News:

Support the VirtueMart project and become a member

Main Menu

Payment Plugin encryption on php 5.6

Started by GJC Web Design, March 10, 2016, 11:55:26 AM

Previous topic - Next topic

GJC Web Design

all versions .. so e.g. J2.5.28/VM2.6.22 | J3.4.8/VM3.0.12 etc etc

on any of the above we have been usings Alatak offline credit card payment plugin which uses the standard vm encryption method

e.g.

static function encrypt($string) {
if (!class_exists('vmCrypt')) {
if (file_exists(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmcrypt.php')) {
require(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmcrypt.php');
}
}
if (class_exists('vmCrypt')) {
$string = vmCrypt::encrypt($string);
}
return $string;

}


all works fine on php5.4.4 & Alatak reports it works on her php5.5.3

As soon as we change to php5.6 the returned strings are invalid..
e.g.
N,�����Tm5�h����R����1)b-����5

refreshed the key to ensure is a divisible by 8 etc

This does seem to be a general VM encryption thing???  Has anyone tested e.g. the Authorize plugin on php 5.6?
GJC Web Design
VirtueMart and Joomla Developers - php developers https://www.gjcwebdesign.com
VM4 AusPost Shipping Plugin - e-go Shipping Plugin - VM4 Postcode Shipping Plugin - Radius Shipping Plugin - VM4 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
https://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

Studio 42

Perhaps it's the server ?
Check inside the function

      if(function_exists('mcrypt_encrypt')){
         // create a random IV to use with CBC encoding
         $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
         $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

         return base64_encode ($iv.mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $string, MCRYPT_MODE_CBC,$iv));
      } else {
         return base64_encode ($string);
      }
SO if you change server (or PHP) and this have now the mcrypt_get_iv_size function.
You don't have same encryption type and this is the same for decrypt function.
SO perhaps on forcing to use same method as old site, your encryption is correct?

GJC Web Design

Hi S42,

but this is always the same server -- little bit of history

upgrading to J3/VM3 ...  new install in subfolder

the only change is switching to php 5.6 from php 5.4

this broke the encryption .. return to php 5.4 all works

limited config as shared host but assume same modules enabled on either php version

and even if not, it is that on php 5.6 the encryption process seems to return junk  .. where as on 5.4 it returns a simple string

they don't need to return the same string but something usable..

the prob is the site is live.. the client is happy with php 5.4 and I can#t go flipping it back and forth.. it was just a quick hire job

If anyone has a php 5.6 to test on perhaps they can try with the Authoize plugin etc as to if the base vmencrypt function returns a simple string that is recoginised
GJC Web Design
VirtueMart and Joomla Developers - php developers https://www.gjcwebdesign.com
VM4 AusPost Shipping Plugin - e-go Shipping Plugin - VM4 Postcode Shipping Plugin - Radius Shipping Plugin - VM4 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
https://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

ssc3

#3
Joomla 3.51 and Virtuemart 3.0.16

php 5.6 and php 7

This seems to effect any plugin with fields in the payment section of the checkout page.

Virtuemart is using vmcrypt when the cart is saved.

Virtuemart will sometimes generate keys with double quotes in the key file.

///////////////////////////////////////////////////////////

;<?php die(); */
                        [keys]
                        key = "‡a†Ê¨ÖÁÏ׌ª    ‰FZäÄ""
                        unixtime = "1464293091"
                        date = "2016-05-26 20:04:51"
                        b64 = "0"
                        size = "24"
                        ; */ ?>

///////////////////////////////////////////////////////////////

The key contains an extra double quote "

key = "‡a†Ê¨ÖÁÏ׌ª    ‰FZäÄ""

and this is corrupting the key file.

One solution is to delete the key file and force a new key file to be generated.

Keep on doing this until a key without double quotes is created.

Generally seems to take two or three attempts to do this.

Only use this method on a new installation, since data saved using the old key file may be lost.
Virtuemart Payment Plugins
https://plugins.online-store.co.uk

stAn99

hello, i am getting your issues only when:
- your safe path is incorrect (or not writable) and VM is not capable of creating the keys
- VM stores some stuff in session and thus you must restart the session to get it to work after you fix the safepath

to restart a session clear your cookies, or drop #__session table or login/logout (this is not reliable)

best regards, stan
----
RuposTel.com
www.rupostel.com
Your customized checkout solution for Virtuemart

arias

/administrator/components/com_virtuemart/helpers/vmcrypt.php
Line 31      mcrypt_get_iv_size()
Line 32      mcrypt_create_iv()
Line 34      mcrypt_encrypt()

http://php.net/manual/en/function.mcrypt-get-iv-size.php, etc.
Warning: This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.

Milbo

Vm3 is NOT php7.1 compatible. We got some errors with php7.1, which shows it is just to early to adapt to it.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

GJC it works for me on php 5.6. Strange characters in the key are not a problem. Maybe the key is of php5.3 became invalid. Just remove the key, so it creates a new one, and move the old key back. The keys have a date, so the system takes the right key for the right time.

Assume I am right with my theory, I still dont know how to encrypt old data.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

arias

Quote from: Milbo on March 14, 2017, 08:42:52 AM
Vm3 is NOT php7.1 compatible. We got some errors with php7.1, which shows it is just to early to adapt to it.

That is correct. I was trying to suggest an adoption of the openssl.so instead of mccrypt.so. This has already been done in other different platforms.  :)