Author Topic: Payment Plugin encryption on php 5.6  (Read 1485 times)

GJC Web Design

  • 3rd party VirtueMart Developer
  • Super Hero
  • *
  • Posts: 7596
  • Virtuemart, Joomla & php developer
    • GJC Web Design
  • VirtueMart Version: 2.6.22 & 3.2.2
Payment Plugin encryption on php 5.6
« on: March 10, 2016, 11:55:26 am »
all versions .. so e.g. J2.5.28/VM2.6.22 | J3.4.8/VM3.0.12 etc etc

on any of the above we have been usings Alatak offline credit card payment plugin which uses the standard vm encryption method

e.g.

Code: [Select]
static function encrypt($string) {
if (!class_exists('vmCrypt')) {
if (file_exists(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmcrypt.php')) {
require(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmcrypt.php');
}
}
if (class_exists('vmCrypt')) {
$string = vmCrypt::encrypt($string);
}
return $string;

}

all works fine on php5.4.4 & Alatak reports it works on her php5.5.3

As soon as we change to php5.6 the returned strings are invalid..
e.g.
N,�����Tm5�h����R����1)b-����5

refreshed the key to ensure is a divisible by 8 etc

This does seem to be a general VM encryption thing???  Has anyone tested e.g. the Authorize plugin on php 5.6?
GJC Web Design
VirtueMart and Joomla Developers - php developers http://www.gjcwebdesign.com
VM3 AusPost Shipping Plugin - e-go Shipping Plugin - VM3 Postcode Shipping Plugin - Radius Shipping Plugin - VM3 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
http://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

Studio 42

  • Contributing Developer
  • Full Member
  • *
  • Posts: 2332
  • Joomla & Virtuemart addon developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3.0.x.y
Re: Payment Plugin encryption on php 5.6
« Reply #1 on: March 10, 2016, 14:28:06 pm »
Perhaps it's the server ?
Check inside the function

      if(function_exists('mcrypt_encrypt')){
         // create a random IV to use with CBC encoding
         $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
         $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

         return base64_encode ($iv.mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $string, MCRYPT_MODE_CBC,$iv));
      } else {
         return base64_encode ($string);
      }
SO if you change server (or PHP) and this have now the mcrypt_get_iv_size function.
You don't have same encryption type and this is the same for decrypt function.
SO perhaps on forcing to use same method as old site, your encryption is correct?

GJC Web Design

  • 3rd party VirtueMart Developer
  • Super Hero
  • *
  • Posts: 7596
  • Virtuemart, Joomla & php developer
    • GJC Web Design
  • VirtueMart Version: 2.6.22 & 3.2.2
Re: Payment Plugin encryption on php 5.6
« Reply #2 on: March 10, 2016, 14:43:42 pm »
Hi S42,

but this is always the same server -- little bit of history

upgrading to J3/VM3 ...  new install in subfolder

the only change is switching to php 5.6 from php 5.4

this broke the encryption .. return to php 5.4 all works

limited config as shared host but assume same modules enabled on either php version

and even if not, it is that on php 5.6 the encryption process seems to return junk  .. where as on 5.4 it returns a simple string

they don't need to return the same string but something usable..

the prob is the site is live.. the client is happy with php 5.4 and I can#t go flipping it back and forth.. it was just a quick hire job

If anyone has a php 5.6 to test on perhaps they can try with the Authoize plugin etc as to if the base vmencrypt function returns a simple string that is recoginised
GJC Web Design
VirtueMart and Joomla Developers - php developers http://www.gjcwebdesign.com
VM3 AusPost Shipping Plugin - e-go Shipping Plugin - VM3 Postcode Shipping Plugin - Radius Shipping Plugin - VM3 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
http://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

ssc3

  • 3rd party VirtueMart Developer
  • Jr. Member
  • *
  • Posts: 123
    • Online Store Plugins
Re: Payment Plugin encryption on php 5.6
« Reply #3 on: May 27, 2016, 10:17:32 am »
Joomla 3.51 and Virtuemart 3.0.16

php 5.6 and php 7

This seems to effect any plugin with fields in the payment section of the checkout page.

Virtuemart is using vmcrypt when the cart is saved.

Virtuemart will sometimes generate keys with double quotes in the key file.

///////////////////////////////////////////////////////////

;<?php die(); */
                        [keys]
                        key = "‡a†Ê¨ÖÁÏ׌ª    ‰FZäÄ""
                        unixtime = "1464293091"
                        date = "2016-05-26 20:04:51"
                        b64 = "0"
                        size = "24"
                        ; */ ?>

///////////////////////////////////////////////////////////////

The key contains an extra double quote “

key = "‡a†Ê¨ÖÁÏ׌ª    ‰FZäÄ""

and this is corrupting the key file.

One solution is to delete the key file and force a new key file to be generated.

Keep on doing this until a key without double quotes is created.

Generally seems to take two or three attempts to do this.

Only use this method on a new installation, since data saved using the old key file may be lost.
Virtuemart Payment Plugins

https://plugins.online-store.co.uk

stAn99

  • Contributing Developer
  • Jr. Member
  • *
  • Posts: 67
    • One Page Checkout for Virtuemart 2
Re: Payment Plugin encryption on php 5.6
« Reply #4 on: August 23, 2016, 18:02:14 pm »
hello, i am getting your issues only when:
- your safe path is incorrect (or not writable) and VM is not capable of creating the keys
- VM stores some stuff in session and thus you must restart the session to get it to work after you fix the safepath

to restart a session clear your cookies, or drop #__session table or login/logout (this is not reliable)

best regards, stan
----
RuposTel.com
www.rupostel.com
Your customized checkout solution for Virtuemart

arias

  • Beginner
  • *
  • Posts: 2
  • A beginner
Re: Payment Plugin encryption on php 5.6
« Reply #5 on: March 11, 2017, 20:12:48 pm »
/administrator/components/com_virtuemart/helpers/vmcrypt.php
Line 31      mcrypt_get_iv_size()
Line 32      mcrypt_create_iv()
Line 34      mcrypt_encrypt()

http://php.net/manual/en/function.mcrypt-get-iv-size.php, etc.
Warning: This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9372
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Payment Plugin encryption on php 5.6
« Reply #6 on: March 14, 2017, 08:42:52 am »
Vm3 is NOT php7.1 compatible. We got some errors with php7.1, which shows it is just to early to adapt to it.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9372
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Payment Plugin encryption on php 5.6
« Reply #7 on: March 14, 2017, 08:48:19 am »
GJC it works for me on php 5.6. Strange characters in the key are not a problem. Maybe the key is of php5.3 became invalid. Just remove the key, so it creates a new one, and move the old key back. The keys have a date, so the system takes the right key for the right time.

Assume I am right with my theory, I still dont know how to encrypt old data.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

arias

  • Beginner
  • *
  • Posts: 2
  • A beginner
Re: Payment Plugin encryption on php 5.6
« Reply #8 on: April 17, 2017, 20:23:25 pm »
Vm3 is NOT php7.1 compatible. We got some errors with php7.1, which shows it is just to early to adapt to it.

That is correct. I was trying to suggest an adoption of the openssl.so instead of mccrypt.so. This has already been done in other different platforms.  :)