all versions .. so e.g. J2.5.28/VM2.6.22 | J3.4.8/VM3.0.12 etc etc
on any of the above we have been usings Alatak offline credit card payment plugin which uses the standard vm encryption method
e.g.
static function encrypt($string) {
if (!class_exists('vmCrypt')) {
if (file_exists(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmcrypt.php')) {
require(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmcrypt.php');
}
}
if (class_exists('vmCrypt')) {
$string = vmCrypt::encrypt($string);
}
return $string;
}
all works fine on php5.4.4 & Alatak reports it works on her php5.5.3
As soon as we change to php5.6 the returned strings are invalid..
e.g.
N,�����Tm5�h����R����1)b-����5
refreshed the key to ensure is a divisible by 8 etc
This does seem to be a general VM encryption thing??? Has anyone tested e.g. the Authorize plugin on php 5.6?
Perhaps it's the server ?
Check inside the function
if(function_exists('mcrypt_encrypt')){
// create a random IV to use with CBC encoding
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
return base64_encode ($iv.mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $string, MCRYPT_MODE_CBC,$iv));
} else {
return base64_encode ($string);
}
SO if you change server (or PHP) and this have now the mcrypt_get_iv_size function.
You don't have same encryption type and this is the same for decrypt function.
SO perhaps on forcing to use same method as old site, your encryption is correct?
Hi S42,
but this is always the same server -- little bit of history
upgrading to J3/VM3 ... new install in subfolder
the only change is switching to php 5.6 from php 5.4
this broke the encryption .. return to php 5.4 all works
limited config as shared host but assume same modules enabled on either php version
and even if not, it is that on php 5.6 the encryption process seems to return junk .. where as on 5.4 it returns a simple string
they don't need to return the same string but something usable..
the prob is the site is live.. the client is happy with php 5.4 and I can#t go flipping it back and forth.. it was just a quick hire job
If anyone has a php 5.6 to test on perhaps they can try with the Authoize plugin etc as to if the base vmencrypt function returns a simple string that is recoginised
Joomla 3.51 and Virtuemart 3.0.16
php 5.6 and php 7
This seems to effect any plugin with fields in the payment section of the checkout page.
Virtuemart is using vmcrypt when the cart is saved.
Virtuemart will sometimes generate keys with double quotes in the key file.
///////////////////////////////////////////////////////////
;<?php die(); */
[keys]
key = "aʨÖÁÏת FZäÄ""
unixtime = "1464293091"
date = "2016-05-26 20:04:51"
b64 = "0"
size = "24"
; */ ?>
///////////////////////////////////////////////////////////////
The key contains an extra double quote "
key = "aʨÖÁÏת FZäÄ""
and this is corrupting the key file.
One solution is to delete the key file and force a new key file to be generated.
Keep on doing this until a key without double quotes is created.
Generally seems to take two or three attempts to do this.
Only use this method on a new installation, since data saved using the old key file may be lost.
hello, i am getting your issues only when:
- your safe path is incorrect (or not writable) and VM is not capable of creating the keys
- VM stores some stuff in session and thus you must restart the session to get it to work after you fix the safepath
to restart a session clear your cookies, or drop #__session table or login/logout (this is not reliable)
best regards, stan
/administrator/components/com_virtuemart/helpers/vmcrypt.php
Line 31 mcrypt_get_iv_size()
Line 32 mcrypt_create_iv()
Line 34 mcrypt_encrypt()
http://php.net/manual/en/function.mcrypt-get-iv-size.php, etc.
Warning: This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.
Vm3 is NOT php7.1 compatible. We got some errors with php7.1, which shows it is just to early to adapt to it.
GJC it works for me on php 5.6. Strange characters in the key are not a problem. Maybe the key is of php5.3 became invalid. Just remove the key, so it creates a new one, and move the old key back. The keys have a date, so the system takes the right key for the right time.
Assume I am right with my theory, I still dont know how to encrypt old data.
Quote from: Milbo on March 14, 2017, 08:42:52 AM
Vm3 is NOT php7.1 compatible. We got some errors with php7.1, which shows it is just to early to adapt to it.
That is correct. I was trying to suggest an adoption of the openssl.so instead of mccrypt.so. This has already been done in other different platforms. :)