[horde] Status of PHP 7 support?
Andy Dorman
adorman at ironicdesign.com
Wed May 23 22:18:55 UTC 2018
On 5/23/18 3:49 PM, Torben Dannhauer wrote:
>> Am 23.05.2018 um 22:05 schrieb Andy Dorman <adorman at ironicdesign.com>:
>>
>>> On 5/23/18 12:01 PM, Wolfgang Rauchholz wrote:
>>> I run it on Centos 7, php 7.2.
>>> No problems beyond Weather_Service
>>> Wolfgang Paul Rauchholz
>>> International Materials Manager
>>> GE Transportation, GSO
>>> M +34 627 99 49 77
>>> P +34 934 088 429
>>> E Wolfgang.Rauchholz at ge.com
>>> GE Imagination at work
>>> http://www.ecoimagination.com
>>>> On 23 May 2018, at 09:28, Arjen de Korte <build+horde at de-korte.org> wrote:
>>>>
>>>> Citeren Andy Dorman <adorman at ironicdesign.com>:
>>>>
>>>>>> On 5/22/18 4:11 PM, Sebastian Arcus wrote:
>>>>>> As Slackware has finally moved to PHP 7 in -current, I am trying to get Horde running on PHP 7.2.5. Before posting here about the few things I'm battling to get going, I wanted to know if there is any official or unofficial position on the compatibility of Horde with PHP 7.x. I suppose if there are some known show stoppers, there isn't much point in trying to get things working. Does anybody know what the situation is, please? Searching online for Horde + PHP 7 returns some posts on this list from 2016 - but nothing seemingly more recent.
>>>>>
>>>>> I just finished updating our debian servers 2 days ago to php 7.0.x and I haven't run into any show stoppers so far. We are using php7.0-fpm and the config was the same as for php5-fpm.
>>>>>
>>>>> The only reason (so far) that we have not moved up to 7.2 is we have a special addition to our Horde code that uses php-mcrypt, and php 7.2 drops mcrypt because it hasn't been updated in over 10 years.
>>>>>
>>>>> So I am in the process now of converting the mcrypt code to use the openssl library. I will let everyone know when we have Horde running with php7.2-fpm (or fail to get it working).
>>>>
>>>> I'm running Horde with php-7.2.5 and FPM (openSUSE Tumbleweed). Besides the known issue with Service_Weather, I experience no problems.
>>>>
>>>>> Andy Dorman
>>>>> Ironic Design, Inc.
>>>>> AnteSpam.com
>>
>> We have converted the mcrypt code to openssl. That was a little tricky because openssl pads the string being encrypted differently than mcrypt. So you have to pad it manually and tell openssl to NOT pad it.
>>
>> Once that was done everything works on our debian devel server with php 7.2.4 (debian testing current version) with the exception of Service_Weather that has already been mentioned and this non-fatal PHP error which was reported at https://bugs.horde.org/ticket/14777.
>>
>> PHP ERROR: ini_set(): Cannot set 'user' save handler by ini_set() or session_module_name() [pid 11131 on lhttps://bugs.horde.org/ticket/14777ine 95 of "/usr/share/php/Horde/SessionHandler.php"
>>
>> Sincere regards,
>>
>> --
>> Andy Dorman
>> Ironic Design, Inc.
>> AnteSpam.com
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
>
> Andy, will you contribute your mcrypt replacement to horde?
>
> Thanks,
> Torben
>
Of course we will. I just do not know if it will be of any help to
anyone because the application is very specific to our use case.
We run horde webmail as an email client to access email hosted by Cyrus
IMAP in our AnteSpam email security service servers.
The AnteSpam service is written in perl with a web interface and a bunch
of possible settings and stores the "junk" email on the server in a
special db called "sideline". So accessing the AnteSpam UI from the
email client can be very useful.
So what we did with webmail was add menu options to webmail that made it
possible for the webmail user to click on a menu link and seamlessly log
into AnteSpam. We do this in horde by accessing the user's password,
encrypting the password so it will be safe to be used in a URL link,
then building the AnteSpam links with the encrypted password. That way,
when the user clicks on a link in webmail the encrypted password is
passed to the AnteSpam perl code which decrypts the pwd and
authenticates the user.
Here is the horde/registry.d/antespam.php code with the old mcrypt code
lines beginning with a - and the secret key and IV strings blocked to
x's. I hope it helps someone.
<?php
// get the user name and password
$user = strtolower ($GLOBALS['registry']->getAuth());
$pw = $GLOBALS['registry']->getAuthCredential ('password');
if ($pw) {
// php and perl (AnteSpam) play nice together with blowfish using
cipher block chaining (bf-cbc)
- $cipher = mcrypt_module_open (MCRYPT_BLOWFISH, '', 'cbc', '');
- mcrypt_generic_init ($cipher, 'xxxxxxxxxxxxxxxxxxxxx56 byte secret
keyxxxxxxxxxxxxxxxxxxxxxxxxxx', '8-byte IV');
- $encrypted = bin2hex (mcrypt_generic ($cipher, $pw));
- mcrypt_generic_deinit($cipher);
// With openssl we have to manually pad our clear text pw.
// We get the wrong result if we let openssl pad it by removing
OPENSSL_NO_PADDING
if ($m = strlen($pw)%8)
$pw .= str_repeat("\x00", 8 - $m);
$raw_encrypted = openssl_encrypt($pw, 'bf-cbc',
'xxxxxxxxxxxxxxxxxxxxx56 byte secret keyxxxxxxxxxxxxxxxxxxxxxxxxxx',
OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, '8-byte IV');
$encrypted = bin2hex ($raw_encrypted);
$this->applications['antespam'] = array(
'name' => _("AnteSpam"),
'icon' => '/themes/graphics/asicon.png',
'status' => 'heading'
);
$this->applications['as_sideline'] = array(
'initial_page' => 'sideline',
'menu_parent' => 'antespam',
'name' => _("Sideline"),
'status' => 'link',
'target' => 'AnteSpam',
'url' => 'https://antespam.com/address/' . $user .
'/sideline?uid=' . $user . '&lab=' . $encrypted
);
$this->applications['as_settings'] = array(
'initial_page' => 'update',
'menu_parent' => 'antespam',
'name' => _("Settings"),
'status' => 'link',
'target' => 'AnteSpam',
'url' => 'https://antespam.com/address/' . $user . '/update?uid='
. $user . '&lab=' . $encrypted
);
}
More information about the horde
mailing list