joshuabedford's avatar

MCrypt Deprecation Warning Breaks File Upload - PHP7.1 MCrypt Laravel 5.2

I am currently working on a Laravel 5.2 built intranet, and successfully migrated it from a php5.6/Ubuntu14.04 server to a php7.0/Ubuntu16.04 server with no major issues. A newer (smaller) app was built on laravel 5.6, which requires php7.1, so I performed the upgrade from 7.0-7.1, and now I am experiencing problems.

My development environment is an iMac running Valet and PHP7.1, and I cannot replicate these issues on my dev environment, only on the server. When I upgraded to php7.1 on the server, I now receive the following error when I attempt a file upload:

Whoops, looks like something went wrong.

ErrorException in Base.php line 1592:
Function mcrypt_list_algorithms() is deprecated
in Base.php line 1592
at HandleExceptions->handleError('8192', 'Function mcrypt_list_algorithms() is deprecated', '/var/www/directory/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php', '1592', array('engine' => '2')) in Base.php line 1592
at Base->isValidEngine('2') in RC4.php line 166
at RC4->isValidEngine('2') in Base.php line 1659
at Base->_setEngine() in Base.php line 494
at Base->__construct('5') in RC4.php line 134
at RC4->__construct() in SSH2.php line 1834
at SSH2->_encryption_algorithm_to_crypt_instance('arcfour256') in SSH2.php line 1601
at SSH2->_key_exchange('!����{'f�%#��[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1/ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519�aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]�aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]�[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96�[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96none,[email protected]none,[email protected]') in SSH2.php line 1097
at SSH2->_connect() in SSH2.php line 1870
at SSH2->_login('sshfileserverusername', 'sshfileserverpassword')
at call_user_func_array(array(object(SFTP), '_login'), array('sshfileserverusername', 'sshfileserverpassword')) in SFTP.php line 392
at SFTP->login('sshfileserverusername', 'sshfileserverpassword') in SecLibGateway.php line 98
at SecLibGateway->connect('sshfileserverusername') in Connection.php line 140
at Connection->getGateway() in Connection.php line 254
at Connection->put(object(UploadedFile), '/var/www/html/profilePhotos/Omobude-Pam.jpg') in EmployeesControler.php line 283
at EmployeesControler->updatePhoto('1255', object(Request))
at call_user_func_array(array(object(EmployeesControler), 'updatePhoto'), array('employees' => '1255', object(Request))) in Controller.php line 80
at Controller->callAction('updatePhoto', array('employees' => '1255', object(Request))) in ControllerDispatcher.php line 146
at ControllerDispatcher->call(object(EmployeesControler), object(Route), 'updatePhoto') in ControllerDispatcher.php line 94
at ControllerDispatcher->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in PermissionRedirectMiddleware.php line 25
at PermissionRedirectMiddleware->handle(object(Request), object(Closure))
at call_user_func_array(array(object(PermissionRedirectMiddleware), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 102
at Pipeline->then(object(Closure)) in ControllerDispatcher.php line 96
at ControllerDispatcher->callWithinStack(object(EmployeesControler), object(Route), object(Request), 'updatePhoto') in ControllerDispatcher.php line 54
at ControllerDispatcher->dispatch(object(Route), object(Request), 'App\Http\Controllers\EmployeesControler', 'updatePhoto') in Route.php line 174
at Route->runController(object(Request)) in Route.php line 140
at Route->run(object(Request)) in Router.php line 724
at Router->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in VerifyCsrfToken.php line 64
at VerifyCsrfToken->handle(object(Request), object(Closure))
at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in ShareErrorsFromSession.php line 49
at ShareErrorsFromSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in StartSession.php line 62
at StartSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 37
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in EncryptCookies.php line 59
at EncryptCookies->handle(object(Request), object(Closure))
at call_user_func_array(array(object(EncryptCookies), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 102
at Pipeline->then(object(Closure)) in Router.php line 726
at Router->runRouteWithinStack(object(Route), object(Request)) in Router.php line 699
at Router->dispatchToRoute(object(Request)) in Router.php line 675
at Router->dispatch(object(Request)) in Kernel.php line 246
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in CheckForMaintenanceMode.php line 44
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 102
at Pipeline->then(object(Closure)) in Kernel.php line 132
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 99
at Kernel->handle(object(Request)) in index.php line 53

As you can see at lines 12-19 or so (I apologize, I don't know how to show line numbers or highlight), the previous developer is using an ssh/ftp method to store the file uploaded on a separate server (a server specifically for files), and the error is thrown by the package phpseclib.

I have looked around the internet everywhere, and cannot find a solution like this. My biggest problem is not exactly knowing the point of failure. I realize that mcrypt is deprecated in php7.1, but it has not been removed (based on my understanding), so it should not be breaking the file upload yet. We will be moving toward active directory integration in the near future for storing profile photos and information (still powered by laravel), so if it is indeed just this connection to the other server and file upload via that method causing this deprecation warning, then I wouldn't even mind a temporary solution of suppressing that warning (I couldn't find that either).

In short, I (obviously) am having trouble figuring this one out, so any help is very much appreciated!

0 likes
18 replies
36864's avatar

Looks like your server is configured to escalate warnings to errors while your development environment probably ignores them.

joshuabedford's avatar

@36864 On Ubuntu 16.04, is there an easy way to change that configuration? I've attempted searching for it, but apparently I'm searching wrong because I haven't yet found it.

joshuabedford's avatar

@jimmck Thank you for your time. I have seen that article, and it mentions the problem but not a definite process to gain a solution. I am looking for a definite solution, as mine has not changed its mind and decided to work yet!

jimmck's avatar

@joshuabedford You cannot use mcrypt. A link in the article I posted when to another report. Did you read that? What is the OpenSSL version in your installation. I had many such incidents when moving to 7.x You have look at the code and the 7.x release notes and mitigate it.

https://github.com/phpseclib/phpseclib/issues/1134

There are no magic solutions.

Dont publish the whole stack trace, the first 25 lines will work. What versioin of phpspec are you using same with OpenSSL.

joshuabedford's avatar

@jimmck I did read through them, but was unable to solve it based on them.

OpenSSL (returned from apt-cache policy openssl):

apt-cache policy openssl
openssl:
  Installed: 1.0.2g-1ubuntu4.11
  Candidate: 1.1.0h-2+ubuntu16.04.1+deb.sury.org+2
  Version table:
     1.1.0h-2+ubuntu16.04.1+deb.sury.org+2 500
        500 http://ppa.launchpad.net/ondrej/php/ubuntu xenial/main amd64 Packages
 *** 1.0.2g-1ubuntu4.11 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.0.2g-1ubuntu4 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

I do not know how to check the phpspec version. It is not in my composer.json file. You say that I cannot use mcrypt, but how do you specify what is used? The only part I can find that might use something like that is in the image upload function that uses SSH to send the photo to another server.

    public function updatePhoto($id, Request $request)
    {

        $input = $request->all();
        $employee = User::with('departments')->find($id);
           
            $storagePath='/var/www/html/imgUpload/';//this declares where files will be stored on file server 
            $fileData = $request->file('photo');//this gets the file data for 1st argument 
            $filename = $fileData->getClientOriginalName();//this function gets the file name
            $fullFilePath='/var/www/html/profilePhotos/' . $filename;//this concatinates the file path and name to be passed for 2nd argument
            $success = \SSH::into('production')->put($fileData, $fullFilePath);//this function connects to fileserver and passes required arguments


        $employee->photo = $filename;            
        $employee->save();

        return redirect('employees/'.$id.'/edit');
    }

The SSH facade points to the "laravelcollective/remote": "5.2.*" package.

P.S. I apologize for the late response. My notifications are not working and was away over the weekend. I do appreciate your responses and aid.

36864's avatar

What version of phpseclib is installed on your server?

Have you tried updating your dependencies?

joshuabedford's avatar

@36864 I am not entirely sure.. How do I check it if it's not in my composer.json? I added the mcrypt_compat following a github solution, but that didn't help. Is the lack of it in the composer.json the problem? I inherited this project, and am not familiar with this side of things. Thanks for your help!

    "require": {
        "php": ">=5.5.9",
        "laravel/framework": "5.2.*",
        "laravelcollective/html": "dev-master",
        "laravelcollective/remote": "5.2.*",
        "phpseclib/mcrypt_compat": "^1.0"
    },
    "require-dev": {
        "fzaninotto/faker": "~1.4",
        "mockery/mockery": "0.9.*",
        "phpunit/phpunit": "~4.0",
        "symfony/css-selector": "2.8.*|3.0.*",
        "symfony/dom-crawler": "2.8.*|3.0.*"
    },
36864's avatar

You can check your composer.lock to see what version of each package is installed.

joshuabedford's avatar

@36864 Thanks! Not sure how I've never had to look at that so far.

PHPSECLIB v2.0.1


            "name": "phpseclib/phpseclib",
            "version": "2.0.1",
            "source": {
                "type": "git",
                "url": "https://github.com/phpseclib/phpseclib.git",
                "reference": "ba6fb78f727cd09f2a649113b95468019e490585"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/ba6fb78f727cd09f2a649113b95468019e490585",
                "reference": "ba6fb78f727cd09f2a649113b95468019e490585",
                "shasum": ""
            },
            "require": {
                "php": ">=5.3.3"
            },
            "require-dev": {
                "phing/phing": "~2.7",
                "phpunit/phpunit": "~4.0",
                "sami/sami": "~2.0",
                "squizlabs/php_codesniffer": "~2.0"
            },

PHPSpec v2.0

    "require-dev": {
                "phpspec/phpspec": "~2.0"
    },

OpenSSL -- ?

"ext-openssl": "*",
36864's avatar

Try updating phpseclib to >2.0.4

Cronix's avatar
Cronix
Best Answer
Level 67

Yes, add

"phpseclib/phpseclib": "~2.0.4"

to the require section of your projects composer.json file and then run composer install

joshuabedford's avatar

@Cronix @36864 @jimmck Thank you all for your help! I believe specifying the phpseclib version in my composer.json file has fixed that problem. I can now upload successfully (on the dev server after that fix). I'll do some more testing, but I think we are golden.

Now the next issue will be exploring the possibility of upgrading the codebase to laravel 5.6.

P.S. I apologize for my response taking so long. I had one of our network guys create a clone of the server so I could test things without breaking the live server. Another benefit from this: I now have a cloned dev server.

1 like
Cronix's avatar

For upgrading, I'd recommend trying Laravel Shift. For $7 it can upgrade for you. I don't know how much your time is worth, but that's a steal. It can even do the upgrade as a pull request to your github.

I haven't personally used it and have no connection to them, but do know a few people who have used it and loved it.

https://laravelshift.com/shifts

jimmck's avatar

@joshuabedford Glad you got it going. The "Composer Fire Dance" is very important to understand. When I first started using this it was frustrating and seemed stupid. Learning the tool saved time, help find problems and fix them. You should do the upgrade to 5.6 yourself to learn the Laravel environment. What are your deprecated features you depend on (Laravel deprecated they die hard and FAST)? If you are using 7.13 already good. Otherwise you have PHP remediation to do in order to move PHP 7.13.

joshuabedford's avatar

@jimmck Yes, I definitely need to learn the more tricky or in-depth parts of composer and the framework in general. I've managed to become so caught up in building low-traffic / simple applications (basic apps with users, roles, permissions, subscriptions, etc) and somehow never HAD to learn many of the things, so haven't yet. I'll definitely be upgrading to 5.6 over the next couple months (it's actually two projects in the ecosystem that need to go 5.2 -> 5.6).

The only deprecated feature I've found so far is the removal of mcrypt in favor of openssl which is what caused the deprecation error that brought me to this discussion. After fixing that, I haven't found any other issues with php7.1 on either application (or any application I've built). I'm sure there will be many I find in the upgrade process.

Please or to participate in this conversation.