Payment Plugin encryption on php 5.6

[GJC Web Design]

all versions .. so e.g. J2.5.28/VM2.6.22 | J3.4.8/VM3.0.12 etc etc

on any of the above we have been usings Alatak offline credit card payment plugin which uses the standard vm encryption method

e.g.

Code Select Expand

static function encrypt($string) {
if (!class_exists('vmCrypt')) {
if (file_exists(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmcrypt.php')) {
require(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmcrypt.php');
}
}
if (class_exists('vmCrypt')) {
$string = vmCrypt::encrypt($string);
}
return $string;

}

all works fine on php5.4.4 & Alatak reports it works on her php5.5.3

As soon as we change to php5.6 the returned strings are invalid..
e.g.
N,�����Tm5�h����R����1)b-����5

refreshed the key to ensure is a divisible by 8 etc

This does seem to be a general VM encryption thing???  Has anyone tested e.g. the Authorize plugin on php 5.6?

[Studio 42]

Perhaps it's the server ?
Check inside the function

      if(function_exists('mcrypt_encrypt')){
         // create a random IV to use with CBC encoding
         $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
         $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

         return base64_encode ($iv.mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $string, MCRYPT_MODE_CBC,$iv));
      } else {
         return base64_encode ($string);
      }
SO if you change server (or PHP) and this have now the mcrypt_get_iv_size function.
You don't have same encryption type and this is the same for decrypt function.
SO perhaps on forcing to use same method as old site, your encryption is correct?

[GJC Web Design]

Hi S42,

but this is always the same server -- little bit of history

upgrading to J3/VM3 ...  new install in subfolder

the only change is switching to php 5.6 from php 5.4

this broke the encryption .. return to php 5.4 all works

limited config as shared host but assume same modules enabled on either php version

and even if not, it is that on php 5.6 the encryption process seems to return junk  .. where as on 5.4 it returns a simple string

they don't need to return the same string but something usable..

the prob is the site is live.. the client is happy with php 5.4 and I can#t go flipping it back and forth.. it was just a quick hire job

If anyone has a php 5.6 to test on perhaps they can try with the Authoize plugin etc as to if the base vmencrypt function returns a simple string that is recoginised

[ssc3]

Joomla 3.51 and Virtuemart 3.0.16

php 5.6 and php 7

This seems to effect any plugin with fields in the payment section of the checkout page.

Virtuemart is using vmcrypt when the cart is saved.

Virtuemart will sometimes generate keys with double quotes in the key file.

///////////////////////////////////////////////////////////

;<?php die(); */
                        [keys]
                        key = "‡a†Ê¨ÖÁÏ׌ª    ‰FZäÄ""
                        unixtime = "1464293091"
                        date = "2016-05-26 20:04:51"
                        b64 = "0"
                        size = "24"
                        ; */ ?>

///////////////////////////////////////////////////////////////

The key contains an extra double quote "

key = "‡a†Ê¨ÖÁÏ׌ª    ‰FZäÄ""

and this is corrupting the key file.

One solution is to delete the key file and force a new key file to be generated.

Keep on doing this until a key without double quotes is created.

Generally seems to take two or three attempts to do this.

Only use this method on a new installation, since data saved using the old key file may be lost.

[stAn99]

hello, i am getting your issues only when:
- your safe path is incorrect (or not writable) and VM is not capable of creating the keys
- VM stores some stuff in session and thus you must restart the session to get it to work after you fix the safepath

to restart a session clear your cookies, or drop #__session table or login/logout (this is not reliable)

best regards, stan

[arias]

/administrator/components/com_virtuemart/helpers/vmcrypt.php
Line 31      mcrypt_get_iv_size()
Line 32      mcrypt_create_iv()
Line 34      mcrypt_encrypt()

http://php.net/manual/en/function.mcrypt-get-iv-size.php, etc.
Warning: This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.

[Milbo]

Vm3 is NOT php7.1 compatible. We got some errors with php7.1, which shows it is just to early to adapt to it.

[Milbo]

GJC it works for me on php 5.6. Strange characters in the key are not a problem. Maybe the key is of php5.3 became invalid. Just remove the key, so it creates a new one, and move the old key back. The keys have a date, so the system takes the right key for the right time.

Assume I am right with my theory, I still dont know how to encrypt old data.

[arias]

Vm3 is NOT php7.1 compatible. We got some errors with php7.1, which shows it is just to early to adapt to it.

That is correct. I was trying to suggest an adoption of the openssl.so instead of mccrypt.so. This has already been done in other different platforms.