Known Issues

Included Files Returning Values

PHPshadow will not work in situations where an included file returns a value. Some frameworks, such as the Zend Framework, use this technique.

The workaround is to identify the files that you have written yourself and only encrypt those.

An example of an included file returning a value is as follows:

index.php:
<?php
$value = include 'db.inc.php';
if ($value === false) die('Database connection failure.');
?>

db.inc.php:
<?php
$DBConnection = new mysqli();
if ($mysqli -> connect_error) return false;
return true;
?>

Note that the return statements in db.inc.php are not part of a function. Instead they are in the main body of the file, and as such they represent the return value of the file itself.

Reading Data From PHP Files

PHPshadow will not work in situations where data is read from the PHP file, whether it be from another script or the current script reading itself.

A common method is reading data from the current script by making use of __halt_compiler() to instruct PHP to cease compiling from that point forward, and __COMPILER_HALT_OFFSET__ to read in the remaining data.

In these cases PHPshadow is not compatible. A workaround is to encrypt other files in your project and leave these particular files unencrypted.

SELinux

SELinux, otherwise known as security-enhanced Linux, is a feature on Red Hat and CentOS distributions. You may have to disable SELinux in order to run PHPshadow.

To disable SELinux, open the SELinux config file which is found either in /etc/selinux/config or in /etc/sysconfig/selinux.

Change the line SELINUX=enforcing to SELINUX=permissive. Save the file.

Reboot the server.

⟨ Back