492 comments found.
The instruction states the following:
“Async mode still adheres to the view permissions settings, so a user must also have view permissions to the specific data on top of having the async password.”
I have a problem setting this up correctly. Async is on, Limit User/Role View Permission Lists is set, I even tried to set a User Lockout List: lockdown
Doesn’t matter what settings I tweak, any logged in user that has Encryption password is able to decrypt all fields. It seems like Async Encryption password overwrites all view permissions. What am I missing?
Hello
You are correct in this. This instruction not being updated from previous beta mode asynch. It is corrected now in new version for plugin 5.9.1 just being released.
With Asynch a user must be logged in and simply either has pass or not.
Thank you for a quick reply and for clarification on that one. So then this feature is only useful for one user or is it possible to have a unique encryption password for each user?
I have another question, trying to use merge tags in Gravity PDF template.
Since the {gfef_decrypt_ALL+} merge tag ignores permissions, then it can not be used for PDF viewing/downloading because all users able to see all fields when they view/download the PDF. Is this correct?
I was not able to use the {gfef_decrypt_ALL+_USER}, it simply states “Encrypted Field Restricted” on encrypted fields for all users, regardless of access level. What am I missing?
Thanks.
Hello
Are you using asynchronous mode? Decrypted tags do not function in asynchronous unless an asynchronous logged in user initiated the action. (Ie: generates the pdf , sends the notification , etc) There is no decryption for anything outside of a user logged in in asynchronous mode. There are also no user level permissions in asynchronous. This is covered under the asynchronous instructions.
This is part of the modes inherent operation because you cannot decrypt anything whatsoever without the asynch key and the encrypted asynch key is not useable without the user logging into asynch mode with the password. So the only time any encrypted data can be decrypted for any purpose is by a logged in user who is logged into asynch mode with the pass.
Hello
For sending out PDF on initial submission please refer to asynch mode instructions on using the “process feeds and add-ons before encrypting” method . You can send standard notifications on submission including attaching pdf version at that time. Then Any resend of the data or regenerate pdf requires asynch log in after the data is encrypted.
Asynch only has one password. Any user with permissions to view entries who has asynch pass can access via asynch mode login. Can be many users. Just use same pass.
Hello,
Asynchronous mode is off. We can’t use it due to several editors managing the form entries.
PDF are not sent out, PDF accessed by editors from the single View Entry page, this is where the encryption/decryption fails when using merge tags.
Hello
With asynch off. Correct the decrypt all tag always decrypts . The user tag pends view permissions of the individual user . Have you confirmed the users can view the fields with current permissions based on viewing the entry ?
..also, this would apply to entries moving forward. It does not decrypt anything encrypted with asynch or any other mode/pass/etc
I am testing user that is an editor, has all rights to the GF forms except the settings.
username: test1
Limit User/Role View Permission Lists: empty
User Lockout List: lockdown
User/Role Access List: list of other users, but not test1
OpenSSL: selected
Async: off
Admin Area Only Viewing: checked
Merge Tag Filter Bypass: unchecked, the green message says ( MERGE TAG RESTRICTED DISPLAY FILTER IS ON)
Decrypted Merge Tags: ALL:ALL+, ALL:ALL, ALL:ANY, ALL:ALL+:U, ALL:ALL:U, ALL:ANY:U, ALL:ANY:X
The form has a field, it has Encrypt field value checked, and “User/Role View Permission” has the username: test1 User Owned Field: unchecked
New form entry submitted on the front end by the user who was not logged in.
On the single view page, the fields stating: “Encrypted Field Restricted” for any user, including test1, view PDF link clicked. The PDF template has the following merge tags:
{gfef_decrypt_ALL} – decrypts all fields for any user
{gfef_decrypt_ALL+} – decrypts all fields for any user
{gfef_decrypt_ALL_USER} – does not decrypt for user test1 or any user
{gfef_decrypt_ALL+_USER} – does not decrypt for user test1 or any user
According to the plugin logic and instructions, the user test1 should be able to view the decrypted data on the single entry view page and using the {gfef_decrypt_ALL+_USER} merge tag, is this correct?
Hello
The lockout list overrides any single field view permissions. Then the access list overrides the lockout list. The individual field setting is the lowest permission level.
The user needs to be listed in the access list of you have locked everyone out on a global level with “lockdown” in the lockout list.
There is a section called “Understanding the view permissions flow” in the instructions that details the permissions hierarchy.
Please let us know if changing your permissions flow does not solve the issue.
Thanks for pointing to that section. Per instructions, added user test1 to User/Role Access List. As a result, fields on the single page view are decrypted, but the merge tags {gfef_decrypt_ALL_USER} and {gfef_decrypt_ALL+_USER} are still not decrypting. The form has a new entry after settings changed.
Hello
Have you checked the dev site for any plug-in conflict in error reporting when generating the pdf?
We can verify that the custom user tags function the same as other custom tags in pdf generation.
Be sure to update to latest GF and latest gravity PDF and our plug-in version 5.9.1
The problem resolved by unchecking the “Admin Area Only Viewing” checkbox. FYI, Viewing/downloading PDF is done from the Admin area.
Hello
Yes, this would make sense. Although pdf links are in GF admin area, the page they link to in order to view or download which processes/generates the pdf is not an admin area page. The normal decrypt tags function because they are not permissions based, while the user tags do not because they add permissions, which includes the admin area only permission setting for all users.
Generally speaking leaving permissions available on the front end is perfectly fine as devs have full control over what is displayed or accessible from the front end.
Hello. I have to keep reactivating the license on this plugin. The client keeps emailing me saying the fields say hidden. I have to go in a reactivate the license and I’m not sure why this is happening.
Hello
Please update to latest plug-in version 5.9.1
We have a need to collect uploaded images of voided checks and driver license which needs to be protected from public view so we are compliant. I see that you are not encrypting uploaded files and we do not want link a third party service like drop box adding an additional step to retrieve files then match them up manually which with our volume is not feasible. Are you planing to make this feature to encrypt uploaded files? Do you have any custom development options available to protect uploaded files with encryption or password or hid from public securely so search engines do not index? Can we be compliant without protecting the uploaded files?
Hello
There are no current updates for file encryption. It may come in the future but not any time soon if ever. You can use a secure service like the Dropbox method, or secure send yourself the files via TLS and auto delete the files from your weberver.
Following is some info and suggestions:
GF natively hides files from public folders.
With DL and check this seems as it is a one time verification step which you could use the secure sending and auto deleting from server to accomplish, but if you need to store the files long term, an in house secure storage or third party encrypted file service would be far better over storing on your web server. Naming the email or file itself with easy corresponding entry markers can make for easy comparison.
We have previously set up a password secured (encrypted) PDF (gravity pdf) to include the uploaded images and emailed it to admin with the name matching the Entry_id and date and first name. The file is then taken and stored locally offline for reference. The uploaded images are set to auto delete after submission from the web server.
We have not looked into expanding this to simply save a copy of the encrypted pdf to the server instead of emailing it, but I would imagine this should be entirely possible with very little developer customization. This would likely be far more simple for image only files as they can be embedded in the pdf and pdf is widely web supported for viewing.
thanks for the reply. I like the process of images merged into a password protected pdf and think this will meet compliance for us. You mentioned previously this was available, but Is this currently available in your plugin and can you provide me documentation for how to accomplish that ?
Hello
This pdf feature as described are accomplished through the gravity PDF plugin.
did you write custom functions to accomplish this or was it built into gravity pdf?
Hello
It is a very simple custom template for a PDF that can embed/php echo uploaded images to PDF from a multi file upload field. Then you can attach the PDF file to the notification email (or save it to the server.. see their docs for this) and can set the file uploads to delete from the server after submission with our plugin. you cannot regenerate the PDF from there as the files are gone. Please refer to the gravity PDF plugin documentation and support for help with this. There is an example of embedding uploaded images to PDF. https://docs.gravitypdf.com/v6/developers/php-form-data-array ..see the “file upload” section for some sample code for custom template where field ID 48 is a multi file upload field
/* Add images to PDF */
if ( is_array( $form_data['field']['48_path'] ) ) { /* make sure you use the PATH */
$allowed_extensions = array( 'jpg', 'jpeg', 'png', 'gif' );
foreach ( $form_data['field']['48_path'] as $path ) {
$extension = strtolower( pathinfo( $path, PATHINFO_EXTENSION ) );
if( in_array( $extension, $allowed_extensions ) && is_file( $path ) ) { /* verify path has an image extension and it exists on the server */
echo '<img src="'. $path .'" width="200" />';
}
}
}
the PDF security options are then directly available through the PDF settings for the form.
Hi! We are wanting to be able to encrypt/hide the html block content on the front end, from dev tools and source code etc… We are wanting these fields only to appear in the generated pdf based on specific conditional logic – which is working fine, except that all the html block text is viewable in the main page code and we want to hide this. Is this plugin able to do this? Thanks
Hello
Set a CSS class on the helm field and hide it with css . Our plug-in does not hide fields , it encrypts submitted data
Hi – I am getting an error message when trying to submit my license code.
On the “LICENSE REGISTRATION” page, I enter my code and click “Submit Purcahse Code”. I get a message that says settings saved but then a red line of text appears under the license key saying “Failed to connect. Please try again”. It maybe that our hosting firewall is blocking the request. Can you help me explain to them what to enable in the firewall if you think that’s the issue?
Hello
Yes, your firewall is very likely the issue. You need to allow bi-directional curl/WP remote requests. you will likely find other licensing communication issues with plugins without allowing normal WP functionality.
I’m getting a failed to connect even from my local machine. How can I troubleshoot this?
This is what I’m seeing in the logs
[11-Oct-2021 03:17:07 UTC] WordPress database error Table ‘wp.wp_gf_rest_api_keys’ doesn’t exist for query SELECT COUNT FROM wp_gf_rest_api_keys; made by require_once(‘wp-admin/admin.php’), require_once(‘wp-load.php’), require_once(‘wp-config.php’), require_once(‘wp-settings.php’), do_action(‘init’), WP_Hook->do_action, WP_Hook->apply_filters, GFForms::init, GF_Upgrade->maybe_upgrade, GF_Upgrade->upgrade, GF_Upgrade->post_upgrade_schema, GF_Upgrade->set_upgrade_ended, do_action(‘gform_post_upgrade’), WP_Hook->do_action, WP_Hook->apply_filters, GFWebAPI->post_gravityforms_upgrade, GFWebAPI->maybe_upgrade_schema, GF_Upgrade->dbDelta, dbDelta, apply_filters(‘query’), WP_Hook->apply_filters, WSAL_Sensors_Database->EventDropQuery, WSAL_Sensors_Database->check_if_table_exists [11-Oct-2021 03:20:23 UTC] PHP Warning: First parameter must either be an object or the name of an existing class in /site/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php on line 2870 [11-Oct-2021 03:20:23 UTC] PHP Warning: First parameter must either be an object or the name of an existing class in /site/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php on line 2871 [11-Oct-2021 03:20:23 UTC] PHP Warning: First parameter must either be an object or the name of an existing class in /site/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php on line 2872 [11-Oct-2021 03:20:23 UTC] PHP Warning: First parameter must either be an object or the name of an existing class in /site/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php on line 2874 [11-Oct-2021 03:20:23 UTC] PHP Warning: First parameter must either be an object or the name of an existing class in /site/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php on line 2875 [11-Oct-2021 03:20:23 UTC] PHP Warning: First parameter must either be an object or the name of an existing class in /site/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php on line 2876 [11-Oct-2021 03:20:23 UTC] PHP Warning: First parameter must either be an object or the name of an existing class in /site/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php on line 2877 [11-Oct-2021 03:20:23 UTC] PHP Warning: First parameter must either be an object or the name of an existing class in /site/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php on line 2878
Did you uninstall gravity forms? The plug-in requires gravity forms.
These errors sound like your basic WP install has some issues missing some basic functionality. You may need a fresh WP install.
No, I didn’t uninstall Gravity Forms. I am getting this error after digging into the plugin code: WP_Error Object ( [errors] => Array ( [http_request_failed] => Array ( [0] => cURL error 60: SSL certificate problem: certificate has expired ) ) [error_data] => Array ( ) [additional_data:protected] => Array ( ) )
Can you check this on your end?
Could be related to this issue? https://wordpress.org/support/topic/failed-to-request-via-wordpress-curl-error-60-ssl-certificate-problem/. Sending this to our hosting team.
Possibly related yes.
We have checked and I ur license server is up and responding to all requests.
The certificate problem was the issue. I had to manually update the crt file in our Wordpress install with the one here and everything is working again. https://github.com/WordPress/WordPress/blob/master/wp-includes/certificates/ca-bundle.crt
Hi, I just purchased this plugin but when I try to enter my license registration (purchase code) I get a red error “Failed to connect. Please try again”
Hello
It is likely that your firewall or any proxy server is very likely the issue. You need to allow bi-directional curl/WP remote requests. you will likely find other licensing communication issues with plugins without allowing normal WP functionality.
Hello, I like to pass encrypted values from an external PHP Site to a GravityForm. I can see in the features List that you support something like this on the same webpage from on form to another form. Is it possible to encrypt the query string on the external PHP website and decrypt it while accessing the form. I am aware the external site needs to know the secret or public key. What would be the PHP-Snipped to encrypt the query string on the external site?
Thank you for your help, before buying your plugin.
Hello
This is something you would need to hire a developer for.
However, Our plug-in does allow directly for the gravity forms web api V1 to remotely access encrypted values from entries directly while logging in with a user who has appropriate permissions.
I need help deactivating this plugin Purchase Code from two websites (one localhost and one a development server) where those sites no longer exist. How can I correct this?
You can delete/deactivate non existing websites if they are registered when registering a new website from the initial licensing screen on install and setup.
In your other thread you are saying that you could not activate your websites for licensing. Are the sites in fact activated?
We have two different clients using this plugin. This client’s is activated. For this client, I do see the Deactivate button with one of the two sites listed but when I check the checkbox and click Deactivate, nothing happens.
Please send us an email. (Click our username and use the contact form) . In the private form email please include your purchase code and the website(s) to deactivate.
you may find that if the remote deactivation is not operable as you describe that activating is also not possible. this is due to server setup (firewall, proxy, potentially blacklisted server) . If you cannot activate you can always request a refund through your envato account. That process will also invalidate the purchase code for activation.
Will do, thanks
I tried to translate the Plugin, but it seems it is not translatable, will you support translations?
Hello
Not currently. Only few items in plug-in can be translate
Are there any known issues with using Gravity Forms Encrypted Fields and connecting it to ActiveCampaign? We have a form that collects PHI and we want to make sure the data is encrypted at rest but it will also transmit the data properly through the Gravity Forms for ActiveCampaign plugin through their API. ActiveCampaign is HIPAA compliant, so I believe this should be okay.
Hello
You can choose to encrypt after feeds and add-ons are processed, so all data is passed normally to them and then encrypted for at rest storage.
Hey We have 2 identical forms. One is with encrypted fields and one without. At the end of a form you have the option of downloading your entries in a pdf file. If the plugin is deactivated, the generation and download in the first form without encrypted fields takes 2 seconds. When the plugin is activated, it takes 18 seconds. The form with the encrypted fields takes 25 seconds. How is it possible that the first one takes longer to generate although the fields are not encrypted but the plugin is activated? Can I reduce the generation of the second form? Hopefully you can help me.
- Nico
Hello
What versions of GF , GPDF, and encrypted fields are you running?
Gravity Forms 2.5.12, Gravity PDF 6.1.0, Gravity Forms Encrypted Fields 5.9.1
What PDF template?
Core Blank Slate, but everything is excluded in the PDF with the CSS class “exclude” except 10 HTML fields in the end of the form.
Hello
Is this generated on submission? Are there other plugins add-one running on submission? Is the generation time the same after submission when other plugins are not running?
Have you checked errors for any plug-in conflicts?
After the submission you have the option to download your entry as a pdf file (“Download PDF”). If GFEF is deactivated it will download after 2 seconds. If GFEF is enabled it will download after 18 seconds in the first form without any encrypted fields and 25 seconds in the second form with encrypted fields.
I am using Gravity Forms with the following add-ons: Encrypted Fields, Collapsible Sections, Gravity PDF, Populate Anything and Easy Passthrough. Everything is working fine together. Only the PDF download is taking too long with Encrypted fields enabled.
Is the generation time the same after submission when other plugins are not running?
Have you tried pdf generation time with OTHER plugins disabled?
Have you checked for any plug-in conflicts in error reporting?
It sounds like ours and another plug-in together may be the issue.
The generation time is a bit different but every single test with GFEF enabled was worse than without GFEF.
The first form without any encrypted fields needs 11 seconds only with Gravity Forms, Gravity PDF and GFEF enabled. The second one with encrypted fields needs 15 seconds. If every plugin is activated, i have the same time as i discribed in my last posts. But if I have everything activated and only GFEF disabled i have again 2 seconds in both forms.
Hello
Have you checked for any plug-in conflicts in error reporting?
Yes, no errors in the log.
Thank you.
What is the length of the form by # of fields?
In the editor i counted around 75 fields including the collapsible sections (start and end). Form 1 and 2 are identical in the lenght.
Is the time only on first generation of a pdf or on any subsequent generation?
Every time i click on the download button the time is identical.
Do you experience any long times during any other operations while using encryption?
Pooh, good question. With the PDF, I noticed it immediately because of the 6-10x longer download time. Otherwise everything runs relatively normally.
Ok, has there been a different pdf template tried? Just looking to narrow down what we look into
That made no difference. However, I just found the error by accident … It was due to the merge tags. Ive unlocked all decrypted merge tags.
Hello
Were they trying to be used without being unlocked? Or was removing them the solution?
Removing them in the settings was the solution. First I wanted to create a PDF template with the merge tags but it didnt work with the html fields. Then i turned the merge tag restricted display filter off, used a normal template like bland and the pdf worked fine. I didnt remove the merge tags in the settings. Today I removed them for testing and it worked. Everything is generating fast again.
Thank you, we will look at in merge tag unlocks with seeing for possible efficiency changes.
I have another problem with the Plugin “Disable Entry Creation” from Gravity Wiz. If I turn the creation of a entry after submission off, i have the following error:
Fatal error: Uncaught Error: Cannot use object of type WP_Error as array in path to website/DieNachlassregler/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php:2069 Stack trace: #0 path/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php(2193): gfef_delete_form_entry_files_ip(Object(WP_Error)) #1 path to website/wp-includes/class-wp-hook.php(305): gfef_delete_active_form_entry_files(Object(WP_Error), Array) #2 path to website/wp-includes/class-wp-hook.php(327): WP_Hook->apply_filters(NULL, Array) #3 path to website/wp-includes/plugin.php(470): WP_Hook->do_action(Array) #4 path to website/wp-content/plugins/gravityforms/gravityforms.php(6815): do_action(‘gform_after_sub…’, Array, Array, NULL, NULL, NULL, NULL, NULL, NULL, N in path to website/wp-content/plugins/gravity-forms-encrypted-fields/gfef.php on line 2069
The weird thing is… In this form, GFEF is not used again.
This is a plug-in conflict.
The other plug-in is deleting the entry before ours attempts to use it. The entry is an object that is presumed to exist.
We can look to set a check in the next version for some of the error cases in case of another plugin or snippet removing it in advance, but I am wondering if you are aware that you can also just delete entries after submission using our encrypted fields plugin, and the gravity wiz one is redundant.
I also tried to use your “Delete Entries After Submission” function in the settings. But than i get this notification after I click on “download pdf”: “There was a problem generating your PDF”. After that i tried to use the Gravity Wiz plugin.
The pdf has to be generated before the entry is deleted. Once deleted, there is no entry to create a pdf from. This means it should be auto created and attached as a file to a notification email which can be sent out or not conditionally. Once the entry is deleted after initial submission/add-ons/feeds/notifications. You can no longer then choose to generate a pdf from that entry.
First there was a PHP-error on the settings page but now its working, thank you!
It is unsure of how much this may affect performance yet for your specific use case, but the new release today aims to cut our unnecessary processing for forms not using decrypted merge tags during both PDF generation and otherwise. It is just a few small checks added, but hopefully they will be a start to cut down on anything process heavy running which does not need to.
New in version 5.9.2- Performance improvement with decrypted merge tags unlocks for forms not using decrypted merge tags.
- Added checks for the entry object already being deleted by third party plugin prior to running after submission processes.
- Tested on WP 5.8.1
Hello, I am on version 5.8 of the GF encrypted fields plugin. Today, I noticed the advanced field functionality where you can click radio buttons to encrypt certain fields is not working. Only the “Delay Field Encryption” Checkbox is kind of working. If a field was encrypted prior to today that Checkbox is completely filled in as Blue, but the radio buttons are unresponsive. Also, some fields in my forms are getting encrypted on the front end when they were not supposed to be. It was working perfectly for a while and then I just noticed this change today. Is this because there has been an update to the plugin? Any insight you can provide would be helpful. Thanks.
Current version is 5.9.1 Please update and notify if issue persists
