Migrating from DreamHost to CentOS. Cant decrypt existing passwords + parsing prob

[chibipaw]

Hi,

Like many others with Dream Host's session expiration problems, Im finally trying to migrate to a better hosting service. Im considering AWS (Amazon Web Services) by creating a copy of my production zen-cart installation on it. Since AWS is much a DIY on everything approach, I've built a simple CentOS 6. minimal config, and using their RDS mysql database, php 5.4 etc, and apache from CentOs' package distribution system.

After migrating the zen-cart structure over, I notice a few odd issues.

1) Shopping cart can't seem to decrypt passwords for both existing customers, and existing admin for login. Passwords always return as incorrect.
2) New user created CAN login
3) Old users can reset their passwords and login again
4) After login in, text bar where normally would read: "HOME CONTACT US LOG OUT MY ACCOUNT SHOPPING CART - 1 ITEM(S) - $29.00 CHECKOUT" ends up rending strange, looking like this: "HOME CONTACT US LOG OUT MY ACCOUNT SHOPPING CART - COUNT_CONTENTS();?> ITEM(S) - FORMAT($_SESSION['CART']->SHOW_TOTAL());?> CHECKOUT"
5) During checkout, in step 2 of 3: the page renders the order total box with this:
Your Total
$29.00
Sub-Total:
? echo $GLOBALS-output[$i]; ?>

$48.25
United States Postal Service (Priority Mail International®):
? echo $GLOBALS-output[$i]; ?>

$1.65
Shipping Insurance:
? echo $GLOBALS-output[$i]; ?>

$78.90
Total:
? echo $GLOBALS-output[$i]; ?>

1
Reward Points earned:
? echo $GLOBALS-output[$i]; ?>

I've looked around the archives, while I've seen some issues with admin accounts not being able to login after a migration, but not quite like this.
Have I over looked something? Any pointers would be much appreciated.

Please PM me if you want to take a look around my server.

[Design75]

The

PHP Code:

? echo 


are probably the result of the use of short tags in your code. On most modern php versions short tags are disabled by default.
You can do two things.
1 the quick an easiest way, add the next to your .htacces file in the reeot of your server. if there is none, create one)

Code:

php_flag short_open_tag on

or 2 which IMHO is the better solution, replace all the

PHP Code:

<? echo

for

PHP Code:

<?php echo

in your files.

[lhungil]

... Im finally trying to migrate to a better hosting service. ... After migrating the zen-cart structure over, I notice a few odd issues. ...

1) Shopping cart can't seem to decrypt passwords for both existing customers, and existing admin for login. Passwords always return as incorrect.
2) New user created CAN login
3) Old users can reset their passwords and login again
...

There have been some changes to the password handling in recent versions of Zen Cart which may impact logins when versions of PHP are changed... What version of Zen Cart (and PHP) were on the old hosting provider?

[chibipaw]

The

PHP Code:

? echo 


are probably the result of the use of short tags in your code. On most modern php versions short tags are disabled by default.
You can do two things.
1 the quick an easiest way, add the next to your .htacces file in the reeot of your server. if there is none, create one)

Code:

php_flag short_open_tag on

or 2 which IMHO is the better solution, replace all the

PHP Code:

<? echo

for

PHP Code:

<?php echo

in your files.

Thanks for the tip. I going to try both methods, and see if that cleans up the esthetics of things, and report in after.
There's some other issues with easy populate not even rendering the admin page properly, but not sure if that's even related.

[chibipaw]

That's what I've suspected at first. I had php 5.5 before, and also MySQL 5.6. So I've decided to roll the versions back to something as closest can get them to the original server, but that didn't really work even when Im matching. Old server is PHP 5.4.11, new server is PHP 5.4.36 Im also suspecting it might also have something to do with generally mismatched server platforms, but I am not quite sure what are the important components to match. For example. new server is pretty bare bone and it it's Server API is Apache 2.0, old server is CGI/FastCGI.

For reference , these are the top entry of the server config versions. They look very different.

Old server Dream Host Debian:
Server OS: Linux 2.6.32.45-grsec-2.2.2-r3 Database: MySQL 5.1.56-log
Server Date: 01/18/2015 17:01:29 Database Date: 01/18/2015 17:01:29
Server Up Time: 17:01:29 up 33 days, 6:15, 0 users, load average: 0.00, 0.02, 0.00 HTTP Server: Apache
PHP Version: 5.4.11 (Zend: 2.4.0) PHP Memory Limit: 128M PHP Safe Mode: Off
PHP File Uploads: On Max Size: 64M POST Max Size: 64M
Database Data Size: 244,109 kB Database Index Size: 45,660 kB
Zen Cart 1.5.3
Database Patch Level: 1.5.3
PHP Version 5.4.11
System Linux ds4297 2.6.32.45-grsec-2.2.2-r3 #8 SMP Mon Oct 10 13:33:17 PDT 2011 x86_64
Build Date Feb 12 2013 19:01:15
Configure Command './configure' '--prefix=/usr/local/php54' '--datadir=/usr/local/php54/share' '--localstatedir=/usr/local/php54/var' '--without-pear' '--with-config-file-path=/etc/php54' '--with-config-file-scan-dir=/etc/php54/conf.d' '--with-zend-vm=GOTO' '--enable-cgi' '--enable-fpm' '--enable-libxml=shared' '--enable-bcmath=shared' '--enable-calendar=shared' '--enable-ctype=shared' '--enable-dom=shared' '--enable-exif=shared' '--enable-fileinfo=shared' '--enable-filter=shared' '--enable-ftp=shared' '--enable-hash=shared' '--enable-intl=shared' '--enable-json=shared' '--enable-mbstring' '--enable-mbregex' '--enable-mbregex-backtrack' '--enable-pcntl=shared' '--enable-pdo' '--enable-phar=shared' '--enable-posix=shared' '--enable-session=shared' '--enable-shmop=shared' '--enable-simplexml=shared' '--enable-soap=shared' '--enable-sockets=shared' '--enable-sysvmsg=shared' '--enable-sysvsem=shared' '--enable-sysvshm=shared' '--enable-tokenizer=shared' '--enable-wddx=shared' '--enable-xml=shared' '--enable-xmlreader=shared' '--enable-xmlwriter=shared' '--enable-zip=shared' '--with-openssl=shared' '--with-kerberos' '--with-pcre-regex' '--with-sqlite3' '--with-zlib=shared' '--with-bz2=shared' '--with-curl=shared' '--with-gd=shared' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-zlib-dir=/usr' '--with-xpm-dir=/usr' '--with-freetype-dir=/usr' '--with-gettext=shared' '--with-gmp=shared' '--with-mhash=shared' '--with-iconv=shared' '--with-imap=shared' '--with-imap-ssl' '--with-ldap=shared' '--with-mcrypt=shared' '--with-msql=shared' '--with-mysql=shared,mysqlnd' '--with-mysql-sock=/No-MySQL-hostname-was-specified' '--with-mysqli=shared,mysqlnd' '--with-pdo-mysql=shared,mysqlnd' '--with-pdo-pgsql=shared' '--with-pdo-sqlite' '--with-pgsql=shared' '--with-pspell=shared' '--with-readline=shared' '--with-tidy=shared' '--with-xmlrpc=shared' '--with-xsl=shared'
Server API CGI/FastCGI


New Server AWS Centos:
Server OS: Linux 2.6.32-431.29.2.el6.x86_64 Database: MySQL 5.1.73-log
Server Date: 01/18/2015 11:49:23 Database Date: 01/18/2015 11:49:16
Server Up Time: 11:49:23 up 5 days, 1:44, 1 user, load average: 0.03, 0.01, 0.00 HTTP Server: Apache/2.2.15 (CentOS)
PHP Version: 5.4.36 (Zend: 2.4.0) PHP Memory Limit: 128M PHP Safe Mode: Off
PHP File Uploads: On Max Size: 2M POST Max Size: 8M
Database Data Size: 237,521 kB Database Index Size: 38,524 kB
Zen Cart 1.5.3
Database Patch Level: 1.5.3
PHP Version 5.4.36
System Linux ip-172-31-31-212 2.6.32-431.29.2.el6.x86_64 #1 SMP Tue Sep 9 21:36:05 UTC 2014 x86_64
Build Date Dec 20 2014 14:11:41
Server API Apache 2.0 Handler

There have been some changes to the password handling in recent versions of Zen Cart which may impact logins when versions of PHP are changed... What version of Zen Cart (and PHP) were on the old hosting provider?

[lhungil]

If the "new" server is live and has switched PHP versions a couple times... Things become a little complicated...

May be easiest to just add a notice to the "login" page. Something to let customers know before they can login they will need to reset their password.

[chibipaw]

The new server isn't live, and every time I try a different version, I simply release the database, and repopulate from archive.
I would imagine the password isn't that big of an issue, since people can always reset their passwords. I think the bigger problem seem to be the odd non-parsing of the php short tags. I haven't figured out how to get around that yet completely yet.

If the "new" server is live and has switched PHP versions a couple times... Things become a little complicated...

May be easiest to just add a notice to the "login" page. Something to let customers know before they can login they will need to reset their password.

[DrByte]

PHP has been changing between 5.2, 5.3, 5.4 with how they handle short-tags in a new install.
You can configure the php short-tags in the php.ini ... assuming you edit the correct file.

Is the short-tags issue a result of using plugins that need updating? Or just your own coding? ... ie: you could just fix the PHP code so the issue goes away ... ie: search all .php files for <? followed by a space or = instead of php.

[chibipaw]

lhungil, DrByte:

Thanks for chiming in. Im more a sysadm than a coder, so most of these mods, and codes are either vanilla, or from modules on this site. The rendering issues was resolved, but I wasn't able to change the settings using .htaccess. What I did notice the default is off in the php.ini of the rpm installation of PHP. Enabling short-tag from that level solved the problem for the meantime ,but I will clean up all the old codes for the future compatibly once the installation is stable. Thanks again!

Now that most of the visual problems are out of the way, and goes with most of the other issues I've bad. However, I've encounter another problem. Im not sure if this is the right place to post it, as it revolves around Easy Populate 4.0. Admin page for on the new installation only only contains the right column of config information, but every options/fields are not being displayed after the "Default Language: 1-English" . Perhaps this might be another PHP parsing/config difference issue?

Is there a list of recommended php.ini preference settings that I should apply over vanilla default?

EP4 on Old DH server


EP4 on New AWS Server

[DrByte]

Im more a sysadm than a coder

...

Is there a list of recommended php.ini preference settings that I should apply over vanilla default?

Nothing more than standard devops tweaks and tweaks for secure use in production environments.

Semi-related reference: http://www.zen-cart.com/content.php?...o-run-zen-cart