Function mcrypt_encrypt() is deprecated in /classes/Rijndael.php on line 51

[rl_lucian]

We encounter this error when switching to PHP 7.1:

 

Function mcrypt_encrypt() is deprecated in /home/username/public_html/classes/Rijndael.php on line 51

 

We are using Prestashop 1.6.1.14 version.

 

Any ideea how to fix this error?

 

thanks

[cracked]

Does this SQL 

UPDATE `ps_configuration` SET `value` = '0' WHERE `name` = 'PS_CIPHER_ALGORITHM';

solve the problem for you?

We had the same issue in the beginning after switching to php7.

 

Regards,

cracked

[Gurnboy]

Thanks cracked, worked a treat. 

[bellini13]

Ideally you should use PHP 7.0.x, not PHP 7.1.x

 

There are likely other issues you will encounter using PHP 7.1.x

[sadgamaya]

On 6/23/2017 at 1:43 PM, cracked said:

Does this SQL 

UPDATE `ps_configuration` SET `value` = '0' WHERE `name` = 'PS_CIPHER_ALGORITHM';

solve the problem for you?

We had the same issue in the beginning after switching to php7.

 

Regards,

cracked

HI could you help me how do I make this update? I have same error I am not a very techie but can follow instructions as to how to do this.

Thanks

[Gurnboy]

Hi

sure no problem, I’m away on holiday atm but will do it when I get back for you. 

 

However if memory serves me correctly, you need to login to your phpmyadmin and run the SQL query. 

 

If that doesn’t help, I’m back on the 7th and will go through it with you. 

 

Regards

 

Gurnboy

[janoo]

Same results you can accomplish by change settings in:

Administration > Advanced parameters > Performance > Ciphering > Algorithm > "Use the custom BlowFish class"

(switch from "Rijndael with mcrypt lib")

[bellini13]

48 minutes ago, janoo said:

Same results you can accomplish by change settings in:

Administration > Advanced parameters > Performance > Ciphering > Algorithm > "Use the custom BlowFish class"

(switch from "Rijndael with mcrypt lib")

That assumes you can log into the back office, which you usually cannot do when you receive this error

[caleb dev]

I have same problem.

Please see : https://gist.github.com/odan/c1dc2798ef9cedb9fedd09cdfe6e8e76

 

Thanks!

[Gurnboy]

use php 7.0 not 7.1 then run the query

[Rhobur]

Or, you simply modify a few code lines as described here, https://github.com/PrestaShop/PrestaShop/pull/8256/commits/80ecf62a30fbd2521007ad3eee441d055aa49c36

[BerB]

On 6/23/2017 at 9:13 AM, cracked said:

Does this SQL 

UPDATE `ps_configuration` SET `value` = '0' WHERE `name` = 'PS_CIPHER_ALGORITHM';

solve the problem for you?

We had the same issue in the beginning after switching to php7.

 

Regards,

cracked

Many thanks, this worked for me too

[cracked]

Please note that there was an important security-fix regarding the Cookie Encryption in Prestashop Update 1.6.1.20.

Previous versions can easily be hacked (full Backoffice admin and therefore server access via php). 

 

You should update to the newest version of Prestashop 1.6!

 

Regards,

cracked

Edited August 24, 2018 by cracked (see edit history)

[Tony den Haan]

On 8/24/2018 at 10:19 AM, cracked said:

Please note that there was an important security-fix regarding the Cookie Encryption in Prestashop Update 1.6.1.20.

Previous versions can easily be hacked (full Backoffice admin and therefore server access via php). 

 

You should update to the newest version of Prestashop 1.6!

 

Regards,

cracked

1.6.1.20 is the one that's not working for me now, LOTS of this noise in errorlog:

 

[Tue Sep 11 10:48:32.739008 2018] [proxy_fcgi:error] [pid 95649:tid 139695774209792] [client 54.36.148.121:37354] AH01071: Got error 'PHP message: PHP Warning:  count(): Parameter must be an array or an object t
hat implements Countable in /home/kc.com/public_html/controllers/front/ProductController.php on line 254\nPHP message: PHP Warning:  openssl_encrypt(): IV passed is only 7 bytes long, cipher expects a
n IV of precisely 16 bytes, padding with \\0 in /home/kc.com/public_html/classes/Rijndael.php on line 52\nPHP message: PHP Warning:  Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJ
NDAEL_128' (this will throw an Error in a future version of PHP) in /home/kc.com/public_html/classes/Rijndael.php on line 124\n'

 

This coincides with:

AH01630: client denied by server configuration: /home/kc.com/public_html/img/p/1/1 so no images are shown since upgrade

 

Got error 'PHP message: PHP Warning:  Use of undefined constant MCRYPT_RIJNDAEL_128 - ass
umed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /home/midcentury-kc.com/public_html/classes/Rijndael.php on line 124\nPHP message: PHP Warning:  openssl_encrypt(): IV passed i
s only 7 bytes long, cipher expects an IV of precisely 16 bytes, padding with \\0 in /home/midcentury-kc.com/public_html/classes/Rijndael.php on line 52\nPHP message: PHP Warning:  Use of undefined constant MCRY
PT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /home/midcentury-kc.com/public_html/classes/Rijndael.php on line 124\n'

 

[cracked]

You are probably using a php version which is too recent (7.1+)? 
I think this is what is causing your error messages...

Regards,

cracked

Edited September 11, 2018 by cracked (see edit history)

[Tony den Haan]

Yes, 7.2  but similar problem on 7.1. Hosting provider forced us away from php5, so no way back. 

Edited September 11, 2018 by Tony den Haan (see edit history)

[hakeryk2]

This should help - it suppose to fix it but it is not official fix https://github.com/PrestaShop/PrestaShop/pull/8256

[DJM]

Hi @hakeryk2 - found the posts and checked.

Just installed a brand new 1.6.23 for testing purposes on a brand new PHP 7.2.12 + MySQL 5.7 (Percona) and indeed, everything works fine as the fix you pointed to on github seems to be incorporated in the latest distributed version.

As the mcrypt library is deprecated and thus not included anymore at all, the setup process informs it's missing but follows through anyway and everything works fine in the end.

BUT,

My problem is that if I try to migrate an existing shop, that runs perfectly well on previous versions of PHP/MySQL, and was updated to the latest 1.6.1.23 version prior to tests, this "old" shop doesn't work : I can't access to the admin without getting the same warning :

Warning: Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/test.steveshehan.com/htdocs/shop/classes/Rijndael.php on line 124

This is a test environment (full 100% replica of files & database) in a subdomain on the prod server, so that I have the exact config, but I can play with parameters...

I got rid of all cached files, .htaccess and so on.

I have an SSL certificate up and running. I set PS_CIPHER_ALGORITHM to "0" in the database... nothing works : I type my login/PW, validate and get stuck with the warning and the penguin logo...

So why does a brand new shop work and not an old one on the same environment? What's the difference here? Is there a file somewhere, and entry in the database?

Been scratching my head for 2 days...

Sincerely

DJM

[bellini13]

The Ciphering algorithm now only supports Rijndael, and the Rijndael.php class references a constant variable named MCRYPT_RIJNDAEL_128

The error you are receiving is that the constant MCRYPT_RIJNDAEL_128 does not exist.

That constant is provided by the mcrypt library, which I assume you have either disabled or not installed on that test domain.

[DJM]

Yep @bellini13 it's deprecated on 7.2, so there's no mcrypt library by default.

But, If I install from scratch a brand new PS1.6.1.23 it works...

My question is then : what's the difference between the 2 of them ? Same versions, same environment... probably a parameter somewhere, but I don't know which one...

Sincerely

DJM

Edited December 4, 2018 by DJM
typo (see edit history)

[bellini13]

No parameters I am aware of.  Your hosting environment for those 2 stores must not be configured the same

[DJM]

@bellini13

it's the same server !!!! that's what I said earlier... no virtual machines, same config, same php.ini, same database...the only difference is this one :

* 2 subdomains on the same server (e.g. test.domain.com & shop.domain.com).

But:

* the "new" test version doesn't have an SSL certificate

* the "old" shop installed for testing purpose does have an SSL certificate.

Does the use of SSL activate some parameters somewhere ? Checked the database, the config files... didn't see anything.

Edited December 4, 2018 by DJM (see edit history)

[bellini13]

PHP can be configured differently for subdomains and/or folders. 

I would suggest running phpinfo on both stores and reviewing the differences

[DJM]

As said earlier, it's the same server, I only have one console and one phpinfo for the machine... the subdomains are vhosts on the same machine...

Edited December 4, 2018 by DJM
typo (see edit history)

[bellini13]

<?php

phpinfo();

?>

I would suggest creating a php file with the above contents, and place it into the root of both of your stores and compare the differences.  virtual hosts can have different php configurations

At the end of the day, you need mcrypt to use Prestashop, since their Rijndael class still appears to require it.

You can also do a small test on the fresh install store that is working.  Locate the Rijndael.php file in the classes folder, and search for line 124, which should be this line

            $this->_iv . MCRYPT_RIJNDAEL_128 . $encrypted,

That line is part of the generateHmac function. 

    protected function generateHmac($encrypted)
    {
        $macKey = $this->generateKeygenS2k('sha256', $this->_key, $this->_iv, 32);
        return hash_hmac(
            'sha256',
            $this->_iv . MCRYPT_RIJNDAEL_128 . $encrypted,
            $macKey
        );
    }

I would suggest putting a die statement at the very beginning of that function, to show that it gets called on your working store.

    protected function generateHmac($encrypted)
    {
        die();

        $macKey = $this->generateKeygenS2k('sha256', $this->_key, $this->_iv, 32);
        return hash_hmac(
            'sha256',
            $this->_iv . MCRYPT_RIJNDAEL_128 . $encrypted,
            $macKey
        );
    }

If this function gets called, then it will immediately stop because of the die statement. 

[DJM]

Thx, while you were typing, I ran phpinfo on both subdomains and checked the logs too.

On the one where PS is working, the errorlog contains the following on repeat :

[04-Dec-2018 23:33:48 Europe/Paris] PHP Warning:  Use of undefined constant _RIJNDAEL_KEY_ - assumed '_RIJNDAEL_KEY_' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/xxxxxxxxxxxxxxxxxxx/htdocs/classes/Cookie.php on line 79
[04-Dec-2018 23:33:48 Europe/Paris] PHP Warning:  Use of undefined constant _RIJNDAEL_IV_ - assumed '_RIJNDAEL_IV_' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/xxxxxxxxxxxxxxxxxxxxxxxxx/htdocs/classes/Cookie.php on line 79
[04-Dec-2018 23:33:48 Europe/Paris] PHP Warning:  openssl_encrypt(): IV passed is only 7 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0 in /srv/data/web/vhosts/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/htdocs/classes/Rijndael.php on line 52
[04-Dec-2018 23:33:48 Europe/Paris] PHP Warning:  Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /srv/data/web/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/htdocs/classes/Rijndael.php on line 124

I then set _PS_MODE_DEV_ to true... to show the errors in the navigator and in fact I'm locked out of admin...

So I moved to the other subdomain, where I'm testing the "old" shop & where I'd been in debug mode for testing purposes, went back to false and I'm able to connect... and everything works fine... Errors are still generated, but at least they don't block access.

I'm not sure what this means... the debug function blocking the admin login due to unfulfilled encryption requests ?

BTW the only differences between the 2 configs are in PHP Variables :

* new scratch environment : no SSL/https and

$_SERVER['HTTP_MOD_REWRITE']	On
$_SERVER['REWRITEBASE']	/

* testing environment for old shop : no mod_rewrite and SSL on (HTTP_SCHEME, HTTP_X_FORWARDED_PROTO, HTTPS = ON...)

It works, but I'm still have many questions... 😉

Thx for you help

Sincerely

DJM

[DJM]

BTW just tested the "die();" function 😉

* With debug = off

=> blank screen (no admin login box, nothing)

* With debug = on

Warning: Use of undefined constant _RIJNDAEL_KEY_ - assumed '_RIJNDAEL_KEY_' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/a1d484be3a2e42589f6d233725d25bca.testmyurl.ws/htdocs/classes/Cookie.php on line 79

Warning: Use of undefined constant _RIJNDAEL_IV_ - assumed '_RIJNDAEL_IV_' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/a1d484be3a2e42589f6d233725d25bca.testmyurl.ws/htdocs/classes/Cookie.php on line 79

DJM

[DJM]

An other "oddity"...

On the new install, I don't have the "ciphering" option in Advanced Parameters / Performance.

But have it on the old "shop"...

Copied the AdminPerformance controller from one (new) subdomain to the other (old) : still have the option...

And remember no cache, and cache cleared anyway...

DJM

[PresstaModul.shopmk]

See on config/settings.inc.php if not defined _RIJNDAEL_KEY_ and _RIJNDAEL_IV_

 

copy and paste
define('_RIJNDAEL_KEY_', '5pgGJ2HeBq6cKGAMmnvpeWgIXfiOkmfe');
define('_RIJNDAEL_IV_', '/gcs9WXANrjXXpp406hwrg==');

Edited April 12, 2019 by PresstaModul.shopmk (see edit history)

[Janett]

Warning, this values must be unique, use a generator like https://shop.devcustom.net/gen.php to have ramdom values 👌

[eleazar]

Includes a working Rijndael.php:

 

[iAshton]

On 12/4/2018 at 9:18 PM, DJM said:

Hi @hakeryk2 - found the posts and checked.

Just installed a brand new 1.6.23 for testing purposes on a brand new PHP 7.2.12 + MySQL 5.7 (Percona) and indeed, everything works fine as the fix you pointed to on github seems to be incorporated in the latest distributed version.

As the mcrypt library is deprecated and thus not included anymore at all, the setup process informs it's missing but follows through anyway and everything works fine in the end.

BUT,

My problem is that if I try to migrate an existing shop, that runs perfectly well on previous versions of PHP/MySQL, and was updated to the latest 1.6.1.23 version prior to tests, this "old" shop doesn't work : I can't access to the admin without getting the same warning :

Warning: Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /srv/data/web/vhosts/test.steveshehan.com/htdocs/shop/classes/Rijndael.php on line 124

This is a test environment (full 100% replica of files & database) in a subdomain on the prod server, so that I have the exact config, but I can play with parameters...

I got rid of all cached files, .htaccess and so on.

I have an SSL certificate up and running. I set PS_CIPHER_ALGORITHM to "0" in the database... nothing works : I type my login/PW, validate and get stuck with the warning and the penguin logo...

So why does a brand new shop work and not an old one on the same environment? What's the difference here? Is there a file somewhere, and entry in the database?

Been scratching my head for 2 days...

Sincerely

DJM

Hi DJM,

I have exactly this problem. I was 'forced' to upgrade to 1.6.1.23 after my ISP dropped PHP 5.6. 

I can't work out from this thread whether or not you resolved it. I'm getting the 

[Thu Apr 18 17:25:57.955619 2019] [fcgid:warn] [pid 7981] [client 35.227.49.189:46272] mod_fcgid: stderr: PHP Warning:  Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in /home/linweb26/r/rscdsleeds.uk/user/htdocs/classes/Rijndael.php on line 124

message in the error_log.

and just living with it.

I assume I'll get the 'hang' if I turn on debugging but I've avoided doing that on the live site.

Did you do anything else?

Best, IanA

 

 

[eleazar]

I beg your pardon, @iAshton, but how about you read my posted topic on this issue?

[tryple]

On 4/13/2019 at 9:24 AM,  eleazar said:

Includes a working Rijndael.php:

 

Good morning, but the file doesn't appear to download

[Wuschel]

44 minutes ago, tryple said:

Good morning, but the file doesn't appear to download

https://www.prestashop.com/forums/profile/452242- eleazar/ is no longer active in this forum. All his tutorials were deleted. You will find the tutorial you were searching for (incl. all zip files) now only here: https://ps.multimedia-bodensee.de/index.php/prestashop-tutorials/prestashop-tricks-tipps/item/6-anpassung-prestashop-1-5-6-2-und-1-6-1x-an-php-7-2

[tryple]

3 hours ago, Wuschel said:

https://www.prestashop.com/forums/profile/452242- eleazar/ is no longer active in this forum. All his tutorials were deleted. You will find the tutorial you were searching for (incl. all zip files) now only here: https://ps.multimedia-bodensee.de/index.php/prestashop-tutorials/prestashop-tricks-tipps/item/6-anpassung-prestashop-1-5-6-2-und-1-6-1x-an-php-7-2

Thank you so much. As I have seen errors in the different php files, I have changed them to the zip provided and it already works perfectly.

I had to manually define the MCRYPT_RIJNDAEL_128 constant in the settings.inc.php because the warning still appeared.

[Wuschel]

You should adapt this, too. It's not included in the zip: https://ps.multimedia-bodensee.de/index.php/prestashop-forum/prestashop-questions/3-prestashop-1-6-1-x-mit-php7-1-und-hoeher#10

[tryple]

I have had to modify some more files but the ones you have given me have helped me to know what to change in the following ones. Many thanks

[Fxc Jahid]

When i use this, I didn't show warning.
I don't know if it's right way.
But, It's doesn't show warning

/public_html/config/settings.inc.php


define('MCRYPT_RIJNDAEL_128','0');
define('_RIJNDAEL_KEY_', '5pgGJ2HeBq6cKGAMmnvpeWgIXfiOkmfe');
define('_RIJNDAEL_IV_', '/gcs9WXANrjXXpp406hwrg==');

 

[mafei]

please  install mcrypt and restart the server 

sudo apt-get install php7.2-mcrypt

sudo systemctl restart nginx.service (if you use nginx)