PCI compliancy issue & php5.2.10?

[stride-r]

Hi All,

My host and I are having an issue. Seems a recent pci scan failed and whose reccommended action was to upgrade to a version greater than PHP 5.2.9 . My host promptly did so but it immediately broke functionality of zencart. Nothing would load but a totally blank, white, home page and error messages were thrown when trying to load the admin:

Warning: require(/web/public_html/myaccount/store/includes/autoload_func.php) [function.require]:
failed to open stream: No such file or directory in E:\web\public_html\myaccount\store\admin-renamed\includes\application_top.php on line 130

Reverting to PHP 5.2.9 was the temp solution.

However, this still leaves us with a currently non compliant version of php.

I see the comment on server requirements (https://www.zen-cart.com/tutorials/index.php?article=6) where it states that "PHP5 is not officially supported by Zen Cart v1.3.x and lower"

Thus I am wondering if others have run into a similar PHP version / pci compliancy issue and whether anyone has any suggestions that i might forward to my host that will help us with the issue until such time that we can get to a ZC version 2.x?


My Current system:
Zen Cart 1.3.8a (all patches current as far as i'm aware)
Host Server: Windows NT
MySQL 5.0.67
Microsoft-IIS/6.0
PHP Version: 5.2.9-1


The specific PCI Scan result:
Security warning: "PHP < 5.2.10 Multiple Vulnerabilities"
Solution : Upgrade to PHP version 5.2.10 or later.


Any ideas on how to resolve??

Thanks for the help.

[DrByte]

NOTE: Zen Cart v1.3.8a and older are NOT compatible with PHP 5.3.0+. Many changes in PHP 5.3 cause problems in these older versions of Zen Cart.

Zen Cart v1.3.9 (currently in development) works around those issues, and should work on PHP 5.3.

PHP 5.2.10 should work in the meantime.

[DrByte]

error messages were thrown when trying to load the admin:

Warning: require(/web/public_html/myaccount/store/includes/autoload_func.php) [function.require]:
failed to open stream: No such file or directory in E:\web\public_html\myaccount\store\admin-renamed\includes\application_top.php on line 130

That seems more like a case of misconfigured configure.php files or missing files on the server than a problem with the version of PHP.

[Merlinpa1969]

we are running php 5.2.10 on several servers with NO issues

[stride-r]

Thanks to you both for the input!

seems more like a case of misconfigured configure.php files or missing files on the server

That's what i thought (missing files) ...however, there was at least one other 1.3.8a zencart store running on this same server. I visually confirmed the exact same response from it as well (blank home page and errors attempting to access the admin login). Performance for both stores was immediately resolved once the host rolled back to PHP 5.2.9

PHP 5.2.10 should work in the meantime.

we are running php 5.2.10 on several servers with NO issues

That was when we ran into the issue described above - when they tried upgrading to version 5.2.10 .
I do not know what config settings they had assigned to the 5.2.10 ini but could there have been a misconfigured setting there that could cause something like that? Obviously we need to bump it back up sooner or later ...but only if we can get it to run on 5.2.10 and not hiccup. I'm sure my hosts have server techs more familiar with it than I , but i was just hoping someone might recognize sometnhing valuable that I might be able to pass back to them to help the upgrade go more smoothly.

Thanks!

[pdxdoug]

My sites are running on php 5.2.9, been scanned by Security Metrics and are PCI Compliant.

[DrByte]

we are running php 5.2.10 on several servers with NO issues

My sites are running on php 5.2.9, been scanned by Security Metrics and are PCI Compliant.

I suspect that there may be a difference between PHP on linux vs PHP on windows in this case:

My Current system:
Zen Cart 1.3.8a (all patches current as far as i'm aware)
Host Server: Windows NT
MySQL 5.0.67
Microsoft-IIS/6.0
PHP Version: 5.2.9-1


The specific PCI Scan result:
Security warning: "PHP < 5.2.10 Multiple Vulnerabilities"
Solution : Upgrade to PHP version 5.2.10 or later.

Granted, these scanning companies have been known to throw back wrong responses on many occasions.