'Invalid user ID or password' error on new server install

[petersmahon]

Hello, I'm getting an 'Invalid user ID or password' error on a brand new server install of Scalar when trying to register a new account, so I'm unable to get superuser privileges. I'm not using recaptcha keys because I'm only in the testing phase and it's just me using it.

The only other issue I had with the install was having to use the deprecated mcrypt package, so I'm also wondering if the issues might be related? Thank you, Peter

[craigdietrich]

Actually, I think that's the problem. There's no workaround for the mcrypt deprecation (which I think started in 7.2) right now. :(

[petersmahon]

Hi Craig, Thanks for the reply. Sorry for the delay in getting back to you. Sorry if these are silly questions: does that mean the individual installs of Scalar running on machines using PHP 7.2 won't work going forward? Are plans to update it? How does this situation affect projects that live on the main Scalar servers? Best, Peter

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, October 22, 2018 3:08 PM, Craig Dietrich notifications@github.com wrote:

Actually, I think that's the problem. There's no workaround for the mcrypt deprecation (which I think started in 7.2) right now. :(

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[craigdietrich]

Right, correct, I don't think Scalar can run on 7.2 because the mcrypt library is included into CodeIgniter at a very deep level. CI sets up a session cookie even when not logged in.

The main Scalar server (scalar.usc.edu) should be a-okay, I don't know of any plans to update to 7.2 right now.

@plusperturbatio Any plans to correct the mcrypt problem?

[petersmahon]

Hi Craig, Thanks for the info. I'll have to look at Manifold as a replacement to Scalar, as there doesn't seem to be a fix. Pity. Best, Peter

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, November 11, 2018 11:44 AM, Craig Dietrich notifications@github.com wrote:

Right, correct, I don't think Scalar can run on 7.2 because the mcrypt library is included into CodeIgniter at a very deep level. CI sets up a session cookie even when not logged in.

The main Scalar server (scalar.usc.edu) should be a-okay, I don't know of any plans to update to 7.2 right now.

@plusperturbatio Any plans to correct the mcrypt problem?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[burki]

If you are on Ubuntu and have root access, you can install mcrypt for PHP 7.2 through pecl as follows:

sudo apt-get -y install gcc make autoconf libc-dev pkg-config
sudo apt-get -y install php7.2-dev
sudo apt-get -y install libmcrypt-dev

sudo pecl install mcrypt-1.0.1

You should add "extension=mcrypt.so" to php.ini

[burki]

I also managed to use phpseclib with https://github.com/phpseclib/mcrypt_compat on PHP 7.2 on windows (where I don't have access to the mcrypt-dll).

The only difficulty is the class autoloader as long as scalar doesn't support libs installed through composer.

My solution was to add the following check for missing 'mcrypt_encrypt' at the top system/libraries/Encrypt.php:

// PHP >= 7.2 lacks mcrypt
// use https://raw.githubusercontent.com/phpseclib/mcrypt_compat/master/lib/mcrypt.php 
// as well as a copy of https://github.com/phpseclib/phpseclib/tree/master/phpseclib instead
if ( ! function_exists('mcrypt_encrypt') && file_exists($mcrypt_polyfill = __DIR__ . '/phpseclib/mcrypt.php'))
{
    require_once $mcrypt_polyfill;

    // add a simple autoloader, https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader-examples.md
    spl_autoload_register(function ($class) {
        // project-specific namespace prefix
        $prefix = 'phpseclib\\';

        // base directory for the namespace prefix
        $base_dir = __DIR__ . '/phpseclib/';

        // does the class use the namespace prefix?
        $len = strlen($prefix);
        if (strncmp($prefix, $class, $len) !== 0) {
            // no, move to the next registered autoloader
            return;
        }

        // get the relative class name
        $relative_class = substr($class, $len);

        // replace the namespace prefix with the base directory, replace namespace
        // separators with directory separators in the relative class name, append
        // with .php
        $file = $base_dir . str_replace('\\', '/', $relative_class) . '.php';

        // if the file exists, require it
        if (file_exists($file)) {
            require $file;
        }
    });
}

[craigdietrich]

Hiya, @burki -- the time has come for me to finally make this official!

Is it okay for me to implement your work here (properly cited)? Or, would you be willing to run a pull request?

I think my only question is whether phpseclib is universal, or windows-only? If the latter, I suppose we'd need to load in that full polyfill class on github and let it do the work?

Thanks!!

[burki]

@craigdietrich phpseclib is universal. The windows-reference is only because i was able to build mcrypt through PECL on Linux and therefore didn't need it there. I'll prepare a pull-request for you.

[craigdietrich]

@burki you rock!

I'll do some local testing then roll this in.

Reclaim Hosting is going to love this, as they just bumped to 7.2 on all of their servers.

[burki]

@craigdietrich just let me know if you find any issues (I didn't test it out yet on Linux) and I'll investigate