Jump to content

Function mcrypt_encrypt() is deprecated in /classes/Rijndael.php on line 51


Recommended Posts

We encounter this error when switching to PHP 7.1:

 

Function mcrypt_encrypt() is deprecated in /home/username/public_html/classes/Rijndael.php on line 51

 

We are using Prestashop 1.6.1.14 version.

 

Any ideea how to fix this error?

 

thanks

Share this post


Link to post
Share on other sites

Does this SQL 

UPDATE `ps_configuration` SET `value` = '0' WHERE `name` = 'PS_CIPHER_ALGORITHM';

solve the problem for you?

We had the same issue in the beginning after switching to php7.

 

Regards,

cracked

  • Like 4

Share this post


Link to post
Share on other sites
  • 2 months later...
  • 1 month later...
On 6/23/2017 at 1:43 PM, cracked said:

Does this SQL 


UPDATE `ps_configuration` SET `value` = '0' WHERE `name` = 'PS_CIPHER_ALGORITHM';

solve the problem for you?

We had the same issue in the beginning after switching to php7.

 

Regards,

cracked

HI could you help me how do I make this update? I have same error I am not a very techie but can follow instructions as to how to do this.

Thanks

Share this post


Link to post
Share on other sites

Hi

sure no problem, I’m away on holiday atm but will do it when I get back for you. 

 

However if memory serves me correctly, you need to login to your phpmyadmin and run the SQL query. 

 

If that doesn’t help, I’m back on the 7th and will go through it with you. 

 

Regards

 

Gurnboy

Share this post


Link to post
Share on other sites
  • 1 month later...

Same results you can accomplish by change settings in:

Administration > Advanced parameters > Performance > Ciphering > Algorithm > "Use the custom BlowFish class"

(switch from "Rijndael with mcrypt lib")

Share this post


Link to post
Share on other sites
48 minutes ago, janoo said:

Same results you can accomplish by change settings in:

Administration > Advanced parameters > Performance > Ciphering > Algorithm > "Use the custom BlowFish class"

(switch from "Rijndael with mcrypt lib")

That assumes you can log into the back office, which you usually cannot do when you receive this error

Share this post


Link to post
Share on other sites
  • 5 months later...
  • 2 months later...
On 6/23/2017 at 9:13 AM, cracked said:

Does this SQL 


UPDATE `ps_configuration` SET `value` = '0' WHERE `name` = 'PS_CIPHER_ALGORITHM';

solve the problem for you?

We had the same issue in the beginning after switching to php7.

 

Regards,

cracked

Many thanks, this worked for me too

Share this post


Link to post
Share on other sites

Please note that there was an important security-fix regarding the Cookie Encryption in Prestashop Update 1.6.1.20.

Previous versions can easily be hacked (full Backoffice admin and therefore server access via php). 

 

You should update to the newest version of Prestashop 1.6!

 

Regards,

cracked

Edited by cracked (see edit history)

Share this post


Link to post
Share on other sites
  • 3 weeks later...
On 8/24/2018 at 10:19 AM, cracked said:

Please note that there was an important security-fix regarding the Cookie Encryption in Prestashop Update 1.6.1.20.

Previous versions can easily be hacked (full Backoffice admin and therefore server access via php). 

 

You should update to the newest version of Prestashop 1.6!

 

Regards,

cracked

1.6.1.20 is the one that's not working for me now, LOTS of this noise in errorlog:

 

[Tue Sep 11 10:48:32.739008 2018] [proxy_fcgi:error] [pid 95649:tid 139695774209792] [client 54.36.148.121:37354] AH01071: Got error 'PHP message: PHP Warning:  count(): Parameter must be an array or an object t
hat implements Countable in /home/kc.com/public_html/controllers/front/ProductController.php on line 254\nPHP message: PHP Warning:  openssl_encrypt(): IV passed is only 7 bytes long, cipher expects a
n IV of precisely 16 bytes, padding with \\0 in /home/kc.com/public_html/classes/Rijndael.php on line 52\nPHP message: PHP Warning:  Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJ
NDAEL_128' (this will throw an Error in a future version of PHP) in /home/kc.com/public_html/classes/Rijndael.php on line 124\n'

 

This coincides with:

AH01630: client denied by server configuration: /home/kc.com/public_html/img/p/1/1 so no images are shown since upgrade

 

Got error 'PHP message: PHP Warning:  Use of undefined constant MCRYPT_RIJNDAEL_128 - ass
umed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /home/midcentury-kc.com/public_html/classes/Rijndael.php on line 124\nPHP message: PHP Warning:  openssl_encrypt(): IV passed i
s only 7 bytes long, cipher expects an IV of precisely 16 bytes, padding with \\0 in /home/midcentury-kc.com/public_html/classes/Rijndael.php on line 52\nPHP message: PHP Warning:  Use of undefined constant MCRY
PT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /home/midcentury-kc.com/public_html/classes/Rijndael.php on line 124\n'


 

Share this post


Link to post
Share on other sites
  • 4 weeks later...
  • 1 month later...

Hi @hakeryk2 - found the posts and checked.

Just installed a brand new 1.6.23 for testing purposes on a brand new PHP 7.2.12 + MySQL 5.7 (Percona) and indeed, everything works fine as the fix you pointed to on github seems to be incorporated in the latest distributed version.

As the mcrypt library is deprecated and thus not included anymore at all, the setup process informs it's missing but follows through anyway and everything works fine in the end.

BUT,

My problem is that if I try to migrate an existing shop, that runs perfectly well on previous versions of PHP/MySQL, and was updated to the latest 1.6.1.23 version prior to tests, this "old" shop doesn't work : I can't access to the admin without getting the same warning :

Warning: Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/test.steveshehan.com/htdocs/shop/classes/Rijndael.php on line 124

This is a test environment (full 100% replica of files & database) in a subdomain on the prod server, so that I have the exact config, but I can play with parameters...

I got rid of all cached files, .htaccess and so on.

I have an SSL certificate up and running. I set PS_CIPHER_ALGORITHM to "0" in the database... nothing works : I type my login/PW, validate and get stuck with the warning and the penguin logo...

So why does a brand new shop work and not an old one on the same environment? What's the difference here? Is there a file somewhere, and entry in the database?

Been scratching my head for 2 days...

Sincerely

DJM

Share this post


Link to post
Share on other sites

The Ciphering algorithm now only supports Rijndael, and the Rijndael.php class references a constant variable named MCRYPT_RIJNDAEL_128

The error you are receiving is that the constant MCRYPT_RIJNDAEL_128 does not exist.

That constant is provided by the mcrypt library, which I assume you have either disabled or not installed on that test domain.

Share this post


Link to post
Share on other sites

Yep @bellini13 it's deprecated on 7.2, so there's no mcrypt library by default.

But, If I install from scratch a brand new PS1.6.1.23 it works...

My question is then : what's the difference between the 2 of them ? Same versions, same environment... probably a parameter somewhere, but I don't know which one...

Sincerely

DJM

Edited by DJM
typo (see edit history)

Share this post


Link to post
Share on other sites

@bellini13

it's the same server !!!! that's what I said earlier... no virtual machines, same config, same php.ini, same database...the only difference is this one :

* 2 subdomains on the same server (e.g. test.domain.com & shop.domain.com).

But:

* the "new" test version doesn't have an SSL certificate

* the "old" shop installed for testing purpose does have an SSL certificate.

Does the use of SSL activate some parameters somewhere ? Checked the database, the config files... didn't see anything.

Edited by DJM (see edit history)

Share this post


Link to post
Share on other sites
<?php

phpinfo();

?>

I would suggest creating a php file with the above contents, and place it into the root of both of your stores and compare the differences.  virtual hosts can have different php configurations

At the end of the day, you need mcrypt to use Prestashop, since their Rijndael class still appears to require it.

You can also do a small test on the fresh install store that is working.  Locate the Rijndael.php file in the classes folder, and search for line 124, which should be this line

            $this->_iv . MCRYPT_RIJNDAEL_128 . $encrypted,

That line is part of the generateHmac function. 

    protected function generateHmac($encrypted)
    {
        $macKey = $this->generateKeygenS2k('sha256', $this->_key, $this->_iv, 32);
        return hash_hmac(
            'sha256',
            $this->_iv . MCRYPT_RIJNDAEL_128 . $encrypted,
            $macKey
        );
    }

I would suggest putting a die statement at the very beginning of that function, to show that it gets called on your working store.

    protected function generateHmac($encrypted)
    {
        die();

        $macKey = $this->generateKeygenS2k('sha256', $this->_key, $this->_iv, 32);
        return hash_hmac(
            'sha256',
            $this->_iv . MCRYPT_RIJNDAEL_128 . $encrypted,
            $macKey
        );
    }

If this function gets called, then it will immediately stop because of the die statement. 

Share this post


Link to post
Share on other sites

Thx, while you were typing, I ran phpinfo on both subdomains and checked the logs too.

On the one where PS is working, the errorlog contains the following on repeat :

[04-Dec-2018 23:33:48 Europe/Paris] PHP Warning:  Use of undefined constant _RIJNDAEL_KEY_ - assumed '_RIJNDAEL_KEY_' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/xxxxxxxxxxxxxxxxxxx/htdocs/classes/Cookie.php on line 79
[04-Dec-2018 23:33:48 Europe/Paris] PHP Warning:  Use of undefined constant _RIJNDAEL_IV_ - assumed '_RIJNDAEL_IV_' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/xxxxxxxxxxxxxxxxxxxxxxxxx/htdocs/classes/Cookie.php on line 79
[04-Dec-2018 23:33:48 Europe/Paris] PHP Warning:  openssl_encrypt(): IV passed is only 7 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0 in /srv/data/web/vhosts/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/htdocs/classes/Rijndael.php on line 52
[04-Dec-2018 23:33:48 Europe/Paris] PHP Warning:  Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /srv/data/web/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/htdocs/classes/Rijndael.php on line 124

I then set _PS_MODE_DEV_ to true... to show the errors in the navigator and in fact I'm locked out of admin...

So I moved to the other subdomain, where I'm testing the "old" shop & where I'd been in debug mode for testing purposes, went back to false and I'm able to connect... and everything works fine... Errors are still generated, but at least they don't block access.

I'm not sure what this means... the debug function blocking the admin login due to unfulfilled encryption requests ?

BTW the only differences between the 2 configs are in PHP Variables :

* new scratch environment : no SSL/https and

$_SERVER['HTTP_MOD_REWRITE']	On
$_SERVER['REWRITEBASE']	/

* testing environment for old shop : no mod_rewrite and SSL on (HTTP_SCHEME, HTTP_X_FORWARDED_PROTO, HTTPS = ON...)

It works, but I'm still have many questions... 😉

Thx for you help

Sincerely

DJM

Share this post


Link to post
Share on other sites

BTW just tested the "die();" function 😉

* With debug = off

=> blank screen (no admin login box, nothing)

* With debug = on

Warning: Use of undefined constant _RIJNDAEL_KEY_ - assumed '_RIJNDAEL_KEY_' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/a1d484be3a2e42589f6d233725d25bca.testmyurl.ws/htdocs/classes/Cookie.php on line 79

Warning: Use of undefined constant _RIJNDAEL_IV_ - assumed '_RIJNDAEL_IV_' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/a1d484be3a2e42589f6d233725d25bca.testmyurl.ws/htdocs/classes/Cookie.php on line 79

DJM

Share this post


Link to post
Share on other sites

An other "oddity"...

On the new install, I don't have the "ciphering" option in Advanced Parameters / Performance.

But have it on the old "shop"...

Copied the AdminPerformance controller from one (new) subdomain to the other (old) : still have the option...

And remember no cache, and cache cleared anyway...

DJM

nociphering.png

ciphering.png

Share this post


Link to post
Share on other sites
  • 4 months later...
On 12/4/2018 at 9:18 PM, DJM said:

Hi @hakeryk2 - found the posts and checked.

Just installed a brand new 1.6.23 for testing purposes on a brand new PHP 7.2.12 + MySQL 5.7 (Percona) and indeed, everything works fine as the fix you pointed to on github seems to be incorporated in the latest distributed version.

As the mcrypt library is deprecated and thus not included anymore at all, the setup process informs it's missing but follows through anyway and everything works fine in the end.

BUT,

My problem is that if I try to migrate an existing shop, that runs perfectly well on previous versions of PHP/MySQL, and was updated to the latest 1.6.1.23 version prior to tests, this "old" shop doesn't work : I can't access to the admin without getting the same warning :


Warning: Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/test.steveshehan.com/htdocs/shop/classes/Rijndael.php on line 124

This is a test environment (full 100% replica of files & database) in a subdomain on the prod server, so that I have the exact config, but I can play with parameters...

I got rid of all cached files, .htaccess and so on.

I have an SSL certificate up and running. I set PS_CIPHER_ALGORITHM to "0" in the database... nothing works : I type my login/PW, validate and get stuck with the warning and the penguin logo...

So why does a brand new shop work and not an old one on the same environment? What's the difference here? Is there a file somewhere, and entry in the database?

Been scratching my head for 2 days...

Sincerely

DJM

Hi DJM,

I have exactly this problem. I was 'forced' to upgrade to 1.6.1.23 after my ISP dropped PHP 5.6. 

I can't work out from this thread whether or not you resolved it. I'm getting the 

[Thu Apr 18 17:25:57.955619 2019] [fcgid:warn] [pid 7981] [client 35.227.49.189:46272] mod_fcgid: stderr: PHP Warning:  Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /home/linweb26/r/rscdsleeds.uk/user/htdocs/classes/Rijndael.php on line 124

message in the error_log.

and just living with it.

I assume I'll get the 'hang' if I turn on debugging but I've avoided doing that on the live site.

Did you do anything else?

Best, IanA

 

 

Share this post


Link to post
Share on other sites
  • 9 months later...
44 minutes ago, tryple said:

Good morning, but the file doesn't appear to download

https://www.prestashop.com/forums/profile/452242- eleazar/ is no longer active in this forum. All his tutorials were deleted. You will find the tutorial you were searching for (incl. all zip files) now only here: https://ps.multimedia-bodensee.de/index.php/prestashop-tutorials/prestashop-tricks-tipps/item/6-anpassung-prestashop-1-5-6-2-und-1-6-1x-an-php-7-2

Share this post


Link to post
Share on other sites
3 hours ago, Wuschel said:

https://www.prestashop.com/forums/profile/452242- eleazar/ is no longer active in this forum. All his tutorials were deleted. You will find the tutorial you were searching for (incl. all zip files) now only here: https://ps.multimedia-bodensee.de/index.php/prestashop-tutorials/prestashop-tricks-tipps/item/6-anpassung-prestashop-1-5-6-2-und-1-6-1x-an-php-7-2

Thank you so much. As I have seen errors in the different php files, I have changed them to the zip provided and it already works perfectly.

I had to manually define the MCRYPT_RIJNDAEL_128 constant in the settings.inc.php because the warning still appeared.

Share this post


Link to post
Share on other sites
  • 2 weeks later...
  • 1 month later...

When i use this, I didn't show warning.
I don't know if it's right way.
But, It's doesn't show warning

/public_html/config/settings.inc.php


define('MCRYPT_RIJNDAEL_128','0');
define('_RIJNDAEL_KEY_', '5pgGJ2HeBq6cKGAMmnvpeWgIXfiOkmfe');
define('_RIJNDAEL_IV_', '/gcs9WXANrjXXpp406hwrg==');


 

  • Like 1

Share this post


Link to post
Share on other sites
  • 5 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More