Jump to content

Wrong mcrypt detection?


Jinpachi
 Share

Recommended Posts

I installed the latest version of cube cart lite to try out and see if it will be a good fit for a project I am working on. I get a Mcrypt error on the Manual Card Capture settings.

 

I was pretty sure I enabled this when compiling PHP in WHM but doubled checked regardless, and it also shows as enabled in PHPinfo.

 

Has anybody else expierenced this? I won't be able to use/recommend this cart to the customer if Manual Card Capture isn't working.

Link to comment
Share on other sites

That's odd. We actually had a support ticket about this yesterday and the customer moved host as the existing host didn't support mcrypt. This resolved it and we successfully tested a successful card capture. 

 

Have you made sure that the PHP changes affect all server directories? There are 101 ways to change the PHP config but if you do it at compile level which it sounds you have all *should* be ok. 

 

Please do drop us a support ticket with admin and FTP access if you want us to take a deep look for you.

Link to comment
Share on other sites

Hi

The server configuration of mcrypt looks perfectly OK and matches the setup on all of our servers as well.

I can confirm that this appears broken in 5.2.7 as I am seeing the same as you and yet on a 5.2.5 installation on the same server it works fine. Suggest you log an urgent ticket with CubeCart and if possible ask them (or do it yourself please) to post the patch file in this thread

Thanks

Ian

Link to comment
Share on other sites

The suggestion to log a ticket was also made by Al at exactly the same time that I made my posting and if you havent purchased a licence yet then you are able to log a "sales" ticket. However now that we have reproduced it and more importantly, Al is aware of the problem having seen this thread, I am sure that it will be investigated on Monday

Thanks

Ian

Link to comment
Share on other sites

Hi Guys,

 

I don't believe this is a 5.2.6 or 5.2.7 issue as checking version control nothing has changed in this module since we moved to Git from Subversion. If you have submit a support ticket we will have a deeper look for you. 

 

Have you tried making a test order capturing test credit card details? If mcrypt is working on the server I am sure it will be fine.

Link to comment
Share on other sites

I don't believe this is a 5.2.6 or 5.2.7 issue as checking version control nothing has changed in this module since we moved to Git from Subversion. If you have submit a support ticket we will have a deeper look for you. 

 

Have you tried making a test order capturing test credit card details? If mcrypt is working on the server I am sure it will be fine.

Al

As I mentioned, we have a 5.2.5 installation and a 5.2.7 installation on the same server and the error occurs on the 5.2.7 version and not on the 5.2.5 version and the environments will be exactly the same as we dont allow local php.ini files for security reasons. These are both test installations and this isnt affecting any of our clients (due to PCI regulations anyone taking and storing credit card details for however long should really be on a dedicated server anyway and none of our dedi server clients take payment this way) but happy to log a ticket and work through this with you on Monday directly.

Thanks

Ian

Link to comment
Share on other sites

There was a change Ian!

 https://github.com/cubecart/CubeCart/commit/de67e6b62949265a0f08e647b9e873591ca66689#diff-89deee24899af9e3f048051f7533ca73

So it looks like that code just fixes an issue of showing an error of mcrypt is not working. :-/

 

Maybe it is showing a "false negative"!! 

 

Does the store actually save the card data? Please note that it will only display this in the admin side under SSL.

Link to comment
Share on other sites

There was a change Ian! So it looks like that code just fixes an issue of showing an error of mcrypt is not working. :-/

OK so explains why 5.2.6+ is now showing an error - versions prior to this would accept card details even if mcrypt wasnt installed lol !

Maybe it is showing a "false negative"!! Does the store actually save the card data? Please note that it will only display this in the admin side under SSL.

I think the following added line is wrong and returning a false negative as mcrypt is definitely compiled and loaded into php on all our servers (as it appears to be with the OP server as well)

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {}

It is possible to place an order and the card data is saved.

Thanks

Ian

Link to comment
Share on other sites

 

There was a change Ian! So it looks like that code just fixes an issue of showing an error of mcrypt is not working. :-/

OK so explains why 5.2.6+ is now showing an error - versions prior to this would accept card details even if mcrypt wasnt installed lol !

 

It would indeed accept them but fail storing them. The code in plain English says...

 

If mcrypt is installed carry on. If not show the error.

 

So I don't get why the error shows. I can only assume the code to detect mcrypt isn't working even though its pretty standard. 

Maybe line 89 should be changed to:

if (extension_loaded('mcrypt') || function_exists('mcrypt_module_open')) {
Link to comment
Share on other sites

Hi Al

Looks like bad logic

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {}

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

Should be

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {}

else

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

Or better still (testing for something and on positive doing nothing is bad programming !)

if !(extension_loaded('mcrypt') && function_exists('mcrypt_module_open'))

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

Works for me although begs the question why moving to a different host as per your original answer "fixed" this ??

Thanks

Ian

Link to comment
Share on other sites

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {}

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

 

Well this isn't what the logic is. 

 

Should be

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {}

else

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

 

This is how the logic is. 

 

Works for me although begs the question why moving to a different host as per your original answer "fixed" this ?

 

Because originally it looked like mcrypt was not installed.

 

I still don't know why the error shows if mcrypt is installed as the coding logic looks fine. I can only assume that in this case PHP is not able to see that the mcrypt extension is loaded and the mcrypt_module_open function exists. They should both return true preventing the code falling to the else! 

 

The code change in version control makes the error show on screen rather than just be logged in the error log. No logic has changed in this module since well before 5.2.2 in June 2013. 

 

Maybe I am blind and should be in the pub rather than working on a Sunday night. :P

Link to comment
Share on other sites

Looks like bad logic

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {}

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

Should be

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {}

else

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

 

Exactly so! 'else' disapeared somewhere LOL

 

Wel done. Fixed in Git...

Link to comment
Share on other sites

 

Maybe I am blind and should be in the pub rather than working on a Sunday night. :P

White stick on its way LOL Although what are any of us doing at this time on a Sunday night !

Great! Did you need to make any php config changes or was the mcrypt error message wrong?

What he was saying that even with the admin config giving the "error" message, the gateway itself still worked fine

Exactly so! 'else' disapeared somewhere LOL

 

Wel done. Fixed in Git...

Thanks Milos although I still prefer never using empty statements like {} - why not change to

if !(extension_loaded('mcrypt') && function_exists('mcrypt_module_open'))

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

Ian

Link to comment
Share on other sites

I'm confused. What file is being discussed?

 

The CC527 file /modules/gateway/Card_Capture/gateway.class.php, lines 89-97, look perfectly fine in my installation. There is no else statement gone missing.

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {
  $this->_encryption = Encryption::getInstance();
  $this->_encryption->setup(false, $order_summary['cart_order_id']);
  $record['offline_capture'] = $this->_encryption->encrypt(serialize($cardData));
  $GLOBALS['db']->update('CubeCart_order_summary', $record, array('customer_id' => $order_summary['customer_id'], 'cart_order_id' => $order_summary['cart_order_id']));
} else {
  $error = 'Card Capture Error: mcrypt library missing from server required to encrypt credit card data.';
  trigger_error($error);
}

On compund logic evaluations, I routinely break them apart for easier debugging:

$is_mcrypt_available['el'] = extension_loaded('mcrypt');
$is_mcrypt_available['fe'] = function_exists('mcrypt_module_open');
//var_dump($res);
if ($is_mcrypt_available['el'] && $is_mcrypt_available['fe']) {
Link to comment
Share on other sites

It is a simple logic error in modules/gateway/Card_Capture/admin/index.inc.php

Change

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {}

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

To

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {}

else

$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');

Thanks

Ian

Link to comment
Share on other sites

I thought 

{}

 was a typo in Ians post!! Hence my confusion. I'm not keen on the empty else either so will adjust accordingly.

 

Really nice we are (I am!!) all on the same page now!

 

I changed it to:

if (!extension_loaded('mcrypt') || !function_exists('mcrypt_module_open')) {
	$GLOBALS['main']->setACPWarning('Mcrypt library missing from server required to encrypt credit card data!');
}

Please let me know if anyone disagrees. :)

 

GitHub: https://github.com/cubecart/CubeCart/commit/7f8c449a09408601e721df9c6a8403556eb6aad4

Link to comment
Share on other sites

Hi Al,

       I am having a few problems with the new version 5.2.7 and this is just one of them, I have changed the code as you have suggested and the same message is displaying the PHP I am using allows for mycrpt. Do you have any suggestions as this is on a live site and it may be causing my other problems of not getting a payment gateway screen after the last checkout has been selected.

 

Best Regards,

Peterp

Link to comment
Share on other sites

I have changed the code as you have suggested and the same message is displaying the PHP I am using allows for mycrpt. Do you have any suggestions as this is on a live site and it may be causing my other problems of not getting a payment gateway screen after the last checkout has been selected.

The code changes do fix the warning message which was incorrectly being shown - it had no effect on operation of the gateway or any other parts of the site. Sounds like you have bigger problems but without details, impossible to say

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...