Skip to content

All Links Were Breaking (had to patch includes/helpers/short.php file!)

dwudwu
edited April 2013 in Troubleshooting

hi my openssl_decrypt / encrypt was complaining about the following in the logs:

stderr: PHP Warning: openssl_encrypt() expects at most 4 parameters, 5 given

i tracked this down and noticed every single one of my links were not being decrypted correctly. afterwards i started looking into short.php and realized if i combined the api key with the salt when encrypting / decrypting, it seemed to work (to satisfy the error in the log while trying to combine the api key with the salt to encrypt / decrypt).

im wondering why my openssl_encrypt wont work with the default sendy way. please take a look at my script here:

http://pastie.org/private/ni0afgdxxzwwe8jxpe2fqg

my php version:

PHP 5.3.6-13ubuntu3.1 with Suhosin-Patch (cli) (built: Aug 29 2011 23:39:16)

running on ubuntu 10.06

according to http://php.net/manual/en/function.openssl-decrypt.php i should be able to use the 5 params, as iv parameter was added in php 5.3.3

Comments

  • Hi Dennis,

    Did this happen out of a sudden?

    I tested your script, if I used your method with only 4 parameters (without the iv), I'll get this warning:

    openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended

    Which means Sendy's current way of encryption is correct and secure. I'm not sure why yours does not work even though you're using PHP 5.3.6 (higher than 5.3.0).

    What do you get when you decrypt using 5 parameters (with vi) using your test script?

    Thanks.

    Ben

  • its blank when i use the 5 parameters.

    im wondering if my php is updated, but somehow my openssl library is outdated?

    i just checked my version of openssl: OpenSSL 0.9.8k 25 Mar 2009

  • Could be. My version of OpenSSL is → OpenSSL 1.0.1e-fips 11 Feb 2013

This discussion has been closed.