I have usersettings directory in my plugin that add automatically configure your tools section. users can create secret and qrcode of this secret.
I wrote action for saving secret like this:
$secret=get_input('secret');
$plugin_id = get_input('plugin_id');
$user_guid = get_input('user_guid', elgg_get_logged_in_user_guid());
$plugin = elgg_get_plugin_from_id($plugin_id);
$user = get_entity($user_guid);
if (!($plugin instanceof ElggPlugin)) {
register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_id)));
forward(REFERER);
}
if (!($user instanceof ElggUser)) {
register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_id)));
forward(REFERER);
}
$plugin_name = $plugin->getManifest()->getName();
// make sure we're admin or the user
if (!$user->canEdit()) {
register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_name)));
forward(REFERER);
}
//save
if (isset($secret)) {
$result = $plugin->setUserSetting('secret', $secret, $user->guid);
if (!$result) {
register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_name)));
forward(REFERER);
}
} else {
$plugin->unsetUserSetting('secret', $user->guid);
}
system_message(elgg_echo('plugins:usersettings:save:ok', array($plugin_name)));
forward(REFERER);
when I click save button the secret save in textbox.
how can I be sure that my secret is stored in database?Does anyway to see it in database?Is there in metadata?
thanks
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.