combitz wrote: I'm experiencing the same problem on Version 3.14.10+180924 with PHP 7.2.10 on IIS10 via Fast Cgi and MSSQL via driver php_pdo_sqlsrv_72_nts_x64.dll

Recommendation for LimeSurvey 3.X under PHP 7.2 for Windows is to activate OpenSSL extension.
Check php.ini for php_openssl.dll . If that extension is not loaded, LimeSurvey won't be able to generate tokens.

PHP 7.2. removed mcrypt, which was used by LimeSurvey when OpenSSL is not available.


The bugticket is available here:
bugs.limesurvey.org/view.php?id=14055

Okay so I've found the debug mode
I've not found a proper solution yet but the problem looks to be "application\models\Token.php"

public static function generateRandomToken($iTokenLength)
{
return str_replace(array('~', '_'), array('a', 'z'), Yii::app()->securityManager->generateRandomString($iTokenLength));
}

This is failing (not sure why yet) but replacing the code with another random string generator allows it to work fine and I get tokens so I'll try to look into Yii more as I've never used that framework.

The problem is PHP 7.2 deprecated the mcrypt method so Yii::app()->securityManager->generateRandomString(int) will always fail on PHP installs above 7.1

Thanks jelo,

Didn't see your reply earlier in the thread, thanks for the openssl info.

combitz wrote: The problem is PHP 7.2 deprecated the mcrypt method so Yii::app()->securityManager->generateRandomString(int) will always fail on PHP installs above 7.1

Yii checks if OpenSSL or MCrypt or /dev/urandom is available. On a Windows platform under PHP 7.2 both MCrypt (not available under PHP 7.2 or above) and /dev/unrandom (not available under windows) are not available. So OpenSSL is the only way under Windows PHP 7.2.

jelo wrote: …
Yii checks if OpenSSL or MCrypt or /dev/urandom is available. On a Windows platform under PHP 7.2 both MCrypt (not available under PHP 7.2 or above) and /dev/unrandom (not available under windows) are not available. So OpenSSL is the only way under Windows PHP 7.2.

Maybe we need to test it when installing ? And show a warning (like imap etc …) or a danger

DenisChenu wrote: Maybe we need to test it when installing ? And show a warning (like imap etc …) or a danger

I just had the same thought as it will get everyone installing from new as 7.2+ is the current recommended stable version going forward.

Thanks for the help, tokens working now

combitz wrote: I just had the same thought as it will get everyone installing from new as 7.2+ is the current recommended stable version …

Yes but we don't recommend Windows IIS

I would recommend to develop the checkroutines of the installer into a core part (or core extension), which can be used for checking not only during installation but all the time (like phpinfo and version modal window). That way the checking routines get better, cause more people use them.
When your provider changes to PHP 7.2, the running installation won't profit from the installer check routines for mcrypt etc.

The "dictator" style of the installation check should be optional