vtiger CRM 5.1.0 on PHP 5.3.0
Experiment & Observations
To avoid your screen being filled up with PHP Notice and Deprecated messages the error_reporting
was set to E_ALL & ~E_NOTICE & ~E_DEPRECATED
Although the installation succeeded the user login resulted to failure!
After spending good amount of time investigating the issue, we got to the bottom of the issue.
We carried out a unit test using the script (TestCryptAPI.php).
TestCryptAPI.php
<?php
header('Content-type: text/plain');
echo "PHP crypt API Testing\n\n";
echo "Observe the values (EXPECTING and ACTUAL) it should match\n";
echo "but on PHP 5.3.0 MD5 encryption was not working as expected!\n";
// Testing MD5 encryption
echo "\n============== MD5 ==============================\n";
echo 'INPUT : admin, Salt: $1$ad' . "\n";
echo 'EXPECTING: $1$ad$hsl2KFybNRnbXBa.b.WWv.' . "\n";
echo 'ACTUAL : ' . crypt('admin', '$1$ad') . "\n";
echo "\n============== BLOWFISH =========================\n";
// Testing BLOWFISH encryption
echo 'INPUT : admin, Salt: $2$ad' . "\n";
echo 'EXPECTING: $23PstrXfk7Nw' . "\n";
echo 'ACTUAL : ' . crypt('admin', '$2$ad') . "\n";
?>
The script output revealed results which was helpful to track the cause of login failure.
PHP crypt API Testing
Observe the values (EXPECTING and ACTUAL) it should match
but on PHP 5.3.0 MD5 encryption was not working as expected!
============== MD5 ==============================
INPUT : admin, Salt: $1$ad
EXPECTING: $1$ad$hsl2KFybNRnbXBa.b.WWv.
ACTUAL : $1$ad$G7NRXM/C4WfW4keUMfsCg1
============== BLOWFISH =========================
INPUT : admin, Salt: $2$ad
EXPECTING: $23PstrXfk7Nw
ACTUAL : $23PstrXfk7Nw
The PHP crypt API was not working as expected when MD5 salt (crypt_type) was used.Following changes was required to get the installation succeed on PHP 5.3.0
● Set the error_reporting in php configuration to
E_ALL & ~E_NOTICE & ~E_DEPRECATED
● Change the default password crypt type to BLOWFISH
○ Few minor changes were added to modules/Users/Users.php to take care of crypt_type
insert when creating users.
● To eliminate the warning of date
Warning: date() [function.date]: It is not safe to rely on the system's timezone
settings. You are required to use the date.timezone setting or the
date_default_timezone_set() function.
○ $default_timezone was set in config.template.php to 'Europe/London';
(which gets copied to config.inc.php post installation). This represents GMT ... for supported
timezones: http://php.net/manual/en/timezones.php
● http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6424
● get_class API needs to used on objects (is_object), this was fixed to eliminate warning
Warning: get_class() expects parameter 1 to be object, string given in
vtigercrm\include\utils\ListViewUtils.php on line 43
Warning: get_class() expects parameter 1 to be object, string given in
vtigercrm\include\utils\SearchUtils.php on line 33
● Added missing Constructor functions to Image/Graph library.
● Fixed Webservice ExtendSession Operation
○ PHPSESSID goes missing in $_REQUEST, need to lookup in $_COOKIE
● strcmp explicit parameter testing adding in VTQL_Parser.php