neatnik/salty

Errors when trying salty on own php 7.4 server

RickCogley opened this issue · 3 comments

RickCogley commented

Hi - I copied salty to my own nginx php 7.4 server to test, and am getting this error:

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/saltyesoliapro/salty.esolia.pro/salty.php on line 60

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/saltyesoliapro/salty.esolia.pro/salty.php on line 87

Fatal error: Uncaught SodiumException: invalid hex string in /home/saltyesoliapro/salty.esolia.pro/salty.php:37 Stack trace: #0 /home/saltyesoliapro/salty.esolia.pro/salty.php(37): sodium_hex2bin() #1 /home/saltyesoliapro/salty.esolia.pro/index.php(3): include() #2 {main} thrown in /home/saltyesoliapro/salty.esolia.pro/salty.php on line 37

Looks like it's in the base91_decode function and it appears this SO thread sheds some light:

https://stackoverflow.com/questions/59158548/array-and-string-offset-access-syntax-with-curly-braces-is-deprecated

But I'm no php expert so, I'm not sure if that's a help.

As for the third error, it's this line:

define('SALT', sodium_hex2bin('hex representation of 16 bytes of binary goes here'));

I assume I need to set this salt up for the app, somehow. Do you mean us to take a 16 byte decimal integer, convert to binary, then convert to hex?

RickCogley commented

Right, this worked, but I still get the two Deprecated errors displaying.

First make 16 bytes of binary like:

01001110 11100110 01001011 11001111 11010111 10100110 00100110 10111110 
10001111 11000110 01011110 11000000 01100010 01001101 01001110 10000111

Then convert that to hex like:

4EE64BCFD7A626BE8FC65EC0624D4E87

... and paste the hex into the "define('SALT'..." line in your salty.php. Right?

newbold commented

Updated salty.php here: https://github.com/neatnik/salty/blob/master/salty.php

This fixes the curly brace deprecation notice and also adds some clarification in the comments about setting up the salt. Apologies for the confusion there! The easiest way to generate a salt is to run this command:

php -r "echo bin2hex(random_bytes(16));"

Or, if you don't have access to a PHP CLI, you can just make this script and view it in a browser window:

<?php

echo bin2hex(random_bytes(16));

?>

The resulting string will be a hex representation of 16 bytes of random binary data... which I think is pretty much the same thing that you were doing above, more or less. The only advantage to using PHP's random_bytes() function is its use of cryptographically secure random number generation.

With the updated salty.php file and a valid salt on line 41, you should be good to go. Let me know if you run into any other issues, though.

RickCogley commented

thanks very much @newbold, that worked a treat. 👍 No more errors.