Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Crypt keys when using Smarty
  • I am trying to use Smarty templates in Fuel 1.8.1. I have this parser.php config file:
    <?php
     
    return [
      'extensions' => [
        'tpl' => 'View_Smarty',
      ],
      'View_Smarty' => [
        'extensions' => [
          'MyExtensions',
        ],
      ],
    ];

    Whenever I attempt to access a .tpl file, the crypt.php file is generated:
    <?php
    return array(
      'sodium' =>
      array(
        'cipherkey' => '...',
      ),
    );

    However, I consistently get an error:
    -----------
    Fuel\Core\FuelException [ Error ]:
    Can not decode this string, no legacy crypt keys define
    -----------

    If I add these legacy keys to the crypt.php file
      'crypto_key' => '...',
      'crypto_iv' => '...',
      'crypto_hmac' => '...',
    by hand from an older FuelPhp crypt file, the error is fixed.

    I'd like to know what to do to avoid the error in the first place.

    Thanks.


  • HarroHarro
    Accepted Answer
    The crypt.php config file is generated, if it doesn't exist, when you use the Crypt class. It is unrelated to Smarty or anything else, it is a standard framework feature.

    And Crypt uses symmetric encription, you need the keys to be able to decrypt.

    That error message indicates you have pre-1.8 data stored somewhere that needs decryption, but your app doesn't have the keys.

    So, to avoid it, make sure the app has the correct crypt config.
  • Thanks for the information. I looked more closely at my code and identified the problem.

    My complete parser.php config file is:
    ?php
     
    return [
      'extensions' => [
        'tpl' => 'View_Smarty',
      ],
     'View_Smarty' => [
        'extensions' => [
          'MyExtensions',
        ],
      ],
    ];

    The class 'MyExtensions' is this:
    <?php
    class MyExtensions {
      public function __construct(Smarty $smarty) {
        $session = Session::forge();
        $smarty->assign('session', $session);
      }
    }

    My intention is to make "$session" automatically available to Smarty template files.
    It worked in previous incarnations of FuelPhp

    The line which gets flagged as an error is:
        $session = Session::forge();
    I also tried:
        $session = Session::instance();

    The error being: Can not decode this string, no legacy crypt keys defined

    Thanks for your help.

  • HarroHarro
    Accepted Answer
    So you have session data somewhere that was encrypted with keys you don't have in your crypt.php config file.

    Like I wrote, if you use existing encrypted data, make sure your crypt config has the correct keys for that data.
  • Thanks,

    I believe you, but I rebuilt this demo from scratch starting from composer. At this point I do not know where to look for and how to avoid using this "existing data".

  • HarroHarro
    Accepted Answer
    What Fuel core version has composer installed?
  • HarroHarro
    Accepted Answer
    There may be a race condition in the code, that can trigger this exception when Crypt::decode() is called without any value (i.e. empty string).

    as a test, if you add this to the top of legacy_decode(), is your problem fixed?

    if (empty($value))
    {
        return "";
    }

  • I created the most basic version 1.8.1 FuelPhp project to test.
    This is what I did:

    $ composer create-project fuel/fuel FS
    $ cd FS

    $ php oil r install

    Edit public/.htaccess, set RewriteBase

    Create controller class fuel/app/classes/controller/home.php
    <?php
    class Controller_Home extends Controller {
      public function action_index() {
        $session = Session::instance();
        return "HOME";
      }
    }

    Activate home contoller URL, get crypt error:
      Can not decode this string, no legacy crypt keys defined

    Attempt to fix by editing fuel/core/classes/crypt.php
      protected function legacy_decode($value, $key = false, $keylength = false)
      {
        if (empty($value)) {
          return "";
        }
        ...

    But no change.

    Thanks for all your help.

  • HarroHarro
    Accepted Answer
    I'll try to reproduce it.
  • HarroHarro
    Accepted Answer
    Works fine here.

    As I said, for some reason your app gets an existing session cookie, which is encrytped with old keys, from the browser.

    This is indicated by the fact that if you add the old keys (which you have from somewhere), the problem goes away. If those keys were not the same as the one's used to encrypt, you would have gotten an error message to that effect.

    My 2ct: 

    you are using a hostname for your application that you have used before for another application, you are using a long session cookie expiry in your apps, and your browser still has that session cookie for that hostname in it's cache.

    So when you request a page, your browser sends the cookies it has, the Session class sees them, tries to decrypt them, which fails due to the missing keys...
  • Yes. That's it.

    I cleared the cookies in my browser and the error disappeared.

    Thanks for solving that mystery!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion