[de] Simple Database Integration

Moin zusammen,

ich suche eine/n fleißigen Coder der mir bei einem kleinen Projekt hilft.
Es gut um einen Client von mir der für ein Event eine Registrations Seite bereit stellen möchte.
Wir sprechen über eine simple page die Name, Adresse, Email und Bankdaten in eine Datenbank schreibt.

Zusätzlich soll für den Admin im Panel eine Info Seite eingerichtet werden wo die registrierten Nutzer in einer einfachen Liste/Tabelle aufgelistet werden sollen.

Lohn/Honorar nach Absprache
Weitere Infos bitte per Mail anfragen - web@laufenundgutestun.de

Ich freu mich auf euch!
Florian

1 Like

Why DB? Just write the registrations to a structure field.
Then you have a nice table view of the registrations in the panel.

I have made this for a coments plugin lately. works good.

Svnt

depending on size you might also use

  • a subpage with “user template” instead of structure.

  • account with additional fields

  • if database is really required, you could also just use sqlite which is already built into the core of kirby but without db it’s way easier.

thanks for your replys so far!
@Svnt Thank you for your Idea! I havent worked with structure fields yet. So this might be a s solution for my project.

How do i handle the bank details the clients have to fill in? Is it a save way to save them in a structure field?
I think for this project i really need a help to get a better understanding :slight_smile:

Cheers
Florian

This question i’m asking myself since some days… haven’t found a solution yet.
There are PHP-crypt functions/classes but store the decrypt key on the server
is’nt a good idea IMHO.
And to force the admin/user to copy/paste a private key and a password to decode stuff
is also not that convenient.

Svnt

When you say bank details do you mean credit card details? I would NOT store that in Kirby. It’s actually illegal to store this in a highly secure manner which is not PCI compliant. Use a system like Stripe.com, you’ll thank yourself later.

1 Like

@louiswalch No we dont talk about Creditcards. We talk about the IBAN and the BIC numbers.

While PCI only applies to payment cards, I’d be very careful with bank account data. You should at least store them encrypted, presumably better in a hardened database if you are not using a payment service.

Yeah exactly. Thats why im searching for someones help :slight_smile:
Cause i dont have that knowledge.

Keep in mind. Anything that is stored “encrypted” which can be automatically decrypted by PHP (without entering a keyset to decrypt) is hackable if someone gains access to your server.

2 Likes

if somebody “just” gains read access to all your files a database adds a level of security.
but with write/execute rights your DB has also lost this.

@flokuek wants to store user entered form data.
sanitize the input well or you will dig more holes by trying to fix another… https://xkcd.com/327/

maybe some shift/base n encoding/salt/password “magic” will hold more script kids away than a DB.

Svnt

Don’t use security through obscurity. Encrypting files and putting the key somewhere on the same server is not encryption. The files are de facto unencrypted.

I’d be careful with storing payment information, especially if your client is offering his site to German customers (German privacy laws are very strict). Better talk to an IT/Internet lawyer about this or build the site without asking for payment information via the form.

1 Like

Thank you so much for your input here.
I think i wil contact my client and talk about the bank details again. Maybe we find another way.

But in the meanwhile i still need someone for the normal user data :slight_smile:

Cheers
Florian

about structure field. that is not a good idea imho. editing the content will override any registrations happening in between. there is also the slight change for almost concurrent registrations blocking each other.

1 Like

is there no option you could process a payment right away?
i mean you collect payment information to get a payment.

several provider have recurring payment options so you could basically process a user registration with a payment in one shot … if you are willing to work with a payment provider that is.

in this case you won’t be saving those critical data for datenschutz concerns.

1 Like

SRY for my late reply!

I think we can close that post cause I’m in contact with someone whos gonna help me and my client out :slight_smile:

@carstengrimm Im working for a non-profit organisation (Laufen und Gutes tun e.V.) which is donating all the money we get from our yearly running event so various institutions. (The Way Home - This project of the Children and Youth Center Bielefeld will enable terminally ill children to spend their last weeks of their lives not in the hospice, but at home. In addition, a part of the donation sum goes to Rheda-Wiedenbrück families who are in need of care and to the german bone marrow donation (DKMS)). Thats why we dont want to use a provider cause we want to donate every single “Cent” we get from our running event. :slight_smile:

Thank you guys so much for ur help :slight_smile:
For Those who wanna get more informations about what we do or maybe register for our event?! Just kidding!
https://laufenundgutestun.de

Cheers
Florian

3 Likes