Jump to content

Mycrypt library missing


Doc

Recommended Posts

Mycrypt library missing from server required to encrypt credit card details

I upgraded from 6.0.11 to 

CubeCart Version
6.2.2 
PHP Version (5.6 Recommended)
7.3.2
MySQL Version
5.5.41-MariaDB

and now cannot accept credit card information

Need advice or help

Thank you

Doc

Link to comment
Share on other sites

Welcome Doc! Glad to see you made it to the forums.

Ignore everything below. Completely confused with something else.

--------------------

If you have your store hosted somewhere, then your host should have given you a control panel for that account (Cpanel?). There, you should find a way to select which version of PHP you want to use and to choose which PHP extensions you need. You will find MBString as an extension to be enabled. If you cannot find where to do this, please contact your hosting provider to enable this for you.

If you have direct and total control of your server installation, you will need to edit the PHP.INI file to enable the MBString extension.

Link to comment
Share on other sites

I have a fresh 6.2.2 that I am testing, which is creating errors:

  [Deprecated] /home/CC/classes/encryption.class.php:213 - Function mcrypt_module_open() is deprecated. Searching the files, mcrypt is only found in mode-php.js. Your suggestion is to get the latest version; I already have it. Furthermore, entering the dashes in the credit card number causes the page to hang at index.php?_a=gateway. Please advise.
Link to comment
Share on other sites

This notice of being deprecated can be ignored.

As best I can tell, the SagePay module does not use any functions of CubeCart's Encryption class. (The Card Capture module does. Need to get that updated.)

The notice is being generated because when CubeCart does use the Encryption class (in admin, orders.index.inc.php, to display card numbers captured), the mentioned function is called. (Your search should have found mcrypt in /classes/encryption.class.php.)

The file mode-php.js is a resource file for an in-line editor used in a high-level admin function to write PHP code. That resource file lists all the PHP functions so as to be able to highlight them in the code.

Link to comment
Share on other sites

51 minutes ago, bsmither said:

This notice of being deprecated can be ignored.

As best I can tell, the SagePay module does not use any functions of CubeCart's Encryption class. (The Card Capture module does. Need to get that updated.)

The notice is being generated because when CubeCart does use the Encryption class (in admin, orders.index.inc.php, to display card numbers captured), the mentioned function is called. (Your search should have found mcrypt in /classes/encryption.class.php.)

The file mode-php.js is a resource file for an in-line editor used in a high-level admin function to write PHP code. That resource file lists all the PHP functions so as to be able to highlight them in the code.

Thank you

mycrpt is in the file - but cannot use the credit card function

code is posted below

Thank you

Doc

<?php
/**
 * CubeCart v6
 * ========================================
 * CubeCart is a registered trade mark of CubeCart Limited
 * Copyright CubeCart Limited 2017. All rights reserved.
 * UK Private Limited Company No. 5323904
 * ========================================
 * Web:   http://www.cubecart.com
 * Email:  [email protected]
 * License:  GPL-3.0 https://www.gnu.org/licenses/quick-guide-gplv3.html
 */

/**
 * Encryption controller
 *
 * @author Technocrat
 * @author Al Brookbanks
 * @since 5.0.0
 */
class Encryption {

    /**
     * Encryption cipher
     *
     * @var string
     */
    private $_cipher = null;
    /**
     * Initialisation for encryption
     *
     * @var string
     */
    private $_iv  = null;
    /**
     * Encryption key
     *
     * @var string
     */
    private $_key  = null;
    /**
     * Encryption method
     *
     * @var string
     */
    private $_method  = 'mcrypt';
    /**
     * Encryption mode
     *
     * @var string
     */
    private $_mode  = null;
    /**
     * Encryption handler
     *
     * @var resource
     */
    private $_td  = null;

    /**
     * Class instance
     *
     * @var instance
     */
    protected static $_instance;

    ##############################################

    final protected function __construct() {
        // Default to mcrypt for existing data from older versions
        $this->_method = function_exists('mcrypt_encrypt') ? 'mcrypt' : 'openssl';
    }

    public function __destruct() {
        //If there is a mcrypt module close it
        if ($this->_method=='mcrypt' && isset($this->_td)) {
            mcrypt_module_close($this->_td);
        }
    }

    /**
     * Setup the instance (singleton)
     *
     * @return Encryption
     */
    public static function getInstance() {
        if (!(self::$_instance instanceof self)) {
            self::$_instance = new self();
        }
        self::$_instance->setup();

        return self::$_instance;
    }

    //=====[ Public ]=======================================

    /**
     * Decrypt data
     *
     * @param string $data
     * @return string/false
     */
    public function decrypt($data) {
        if (!empty($data)) {
            if($this->_method=='mcrypt') {
                return mcrypt_decrypt($this->_cipher, $this->_key, base64_decode($data), $this->_mode, $this->_iv);
            } else {
                return openssl_decrypt($data, $this->_cipher, $this->_key, 0, $this->_iv);
            }
        }
        return false;
    }

    /**
     * Decrypt CC3/CC4 data
     *
     * @param string $data
     * @param string $cart_order_id
     * @return string/false
     */
    public function decryptDepreciated($data, $cart_order_id) {
        $keyArray = array($cart_order_id);
        $this->_td_old  = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', 'ecb', '');
        $this->_iv_old  = mcrypt_create_iv(mcrypt_enc_get_iv_size($this->_td_old), MCRYPT_RAND);
        $this->_ks_old  = mcrypt_enc_get_key_size($this->_td_old);
        $this->_key_old = substr(md5(implode('@', $keyArray)), 0, $this->_ks_old);
        if (!empty($data)) {
            mcrypt_generic_init($this->_td_old, $this->_key_old, $this->_iv_old);
            $stringDecrypted = mdecrypt_generic($this->_td_old, $data);
            mcrypt_generic_deinit($this->_td_old);
            return trim($stringDecrypted);
        }
    }

    /**
     * Encrypt data
     *
     * @param string $data
     * @return bool
     */
    public function encrypt($data) {
        if (!empty($data)) {
            if($this->_method=='mcrypt') {
                return base64_encode(mcrypt_encrypt($this->_cipher, $this->_key, $data, $this->_mode, $this->_iv));
            } else {
                return openssl_encrypt($data, $this->_cipher, $this->_key, 0, $this->_iv);
            }
        }
        return false;
    }

    /**
     * Get encryption key
     *
     * @return string
     */
    public function getEncryptKey() {
        if($GLOBALS['config']->has('config', 'enc_key')) {
            $enc_key = $GLOBALS['config']->get('config', 'enc_key');
            if(empty($enc_key)) {
                return $this->setEncryptKey();    
            }
            return $enc_key;
        } else {
            return $this->setEncryptKey();
        }
    }

    /**
     * Set encryption key
     *
     * @return string
     */
    public function setEncryptKey() {

        // Older stores used the software license key so lets keep using that if it exists
        $key = $GLOBALS['config']->get('config', 'license_key');

        // If license_key isn't set and we don't have an "enc_key".. make one
        if((!$key || empty($key)) && !$GLOBALS['config']->has('config', 'enc_key')) {
            $key = randomString();
            $GLOBALS['config']->set('config', 'enc_key', $key);
        } else {
            // Get enc_key
            $key = $GLOBALS['config']->get('config', 'enc_key');
            if(!$key || empty($key)) {
                $key = randomString();
                $GLOBALS['config']->set('config', 'enc_key', $key);
            }
        }
        return $key;
    }

    /**
     * Setup encryption
     *
     * @param string $key
     * @param string $iv
     * @param string $cipher
     * @param string $mode
     */
    public function setup($key = '', $iv = '', $cipher = '', $mode = '', $method = '') {

        $key = (!empty($key)) ? $key : $this->getEncryptKey();
        if(in_array($method, array('openssl', 'mcrypt'))) {
            $this->_method = $method;
        }

        if($this->_method=='mcrypt') {
            $iv = (!empty($iv)) ? $iv : $this->getEncryptKey();
            $this->_cipher = empty($cipher) ? MCRYPT_RIJNDAEL_256 : $cipher;
            $this->_mode = empty($mode) ? MCRYPT_MODE_CBC : $mode;
            $this->_td  = mcrypt_module_open($this->_cipher, '', $this->_mode, '');
            $this->_iv  = substr(md5($iv), 0, mcrypt_enc_get_iv_size($this->_td));
            $this->_key  = substr(md5($key), 0, mcrypt_enc_get_key_size($this->_td));
        } else {
            $this->_key = $key;
            $this->_cipher = empty($cipher) ? 'AES-128-CBC' : $cipher;;
            $this->_mode = $this->_td  = ''; // Not used with openssl
            $ivlen = openssl_cipher_iv_length($this->_cipher);
            $this->_iv = openssl_random_pseudo_bytes($ivlen);
        }
    }
}

Link to comment
Share on other sites

On 2/22/2019 at 6:04 AM, havenswift-hosting said:

mcrypt was deprecated in PHP 7.1 and removed in PHP 7.2 so as you are using PHP 7.3 (which has only recently been released) then mcrypt wont be available.  You will need to upgrade whichever payment module (SagePay ?) you are using

Hi

We are trying to use Card Capture - we upgraded to the latest version available - 1.0.6 but no luck - we use ssl and have certs on our site - but get the error

Doc

Link to comment
Share on other sites

We accept Visa / MC / AMX and Discover

5 hours ago, Menaalfriedman said:

Which credit card are you using? Maybe it depends upon which card you are using.

We accept Visa / MC / AMX and Discover

5 hours ago, bsmither said:

Note: Card Capture 1.0.6 will test for the presence of mcrypt, and if not present, will not capture the card details (ignoring the Encryption class).

Is there any fix available to use the card capture module ?

 

On 2/21/2019 at 10:50 PM, Al Brookbanks said:

CubeCart 6.2.2 uses openssl instead of mcrypt making it compatible with the newest PHP versions. If you still get mcrypt errors then your store code is not up to date.

See: https://github.com/cubecart/v6/issues/2113

Hi Al

Is there a fix available for Card Capture ?

We upgraded to card capture version 1.0.6 - but no joy ?

Doc

Link to comment
Share on other sites

Try this (I have not verified):

In the Card Capture file gateway.class.php, near line 100, find:

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {

Change to:

if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open') || extension_loaded('openssl')) {


Near line 110, find:

$error = 'Card Capture Error: mcrypt library missing from server required to encrypt credit card data.';

Change to:

$error = 'Card Capture Error: Mcrypt or OpenSSL required to encrypt credit card data is not available.';

 

Link to comment
Share on other sites

  • 4 weeks later...

NOTE: Also posted in the Extension Forum.

Must have missed something, but Capture errors hang instead of displaying something: on advice on this Forum, I did make a small chage:

            $error = false;
         // if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open')) {
         // RS MOD
         if (extension_loaded('mcrypt') && function_exists('mcrypt_module_open') || extension_loaded('openssl')) {
            $this->_encryption   = Encryption::getInstance();
            $this->_encryption->setup(false, $order_summary['cart_order_id']);
            $record['offline_capture'] = $this->_encryption->encrypt(serialize($cardData));
            $GLOBALS['db']->update('CubeCart_order_summary', $record, array('customer_id' => $order_summary['customer_id'], 'cart_order_id' => $order_summary['cart_order_id']));
            if($this->_module['go_processing']) {
               $order->orderStatus(Order::ORDER_PROCESS, $this->_basket['cart_order_id']);
            }

         } else {
         // $error = 'Card Capture Error: mcrypt library missing from server required to encrypt credit card data.';
         // RS MOD
             $error = 'Card Capture Error: Mcrypt or OpenSSL required to encrypt credit card data is not available.';
            trigger_error($error);
         }

Link to comment
Share on other sites

  • 3 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...