No announcement yet.

Is bcrypt missing for some reason?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Is bcrypt missing for some reason?

    I am using WHMCS on my site on the server and WHMCS requires bcrypt, which is standard in PHP > 5.5. I am running PHP version 5.6.21.

    However, when I run
    php -i | grep -i crypt
    I get nothing. But bcrypt should be installed. I am running a bunch of Cloudlinux/cPanel systems now and I checked a few others and they are missing bcrypt too. Is this something to do with EasyApache, CloudLinux, or something related? or am I posting this on the wrong forum

    Thanks for your help and advice~

  • #2
    According to it has been built into PHP5.5+ . I also checked few servers and do not see bcrypt as a separate extension, looks like it should not be in phpinfo. However the code itself should work for you.


    • #3
      Check this:

      root@cptest2 [~]# cat bcrypt_test.php
      $options = array(cost => 11);
      echo password_hash("rasf", PASSWORD_BCRYPT, $options)."\n";
      root@cptest2 [~]# /opt/alt/php55/usr/bin/php bcrypt_test.php
      root@cptest2 [~]# /opt/alt/php56/usr/bin/php bcrypt_test.php
      root@cptest2 [~]#


      • #4
        Thanks for your help -- Im getting similar feedback with the script on my server too, so bcrypt most definitely appears to be working. Ive been going back and forth with WHMCS about this for a few weeks, so it seems like a WHMCS software issue and not a PHP/OS issue. Many thanks~


        • #5
          Just curious. What part of WHMCS is causing you issues that you / WHMCS folks are suggesting are related to bcrypt?



          • #6
            We found the issue is with bcrypt and bcrypt is definitely on the server, but a module within WHMCS (one that we created a couple years ago and have been using with no problem) is causing the problem because it uses a different method to encrypt the user data. The reason it needs to do that is because our WHMCS install communicates with a huge network of other services, servers, and auth methods. We could now change everything over to bcrypt, but it causes lots of problems with how our WHMCS communicates wit the Android and iOS auth we have built-in. Its not impossible to make the changes on our side to be in line with bcrypt, but its a major cost of time and money to do it.

            So I asked WHMCS if its possible roll back bcrypt (which was just introduced in WHMCS as required a few months ago) and they said no. I am in China and I see nulled versions of WHMCS that already have bcrypt removed, so I know its possible to get it done, but there is no way I would use a nulled version on a working server.

            So it looks like we are starting this week on the long slog towards changing all systems to be in line with the bcrypt. Not impossible


            • #7
              Im sorry to hear that you have to go through that. But their stance is not surprising given that they took a lot of heat at one point for not using the most secure methods. And I dont blame you for not using a nulled version. All kinds of interesting goodies can be found in nulled apps

              Good luck!