Post by IP_CAM » Tue Jul 10, 2018 5:16 am

I really wouldn't suggest to v1.5x releases for the latest release of PHP ...
would have to be taxed as hypothetical statement, but not based on tested Facts, as
I demonstrated already by working links. But it also might depend on Extensions used,
some of them possibly don't work anymore, or at least present Warnings, like in later
OC Versions as well. At least up to php v.7.2.x, but if it still functions in latest PHP v.7.3
cannot be judged on yet ..., for those, eager to always run the latest Things ::)
---
PHP v.7.2.7 TestSite Default OC 1.5.6.5_rc: http://www.jti.li/shop/
PHP v.7.2.7 TestSite OC 1.5.6.5_rc Merkent Bootstrap Theme: http://www.bigmax.ch/shop/
---
shop\system\library\encryption.php (OC v.1.5.6.1 ? - 1.5.6.5_rc Replacement File !)

Code: Select all

<?php
final class Encryption {
	
	private $cipher = 'aes-256-ctr';
	private $digest = 'sha256';
	private $key;
	
	public function __construct($key) {
		$this->key = $key;
	}

	public function encrypt($value) {
		$key       = openssl_digest($this->key, $this->digest, true);
		$iv_length = openssl_cipher_iv_length($this->cipher);
		$iv        = openssl_random_pseudo_bytes($iv_length);
		return base64_encode($iv . openssl_encrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv));
	}
	
	public function decrypt($value) {
		$key       = openssl_digest($this->key, $this->digest, true);
		$iv_length = openssl_cipher_iv_length($this->cipher);
		$value     = base64_decode($value);
		$iv        = substr($value, 0, $iv_length);
		$value     = substr($value, $iv_length);
		return openssl_decrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
	}
}
?>
And a few days ago, my Hoster added this new .htaccess_sample
1-liner-file onto my Sites, but without any comments to it:
AddHandler application/x-httpd-php70to72 .php
to possibly be used instead of normally using one of those:

Code: Select all

AddHandler application/x-httpd-php70 .php
AddHandler application/x-httpd-php71 .php
AddHandler application/x-httpd-php72 .php
I have not found out anywhere about it's explicit function yet, but
it could be possible, that it will select automatically, wich version
matches best ... ??? Just to have it mentioned too ! ;)
Good Luck, keep the original file, just in case ! :D
Ernie

Ernie's OpenCart v.1.5.6.5 LIGHT + V-Pro + OpenShop Admin v.1.75 Test Sites
http://www.bigmax.ch - http://www.opencart.li/shop/
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by straightlight » Tue Jul 10, 2018 6:34 am

would have to be taxed as hypothetical statement, but not based on tested Facts
Of course. The fact is that the provided solution above is not provided out of the box when installing OC as a fresh install which means server modification parameters needs to be manually set to the domain in order to process what may or may not work for everyone since these parameters still relies on server-specifics.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by IP_CAM » Tue Jul 10, 2018 8:22 am

... solution above is not provided out of the box
Well, it's an old Box already, I'm talking about, I know ... , but some
just like the Things, they 'use', and not get divorced, just to get a
new feeling again, once in a while. And the bulkloads of fixes,
recommended, to fix later OC's, are also not provided out of
the box. So, what's the difference ?

It's one of the reason, to have this place here, also for those, looking
for possible alternatives. And this, without beeing forced, to likely run into
a bunch of new problems, instead of beeing able to solve a single old one.

Especially in a time, where another version is soon to be expected again.
And, as we all know, older Version Supporter slowly fade away, or even
turn into version-political enemies, for whatever reason they might have.
It's a complicated world out there ... :crazy:
Ernie

Ernie's OpenCart v.1.5.6.5 LIGHT + V-Pro + OpenShop Admin v.1.75 Test Sites
http://www.bigmax.ch - http://www.opencart.li/shop/
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by straightlight » Tue Jul 10, 2018 8:42 am

t's one of the reason, to have this place here, also for those, looking
for possible alternatives. And this, without beeing forced, to likely run into
a bunch of new problems, instead of beeing able to solve a single old one.
My point exactly. It's those single old ones as you said that may prevent thousands of extensions to keep on running due to the core fixes. What's the difference? I just named one. People could buy a million extension which forum posters and supporters would believe it would solve all their problems. The truth is, it may resolve many of them - but not all of them. Granted, a new version is about to be released. However, even with new distributions, I am still able, as much as others, to keep tracking new problems while old ones have been partially resolved. In the end, it is still a problem versus another problem and extension problems that still creates another half of problems despite whether the core gets fixed or an extension gets fixed. The only good side, on the other hand, is without the core - how can we possibly name those distributed features called: extensions!

It takes people to cure people whether a divorce occurs or not. Divorced people may leave their past behind but there's always some of the things that will stick inside of them. It's no different compared to the people having to fight hard everyday by using this platform as well as other platforms.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by sicotommo » Tue Jul 10, 2018 10:33 pm

I understand the need to get updated to the most recent OC possible, but some of my customers don't so i need to keep 1.5.6.4 going for a little while longer for some of them whilst they evaluate options to update, but the service we use is making everyone upgrade their hosting to PHP7.2. What are the options of keeping 1.5.6.4 going on PHP7.2 if I've tried the above solution that hasn't solved the issue?

Thanks for your input.

New member

Posts

Joined
Wed Jul 27, 2011 8:55 am

Post by schiggi » Wed Jul 11, 2018 12:44 am

billynoah wrote:
Fri May 04, 2018 2:26 pm
Here's a drop in replacement for system/library/encryption.php that will work on OC1.5.6.4 and PHP7.2. Unlike the current version used in OC3, this will not produce the empty iv warning "Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended"

Code: Select all

<?php
final class Encryption {
	
	private $cipher = 'aes-256-ctr';
	private $digest = 'sha256';
	private $key;
	
	public function __construct($key) {
		$this->key = $key;
	}

	public function encrypt($value) {
		$key       = openssl_digest($this->key, $this->digest, true);
		$iv_length = openssl_cipher_iv_length($this->cipher);
		$iv        = openssl_random_pseudo_bytes($iv_length);
		return base64_encode($iv . openssl_encrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv));
	}
	
	public function decrypt($value) {
		$key       = openssl_digest($this->key, $this->digest, true);
		$iv_length = openssl_cipher_iv_length($this->cipher);
		$value     = base64_decode($value);
		$iv        = substr($value, 0, $iv_length);
		$value     = substr($value, $iv_length);
		return openssl_decrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
	}
}
If I replace the old 2.3 library with your suggestion, will I run into problems with old orders, api or anything?

New member

Posts

Joined
Tue May 13, 2014 4:23 am

Post by straightlight » Wed Jul 11, 2018 3:09 am

You should not run into problems after replacing the file; especially if you use SSL with a decent PHP 7.x version.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by sunsys » Sun Jul 15, 2018 10:54 pm

Great discussion on php version compatibility, is a rollback of php versions possible if I upgrade from php ver5.5 to ver7.0 and I find issues then can I go back to php ver5.5 is that possible at all, does php change any opencart core files?
BTW I am using OC 2.0.3.1

Regards,
Sun Systems
Industrial Electronics and Instrumentation


User avatar
Active Member

Posts

Joined
Tue Jan 27, 2015 5:19 am

Post by IP_CAM » Mon Jul 16, 2018 2:07 am

Yes, this is possible, without creating problems.
Ernie

Ernie's OpenCart v.1.5.6.5 LIGHT + V-Pro + OpenShop Admin v.1.75 Test Sites
http://www.bigmax.ch - http://www.opencart.li/shop/
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by straightlight » Mon Jul 16, 2018 2:56 am

does php change any opencart core files?
BTW I am using OC 2.0.3.1
No, it doesn't.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by sunsys » Mon Jul 16, 2018 4:44 pm

IP_CAM wrote:
Mon Jul 16, 2018 2:07 am
Yes, this is possible, without creating problems.
Ernie
Thank you Ernie.

Regards,
Sun Systems
Industrial Electronics and Instrumentation


User avatar
Active Member

Posts

Joined
Tue Jan 27, 2015 5:19 am

Post by sunsys » Mon Jul 16, 2018 4:46 pm

straightlight wrote:
Mon Jul 16, 2018 2:56 am
does php change any opencart core files?
BTW I am using OC 2.0.3.1
No, it doesn't.
Thank You @straightlight

Regards,
Sun Systems
Industrial Electronics and Instrumentation


User avatar
Active Member

Posts

Joined
Tue Jan 27, 2015 5:19 am
Who is online

Users browsing this forum: No registered users and 11 guests