Problems, need help? Have a tip or advice? Post it here.
10 posts Page 1 of 1
A while ago it occurred to me that the PHP log of our site is full of the following warning:
Backend log: PHP Warning: A non-numeric value encountered in /home/myuser/domains/mysite/public_html/couchfolder/functions.php

In this forum I found only one mention of a similar problem here (https://www.couchcms.com/forum/search.php?keywords=A+non+numeric+value+encountered). In that particular case it seemed to have to do with how a certain piece of code was called. In my case, I would not have a clue on where to start looking. How could I debug this problem? This log entry occurs all day long, I only see it being initiated by different IPs so it must have something to do with the public site, not the restricted or admin pages.
"I have never tried that before, so I think I should definitely be able to do that" - Pippi Longstocking
You can try to find the source by looking at your code and inspecting all places where you work with numbers (add, substract etc).
I did, and I do not use those tags. Furthermore, this entry is in my logs file more than 100 times per second (!) so it cannot be occurred by traffic on our side. We wish it would be due to the amount of traffic!

When I check functions.php around line 2220, I see it's in a function called encrypt. Could it be something else that is causing this?

Here's a small excerpt from my logs, to give you an idea:
Code: Select all
[Thu Sep 26 16:13:17.374439 2019] [lsapi:notice] [pid 614605:tid 140076224313088] [client 46.229.168.161:50270] [host http://www.twirlteam-surprise.nl] Backend log: PHP Warning:  A non-numeric value encountered in /home/myuser/domains/twirlteam-surprise.nl/public_html/couch/functions.php on line 2220\n
[Thu Sep 26 16:13:17.374462 2019] [lsapi:notice] [pid 614605:tid 140076224313088] [client 46.229.168.161:50270] [host http://www.twirlteam-surprise.nl] Backend log: PHP Warning:  A non-numeric value encountered in /home/myuser/domains/twirlteam-surprise.nl/public_html/couch/functions.php on line 2220\n
[Thu Sep 26 16:13:17.374484 2019] [lsapi:notice] [pid 614605:tid 140076224313088] [client 46.229.168.161:50270] [host http://www.twirlteam-surprise.nl] Backend log: PHP Warning:  A non-numeric value encountered in /home/myuser/domains/twirlteam-surprise.nl/public_html/couch/functions.php on line 2220\n
[Thu Sep 26 16:13:17.374507 2019] [lsapi:notice] [pid 614605:tid 140076224313088] [client 46.229.168.161:50270] [host http://www.twirlteam-surprise.nl] Backend log: PHP Warning:  A non-numeric value encountered in /home/myuser/domains/twirlteam-surprise.nl/public_html/couch/functions.php on line 2220\n
[Thu Sep 26 16:13:17.374528 2019] [lsapi:notice] [pid 614605:tid 140076224313088] [client 46.229.168.161:50270] [host http://www.twirlteam-surprise.nl] Backend log: PHP Warning:  A non-numeric value encountered in /home/myuser/domains/twirlteam-surprise.nl/public_html/couch/functions.php on line 2220\n
[Thu Sep 26 16:13:17.374560 2019] [lsapi:notice] [pid 614605:tid 140076224313088] [client 46.229.168.161:50270] [host http://www.twirlteam-surprise.nl] Backend log: PHP Warning:  A non-numeric value encountered in /home/myuser/domains/twirlteam-surprise.nl/public_html/couch/functions.php on line 2220\n
[Thu Sep 26 16:13:17.374586 2019] [lsapi:notice] [pid 614605:tid 140076224313088] [client 46.229.168.161:50270] [host http://www.twirlteam-surprise.nl] Backend log: PHP Warning:  A non-numeric value encountered in /home/myuser/domains/twirlteam-surprise.nl/public_html/couch/functions.php on line 2220\n
"I have never tried that before, so I think I should definitely be able to do that" - Pippi Longstocking
When I check functions.php around line 2220, I see it's in a function called encrypt.

As far as I know, only <cms:cloak_url> tag and <cms:input type='uploadfile' /> (used by phpMailer addon) directly make use of the encrypt() function. Does your site make use of any of the two?

If yes, try commenting out the mentioned tags and please let me know if that makes the warning go away.
Yes, I do use cloak_url. I have commented them out and used <cms:ignore> around them and will report on my findings. Thanks for the suggestion!
"I have never tried that before, so I think I should definitely be able to do that" - Pippi Longstocking
Unfortunately, this did not resolve anything, I see as many of these messages in my logs as before. This weekend I will download the site and do a full text search to find all occurrences of cloak_url and comment them all out. I will report back here on my findings.
"I have never tried that before, so I think I should definitely be able to do that" - Pippi Longstocking
Perhaps it is time to throw away RC4 and have something else for encryption.

This warning describes a code flaw in function encrypt in functions.php that tries to perform sum over non-digits found in key.

Explanation - If key is "8e26c26f7c2dbbedd18b103c9c34ca5a" then there will be as many warnings as there are letters in the key multiplied by 8.. So, the problem is with the supplied key (which is a result of hash_hmac). Whatever the reasons, I am sure @KK will supply the patch soon.
Thanks for the heads-up @trendoman.
I have pushed the fix to GitHub.

@brightwolf, please use the functions.php file from the latest GitHub commit and let us know if that solves the issue.
Thanks for this swift response. I have installed the fix, will report back later today on how it is going.
"I have never tried that before, so I think I should definitely be able to do that" - Pippi Longstocking
Yes! This works. Immediately after implementing this fix, the errors stopped. Now I can see some other errors, which I can now start fixing one by one....
Many thanks for the fast response and action, both Trendoman and KK!
"I have never tried that before, so I think I should definitely be able to do that" - Pippi Longstocking
10 posts Page 1 of 1