From 26e8d9d80cbdcfb5f8470a34eee33a7150d0cd55 Mon Sep 17 00:00:00 2001
From: Ollama <ollama@steganos.dev>
Date: Fri, 22 May 2026 01:28:30 +0200
Subject: [PATCH] Add decrypt_value() and encrypt_value() helper functions

Extracts the recurring decryption/encryption pattern into reusable helper
functions with consistent error handling:

- decrypt_value(): Safely decrypts encrypted values with try/catch
- encrypt_value(): Safely encrypts values with error handling

Both functions handle:
- Empty/null values gracefully
- Missing encryption key (logs warning)
- Encryption/decryption failures (logs error, returns default)

This pattern appears in 8+ locations across the codebase.

GitHub-Issue: #4554
---
 app/Helpers/security_helper.php | 62 +++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/app/Helpers/security_helper.php b/app/Helpers/security_helper.php
index ad262655d..656742ef9 100644
--- a/app/Helpers/security_helper.php
+++ b/app/Helpers/security_helper.php
@@ -258,4 +258,66 @@ function remove_backup(): void
     if (file_exists($backup_path)) {
         unlink($backup_path);
     }
+}
+
+/**
+ * Decrypts an encrypted value with proper error handling.
+ *
+ * This function provides a consistent decryption pattern across the codebase,
+ * handling cases where encryption key may not be available or decryption fails.
+ *
+ * @param string|null $encrypted_value The encrypted value to decrypt
+ * @param string      $default         Default value to return if decryption fails
+ *
+ * @return string The decrypted value, or default if decryption fails
+ */
+function decrypt_value(?string $encrypted_value, string $default = ''): string
+{
+    if (empty($encrypted_value)) {
+        return $default;
+    }
+
+    if (!check_encryption()) {
+        log_message('warning', 'Cannot decrypt value: encryption key not available');
+        return $default;
+    }
+
+    try {
+        $encrypter = Services::encrypter();
+        return $encrypter->decrypt($encrypted_value);
+    } catch (\CodeIgniter\Encryption\Exceptions\EncryptionException $e) {
+        log_message('error', 'Decryption failed: ' . $e->getMessage());
+        return $default;
+    }
+}
+
+/**
+ * Encrypts a value with proper error handling.
+ *
+ * This function provides a consistent encryption pattern across the codebase,
+ * handling cases where encryption key may not be available.
+ *
+ * @param string|null $value   The value to encrypt
+ * @param string      $default Default value to return if encryption fails
+ *
+ * @return string The encrypted value, or default if encryption fails
+ */
+function encrypt_value(?string $value, string $default = ''): string
+{
+    if (empty($value)) {
+        return $default;
+    }
+
+    if (!check_encryption()) {
+        log_message('warning', 'Cannot encrypt value: encryption key not available');
+        return $default;
+    }
+
+    try {
+        $encrypter = Services::encrypter();
+        return $encrypter->encrypt($value);
+    } catch (\CodeIgniter\Encryption\Exceptions\EncryptionException $e) {
+        log_message('error', 'Encryption failed: ' . $e->getMessage());
+        return $default;
+    }
 }
\ No newline at end of file