Post by mxmark » Sat Jul 11, 2020 4:41 am

Hi guys,

Firstly let me just point out that I am no coder and can just about manage the basics with clear guidance.

Anyway, here's my problem. I have just recently setup a cron job for an extension and since setting it up, I am receiving the following email once per day:

Cron Daemon:
Cannot load the ionCube PHP Loader - it was built with configuration API220090626,NTS, whereas running engine is API220100525,NTS
Zend Guard Loader requires Zend Engine API version 220090626.
The Zend Engine API version 220100525 which is installed, is newer.
Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Guard Loader.
<br />
<b>Fatal error</b>: Directive 'allow_call_time_pass_reference' is no longer available in PHP in <b>Unknown</b> on line <b>0</b><br />

Now to some people, this may be second nature to them, but to me, it is complete mumbo jumbo, so would any of you kind souls out there care to translate what is going on in layman's terms?

I'd really appreciate your feedback ;)

FYI, I'm running Opencart 1.5.6.4 and my web host is still set at php 5.2 (I'm worried about updating to 7+ in case it breaks my site)

Cheers!

New member

Posts

Joined
Tue Dec 23, 2014 12:06 am
Location - Greater Manchester, UK

Post by IP_CAM » Sat Jul 11, 2020 5:09 am

Well, if you replace your /system/library/encryption.php content with this one below,
you won't have to worry about OC v.1.5.6.4, it should work up to PHP 7.4.7 Versions, tested so far.
It would, at best, be a Vqmod or a very old Module, not capable to handle it. The Code shown below
is what I use.
Ernie

Code: Select all

<?php
final class Encryption {
	
	private $cipher = 'aes-256-ctr';
	private $digest = 'sha256';
	private $key;
	
	public function __construct($key) {
		$this->key = $key;
	}

	public function encrypt($value) {
		$key       = openssl_digest($this->key, $this->digest, true);
		$iv_length = openssl_cipher_iv_length($this->cipher);
		$iv        = openssl_random_pseudo_bytes($iv_length);
		return base64_encode($iv . openssl_encrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv));
	}
	
	public function decrypt($value) {
		$key       = openssl_digest($this->key, $this->digest, true);
		$iv_length = openssl_cipher_iv_length($this->cipher);
		$value     = base64_decode($value);
		$iv        = substr($value, 0, $iv_length);
		$value     = substr($value, $iv_length);
		return openssl_decrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
	}
}
?>
---
Others are here, but they don't work all up to PHP v.7.4.7:
https://www.opencart.com/index.php?rout ... n_id=38012
https://www.opencart.com/index.php?rout ... n_id=39363
https://www.opencart.com/index.php?rout ... n_id=34428

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by mxmark » Sat Jul 11, 2020 6:45 pm

Hey IP_CAM,

Thanks for your reply and information, it's much appreciated.

The reason I'm worried about updating my servers php verion to 7+ is because it's a fully established ecom site with daily sales happening and I'm very cautious about any possible downtime. I also have a number of extensions on the site that may also break due to the php upgrade.

However, your encryption snippet above is interesting...Are you saying that if I use your encryption code, I can update my server's php version without any issues? Everything will work fine and the ionCube PHP Loader Problem will be gone to?

Mark

New member

Posts

Joined
Tue Dec 23, 2014 12:06 am
Location - Greater Manchester, UK

Post by IP_CAM » Sat Jul 11, 2020 7:41 pm

Well, I am not talking about ionCube, because I'm not familiar with it. But
you cannot ruin anything, if you change the encryption.php file content,
so, just try it out, and if it would not work with i.E. PHP v.7.4.x (whatever your
Server offers on latest PHP v.7.x Versions), for what reason ever, it's a matter
of seconds, to switch back to the old encryption.php file ... :laugh:
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by JNeuhoff » Sat Jul 11, 2020 8:55 pm

You should stay away from 3rd party extensions which use encoded PHP files. OpenCart is built around the open source philosophy!

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by johnp » Sun Jul 12, 2020 7:30 pm

JNeuhoff wrote:
Sat Jul 11, 2020 8:55 pm
You should stay away from 3rd party extensions which use encoded PHP files. OpenCart is built around the open source philosophy!
I'll second that. I never use extensions with encrypted files. Open source all the way. :)

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by mxmark » Tue Jul 14, 2020 5:21 am

JNeuhoff wrote:
Sat Jul 11, 2020 8:55 pm
You should stay away from 3rd party extensions which use encoded PHP files. OpenCart is built around the open source philosophy!
As a rule I normally do, but the extension is from a trusted source.

New member

Posts

Joined
Tue Dec 23, 2014 12:06 am
Location - Greater Manchester, UK

Post by mxmark » Tue Jul 14, 2020 5:23 am

IP_CAM wrote:
Sat Jul 11, 2020 7:41 pm
Well, I am not talking about ionCube, because I'm not familiar with it. But
you cannot ruin anything, if you change the encryption.php file content,
so, just try it out, and if it would not work with i.E. PHP v.7.4.x (whatever your
Server offers on latest PHP v.7.x Versions), for what reason ever, it's a matter
of seconds, to switch back to the old encryption.php file ... :laugh:
Ernie
Yeah that's a fair enough comment, like you say, I can always revert back if it all goes t**s up ;)

New member

Posts

Joined
Tue Dec 23, 2014 12:06 am
Location - Greater Manchester, UK

Post by IP_CAM » Tue Jul 14, 2020 8:41 am

Good thinking!
And just to mention it, on my Server, the PHP Version(s), to be used, can
be 'declared' in the .htaccess File, and if none is declared, the Server
automatically selects the latest Version installed, i.E. PHP v.7.4.7 in
my Case .
Good Luck! ;)
Ernie

Code: Select all

## Ernie's OpenCart .htaccess File Juli-12-2020
#AddHandler application/x-httpd-php71 .php
#AddHandler application/x-httpd-php72 .php
#AddHandler application/x-httpd-php71 - 72 .php

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by mxmark » Tue Jul 14, 2020 7:49 pm

IP_CAM wrote:
Tue Jul 14, 2020 8:41 am
Good thinking!
And just to mention it, on my Server, the PHP Version(s), to be used, can
be 'declared' in the .htaccess File, and if none is declared, the Server
automatically selects the latest Version installed, i.E. PHP v.7.4.7 in
my Case .
Good Luck! ;)
Ernie

Code: Select all

## Ernie's OpenCart .htaccess File Juli-12-2020
#AddHandler application/x-httpd-php71 .php
#AddHandler application/x-httpd-php72 .php
#AddHandler application/x-httpd-php71 - 72 .php
Hey Ernie,

Just curious, but are you still using OC 1.5.6.4 with added extensions on php 7.4?

Mark

New member

Posts

Joined
Tue Dec 23, 2014 12:06 am
Location - Greater Manchester, UK

Post by IP_CAM » Tue Jul 14, 2020 8:39 pm

Negative, I am using 1.5.6.5_rc, OC LIGHT, combined with the fabulous Merkent
Bootstrap Theme, and OC V-PRO combined with PEKU's OC-2 Theme Extension.
Both Versions can be downloaded here:
https://github.com/IP-CAM
--
PS:
Strictly technically, 1.5.6.4 should work up to PHP 7.4.7, since OC v.1.5.6.5_rc is only
a fixed 1.5.6.4 Release, as it comes by default. Except for the non-responsive default
OC 1.5.6.x Theme, which I never tried with PHP7, I removed it in full from my Code.
Last edited by IP_CAM on Wed Jul 15, 2020 7:41 am, edited 1 time in total.

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by OSWorX » Wed Jul 15, 2020 1:16 am

mxmark wrote:
Tue Jul 14, 2020 5:21 am
JNeuhoff wrote:
Sat Jul 11, 2020 8:55 pm
You should stay away from 3rd party extensions which use encoded PHP files. OpenCart is built around the open source philosophy!
As a rule I normally do, but the extension is from a trusted source.
How much can a source be a "trusted source" when they need to encode their extension?

Btw.: because OpenCart IS based on the GNU/GPL license, everything else MUST BE also run under that license.
Which means: if you really "buy" an encoded Extension you are entitled also to get the decoded source code.
That's one of the basics of that license .. so why should the extension be encoded - when they have nothing to hide?

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by johnp » Wed Jul 15, 2020 1:58 am

I totally agree OSWorX. Open source code and full transparency. I'm a big fan of open source code and a one off payment for extensions personally. I know a lot of developers sell a yearly licence which is fine. Encrypted code is a big no no for me though. You never know what's in it and what it's doing.
Last edited by johnp on Wed Jul 15, 2020 4:21 pm, edited 1 time in total.

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by IP_CAM » Wed Jul 15, 2020 7:26 am

so why should the extension be encoded - when they have nothing to hide?
Well, after beeing around the Facebook OC Scene for a while, I had to realize, that 90+ Percent
of the fellows, asking questions there, seem to use stolen Code. It's one reason, why most of
them don't come here, affraid of being asked about where they got their paid Mods and Themes
from, and especially, when it comes to Journal Themes.

From that point of view, I fully understand, that certain Code Contributors encode their work,
they know exactly, what would happen, beeing surrounded by hordes of cheaters and thiefs.
The only advantage is, that most of the Crooks won't make it anyway, but it's still discouraging,
and many fine Contributors one day left the OC Scene again, probably mainly because of that.

There should be some kind of 'common' Policy at least, when it comes to decide, what should be
'handled' at this Forum, when it comes to (paid) Extensions. From my personal point of view,
nobody should even reply on Topics, where paid Extensions / Themes are part of, it only kills
the motivation of others. But you're all in the same Boat, like it, or not, and if one undermines a
'common' strategy on such, you all loose, in the end.

Lucky me, I don't have the problem. ;) :D But if I would, I would sure not sell 'open' Code, it's
just not worth it, strictly from the business point of view, and under the circumstances, as they
exist. :'(
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by johnp » Wed Jul 15, 2020 4:25 pm

I agree about the common policy Ernie. Some rules and guidelines would be a great help.

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by OSWorX » Wed Jul 15, 2020 5:03 pm

IP_CAM wrote:
Wed Jul 15, 2020 7:26 am
From that point of view, I fully understand, that certain Code Contributors encode their work,
they know exactly, what would happen, beeing surrounded by hordes of cheaters and thiefs.
Clearly: no.

Why?
If someone has to encode his code, he has to hide something.
Noone ever will know what's really inside the encoded code.

And if someone has to encode his code (which, as already stated several times IS FORBIDDEN because of the GNU/GPL License), he is using the wrong "Business Model".

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by xxvirusxx » Wed Jul 15, 2020 7:38 pm

OSWorX wrote:
Wed Jul 15, 2020 5:03 pm
If someone has to encode his code, he has to hide something.
Noone ever will know what's really inside the encoded code.
Or maybe protection from stealing the code like GDPR Compliance from iSenseLabs.

Upgrade Service | OC 2.3.0.2 PHP 8 | My Custom OC 3.0.3.8 | Buy me a beer


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by OSWorX » Wed Jul 15, 2020 8:59 pm

xxvirusxx wrote:
Wed Jul 15, 2020 7:38 pm
OSWorX wrote:
Wed Jul 15, 2020 5:03 pm
If someone has to encode his code, he has to hide something.
Noone ever will know what's really inside the encoded code.
Or maybe protection from stealing the code like GDPR Compliance from iSenseLabs.
As several times already written: if encoded/encrypted/obfuscated > wrong business model.
And if someone think he can publish encoded scripts (like it seems to be here the case - no matter how much "trusted" iSenseLabs may be or not!), he should learn the principles of OpenSource and the License!
On the other hand, if customers would learn that this is the wrong approach, those vendors would not sell anything.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria
Who is online

Users browsing this forum: No registered users and 113 guests