Is the Server Scanner up-to-date?

I am trying to update my server (Ubuntu 16.04) from PHP 5.6 to 7.3. I ran the s2Member Server Scanner with 5.6 still running, and saw some problems which I fixed, but curl always trigged an error. I then upgraded PHP on Apache to 7.3 and ran it again and found more problems - requirements for mysql and mcrypt (and still the curl problem). I can’t seem to fix these problems. What I’m wondering is if the server scanner is up to date and supports PHP 7.3. I also wonder why some of these issues exist. For example, why is it required to switch short_open_tag to on. Isn’t that against best-practices? Can’t s2member be updated to not require short_open_tag to be on? I’m not an expert but that seems like a search-and-replace in the code. Also, my understanding that the mysql extension was removed in PHP 7, and you need to switch to mysqli. Does s2member support this change? Thanks.

On a related note, is there any documentation online covering what extensions to PHP are required by s2member, and how to set it up? Thanks.

I got the following errors when checking s2Member using a PHP version checker:

FILE: /var/www/html/wordpress/wp-content/plugins/s2member/src/vendor/paragonie/random_compat/lib/byte_safe_strings.php
----------------------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES
----------------------------------------------------------------------------------------------------------------------
 32 | WARNING | INI directive 'mbstring.func_overload' is deprecated since PHP 7.2
 86 | WARNING | INI directive 'mbstring.func_overload' is deprecated since PHP 7.2
----------------------------------------------------------------------------------------------------------------------


FILE: /var/www/html/wordpress/wp-content/plugins/s2member/src/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
------------------------------------------------------------------------------------------------------------------------------------------------------
FOUND 3 ERRORS AFFECTING 1 LINE
------------------------------------------------------------------------------------------------------------------------------------------------------
 58 | ERROR | Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or pecl/mcrypt once available instead
 58 | ERROR | Function mcrypt_create_iv() is deprecated since PHP 7.1 and removed since PHP 7.2; Use random_bytes() or OpenSSL instead
 58 | ERROR | The constant "MCRYPT_DEV_URANDOM" is deprecated since PHP 7.1 and removed since PHP 7.2
------------------------------------------------------------------------------------------------------------------------------------------------------

Hi Philip.

No, it gives a couple or so warnings that are not correct. I need to work on it to bring it up to date, but haven’t gotten around to it yet.

Are you having a problem you’re troubleshooting and were looking for clues in the server scanner?

Please see this thread: Php 7.2 - is it fully supported?

:slight_smile:

So the short answer is that everything should work okay under 7.3?

1 Like

As far as I’m aware. I haven’t had any reports of it having issues, and haven’t had them myself.

The warnings you mentioned from the compat checker, are for functions that s2 includes for backward compatibility with older PHP versions, but doesn’t load with newer ones.

I’m trying to get the S2 Security Badge to equal 1, and was wondering if the site must pass the S2 Server Scan? Because, I’m getting similar errors as Philip, that only when I set PHP version to a lower version is MySQL and Mcrypt present. The scan also tries to access websharks-inc.com/robots.txt, but I think that URL is obsolete.

So, it sounds like I should not worry about the Server Scan, and just set PHP version to the most up-to-date (currently PHP 7.4)?
Of course, that still doesn’t solve my trouble with getting the Security Badge…

Hi Eric.

The server scanner gives a wrong warning about MySQL and Mcrypt now. You can ignore those, I have to update it. The other checks I think are fine.

About the badge, sadly it was originally written in Flash, which I don’t know. I want to recreate the badge functionality in another language, but that’ll come later.