Loading


Advertisement:

Author Topic: 500 Error when posting new ad with photo using PHP 7.1.2  (Read 285 times)

SmaRTeY

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2228
Re: 500 Error when posting new ad with photo using PHP 7.1.2
« Reply #15 on: March 13, 2017, 02:30:15 am »
I think it is 'strict' related, PHP becoming more secure which is also reason for dropping the mcrypt functionality.

Anyway, there are 'fixes' in case others run into PHP 7.1+ problems now.
I also created a new encrypt/decrypt function that replaces both osc_encrypt_alert() and osc_decrypt_alert() and commented out some code in generate password function which also makes use of mcrypt. The new function is now used by osclass/controller/search.php and /osclass/controller/ajax.php in my dev environment for testing the working of the alerts and everythingelse that is related. So far so good, less code in hSecurity and no more mcrypt deprecated warnings 8)

Though this is officially Osclass 3.6.1 running on PHP 7.1.2, if it works it would also be an alternative for Osclass 3.7.1.
If you're interested I can share the hSecurity changes with you.

dev101

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 1525
  • osclass.work
Re: 500 Error when posting new ad with photo using PHP 7.1.2
« Reply #16 on: March 13, 2017, 03:10:05 am »
It will be addressed and it is already noted by Osclass Team, take a look at these links:

http://forums.osclass.org/development/sha1-password-hash-16947/msg145054/#msg145054
https://github.com/osclass/Osclass/issues/2073

SmaRTeY

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2228
Re: 500 Error when posting new ad with photo using PHP 7.1.2
« Reply #17 on: March 13, 2017, 10:10:45 am »
Cool, good to see it's on the agenda :)

Thanks
It will be addressed and it is already noted by Osclass Team, take a look at these links:

http://forums.osclass.org/development/sha1-password-hash-16947/msg145054/#msg145054
https://github.com/osclass/Osclass/issues/2073

SmaRTeY

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2228
Re: 500 Error when posting new ad with photo using PHP 7.1.2
« Reply #18 on: March 15, 2017, 01:03:01 am »
For those interested and keeping the wheels spinning....

So far my new function seems to be working OK and I would like your opinion on the code I am using in hSecurity at this moment making it PHP 7.1+ ready with regard to the use of MCRYPT (and also (ok, not 100% sure but I think so) being able to get rid of a whole libsec (mcrypt) library in osclass).
The Original encryption functions I have commented out in hSecurity as well as part of a rendom generate function, all in same hSecurity file. And as far as I can see, what _CONEJO already mentioned, only 'older' Osclass Payment plugin is using mcrypt as well.
That having said, I have no clue about other commercial plugins.

Okay, here's my encrypt/decrypt function I am using at the moment:
Code: [Select]
/**
* Alternative encryption for osclass alerts, mcrypt will be DEPRECATED in PHP 7.1+
* This function replaces both the need for 'osc_encrypt_alert' & 'osc_decrypt_alert'
* OSC Files effected: /osclass/controller/search.php & /osclass/controller/ajax.php
* Plugins effected: None known
*
* Params:
*
* @action -> 'encrypt' or 'decrypt'
* @data -> string for handling encryption ie. $alert
* @add_to_secret_key         -> optional string to add to key
*/
function osc_encrypt_decrypt($action, $data='', $add_to_secret_key='') {

if($action=='encrypt') {
osc_set_alert_private_key(); // renew private key and
osc_set_alert_public_key();  // public key
}

$output               = '';
$encrypt_method = "AES-256-CBC";
$secret_key         = osc_get_alert_private_key() . $add_to_secret_key;
$key                    = hash('sha256', $secret_key, true);
$secret_iv            = osc_get_alert_private_key();
$iv                      = substr(hash('sha256', $secret_iv), 0, 16);

$eski = array("+","/","=");
$yeni = array("b1X4","x8V7","F3h7");

if( $action == 'encrypt' ) {
$string = osc_genRandomPassword(32) . $data;
$output     = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output     = base64_encode($output);
$output     = str_replace($eski,$yeni,$output);
} elseif( $action == 'decrypt' ) {
$string = str_replace($eski,$yeni,$data);
$output      = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
$output = trim(substr($output, 32));
}

return $output;
}

Regards,
Eric
« Last Edit: March 15, 2017, 09:55:44 am by SmaRTeY »