomla configuration.php file');
        }

        $key   = new JCryptKey('simple', $secret, $secret);
        $crypt = new JCrypt(new JCryptCipherSimple, $key);

        return $crypt;
    }

... which is obviously suboptimal, as it stores using the (very!) deprecated and insecure JCryptCipherSimple. Although if someone is reading your #__fabrik_connections table, you probably already have bigger problems to worry about.

So anyway, as long as you are within J!, you can use the code form that helper function to encrypt your password such that we can then decrypt it. If you are running in a Fabrik context, you could use that helper function directly.

If you are outside of J!, you'd have to emulate the JCrypt / JCryptCipherSimple encoding, using the 'secret' from your J! configuration.php.

-- hugh
 
We are in need of some funding.
More details.

Thank you.

Members online

Back
Top