Technical Blog: October 2017

Hi Everybody,

As you know, if you want user data(email, name etc) security in db, then you must encrypt data.
So at the time of adding data you need to encrypt data and at the time of retrieve data you need to decrypt data.
Below is the implementation of encryption and decryption of user data in Laravel

in Model(User.php)

<?php

namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
use App\Traits\EncryptableTrait;

class User extends Authenticatable {
{
use EncryptableTrait;

protected $table = 'users';

/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = ['role_id', 'user_type', 'first_name', 'last_name', 'email', 'password', 'is_verified', 'status'];

protected $encryptable = [
'first_name', 'last_name', 'email'
];

}

Here i have written encrypt and decrypt code in trait EncryptableTrait.php

<?php
namespace App\Traits;

use Illuminate\Support\Facades\Crypt;

trait EncryptableTrait {

protected $encryptKey;

public function getAttribute($key)
{
$value = parent::getAttribute($key);

if (in_array($key, $this->encryptable) && ( ! is_null($value)))
{
$value = $this->deCryptData($value);
}

return $value;
}

public function setAttribute($key, $value)
{
if (in_array($key, $this->encryptable))
{
$value = $this->encryptData($value);
}
return parent::setAttribute($key, $value);
}

private function encryptData($value)
{
$encryptValue = '';
$cbSrc = strlen($value);
$encryptKey = \Config::get('app.encryption_key');
$encryptKeySize = strlen($encryptKey);
for($NdxKey = 0, $i = 0; $i < $cbSrc; $i++)
{
$encryptValue .= sprintf("%02X", (ord($value[$i]) ^ ord($encryptKey[$NdxKey++])) & 0xFF);

if ($NdxKey >= $encryptKeySize)
$NdxKey = 0;
}
return $encryptValue;
}

private function deCryptData($value)
{
$decryptValue = '';
$cbSrc = strlen($value);
$encryptKey = \Config::get('app.encryption_key');
$encryptKeySize = strlen($encryptKey);
$deVal = null;

for($NdxKey = 0, $i = 0; $i < $cbSrc; $i += 2)
{
sscanf($value[$i] . $value[$i + 1], "%x", $deVal);
$decryptValue .= sprintf("%c", ($deVal ^ ord($encryptKey[$NdxKey++])) & 0xFF);

if ($NdxKey >= $encryptKeySize)
$NdxKey = 0;
}
return $decryptValue;
}
}
?>

Note:-You can use laravel predefined encrypt method here, but this method give you different encrypt string for same string, but the method i have used provide same encrypted value all time

in config/app.php

'encryption_key' => env('APP_KEY'),

This APP_KEY should never change.

Thanks.

Hi Everybody,

After a long time i am posting this.

It is normal issue, after logout when user click on browser back button, it display dashboard or after login pages some time.
So fix this issue in laravel we can use middleware.

Create middleware

php artisan make:middleware RevalidateBackHistory

Within RevalidateBackHistory middleware, we set the header to no-cache and revalidate.

<?php
 
namespace App\Http\Middleware;
 
use Closure;
 
class RevalidateBackHistory
{
 /**
 * Handle an incoming request.
 *
 * @param \Illuminate\Http\Request $request
 * @param \Closure $next
 * @return mixed
 */
 public function handle($request, Closure $next)
 {
 $response = $next($request);
  
 return $response->header('Cache-Control','nocache, no-store, max-age=0, must-revalidate')
 ->header('Pragma','no-cache')
 ->header('Expires','Fri, 01 Jan 1990 00:00:00 GMT');
 }
}

Update the application’s route middleware in Kernel.php

protected $routeMiddleware = [
    .
    .
    'revalidate' => \App\Http\Middleware\RevalidateBackHistory::class,
    .
    .
    ];

And that’s all! So basically you just need to call revalidate middleware for routes which require user authentication.

Thanks...

Technical Blog

Tuesday 17 October 2017

Encryption user data in Laravel

Browser back button after logout Laravel