- Posts: 5033
- Thank you received: 1257
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Generating Tokens
- jelo
- Offline
- Platinum Member
combitz wrote: I'm experiencing the same problem on Version 3.14.10+180924 with PHP 7.2.10 on IIS10 via Fast Cgi and MSSQL via driver php_pdo_sqlsrv_72_nts_x64.dll
Recommendation for LimeSurvey 3.X under PHP 7.2 for Windows is to activate OpenSSL extension.
Check php.ini for php_openssl.dll . If that extension is not loaded, LimeSurvey won't be able to generate tokens.
PHP 7.2. removed mcrypt, which was used by LimeSurvey when OpenSSL is not available.
The bugticket is available here:
bugs.limesurvey.org/view.php?id=14055
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
- combitz
- Offline
- New Member
- Posts: 7
- Thank you received: 0
I've not found a proper solution yet but the problem looks to be "application\models\Token.php"
public static function generateRandomToken($iTokenLength)
{
return str_replace(array('~', '_'), array('a', 'z'), Yii::app()->securityManager->generateRandomString($iTokenLength));
}
This is failing (not sure why yet) but replacing the code with another random string generator allows it to work fine and I get tokens so I'll try to look into Yii more as I've never used that framework.
- combitz
- Offline
- New Member
- Posts: 7
- Thank you received: 0
- combitz
- Offline
- New Member
- Posts: 7
- Thank you received: 0
Didn't see your reply earlier in the thread, thanks for the openssl info.
- jelo
- Offline
- Platinum Member
- Posts: 5033
- Thank you received: 1257
combitz wrote: The problem is PHP 7.2 deprecated the mcrypt method so Yii::app()->securityManager->generateRandomString(int) will always fail on PHP installs above 7.1
Yii checks if OpenSSL or MCrypt or /dev/urandom is available. On a Windows platform under PHP 7.2 both MCrypt (not available under PHP 7.2 or above) and /dev/unrandom (not available under windows) are not available. So OpenSSL is the only way under Windows PHP 7.2.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
- DenisChenu
- Offline
- LimeSurvey Community Team
- Posts: 13637
- Thank you received: 2491
Maybe we need to test it when installing ? And show a warning (like imap etc …) or a dangerjelo wrote: …
Yii checks if OpenSSL or MCrypt or /dev/urandom is available. On a Windows platform under PHP 7.2 both MCrypt (not available under PHP 7.2 or above) and /dev/unrandom (not available under windows) are not available. So OpenSSL is the only way under Windows PHP 7.2.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
- combitz
- Offline
- New Member
- Posts: 7
- Thank you received: 0
DenisChenu wrote: Maybe we need to test it when installing ? And show a warning (like imap etc …) or a danger
I just had the same thought as it will get everyone installing from new as 7.2+ is the current recommended stable version going forward.
Thanks for the help, tokens working now
- DenisChenu
- Offline
- LimeSurvey Community Team
- Posts: 13637
- Thank you received: 2491
Yes but we don't recommend Windows IIScombitz wrote: I just had the same thought as it will get everyone installing from new as 7.2+ is the current recommended stable version …
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
- jelo
- Offline
- Platinum Member
- Posts: 5033
- Thank you received: 1257
When your provider changes to PHP 7.2, the running installation won't profit from the installer check routines for mcrypt etc.
The "dictator" style of the installation check should be optional
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users