Bienvenue, Invité
Nom d'utilisateur : Mot de passe : Se souvenir de moi

SUJET : Plugin to decrypt URL parameters / prefilled answers

Plugin to decrypt URL parameters / prefilled answers il y a 9 mois 1 semaine #102397

  • Spydre13
  • Portrait de Spydre13
  • Hors ligne
  • Silver Donor
  • Messages : 7
  • Karma: 0
I've been looking for a while for a way to prefill answers without the answers being sent in cleartext and stored in the browser history. I think when using HTTPS the parameters will be encrypted, but they are still stored in the browser history on the URL.

With the new plugin architecture in 2.05, is it possible to create a plugin that takes an encrypted parameter, decrypts it, and sets the parameters/prefilled answers based on that? I already have the functions to encrypt/decrypt the text, so I just need to know if it's possible to accomplish this with a plugin and have someone point me in the right direction.

I would also send an "expires" parameter, which would get decrypted and the plugin would verify if the link is still valid. That way I can set each link to expire in a set amount of time from when it was generated.

I would be willing to pay/donate for help with this solution.

Thanks,
Nate
L'administrateur a désactivé l'accès en écriture pour le public.

Plugin to decrypt URL parameters / prefilled answers il y a 9 mois 1 semaine #102427

  • sammousa
  • Portrait de sammousa
  • Hors ligne
  • Fresh Lemon
  • Messages : 6
  • Remerciements reçus 1
  • Karma: 1
Hi Nate,

This sounds like a great idea for a plugin!

The procedure to create such a plugin would be simple:
- Check if an appropriate event exists (ie. beforeSurveyStart), that allows you to edit the response.

- If not, go to the bugtracker and request the event, provide as much detail as possible, tell us what it should do and what you plan to use it for (this forum post is a good start =)

- Create a plugin based on one of our example plugin(s) that registers for the appropriate events and decrypts the data sent in the requests and applies it to the current response.

As far as I know we don't have the appropriate event yet, however adding events is a trivial task and definitely something we are open to.

I am wondering though, is your goal to prevent changing the values or to prevent reading the values?
If you just want to prevent users changing the values you can always add a hash parameter and hash the URL combined with a secret key. That way any change in the URL will invalidate it. It will not however protect the values passed from being discovered by the user.
L'administrateur a désactivé l'accès en écriture pour le public.

Plugin to decrypt URL parameters / prefilled answers il y a 9 mois 1 semaine #102433

  • Spydre13
  • Portrait de Spydre13
  • Hors ligne
  • Silver Donor
  • Messages : 7
  • Karma: 0
sammousa,

Could you elaborate on what the beforeSurveyStart event currently does, or is there a place I haven't found that explains it better? I will take a look at the example plugins in 2.05RC7 and see if I can get started.

My goal is to be able to pass information in securely (encrypted on the URL, and therefore in browser history) and prevent someone who discovers the URL at a later date (from browser history or e-mail) from re-entering the survey and viewing answers whether it is complete or incomplete.

What I am currently doing with version 1.91+ is similar to what you suggested. I'm taking the prefill parameters, adding a URL expiration date/time, and encrypting it. However, I would like LimeSurvey to decrypt this information directly instead of my external script, because right now the external script still has to redirect the users to the limesurvey site with the parameters un-encrypted.

Thanks!
L'administrateur a désactivé l'accès en écriture pour le public.

Plugin to decrypt URL parameters / prefilled answers il y a 9 mois 1 semaine #102442

  • sammousa
  • Portrait de sammousa
  • Hors ligne
  • Fresh Lemon
  • Messages : 6
  • Remerciements reçus 1
  • Karma: 1
If you just want to make sure they cant get back into the survey after completion, that option is already available.

Anyway, the beforeSurveyStart event does not exist yet; but you can request it via the bugtracker!
L'administrateur a désactivé l'accès en écriture pour le public.

Plugin to decrypt URL parameters / prefilled answers il y a 8 mois 4 semaines #102747

  • DenisChenu
  • Portrait de DenisChenu
  • Hors ligne
  • Moderator Lime
  • Messages : 6334
  • Remerciements reçus 818
  • Karma: 243
Hi,

I think this one : github.com/LimeSurvey/LimeSurvey/pull/161 (beforeSurveyPage) can do the trick.

Think you can use somethnig like that:
$_GET['decrypted']=decrypt(Yii::app()->request->getParam('encrypted'));
(test if encrypted is set, and maybe if you are are the first step.)

Denis
L'administrateur a désactivé l'accès en écriture pour le public.
Temps de génération de la page : 0.178 secondes
Donation Image