Well, OC v.1.5.6.4+ already works up to PHP v.7.1.x Versions well, after replacing
the default
system/library/encryption.php file with this one, sponsored a short
while ago by a fine Contributor. It even worked with PHP 7.2.x, but I run into a widely
known software (Counting) error message, all related to PHP 7.2.x, somewhere, and did not
bother since, to further check on this PHP matter.
Code: Select all
<?php
final class Encryption {
private $cipher = 'aes-256-ctr';
private $digest = 'sha256';
private $key;
public function __construct($key) {
$this->key = $key;
}
public function encrypt($value) {
$key = openssl_digest($this->key, $this->digest, true);
$iv_length = openssl_cipher_iv_length($this->cipher);
$iv = openssl_random_pseudo_bytes($iv_length);
return base64_encode($iv . openssl_encrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv));
}
public function decrypt($value) {
$key = openssl_digest($this->key, $this->digest, true);
$iv_length = openssl_cipher_iv_length($this->cipher);
$value = base64_decode($value);
$iv = substr($value, 0, $iv_length);
$value = substr($value, $iv_length);
return openssl_decrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
}
}
?>
But, to tell you a secret, my Testshop even works by use of Villagedefrance latest Version release
system/library/encryption.php file as it looks, I so far found no problem, up to PHP 7.1.16
Ernie
Code: Select all
<?php
final class Encryption {
private $key;
public function __construct($key) {
$this->key = hash('sha256', $key, true);
}
public function encrypt($value) {
$php_version = phpversion();
if ($php_version >= '7.1') {
$method = 'AES-128-CBC';
$iv_length = openssl_cipher_iv_length($method); // 16
$iv = openssl_random_pseudo_bytes($iv_length);
$encrypted = openssl_encrypt($value, $method, hash('sha256', $this->key, true), OPENSSL_RAW_DATA, $iv);
} else {
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
if ($php_version >= '5.6') {
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);
} elseif ($php_version >= '5.3') {
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_RANDOM);
} else {
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
}
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, hash('sha256', $this->key, true), $value, MCRYPT_MODE_CBC, $iv);
}
$encoded = base64_encode($encrypted) . '|' . base64_encode($iv);
return strtr($encoded, '+/=', '-_,');
}
public function decrypt($value) {
$php_version = phpversion();
$value = explode('|', strtr($value, '-_,', '+/=') . '|');
$decoded = base64_decode($value[0]);
$iv = base64_decode($value[1]);
if ($php_version >= '7.1') {
$method = 'AES-128-CBC';
$decrypted = trim(openssl_decrypt($decoded, $method, hash('sha256', $this->key, true), OPENSSL_RAW_DATA, $iv));
} else {
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
if (strlen($iv) !== $iv_size) {
return false;
}
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, hash('sha256', $this->key, true), $decoded, MCRYPT_MODE_CBC, $iv));
}
return $decrypted;
}
}
?>
