CoreLibs add Security\SymmetricEncryption

On error with query with params the query was sent to the server and
if ther query itself is ok but there is a problem with the parameters
a wrong error message ($1 not found) will be returned

Add pg_last_error reporting to catch this too.

Update both error reporting to return not string and prefix combined
but prefix + error string in array

In error return check that both strings are not equal, so we do not
return the same error string twice.

Also default set dbh variable in the PgSQL class to false so it will
skip last error report if there is no dbh set yet.

Bug fix for db query with params debug output. if there are more than 9
entries the $1 of eg $10 is replaced with $1 entry again. Changed to
'#' instead '$' to avoid this.

Other:
ACL\Login: replace EOM with HTML
config.master: replace list() with []
Add single DB tester where we can test single db calls without adding
more to the general test run

publish/last.published

@@ -1 +1 @@
-8.0.1
+8.4.0

publish/publish.sh

@@ -20,7 +20,11 @@ fi;
 # read in the .env.deploy file and we must have
 # GITLAB_USER
 # GITLAB_TOKEN
+# GITLAB_URL
+# GITEA_USER
 # GITEA_DEPLOY_TOKEN
+# GITEA_URL_DL
+# GITEA_URL_PUSH
 if [ ! -f "${BASE_FOLDER}.env.deploy" ]; then
      echo "Deploy enviroment file .env.deploy is missing";
      exit;
@@ -31,30 +35,34 @@ source .env.deploy;
 cd -;
 set +o allexport;
 
+echo "[START]";
 # gitea
-if [ ! -z "${GITEA_USER}" ] && [ ! -z "${GITEA_TOKEN}" ]; then
+if [ ! -z "${GITEA_URL_DL}" ] && [ ! -z "${GITEA_URL_PUSH}" ] &&
+     [ ! -z "${GITEA_USER}" ] && [ ! -z "${GITEA_TOKEN}" ]; then
      curl -LJO \
           --output-dir "${BASE_FOLDER}" \
-          https://git.egplusww.jp/Composer/CoreLibs-Composer-All/archive/v${VERSION}.zip;
+          ${GITEA_URL_DL}/v${VERSION}.zip;
      curl --user ${GITEA_USER}:${GITEA_TOKEN} \
           --upload-file "${BASE_FOLDER}/CoreLibs-Composer-All-v${VERSION}.zip" \
-          https://git.egplusww.jp/api/packages/Composer/composer?version=${VERSION};
+          ${GITEA_URL_PUSH}?version=${VERSION};
      echo "${VERSION}" > "${file_last_published}";
 else
      echo "Missing either GITEA_USER or GITEA_TOKEN environment variable";
 fi;
 
 # gitlab
-if [ ! -z  "${GITLAB_DEPLOY_TOKEN}" ]; then
+if [ ! -z "${GITLAB_URL}" ] && [ ! -z  "${GITLAB_DEPLOY_TOKEN}" ]; then
      curl --data tag=v${VERSION} \
           --header "Deploy-Token: ${GITLAB_DEPLOY_TOKEN}" \
-          "https://gitlab-na.factory.tools/api/v4/projects/950/packages/composer";
+          "${GITLAB_URL}";
      curl --data branch=master \
           --header "Deploy-Token: ${GITLAB_DEPLOY_TOKEN}" \
-          "https://gitlab-na.factory.tools/api/v4/projects/950/packages/composer";
+          "${GITLAB_URL}";
      echo "${VERSION}" > "${file_last_published}";
 else
      echo "Missing GITLAB_DEPLOY_TOKEN environment variable";
 fi;
+echo "";
+echo "[DONE]";
 
 # __END__

src/ACL/Login.php

@@ -68,7 +68,8 @@ declare(strict_types=1);
 
 namespace CoreLibs\ACL;
 
-use CoreLibs\Check\Password;
+use CoreLibs\Security\Password;
+use CoreLibs\Convert\Json;
 
 class Login
 {
@@ -196,7 +197,12 @@ class Login
 	/** @var array<string,mixed> options */
 	private $options = [];
 	/** @var array<string,string> locale options: locale, domain, encoding (opt), path */
-	private $locale = [];
+	private $locale = [
+		'locale' => '',
+		'domain' => '',
+		'encoding' => '',
+		'path' => '',
+	];
 
 	/** @var \CoreLibs\Debug\Logging logger */
 	public $log;
@@ -423,7 +429,7 @@ class Login
 
 	/**
 	 * Set options
-	 * Current allowed
+	 * Current allowed:
 	 * target <string>: site target
 	 * debug <bool>
 	 * auto_login <bool>: self start login process
@@ -555,12 +561,12 @@ class Login
 			);
 			// set path
 			$options['locale_path'] = BASE . INCLUDES . LOCALE;
-			$_SESSION['LOCALE_PATH'] = $options['locale_path'];
 		}
+		$_SESSION['LOCALE_PATH'] = $options['locale_path'];
 		// LANG: LOCALE
 		if (empty($options['site_locale'])) {
 			trigger_error(
-				'loginMainCall: SITE_LOCALE or DEFAULT_LOCALE should not be used',
+				'loginMainCall: SITE_LOCALE should not be used',
 				E_USER_DEPRECATED
 			);
 			$options['site_locale'] = defined('SITE_LOCALE') && !empty(SITE_LOCALE) ?
@@ -580,7 +586,6 @@ class Login
 				);
 				// set domain
 				$options['site_domain'] = SITE_DOMAIN;
-				$_SESSION['DEFAULT_DOMAIN'] = $options['site_domain'];
 			} elseif (
 				defined('CONTENT_PATH')
 			) {
@@ -592,6 +597,16 @@ class Login
 				$options['set_domain'] = str_replace(DIRECTORY_SEPARATOR, '', CONTENT_PATH);
 			}
 		}
+		$_SESSION['DEFAULT_DOMAIN'] = $options['site_domain'];
+		// LANG: ENCODING
+		if (empty($options['site_encoding'])) {
+			trigger_error(
+				'loginMainCall: SITE_ENCODING should not be used',
+				E_USER_DEPRECATED
+			);
+			$options['site_encoding'] = defined('SITE_ENCODING') && !empty(SITE_ENCODING) ?
+				SITE_ENCODING : 'UTF-8';
+		}
 
 		// write array to options
 		$this->options = $options;
@@ -739,7 +754,10 @@ class Login
 		// we have to get the themes in here too
 		$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
 			. "eu.edit_group_id, "
-			. "eg.name AS edit_group_name, admin, "
+			. "eg.name AS edit_group_name, eu.admin, "
+			// additinal acl lists
+			. "eu.additional_acl AS user_additional_acl, "
+			. "eg.additional_acl AS group_additional_acl, "
 			// login error + locked
 			. "eu.login_error_count, eu.login_error_date_last, "
 			. "eu.login_error_date_first, eu.strict, eu.locked, "
@@ -887,8 +905,10 @@ class Login
 				$_SESSION['GROUP_NAME'] = $res['edit_group_name'];
 				$_SESSION['USER_ACL_LEVEL'] = $res['user_level'];
 				$_SESSION['USER_ACL_TYPE'] = $res['user_type'];
+				$_SESSION['USER_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['user_additional_acl']);
 				$_SESSION['GROUP_ACL_LEVEL'] = $res['group_level'];
 				$_SESSION['GROUP_ACL_TYPE'] = $res['group_type'];
+				$_SESSION['GROUP_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['group_additional_acl']);
 				// deprecated TEMPLATE setting
 				$_SESSION['TEMPLATE'] = $res['template'] ? $res['template'] : '';
 				$_SESSION['HEADER_COLOR'] = !empty($res['second_header_color']) ?
@@ -905,6 +925,7 @@ class Login
 				// rgb: nnn.n for each
 				// hsl: nnn.n for first, nnn.n% for 2nd, 3rd
 				// Check\Colors::validateColor()
+				// LANGUAGE/LOCALE/ENCODING:
 				$_SESSION['LANG'] = $res['locale'] ?? 'en';
 				$_SESSION['DEFAULT_CHARSET'] = $res['encoding'] ?? 'UTF-8';
 				$_SESSION['DEFAULT_LOCALE'] = $_SESSION['LANG']
@@ -1006,7 +1027,8 @@ class Login
 				$_SESSION['PAGES'] = $pages;
 				$_SESSION['PAGES_ACL_LEVEL'] = $pages_acl;
 				// load the edit_access user rights
-				$q = "SELECT ea.edit_access_id, level, type, ea.name, ea.color, ea.uid, edit_default "
+				$q = "SELECT ea.edit_access_id, level, type, ea.name, "
+					. "ea.color, ea.uid, edit_default, ea.additional_acl "
 					. "FROM edit_access_user eau, edit_access_right ear, edit_access ea "
 					. "WHERE eau.edit_access_id = ea.edit_access_id "
 					. "AND eau.edit_access_right_id = ear.edit_access_right_id "
@@ -1033,6 +1055,7 @@ class Login
 						'uid' => $res['uid'],
 						'color' => $res['color'],
 						'default' => $res['edit_default'],
+						'additional_acl' => Json::jsonConvertToArray($res['additional_acl']),
 						'data' => $ea_data
 					];
 					// set the default unit
@@ -1107,6 +1130,11 @@ class Login
 		// username (login), group name
 		$this->acl['user_name'] = $_SESSION['USER_NAME'];
 		$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
+		// set additional acl
+		$this->acl['additional_acl'] = [
+			'user' => $_SESSION['USER_ADDITIONAL_ACL'],
+			'group' => $_SESSION['GROUP_ADDITIONAL_ACL'],
+		];
 		// we start with the default acl
 		$this->acl['base'] = $this->default_acl_level;
 
@@ -1169,7 +1197,8 @@ class Login
 				'uid' => $unit['uid'],
 				'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'] ?? -1,
 				'default' => $unit['default'],
-				'data' => $unit['data']
+				'data' => $unit['data'],
+				'additional_acl' => $unit['additional_acl']
 			];
 			// set default
 			if (!empty($unit['default'])) {
@@ -1195,7 +1224,8 @@ class Login
 	}
 
 	/**
-	 * set locale and load mo translator
+	 * set locale
+	 * if invalid, set to empty string
 	 *
 	 * @return void
 	 */
@@ -1204,22 +1234,52 @@ class Login
 		// ** LANGUAGE SET AFTER LOGIN **
 		// set the locale
 		if (
-			!empty($_SESSION['DEFAULT_LOCALE'])
+			!empty($_SESSION['DEFAULT_LOCALE']) &&
+			preg_match("/^[-A-Za-z0-9_.@]+$/", $_SESSION['DEFAULT_LOCALE'])
 		) {
 			$locale = $_SESSION['DEFAULT_LOCALE'];
-		} else {
+		} elseif (
+			!preg_match("/^[-A-Za-z0-9_.@]+$/", $this->options['site_locale'])
+		) {
 			$locale = $this->options['site_locale'];
+		} else {
+			$locale = '';
 		}
+		// set the charset
+		preg_match('/(?:\\.(?P<charset>[-A-Za-z0-9_]+))/', $locale, $matches);
+		$locale_encoding = $matches['charset'] ?? '';
+		if (!empty($locale_encoding)) {
+			$encoding = strtoupper($locale_encoding);
+		} elseif (
+			!empty($_SESSION['DEFAULT_CHARSET']) &&
+			preg_match("/^[-A-Za-z0-9_]+$/", $_SESSION['DEFAULT_CHARSET'])
+		) {
+			$encoding = $_SESSION['DEFAULT_CHARSET'];
+		} elseif (
+			!preg_match("/^[-A-Za-z0-9_]+$/", $this->options['site_encoding'])
+		) {
+			$encoding = $this->options['site_encoding'];
+		} else {
+			$encoding = '';
+		}
+		// check domain
+		$domain = $this->options['site_domain'];
+		if (
+			!preg_match("/^\w+$/", $this->options['site_domain'])
+		) {
+			$domain = '';
+		}
+		$path = $this->options['locale_path'];
+		if (!is_dir($path)) {
+			$path = '';
+		}
+		// domain and path are a must set from class options
 		$this->locale = [
 			'locale' => $locale,
-			'domain' => $this->options['site_domain'],
-			'path' => $this->options['locale_path'],
+			'domain' => $domain,
+			'encoding' => $encoding,
+			'path' => $path,
 		];
-		$this->l = new \CoreLibs\Language\L10n(
-			$this->locale['locale'],
-			$this->locale['domain'],
-			$this->locale['path']
-		);
 	}
 
 	/**
@@ -1548,7 +1608,7 @@ class Login
 			// TODO: submit or JS to set target page as ajax call
 			// NOTE: for the HTML block I ignore line lengths
 			// phpcs:disable
-			$this->login_template['password_change'] = <<<EOM
+			$this->login_template['password_change'] = <<<HTML
 <div id="pw_change_div" class="hidden" style="position: absolute; top: 30px; left: 50px; width: 400px; height: 220px; background-color: white; border: 1px solid black; padding: 25px;">
 <table>
 <tr><td class="norm" align="center" colspan="2"><h3>{TITLE_PASSWORD_CHANGE}</h3></td></tr>
@@ -1566,7 +1626,7 @@ class Login
 </table>
 </div>
 {PASSWORD_CHANGE_SHOW}
-EOM;
+HTML;
 			// phpcs:enable
 		}
 		if ($this->password_forgot) {
@@ -1590,7 +1650,7 @@ EOM;
 		// now check templates
 		// TODO: submit or JS to set target page as ajax call
 		if (!$this->login_template['template']) {
-			$this->login_template['template'] = <<<EOM
+			$this->login_template['template'] = <<<HTML
 <!DOCTYPE html>
 <html lang="{LANGUAGE}">
 <head>
@@ -1652,7 +1712,7 @@ h3 { font-size: 18px; }
 </form>
 </body>
 </html>
-EOM;
+HTML;
 		}
 	}
 
@@ -1824,6 +1884,12 @@ EOM;
 		$this->loginLogoutUser();
 		// ** LANGUAGE SET AFTER LOGIN **
 		$this->loginSetLocale();
+		// load translator
+		$this->l = new \CoreLibs\Language\L10n(
+			$this->locale['locale'],
+			$this->locale['domain'],
+			$this->locale['path']
+		);
 		// if the password change flag is okay, run the password change method
 		if ($this->password_change) {
 			$this->loginPasswordChange();
@@ -2396,6 +2462,53 @@ EOM;
 	): bool|string {
 		return $this->loginGetEditAccessData($edit_access_id, $data_key);
 	}
+
+	/**
+	 * Return locale settings with
+	 * locale
+	 * domain
+	 * encoding
+	 * path
+	 *
+	 * empty string if not set
+	 *
+	 * @return array<string,string> Locale settings
+	 */
+	public function loginGetLocale(): array
+	{
+		return $this->locale;
+	}
+
+	/**
+	 * return header color or null for not set
+	 *
+	 * @return string|null Header color in RGB hex with leading sharp
+	 */
+	public function loginGetHeaderColor(): ?string
+	{
+		return $_SESSION['HEADER_COLOR'] ?? null;
+	}
+
+	/**
+	 * Return the current loaded list of pages the user can access
+	 *
+	 * @return array<mixed>
+	 */
+	public function loginGetPages(): array
+	{
+
+		return $_SESSION['PAGES'] ?? [];
+	}
+
+	/**
+	 * Get the current set EUID (edit user id)
+	 *
+	 * @return string EUID as string
+	 */
+	public function loginGetEuid(): string
+	{
+		return $this->euid;
+	}
 }
 
 // __END__

src/Admin/Backend.php

@@ -121,14 +121,13 @@ class Backend
 	 * @param \CoreLibs\Debug\Logging  $log     Logging class
 	 * @param \CoreLibs\Create\Session $session Session interface class
 	 * @param \CoreLibs\Language\L10n  $l10n    l10n language class
-	 * @param array<string,string>     $locale  locale data read from setLocale
+	 * @param int|null                 $set_default_acl_level Default ACL level
 	 */
 	public function __construct(
 		\CoreLibs\DB\IO $db,
 		\CoreLibs\Debug\Logging $log,
 		\CoreLibs\Create\Session $session,
 		\CoreLibs\Language\L10n $l10n,
-		array $locale,
 		?int $set_default_acl_level = null
 	) {
 		// attach db class
@@ -142,12 +141,12 @@ class Backend
 		// get the language sub class & init it
 		$this->l = $l10n;
 		// parse and read, legacy stuff
+		$locale = $this->l->getLocaleAsArray();
 		$this->encoding = $locale['encoding'];
 		$this->lang = $locale['lang'];
-		// get first part from lang
-		$this->lang_short = explode('_', $locale['lang'])[0];
-		$this->domain = $this->l->getDomain();
-		$this->lang_dir = $this->l->getBaseLocalePath();
+		$this->lang_short = $locale['lang_short'];
+		$this->domain = $locale['domain'];
+		$this->lang_dir = $locale['path'];
 
 		// set the page name
 		$this->page_name = \CoreLibs\Get\System::getPageName();

src/Admin/EditBase.php

@@ -35,6 +35,8 @@ class EditBase
 	private $form;
 	/** @var \CoreLibs\Debug\Logging */
 	public $log;
+	/** @var \CoreLibs\ACL\Login */
+	public $login;
 
 	/**
 	 * construct form generator
@@ -42,18 +44,24 @@ class EditBase
 	 * @param array<mixed>            $db_config db config array, mandatory
 	 * @param \CoreLibs\Debug\Logging $log       Logging class, null auto set
 	 * @param \CoreLibs\Language\L10n $l10n      l10n language class, null auto set
-	 * @param array<string,string>    $locale    locale array from ::setLocale,
-	 *                                           null auto set
+	 * @param \CoreLibs\ACL\Login     $login     login class for ACL settings
+	 * @param array<string,mixed>     $options   Various settings options
 	 */
 	public function __construct(
 		array $db_config,
 		\CoreLibs\Debug\Logging $log,
 		\CoreLibs\Language\L10n $l10n,
-		array $locale
+		\CoreLibs\ACL\Login $login,
+		array $options
 	) {
 		$this->log = $log;
+		$this->login = $login;
 		// smarty template engine (extended Translation version)
-		$this->smarty = new \CoreLibs\Template\SmartyExtend($l10n, $locale);
+		$this->smarty = new \CoreLibs\Template\SmartyExtend(
+			$l10n,
+			$options['cache_id'] ?? '',
+			$options['compile_id'] ?? '',
+		);
 		// turn off set log per class
 		$log->setLogPer('class', false);
 
@@ -62,7 +70,7 @@ class EditBase
 			$db_config,
 			$log,
 			$l10n,
-			$locale
+			$this->login->loginGetAcl()
 		);
 		if ($this->form->mobile_phone) {
 			echo "I am sorry, but this page cannot be viewed by a mobile phone";
@@ -272,23 +280,16 @@ class EditBase
 
 		// MENU START
 		// request some session vars
-		if (empty($_SESSION['HEADER_COLOR'])) {
-			$this->DATA['HEADER_COLOR'] = '#E0E2FF';
-		} else {
-			$this->DATA['HEADER_COLOR'] = $_SESSION['HEADER_COLOR'];
-		}
-		$this->DATA['USER_NAME'] = $_SESSION['USER_NAME'];
-		$this->DATA['EUID'] = $_SESSION['EUID'];
-		$this->DATA['GROUP_NAME'] = $_SESSION['GROUP_NAME'];
-		$this->DATA['GROUP_LEVEL'] = $_SESSION['GROUP_ACL_LEVEL'];
-		$PAGES = $_SESSION['PAGES'];
+		$this->DATA['HEADER_COLOR'] = $this->login->loginGetHeaderColor() ?? '#E0E2FF';
+		$this->DATA['USER_NAME'] = $this->login->loginGetAcl()['user_name'] ?? '';
+		$this->DATA['EUID'] = $this->login->loginGetEuid();
+		$this->DATA['GROUP_NAME'] = $this->login->loginGetAcl()['group_name'] ?? '';
+		$this->DATA['ACCESS_LEVEL'] = $this->login->loginGetAcl()['base'] ?? '';
+		// below is old and to removed when edit_body.tpl is updates
+		$this->DATA['GROUP_LEVEL'] = $this->DATA['ACCESS_LEVEL'];
+		$PAGES = $this->login->loginGetPages();
 
 		//$this->form->log->debug('menu', $this->form->log->prAr($PAGES));
-
-		// build nav from $PAGES ...
-		if (!isset($PAGES) || !is_array($PAGES)) {
-			$PAGES = [];
-		}
 		$menuarray = [];
 		foreach ($PAGES as $PAGE_CUID => $PAGE_DATA) {
 			if ($PAGE_DATA['menu'] && $PAGE_DATA['online']) {
@@ -574,7 +575,7 @@ class EditBase
 		$set_admin_stylesheet = $set_admin_stylesheet ?? ADMIN_STYLESHEET;
 		$set_default_encoding = $set_default_encoding ?? DEFAULT_ENCODING;
 		$set_css = $set_css ?? LAYOUT . CSS;
-		$set_css = $set_js ?? LAYOUT . JS;
+		$set_js = $set_js ?? LAYOUT . JS;
 		$set_root = $set_root ?? ROOT;
 		$set_content_path = $set_content_path ?? CONTENT_PATH;
 

src/Basic.php

@@ -1164,7 +1164,7 @@ class Basic
 	public function passwordSet(string $password): string
 	{
 		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Check\Password::passwordSet()', E_USER_DEPRECATED);
-		return \CoreLibs\Check\Password::passwordSet($password);
+		return \CoreLibs\Security\Password::passwordSet($password);
 	}
 
 	/**
@@ -1177,7 +1177,7 @@ class Basic
 	public function passwordVerify(string $password, string $hash): bool
 	{
 		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Check\Password::passwordVerify()', E_USER_DEPRECATED);
-		return \CoreLibs\Check\Password::passwordVerify($password, $hash);
+		return \CoreLibs\Security\Password::passwordVerify($password, $hash);
 	}
 
 	/**
@@ -1189,7 +1189,7 @@ class Basic
 	public function passwordRehashCheck(string $hash): bool
 	{
 		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Check\Password::passwordRehashCheck()', E_USER_DEPRECATED);
-		return \CoreLibs\Check\Password::passwordRehashCheck($hash);
+		return \CoreLibs\Security\Password::passwordRehashCheck($hash);
 	}
 
 	// *** BETTER PASSWORD OPTIONS END ***

src/Check/Password.php

@@ -1,6 +1,8 @@
 <?php
 
 /*
+ * NOTE: this is deprecated and all moved \CoreLibs\Security\Password
+ *
  * core password set, check and rehash check wrapper functions
  */
 
@@ -8,6 +10,8 @@ declare(strict_types=1);
 
 namespace CoreLibs\Check;
 
+use CoreLibs\Security\Password as PasswordNew;
+
 class Password
 {
 	/**
@@ -15,13 +19,16 @@ class Password
 	 *
 	 * @param  string $password password
 	 * @return string           hashed password
+	 * @deprecated v9.0 Moved to \CoreLibs\Security\Password::passwordSet
 	 */
 	public static function passwordSet(string $password): string
 	{
-		// always use the PHP default for the password
-		// password options ca be set in the password init,
-		// but should be kept as default
-		return password_hash($password, PASSWORD_DEFAULT);
+		trigger_error(
+			'Method ' . __METHOD__ . ' is deprecated, use '
+				. '\CoreLibs\Security\Password::passwordSet',
+			E_USER_DEPRECATED
+		);
+		return PasswordNew::passwordSet($password);
 	}
 
 	/**
@@ -30,14 +37,16 @@ class Password
 	 * @param  string $password password
 	 * @param  string $hash     password hash
 	 * @return bool             true or false
+	 * @deprecated v9.0 Moved to \CoreLibs\Security\Password::passwordVerify
 	 */
 	public static function passwordVerify(string $password, string $hash): bool
 	{
-		if (password_verify($password, $hash)) {
-			return true;
-		} else {
-			return false;
-		}
+		trigger_error(
+			'Method ' . __METHOD__ . ' is deprecated, use '
+				. '\CoreLibs\Security\Password::passwordVerify',
+			E_USER_DEPRECATED
+		);
+		return PasswordNew::passwordVerify($password, $hash);
 	}
 
 	/**
@@ -45,14 +54,16 @@ class Password
 	 *
 	 * @param  string $hash password hash
 	 * @return bool         true or false
+	 * @deprecated v9.0 Moved to \CoreLibs\Security\Password::passwordRehashCheck
 	 */
 	public static function passwordRehashCheck(string $hash): bool
 	{
-		if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {
-			return true;
-		} else {
-			return false;
-		}
+		trigger_error(
+			'Method ' . __METHOD__ . ' is deprecated, use '
+				. '\CoreLibs\Security\Password::passwordRehashCheck',
+			E_USER_DEPRECATED
+		);
+		return PasswordNew::passwordRehashCheck($hash);
 	}
 }
 

src/Combined/ArrayHandler.php

@@ -177,6 +177,65 @@ class ArrayHandler
 		return false;
 	}
 
+	/**
+	 * search for one or many keys in array and return matching values
+	 * If flat is set to true, return flat array with found values only
+	 * If prefix is turned on each found group will be prefixed with the
+	 * search key
+	 *
+	 * @param  array<mixed> $array   array to search in
+	 * @param  array<mixed> $needles keys to find in array
+	 * @param  bool         $flat    [false] Turn on flat output
+	 * @param  bool         $prefix  [false] Prefix found with needle key
+	 * @return array<mixed>          Found values
+	 */
+	public static function arraySearchKey(
+		array $array,
+		array $needles,
+		bool $flat = false,
+		bool $prefix = false
+	): array {
+		$iterator  = new \RecursiveArrayIterator($array);
+		$recursive = new \RecursiveIteratorIterator(
+			$iterator,
+			\RecursiveIteratorIterator::SELF_FIRST
+		);
+		$hit_list = [];
+		if ($prefix === true) {
+			$hit_list = array_fill_keys($needles, []);
+		}
+		$key_path = [];
+		$prev_depth = 0;
+		foreach ($recursive as $key => $value) {
+			if ($prev_depth > $recursive->getDepth()) {
+				// remove all trailing to ne depth
+				$diff = $prev_depth - $recursive->getDepth();
+				array_splice($key_path, -$diff, $diff);
+			}
+			$prev_depth = $recursive->getDepth();
+			if ($flat === false) {
+				$key_path[$recursive->getDepth()] = $key;
+			}
+			if (in_array($key, $needles, true)) {
+				ksort($key_path);
+				if ($flat === true) {
+					$hit = $value;
+				} else {
+					$hit = [
+						'value' => $value,
+						'path' => $key_path
+					];
+				}
+				if ($prefix === true) {
+					$hit_list[$key][] = $hit;
+				} else {
+					$hit_list[] = $hit;
+				}
+			}
+		}
+		return $hit_list;
+	}
+
 	/**
 	 * correctly recursive merges as an array as array_merge_recursive
 	 * just glues things together

src/DB/SQL/Interface/SqlFunctions.php

@@ -42,6 +42,15 @@ interface SqlFunctions
 	 */
 	public function __dbSendQuery(string $query): bool;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $query
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendQueryParams(string $query, array $params): bool;
+
 	/**
 	 * Undocumented function
 	 *
@@ -74,6 +83,24 @@ interface SqlFunctions
 	 */
 	public function __dbExecute(string $name, array $data): \PgSql\Result|false;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $name
+	 * @param  string $query
+	 * @return bool
+	 */
+	public function __dbSendPrepare(string $name, string $query): bool;
+
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $name
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendExecute(string $name, array $params): bool;
+
 	/**
 	 * Undocumented function
 	 *
@@ -99,6 +126,15 @@ interface SqlFunctions
 	 */
 	public function __dbFieldName(\PgSql\Result|false $cursor, int $i): string|false;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  \PgSql\Result|false $cursor
+	 * @param  int $i
+	 * @return string|false
+	 */
+	public function __dbFieldType(\PgSql\Result|false $cursor, int $i): string|false;
+
 	/**
 	 * Undocumented function
 	 *
@@ -173,10 +209,17 @@ interface SqlFunctions
 	/**
 	 * Undocumented function
 	 *
-	 * @param \PgSql\Result|false $cursor
-	 * @return string
+	 * @return array{0:string,1:string}
 	 */
-	public function __dbPrintError(\PgSql\Result|false $cursor = false): string;
+	public function __dbPrintLastError(): array;
+
+	/**
+	 * Undocumented function
+	 *
+	 * @param \PgSql\Result|false $cursor
+	 * @return array{0:string,1:string}
+	 */
+	public function __dbPrintError(\PgSql\Result|false $cursor = false): array;
 
 	/**
 	 * Undocumented function

src/DB/SQL/PgSQL.php

@@ -33,7 +33,11 @@
 * pg_affected_rows (*)
 * pg_fetch_array
 * pg_query
+* pg_query_params
 * pg_send_query
+* pg_send_query_params
+* pg_send_prepare
+* pg_send_execute
 * pg_get_result
 * pg_connection_busy
 * pg_close
@@ -50,13 +54,14 @@ namespace CoreLibs\DB\SQL;
 // below no ignore is needed if we want to use PgSql interface checks with PHP 8.0
 // as main system. Currently all @var sets are written as object
 /** @#phan-file-suppress PhanUndeclaredTypeProperty,PhanUndeclaredTypeParameter,PhanUndeclaredTypeReturnType */
+/** @phan-file-suppress PhanTypeMismatchArgumentInternal, PhanTypeMismatchReturn */
 
 class PgSQL implements Interface\SqlFunctions
 {
 	/** @var string */
 	private $last_error_query;
 	/** @var \PgSql\Connection|false */
-	private $dbh;
+	private $dbh = false;
 
 	/**
 	 * queries last error query and returns true or false if error was set
@@ -93,8 +98,7 @@ class PgSQL implements Interface\SqlFunctions
 	}
 
 	/**
-	 * Proposed
-	 * wrapperf or pg_query_params for queries in the style of
+	 * wrapper for pg_query_params for queries in the style of
 	 * SELECT foo FROM bar WHERE foobar = $1
 	 *
 	 * @param  string       $query  Query string with placeholders $1, ..
@@ -132,6 +136,22 @@ class PgSQL implements Interface\SqlFunctions
 		return $result ? true : false;
 	}
 
+	/**
+	 * sends an async query to the server with params
+	 *
+	 * @param  string       $query  Query string with placeholders $1, ..
+	 * @param  array<mixed> $params Matching parameters for each placerhold
+	 * @return bool         true/false Query sent successful status
+	 */
+	public function __dbSendQueryParams(string $query, array $params): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_query_params($this->dbh, $query, $params);
+		return $result ? true : false;
+	}
+
 	/**
 	 * wrapper for pg_get_result
 	 *
@@ -208,6 +228,38 @@ class PgSQL implements Interface\SqlFunctions
 		return $result;
 	}
 
+	/**
+	 * Asnyc send for a prepared statement
+	 *
+	 * @param  string $name
+	 * @param  string $query
+	 * @return bool
+	 */
+	public function __dbSendPrepare(string $name, string $query): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_prepare($this->dbh, $name, $query);
+		return $result ? true : false;
+	}
+
+	/**
+	 * Asnyc ssend for a prepared statement execution
+	 *
+	 * @param  string $name
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendExecute(string $name, array $params): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_execute($this->dbh, $name, $params);
+		return $result ? true : false;
+	}
+
 	/**
 	 * wrapper for pg_num_rows
 	 *
@@ -251,6 +303,21 @@ class PgSQL implements Interface\SqlFunctions
 		return pg_field_name($cursor, $i);
 	}
 
+	/**
+	 * wrapper for pg_field_name
+	 *
+	 * @param  \PgSql\Result|false $cursor cursor
+	 * @param  int                 $i      field position
+	 * @return string|false                field type name or false
+	 */
+	public function __dbFieldType(\PgSql\Result|false $cursor, int $i): string|false
+	{
+		if (is_bool($cursor)) {
+			return false;
+		}
+		return pg_field_type($cursor, $i);
+	}
+
 	/**
 	 * wrapper for pg_fetch_array
 	 * if through/true false, use __dbResultType(true)
@@ -465,18 +532,37 @@ class PgSQL implements Interface\SqlFunctions
 		return $this->dbh;
 	}
 
+	/**
+	 * Returns last error for active cursor
+	 *
+	 * @return array{0:string,1:string} prefix, error string
+	 */
+	public function __dbPrintLastError(): array
+	{
+		if (is_bool($this->dbh)) {
+			return ['', ''];
+		}
+		if (!empty($error_message = pg_last_error($this->dbh))) {
+			return [
+				'-PostgreSQL-Error-Last-',
+				$error_message
+			];
+		}
+		return ['', ''];
+	}
+
 	/**
 	 * reads the last error for this cursor and returns
 	 * html formatted string with error name
 	 *
 	 * @param  \PgSql\Result|false $cursor cursor
-	 *                              or null
-	 * @return string               error string
+	 *                                     or null
+	 * @return array{0:string,1:string} prefix, error string
 	 */
-	public function __dbPrintError(\PgSql\Result|false $cursor = false): string
+	public function __dbPrintError(\PgSql\Result|false $cursor = false): array
 	{
 		if (is_bool($this->dbh)) {
-			return '';
+			return ['', ''];
 		}
 		// run the query again for the error result here
 		if ((is_bool($cursor)) && $this->last_error_query) {
@@ -485,10 +571,12 @@ class PgSQL implements Interface\SqlFunctions
 			$cursor = pg_get_result($this->dbh);
 		}
 		if ($cursor && $error_str = pg_result_error($cursor)) {
-			return '-PostgreSQL-Error- '
-				. $error_str;
+			return [
+				'-PostgreSQL-Error-',
+				$error_str
+			];
 		} else {
-			return '';
+			return ['', ''];
 		}
 	}
 

src/Debug/Logging.php

@@ -251,22 +251,22 @@ class Logging
 			'debug',
 			$this->options['debug_all'] ??
 				// for user login, should be handled outside like globals
-				$_SESSION['DEBUG_ALL'] ??
-				$GLOBALS['DEBUG_ALL'] ??
+				$_SESSION['DEBUG_ALL'] ?? // DEPRECATED
+				$GLOBALS['DEBUG_ALL'] ?? // DEPRECATED
 				false
 		);
 		$this->setLogLevelAll(
 			'print',
 			$this->options['print_all'] ??
 				// for user login, should be handled outside like globals
-				$_SESSION['DEBUG_ALL'] ??
-				$GLOBALS['PRINT_ALL'] ??
+				$_SESSION['DEBUG_ALL'] ?? // DEPRECATED
+				$GLOBALS['PRINT_ALL'] ?? // DEPRECATED
 				false
 		);
 		$this->setLogLevelAll(
 			'echo',
 			$this->options['echo_all'] ??
-				$GLOBALS['ECHO_ALL'] ??
+				$GLOBALS['ECHO_ALL'] ?? // DEPRECATED
 				false
 		);
 
@@ -274,32 +274,32 @@ class Logging
 		// add file date is default on
 		$this->setGetLogPrintFileDate(
 			$this->options['print_file_date'] ??
-				$GLOBALS['LOG_PRINT_FILE_DATE'] ??
+				$GLOBALS['LOG_PRINT_FILE_DATE'] ?? // DEPRECATED
 				true
 		);
 		// all other logging file name flags are off
 		$this->setLogPer(
 			'level',
 			$this->options['per_level'] ??
-				$GLOBALS['LOG_PER_LEVEL'] ??
+				$GLOBALS['LOG_PER_LEVEL'] ?? // DEPRECATED
 				false
 		);
 		$this->setLogPer(
 			'class',
 			$this->options['per_class'] ??
-				$GLOBALS['LOG_PER_CLASS'] ??
+				$GLOBALS['LOG_PER_CLASS'] ?? // DEPRECATED
 				false
 		);
 		$this->setLogPer(
 			'page',
 			$this->options['per_page'] ??
-				$GLOBALS['LOG_PER_PAGE'] ??
+				$GLOBALS['LOG_PER_PAGE'] ?? // DEPRECATED
 				false
 		);
 		$this->setLogPer(
 			'run',
 			$this->options['per_run'] ??
-				$GLOBALS['LOG_PER_RUN'] ??
+				$GLOBALS['LOG_PER_RUN'] ?? // DEPRECATED
 				false
 		);
 		// set log per date

src/Language/GetLocale.php

@@ -21,6 +21,7 @@ class GetLocale
 	 * @param  string|null $encoding override encoding
 	 * @param  string|null $path     override path
 	 * @return array<string,string>  locale, domain, encoding, path
+	 * @deprecated use GetLocale::setLocaleSession(...) instead
 	 */
 	public static function setLocale(
 		?string $locale = null,
@@ -28,6 +29,10 @@ class GetLocale
 		?string $encoding = null,
 		?string $path = null
 	): array {
+		trigger_error(
+			'Use \CoreLibs\Language\GetLocale::setLocaleSession(...) instead',
+			E_USER_DEPRECATED
+		);
 		// locale must match at least basic rules
 		if (
 			empty($locale) ||
@@ -137,6 +142,113 @@ class GetLocale
 			'path' => $path,
 		];
 	}
+
+	/**
+	 * NOTE: For getting the login info via login class use ->loginGetLocale()
+	 *
+	 * Set locale from session or from override parameters
+	 * This is the prefered version to setLocale
+	 * It usese the following SESSION VARIABLES
+	 * DEFAULT_LOCALE
+	 * DEFAULT_DOMAIN
+	 * DEFAULT_CHARSET (should be set from DEFAULT_LOCALE)
+	 * LOCALE_PATH
+	 * in the return array, null set invalid information
+	 *
+	 * @param  string $locale   override locale
+	 * @param  string $domain   override domain
+	 * @param  string $encoding override encoding
+	 * @param  string $path     override path
+	 * @return array<string,string>  locale, domain, encoding, path
+	 * @return array<string,string|null> Return list of set locale information
+	 * @deprecated This version will be removed in a future version use ACL\Login->loginGetLocale() instead
+	 */
+	public static function setLocaleFromSession(
+		string $locale,
+		string $domain,
+		string $encoding,
+		string $path
+	): array {
+		// locale must match at least basic rules
+		if (
+			!empty($_SESSION['DEFAULT_LOCALE']) &&
+			preg_match("/^[-A-Za-z0-9_.@]+$/", $_SESSION['DEFAULT_LOCALE'])
+		) {
+			// parse from session (logged in)
+			$locale = $_SESSION['DEFAULT_LOCALE'];
+		} elseif (
+			empty($locale) ||
+			!preg_match("/^[-A-Za-z0-9_.@]+$/", $locale)
+		) {
+			$locale = null;
+		}
+		// if domain is set, must be alphanumeric, if not unset
+		if (
+			!empty($_SESSION['DEFAULT_DOMAIN']) &&
+			preg_match("/^\w+$/", $_SESSION['DEFAULT_DOMAIN'])
+		) {
+			$domain = $_SESSION['DEFAULT_DOMAIN'];
+		} elseif (
+			empty($domain) ||
+			!preg_match("/^\w+$/", $domain)
+		) {
+			$domain = null;
+		}
+		// check that override encoding matches locale encoding
+		// if locale encoding is set
+		preg_match('/(?:\\.(?P<charset>[-A-Za-z0-9_]+))/', $locale ?? '', $matches);
+		$locale_encoding = $matches['charset'] ?? null;
+		if (!empty($locale_encoding)) {
+			$encoding = strtoupper($locale_encoding);
+		} elseif (
+			!empty($_SESSION['DEFAULT_CHARSET']) &&
+			preg_match("/^[-A-Za-z0-9_]+$/", $_SESSION['DEFAULT_CHARSET'])
+		) {
+			$encoding = $_SESSION['DEFAULT_CHARSET'];
+		} elseif (
+			empty($encoding) ||
+			// not valid encoding
+			!preg_match("/^[-A-Za-z0-9_]+$/", $encoding)
+		) {
+			$encoding = null;
+		}
+		// path checks if set, if not valid path unset to default BASE path
+		if (
+			!empty($_SESSION['LOCALE_PATH']) &&
+			is_dir($_SESSION['LOCALE_PATH'])
+		) {
+			$path = $_SESSION['LOCALE_PATH'];
+		} elseif (
+			empty($path) ||
+			!is_dir($path)
+		) {
+			$path = null;
+		}
+		// extract lang & country from locale string, else set to en
+		if (
+			preg_match(
+				// lang
+				'/^(?P<lang>[a-z]{2,3})'
+				// country code
+				. '(?:_(?P<country>[A-Z]{2}))?/',
+				$locale ?? '',
+				$matches
+			)
+		) {
+			$lang = ($matches['lang'] ?? 'en')
+				// add country only if set
+				. (!empty($matches['country']) ? '_' . $matches['country'] : '');
+		} else {
+			$lang = null;
+		}
+		return [
+			'locale' => $locale,
+			'lang' => $lang,
+			'domain' => $domain,
+			'encoding' => $encoding,
+			'path' => $path,
+		];
+	}
 }
 
 // __END__

src/Language/L10n.php

@@ -32,12 +32,18 @@ use CoreLibs\Language\Core\GetTextReader;
 
 class L10n
 {
+	/** @var string the default fallback encoding if nothing is set */
+	public const DEFAULT_CHARSET = 'UTF-8';
 	/** @var string the current locale */
 	private $locale = '';
 	/** @var string the SET locale as WHERE the domain file is */
 	private $locale_set = '';
 	/** @var string the default selected/active domain */
 	private $domain = '';
+	/** @var string encoding, as from locale or set from outside */
+	private $override_encoding = self::DEFAULT_CHARSET;
+	/** @var string encoding set during the parse Locale */
+	private $encoding = '';
 	/** @var array<string,array<string,GetTextReader>> locale > domain = translator */
 	private $domains = [];
 	/** @var array<string,string> bound paths for domains */
@@ -71,15 +77,18 @@ class L10n
 	 * if locale is not empty will load translation
 	 * else getTranslator needs to be called
 	 *
-	 * @param string $locale language name, default empty string
-	 *                       will return self instance
-	 * @param string $domain override CONTENT_PATH . $encoding name for mo file
-	 * @param string $path   path, if empty fallback on default internal path
+	 * @param string $locale   language name, default empty string
+	 *                         will return self instance
+	 * @param string $domain   override CONTENT_PATH . $encoding name for mo file
+	 * @param string $path     path, if empty fallback on default internal path
+	 * @param string $encoding Optional encoding, should be set if locale has
+	 *                         no encoding, defaults to UTF-8
 	 */
 	public function __construct(
 		string $locale = '',
 		string $domain = '',
-		string $path = ''
+		string $path = '',
+		string $encoding = ''
 	) {
 		// auto load language only if at least locale and domain is set
 		// New: path must be set too, or we fall through
@@ -103,7 +112,7 @@ class L10n
 				$path = $domain;
 				$domain = $_domain;
 			}
-			$this->getTranslator($locale, $domain, $path);
+			$this->getTranslator($locale, $domain, $path, $encoding);
 		}
 	}
 
@@ -137,13 +146,15 @@ class L10n
 	 *
 	 * @param string $locale language name, if not set, try previous set
 	 * @param string $domain set name for mo file, if not set, try previous set
-	 * @param string $path   path, if not set try to get from paths array, else self
+	 * @param string $path path, if not set try to get from paths array, else self
+	 * @param string $override_encoding if locale does not env encoding set, use this one
 	 * @return GetTextReader the main gettext reader object
 	 */
 	public function getTranslator(
 		string $locale = '',
 		string $domain = '',
-		string $path = ''
+		string $path = '',
+		string $override_encoding = '',
 	): GetTextReader {
 		// set local if not from parameter
 		if (empty($locale)) {
@@ -153,11 +164,16 @@ class L10n
 		if (empty($domain)) {
 			$domain = $this->domain;
 		}
+		// override encoding for unset
+		if (!empty($override_encoding)) {
+			$this->override_encoding = $override_encoding;
+		}
 		// store old settings
 		$old_mofile = $this->mofile;
 		$old_lang = $this->locale;
 		$old_lang_set = $this->locale_set;
 		$old_domain = $this->domain;
+		$old_encoding = $this->encoding;
 		$old_base_locale_path = $this->base_locale_path;
 		$old_base_content_path = $this->base_content_path;
 
@@ -186,6 +202,7 @@ class L10n
 		// now we loop over lang compositions to get the base path
 		// then we check
 		$locales = $this->listLocales($locale);
+		$encoding = $this->getEncodingFromLocale($locale);
 		foreach ($locales as $_locale) {
 			$this->base_content_path = $_locale . DIRECTORY_SEPARATOR
 				. 'LC_MESSAGES' . DIRECTORY_SEPARATOR;
@@ -202,6 +219,7 @@ class L10n
 		if (is_readable($this->mofile)) {
 			// locale and domain current wanted
 			$this->locale = $locale;
+			$this->encoding = $encoding;
 			$this->domain = $domain;
 			// set empty domains path with current locale
 			if (empty($this->domains[$locale])) {
@@ -225,6 +243,7 @@ class L10n
 			$this->mofile = $old_mofile;
 			$this->locale = $old_lang;
 			$this->locale_set = $old_lang_set;
+			$this->encoding = $old_encoding;
 			$this->domain = $old_domain;
 			$this->base_locale_path = $old_base_locale_path;
 			$this->base_content_path = $old_base_content_path;
@@ -258,21 +277,36 @@ class L10n
 		return $this->l10n;
 	}
 
+	/**
+	 * Extract encoding from Locale, or fallback to override one if not set
+	 *
+	 * @param  string $locale
+	 * @return string
+	 */
+	private function getEncodingFromLocale(string $locale): string
+	{
+		// extract charset from $locale
+		// if not set get override encoding
+		preg_match('/(?:\\.(?P<charset>[-A-Za-z0-9_]+))/', $locale, $matches);
+		return $matches['charset'] ?? $this->override_encoding;
+	}
+
 	/**
 	 * Get the local as array same to the GetLocale::setLocale return
 	 * This does not set from outside, but only what is set in the l10n class
 	 *
-	 * @return array{locale: string, lang: string|null, domain: string, encoding: string|null, path: string}
+	 * @return array{locale: string, lang: string, lang_short: string, domain: string, encoding: string, path: string}
 	 */
 	public function getLocaleAsArray(): array
 	{
 		$locale = L10n::parseLocale($this->getLocale());
 		return [
 			'locale' => $this->getLocale(),
-			'lang' => $locale['lang']
+			'lang' => ($locale['lang'] ?? '')
 				. (!empty($locale['country']) ? '_' . $locale['country'] : ''),
+			'lang_short' => $locale['lang'] ?? '',
 			'domain' => $this->getDomain(),
-			'encoding' => $locale['charset'],
+			'encoding' => $this->getEncoding(),
 			'path' => $this->getBaseLocalePath(),
 		];
 	}
@@ -515,6 +549,37 @@ class L10n
 		return $this->locale_set;
 	}
 
+	/**
+	 * Set override encoding
+	 *
+	 * @param  string $encoding
+	 * @return void
+	 */
+	public function setOverrideEncoding(string $encoding): void
+	{
+		$this->override_encoding = $encoding;
+	}
+
+	/**
+	 * return current set override encoding
+	 *
+	 * @return string
+	 */
+	public function getOverrideEncoding(): string
+	{
+		return $this->override_encoding;
+	}
+
+	/**
+	 * Current set encoding
+	 *
+	 * @return string
+	 */
+	public function getEncoding(): string
+	{
+		return $this->encoding;
+	}
+
 	/**
 	 * get current set language
 	 *

src/Output/Form/Generate.php

@@ -277,6 +277,8 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	private $acl_admin = 0;
 	/** @var array<mixed> */
 	public $security_level;
+	/** @var array<string,mixed> Login ACL */
+	public $login_acl = [];
 	// layout publics
 	/** @var int */
 	public $table_width;
@@ -308,7 +310,8 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	 * @param array<mixed>            $db_config    db config array, mandatory
 	 * @param \CoreLibs\Debug\Logging $log          Logging class
 	 * @param \CoreLibs\Language\L10n $l10n         l10n language class
-	 * @param array<string,string>    $locale       locale array from ::setLocale
+	 * @param array<string,mixed>     $login_acl	Login ACL array,
+	 *                                              at least base/admin should be set
 	 * @param array<mixed>|null       $table_arrays Override table array data
 	 *                                              instead of try to load from
 	 *                                              include file
@@ -318,7 +321,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		array $db_config,
 		\CoreLibs\Debug\Logging $log,
 		\CoreLibs\Language\L10n $l10n,
-		array $locale,
+		array $login_acl,
 		?array $table_arrays = null,
 	) {
 		// init logger if not set
@@ -327,19 +330,19 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		$this->log->setLogPer('class', false);
 		// init the language class
 		$this->l = $l10n;
-		// legacy lang vars set
+		// parse and read, legacy stuff
+		$locale = $this->l->getLocaleAsArray();
 		$this->encoding = $locale['encoding'];
 		$this->lang = $locale['lang'];
-		// get first part from lang
-		$this->lang_short = explode('_', $locale['lang'])[0];
-		$this->domain = $this->l->getDomain();
-		$this->lang_dir = $this->l->getBaseLocalePath();
+		$this->lang_short = $locale['lang_short'];
+		$this->domain = $locale['domain'];
+		$this->lang_dir = $locale['path'];
 		// load config array
 		// get table array definitions for current page name
-
+		$this->login_acl = $login_acl;
 		// security settings
-		$this->base_acl_level = (int)$_SESSION['BASE_ACL_LEVEL'];
-		$this->acl_admin = (int)$_SESSION['ADMIN'];
+		$this->base_acl_level = $this->login_acl['base'] ?? 0;
+		$this->acl_admin = $this->login_acl['admin'] ?? 0;
 
 		// replace any non valid variable names and set my page name
 		$this->my_page_name = str_replace(
@@ -377,7 +380,6 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$this->base_acl_level,
 			$this->acl_admin
 		);
-		// $this->log->debug('SESSION FORM', 'sessin: ' . $this->log->prAr($_SESSION));
 		// here should be a check if the config_array is correct ...
 		if (isset($config_array['show_fields']) && is_array($config_array['show_fields'])) {
 			$this->field_array = $config_array['show_fields'];
@@ -1952,7 +1954,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				if ($this->table_array[$key]['value']) {
 					// use the better new passwordSet instead of crypt based
 					$this->table_array[$key]['value'] =
-						\CoreLibs\Check\Password::passwordSet($this->table_array[$key]['value']);
+						\CoreLibs\Security\Password::passwordSet($this->table_array[$key]['value']);
 					$this->table_array[$key]['HIDDEN_value'] = $this->table_array[$key]['value'];
 				} else {
 					// $this->table_array[$key]['HIDDEN_value'] =

src/Security/CreateKey.php

@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * very simple symmetric encryption
+ * better use: https://paragonie.com/project/halite
+ *
+ * this is for creating secret keys for
+ * Security\SymmetricEncryption
+ */
+
+declare(strict_types=1);
+
+namespace CoreLibs\Security;
+
+class CreateKey
+{
+	/**
+	 * Create a random key that is a hex string
+	 *
+	 * @return string Hex string key for encrypting
+	 */
+	public static function generateRandomKey(): string
+	{
+		return self::bin2hex(self::randomKey());
+	}
+
+	/**
+	 * create a random string as binary to encrypt data
+	 * to store it in clear text in some .env file use bin2hex
+	 *
+	 * @return string Binary string for encryption
+	 */
+	public static function randomKey(): string
+	{
+		return random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
+	}
+
+	/**
+	 * convert binary key to hex string
+	 *
+	 * @param  string $hex_key Convert binary key string to hex
+	 * @return string
+	 */
+	public static function bin2hex(string $hex_key): string
+	{
+		return sodium_bin2hex($hex_key);
+	}
+
+	/**
+	 * convert hex string to binary key
+	 *
+	 * @param  string $string_key Convery hex key string to binary
+	 * @return string
+	 */
+	public static function hex2bin(string $string_key): string
+	{
+		return sodium_hex2bin($string_key);
+	}
+}
+
+// __END__

src/Security/Password.php

@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * core password set, check and rehash check wrapper functions
+ */
+
+declare(strict_types=1);
+
+namespace CoreLibs\Security;
+
+class Password
+{
+	/**
+	 * creates the password hash
+	 *
+	 * @param  string $password password
+	 * @return string           hashed password
+	 */
+	public static function passwordSet(string $password): string
+	{
+		// always use the PHP default for the password
+		// password options ca be set in the password init,
+		// but should be kept as default
+		return password_hash($password, PASSWORD_DEFAULT);
+	}
+
+	/**
+	 * checks if the entered password matches the hash
+	 *
+	 * @param  string $password password
+	 * @param  string $hash     password hash
+	 * @return bool             true or false
+	 */
+	public static function passwordVerify(string $password, string $hash): bool
+	{
+		if (password_verify($password, $hash)) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	/**
+	 * checks if the password needs to be rehashed
+	 *
+	 * @param  string $hash password hash
+	 * @return bool         true or false
+	 */
+	public static function passwordRehashCheck(string $hash): bool
+	{
+		if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+}
+
+// __END__

src/Security/SymmetricEncryption.php

@@ -0,0 +1,96 @@
+<?php
+
+/**
+ * very simple symmetric encryption
+ * Better use: https://paragonie.com/project/halite
+ *
+ * current code is just to encrypt and decrypt
+ *
+ * must use a valid encryption key created with
+ * Secruty\CreateKey class
+ */
+
+declare(strict_types=1);
+
+namespace CoreLibs\Security;
+
+use CoreLibs\Security\CreateKey;
+use SodiumException;
+
+class SymmetricEncryption
+{
+	/**
+	 * Encrypt a message
+	 *
+	 * @param  string $message Message to encrypt
+	 * @param  string $key     Encryption key (as hex string)
+	 * @return string
+	 * @throws \RangeException
+	 */
+	public static function encrypt(string $message, string $key): string
+	{
+		try {
+			$key = CreateKey::hex2bin($key);
+		} catch (SodiumException $e) {
+			throw new \Exception('Invalid hex key');
+		}
+		if (mb_strlen($key, '8bit') !== SODIUM_CRYPTO_SECRETBOX_KEYBYTES) {
+			throw new \RangeException(
+				'Key is not the correct size (must be '
+					. 'SODIUM_CRYPTO_SECRETBOX_KEYBYTES bytes long).'
+			);
+		}
+		$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
+
+		$cipher = base64_encode(
+			$nonce
+			. sodium_crypto_secretbox(
+				$message,
+				$nonce,
+				$key
+			)
+		);
+		sodium_memzero($message);
+		sodium_memzero($key);
+		return $cipher;
+	}
+
+	/**
+	 * Decrypt a message
+	 *
+	 * @param  string $encrypted Message encrypted with safeEncrypt()
+	 * @param  string $key       Encryption key (as hex string)
+	 * @return string
+	 * @throws \Exception
+	 */
+	public static function decrypt(string $encrypted, string $key): string
+	{
+		try {
+			$key = CreateKey::hex2bin($key);
+		} catch (SodiumException $e) {
+			throw new \Exception('Invalid hex key');
+		}
+		$decoded = base64_decode($encrypted);
+		$nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
+		$ciphertext = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
+
+		$plain = false;
+		try {
+			$plain = sodium_crypto_secretbox_open(
+				$ciphertext,
+				$nonce,
+				$key
+			);
+		} catch (SodiumException $e) {
+			throw new \Exception('Invalid ciphertext (too short)');
+		}
+		if (!is_string($plain)) {
+			throw new \Exception('Invalid Key');
+		}
+		sodium_memzero($ciphertext);
+		sodium_memzero($key);
+		return $plain;
+	}
+}
+
+// __END__

src/Template/SmartyExtend.php

@@ -160,13 +160,11 @@ class SmartyExtend extends \Smarty
 	 * also registers the getvar caller plugin
 	 *
 	 * @param \CoreLibs\Language\L10n $l10n l10n language class
-	 * @param array<string,string>    $locale locale data read from setLocale
 	 * @param string|null             $cache_id
 	 * @param string|null             $compile_id
 	 */
 	public function __construct(
 		\CoreLibs\Language\L10n $l10n,
-		array $locale,
 		?string $cache_id = null,
 		?string $compile_id = null
 	) {
@@ -192,13 +190,12 @@ class SmartyExtend extends \Smarty
 		// iinit lang
 		$this->l10n = $l10n;
 		// parse and read, legacy stuff
+		$locale = $this->l10n->getLocaleAsArray();
 		$this->encoding = $locale['encoding'];
 		$this->lang = $locale['lang'];
-		// get first part from lang
-		$this->lang_short = explode('_', $locale['lang'])[0];
-		$this->domain = $this->l10n->getDomain();
-		$this->locale_set = $this->l10n->getLocaleSet();
-		$this->lang_dir = $this->l10n->getBaseLocalePath();
+		$this->lang_short = $locale['lang_short'];
+		$this->domain = $locale['domain'];
+		$this->lang_dir = $locale['path'];
 
 		// opt load functions so we can use legacy init for smarty run perhaps
 		\CoreLibs\Language\L10n::loadFunctions();
@@ -455,92 +452,95 @@ class SmartyExtend extends \Smarty
 	 * wrapper call for setSmartyVars
 	 * this is for frontend type and will not set any only admin needed variables
 	 *
-	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
-	 * @param  string|null $cache_dir            BASE . CACHE
-	 * @param  string|null $set_js               JS
-	 * @param  string|null $set_css              CSS
-	 * @param  string|null $set_font             FONT
-	 * @param  string|null $set_default_encoding DEFAULT_ENCODING
-	 * @param  string|null $set_g_title          G_TITLE
-	 * @param  string|null $set_stylesheet       STYLESHEET
-	 * @param  string|null $set_javascript       JAVASCRIPT
-	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
-	 *                                           smarty variables merge
+	 * @param  array<string,string> $options list with the following value:
+	 *                              compile_dir      :BASE . TEMPLATES_C
+	 *                              cache_dir        :BASE . CACHE
+	 *                              js               :JS
+	 *                              css              :CSS
+	 *                              font             :FONT
+	 *                              default_encoding :DEFAULT_ENCODING
+	 *                              g_title          :G_TITLE
+	 *                              stylesheet       :STYLESHEET
+	 *                              javascript       :JAVASCRIPT
+	 * @param  array<string,mixed>  $smarty_data     array of three keys
+	 *                                               that hold smarty set strings
+	 *                                               HEADER, DATA, DEBUG_DATA
 	 * @return void
 	 */
 	public function setSmartyVarsFrontend(
-		?string $compile_dir = null,
-		?string $cache_dir = null,
-		?string $set_js = null,
-		?string $set_css = null,
-		?string $set_font = null,
-		?string $set_default_encoding = null,
-		?string $set_g_title = null,
-		?string $set_stylesheet = null,
-		?string $set_javascript = null,
-		?\CoreLibs\Admin\Backend $cms = null
+		array $options,
+		array $smarty_data
 	): void {
 		$this->setSmartyVars(
 			false,
-			$cms,
-			$compile_dir,
-			$cache_dir,
-			$set_js,
-			$set_css,
-			$set_font,
-			$set_default_encoding,
-			$set_g_title,
+			$smarty_data,
+			null,
+			$options['compile_dir'] ?? null,
+			$options['cache_dir'] ?? null,
+			$options['js'] ?? null,
+			$options['css'] ?? null,
+			$options['font'] ?? null,
+			$options['default_encoding'] ?? null,
+			$options['g_title'] ?? null,
 			null,
 			null,
 			null,
-			$set_stylesheet,
-			$set_javascript
+			null,
+			null,
+			$options['stylesheet'] ?? null,
+			$options['javascript'] ?? null
 		);
 	}
 
 	/**
 	 * wrapper call for setSmartyVars
 	 * this is only for admin interface and will set additional variables
-	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
-	 * @param  string|null $cache_dir            BASE . CACHE
-	 * @param  string|null $set_js               JS
-	 * @param  string|null $set_css              CSS
-	 * @param  string|null $set_font             FONT
-	 * @param  string|null $set_default_encoding DEFAULT_ENCODING
-	 * @param  string|null $set_g_title          G_TITLE
-	 * @param  string|null $set_admin_stylesheet ADMIN_STYLESHEET
-	 * @param  string|null $set_admin_javascript ADMIN_JAVASCRIPT
-	 * @param  string|null $set_page_width       PAGE_WIDTH
+	 * @param  array<string,string> $options list with the following value:
+	 *                              compile_dir      :BASE . TEMPLATES_C
+	 *                              cache_dir        :BASE . CACHE
+	 *                              js               :JS
+	 *                              css              :CSS
+	 *                              font             :FONT
+	 *                              default_encoding :DEFAULT_ENCODING
+	 *                              g_title          :G_TITLE
+	 *                              admin_stylesheet :ADMIN_STYLESHEET
+	 *                              admin_javascript :ADMIN_JAVASCRIPT
+	 *                              page_width       :PAGE_WIDTH
+	 *                              content_path     :CONTENT_PATH
+	 *                              user_name        :_SESSION['USER_NAME']
 	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
 	 *                                           smarty variables merge
 	 * @return void
 	 */
 	public function setSmartyVarsAdmin(
-		?string $compile_dir = null,
-		?string $cache_dir = null,
-		?string $set_js = null,
-		?string $set_css = null,
-		?string $set_font = null,
-		?string $set_default_encoding = null,
-		?string $set_g_title = null,
-		?string $set_admin_stylesheet = null,
-		?string $set_admin_javascript = null,
-		?string $set_page_width = null,
+		array $options,
 		?\CoreLibs\Admin\Backend $cms = null
 	): void {
+		// if we have cms data, check for array blocks and build
+		$smarty_data = [];
+		if ($cms !== null) {
+			$smarty_data = [
+				'HEADER' => $cms->HEADER,
+				'DATA' => $cms->DATA,
+				'DEBUG_DATA' => $cms->DEBUG_DATA
+			];
+		}
 		$this->setSmartyVars(
 			true,
+			$smarty_data,
 			$cms,
-			$compile_dir,
-			$cache_dir,
-			$set_js,
-			$set_css,
-			$set_font,
-			$set_g_title,
-			$set_default_encoding,
-			$set_admin_stylesheet,
-			$set_admin_javascript,
-			$set_page_width,
+			$options['compile_dir'] ?? null,
+			$options['cache_dir'] ?? null,
+			$options['js'] ?? null,
+			$options['css'] ?? null,
+			$options['font'] ?? null,
+			$options['g_title'] ?? null,
+			$options['default_encoding'] ?? null,
+			$options['admin_stylesheet'] ?? null,
+			$options['admin_javascript'] ?? null,
+			$options['page_width'] ?? null,
+			$options['content_path'] ?? null,
+			$options['user_name'] ?? null,
 			null,
 			null
 		);
@@ -552,6 +552,7 @@ class SmartyExtend extends \Smarty
 	 *
 	 * @param  bool        $admin_call           default false
 	 *                                           will set admin only variables
+	 * @param  array<string,mixed> $smarty_data  smarty data to merge
 	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
 	 *                                           smarty variables merge
 	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
@@ -564,12 +565,15 @@ class SmartyExtend extends \Smarty
 	 * @param  string|null $set_admin_stylesheet ADMIN_STYLESHEET
 	 * @param  string|null $set_admin_javascript ADMIN_JAVASCRIPT
 	 * @param  string|null $set_page_width       PAGE_WIDTH
+	 * @param  string|null $set_content_path     CONTENT_PATH  (only if $cms set and admin)
+	 * @param  string|null $set_user_name        _SESSION['USER_NAME']
 	 * @param  string|null $set_stylesheet       STYLESHEET
 	 * @param  string|null $set_javascript       JAVASCRIPT
 	 * @return void
 	 */
 	private function setSmartyVars(
 		bool $admin_call,
+		array $smarty_data = [],
 		?\CoreLibs\Admin\Backend $cms = null,
 		?string $compile_dir = null,
 		?string $cache_dir = null,
@@ -581,8 +585,10 @@ class SmartyExtend extends \Smarty
 		?string $set_admin_stylesheet = null,
 		?string $set_admin_javascript = null,
 		?string $set_page_width = null,
+		?string $set_content_path = null,
+		?string $set_user_name = null,
 		?string $set_stylesheet = null,
-		?string $set_javascript = null
+		?string $set_javascript = null,
 	): void {
 		// trigger deprecation
 		if (
@@ -597,7 +603,8 @@ class SmartyExtend extends \Smarty
 				$admin_call === true && (
 					$set_admin_stylesheet === null ||
 					$set_admin_javascript === null ||
-					$set_page_width === null
+					$set_page_width === null ||
+					$set_user_name === null
 				)
 			) ||
 			(
@@ -605,6 +612,9 @@ class SmartyExtend extends \Smarty
 					$set_stylesheet === null ||
 					$set_javascript === null
 				)
+			) ||
+			(
+				$admin_call === true && $cms !== null && $set_content_path === null
 			)
 		) {
 			/** @deprecated setSmartyVars call without parameters */
@@ -624,24 +634,12 @@ class SmartyExtend extends \Smarty
 		$set_admin_stylesheet = $set_admin_stylesheet ?? ADMIN_STYLESHEET;
 		$set_admin_javascript = $set_admin_javascript ?? ADMIN_JAVASCRIPT;
 		$set_page_width = $set_page_width ?? PAGE_WIDTH;
+		$set_content_path = $set_content_path ?? CONTENT_PATH;
 		$set_stylesheet = $set_stylesheet ?? STYLESHEET;
 		$set_javascript = $set_javascript ?? JAVASCRIPT;
-		// depreacte call globals cms on null 4mcs
-		if (
-			$cms === null &&
-			isset($GLOBALS['cms'])
-		) {
-			/** @deprecated setSmartyVars globals cms is deprecated */
-			trigger_error(
-				'Calling setSmartyVars without cms parameter when needed is deprecated',
-				E_USER_DEPRECATED
-			);
-		}
-		// this is ugly
-		$cms = $cms ?? $GLOBALS['cms'] ?? null;
-		if ($cms instanceof \CoreLibs\Admin\Backend) {
-			$this->mergeCmsSmartyVars($cms);
-		}
+		$set_user_name = $set_user_name ?? $_SESSION['USER_NAME'] ?? '';
+		// merge additional smarty data
+		$this->mergeCmsSmartyVars($smarty_data);
 
 		// trigger flags
 		$this->HEADER['USE_PROTOTYPE'] = $this->USE_PROTOTYPE;
@@ -683,12 +681,27 @@ class SmartyExtend extends \Smarty
 		$this->DATA['FORM_ACTION'] = $this->FORM_ACTION;
 		// special for admin
 		if ($admin_call === true) {
+			// depreacte call globals cms on null 4mcs
+			if (
+				$cms === null &&
+				isset($GLOBALS['cms'])
+			) {
+				/** @deprecated setSmartyVars globals cms is deprecated */
+				trigger_error(
+					'Calling setSmartyVars without cms parameter when needed is deprecated',
+					E_USER_DEPRECATED
+				);
+			}
+			// this is ugly
+			$cms = $cms ?? $GLOBALS['cms'] ?? null;
 			// set ACL extra show
 			if ($cms instanceof \CoreLibs\Admin\Backend) {
 				$this->DATA['show_ea_extra'] = $cms->acl['show_ea_extra'] ?? false;
 				$this->DATA['ADMIN'] = $cms->acl['admin'] ?? 0;
 				// top menu
-				$this->DATA['nav_menu'] = $cms->adbTopMenu();
+				$this->DATA['nav_menu'] = $cms->adbTopMenu(
+					$set_content_path
+				);
 				$this->DATA['nav_menu_count'] = count($this->DATA['nav_menu']);
 				// messages = ['msg' =>, 'class' => 'error/warning/...']
 				$this->DATA['messages'] = $cms->messages;
@@ -734,7 +747,7 @@ class SmartyExtend extends \Smarty
 		$this->DATA['JS_FLATPICKR'] = $this->JS_FLATPICKR;
 		$this->DATA['JS_FILE_UPLOADER'] = $this->JS_FILE_UPLOADER;
 		// user name
-		$this->DATA['USER_NAME'] = !empty($_SESSION['USER_NAME']) ? $_SESSION['USER_NAME'] : '';
+		$this->DATA['USER_NAME'] = $set_user_name;
 		// the template part to include into the body
 		$this->DATA['TEMPLATE_NAME'] = $this->TEMPLATE_NAME;
 		$this->DATA['CONTENT_INCLUDE'] = $this->CONTENT_INCLUDE;
@@ -748,18 +761,18 @@ class SmartyExtend extends \Smarty
 	/**
 	 * merge outside object HEADER/DATA/DEBUG_DATA vars into the smarty class
 	 *
-	 * @param  \CoreLibs\Admin\Backend $cms object that has header/data/debug_data
+	 * @param  array<string,mixed> $smarty_data array that has header/data/debug_data
 	 * @return void
 	 */
-	public function mergeCmsSmartyVars(\CoreLibs\Admin\Backend $cms): void
+	public function mergeCmsSmartyVars(array $smarty_data): void
 	{
 		// array merge HEADER, DATA, DEBUG DATA
 		foreach (['HEADER', 'DATA', 'DEBUG_DATA'] as $ext_smarty) {
 			if (
-				isset($cms->{$ext_smarty}) &&
-				is_array($cms->{$ext_smarty})
+				isset($smarty_data[$ext_smarty]) &&
+				is_array($smarty_data[$ext_smarty])
 			) {
-				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $cms->{$ext_smarty});
+				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $smarty_data[$ext_smarty]);
 			}
 		}
 	}

test/phpunit/ACL/CoreLibsACLLoginTest.php

@@ -7,6 +7,14 @@ namespace tests;
 use PHPUnit\Framework\TestCase;
 use PHPUnit\Framework\MockObject\MockObject;
 
+/*
+Not yet covered tests:
+- loginGetLocale
+- loginGetHeaderColor
+- loginGetPages
+- loginGetEuid
+*/
+
 /**
  * Test class for ACL\Login
  * @coversDefaultClass \CoreLibs\ACL\Login
@@ -259,6 +267,8 @@ final class CoreLibsACLLoginTest extends TestCase
 					'GROUP_ACL_LEVEL' => -1,
 					'PAGES_ACL_LEVEL' => [],
 					'USER_ACL_LEVEL' => -1,
+					'USER_ADDITIONAL_ACL' => [],
+					'GROUP_ADDITIONAL_ACL' => [],
 					'UNIT_UID' => [
 						'AdminAccess' => 1,
 					],
@@ -272,6 +282,7 @@ final class CoreLibsACLLoginTest extends TestCase
 							'data' => [
 								'test' => 'value',
 							],
+							'additional_acl' => []
 						],
 					],
 					// 'UNIT_DEFAULT' => '',
@@ -1114,6 +1125,7 @@ final class CoreLibsACLLoginTest extends TestCase
 					'logout_target' => '',
 					'site_locale' => 'en_US.UTF-8',
 					'site_domain' => 'admin',
+					'site_encoding' => 'UTF-8',
 					'locale_path' => __DIR__ . DIRECTORY_SEPARATOR
 						. 'includes' . DIRECTORY_SEPARATOR
 						. 'locale' . DIRECTORY_SEPARATOR,
@@ -1796,6 +1808,7 @@ final class CoreLibsACLLoginTest extends TestCase
 					'logout_target' => '',
 					'site_locale' => 'en_US.UTF-8',
 					'site_domain' => 'admin',
+					'site_encoding' => 'UTF-8',
 					'locale_path' => __DIR__ . DIRECTORY_SEPARATOR
 						. 'includes' . DIRECTORY_SEPARATOR
 						. 'locale' . DIRECTORY_SEPARATOR,
@@ -1909,6 +1922,7 @@ final class CoreLibsACLLoginTest extends TestCase
 					'logout_target' => '',
 					'site_locale' => 'en_US.UTF-8',
 					'site_domain' => 'admin',
+					'site_encoding' => 'UTF-8',
 					'locale_path' => __DIR__ . DIRECTORY_SEPARATOR
 						. 'includes' . DIRECTORY_SEPARATOR
 						. 'locale' . DIRECTORY_SEPARATOR,
@@ -1996,6 +2010,7 @@ final class CoreLibsACLLoginTest extends TestCase
 					'logout_target' => '',
 					'site_locale' => 'en_US.UTF-8',
 					'site_domain' => 'admin',
+					'site_encoding' => 'UTF-8',
 					'locale_path' => __DIR__ . DIRECTORY_SEPARATOR
 						. 'includes' . DIRECTORY_SEPARATOR
 						. 'locale' . DIRECTORY_SEPARATOR,
@@ -2091,6 +2106,7 @@ final class CoreLibsACLLoginTest extends TestCase
 					'logout_target' => '',
 					'site_locale' => 'en_US.UTF-8',
 					'site_domain' => 'admin',
+					'site_encoding' => 'UTF-8',
 					'locale_path' => __DIR__ . DIRECTORY_SEPARATOR
 						. 'includes' . DIRECTORY_SEPARATOR
 						. 'locale' . DIRECTORY_SEPARATOR,

test/phpunit/Combined/CoreLibsCombinedArrayHandlerTest.php

@@ -31,6 +31,7 @@ final class CoreLibsCombinedArrayHandlerTest extends TestCase
 		4,
 		'b',
 		'c' => 'test',
+		'single' => 'single',
 		'same' => 'same',
 		'deep' => [
 			'sub' => [
@@ -288,6 +289,188 @@ final class CoreLibsCombinedArrayHandlerTest extends TestCase
 		];
 	}
 
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function arraySearchKeyProvider(): array
+	{
+		/*
+		0: search in array
+		1: search keys
+		2: flat flag
+		3: prefix flag
+		4: expected array
+		*/
+		return [
+			// single
+			'find single, standard' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => null,
+				3 => null,
+				4 => [
+					0 => [
+						'value' => 'single',
+						'path' => ['single'],
+					],
+				],
+			],
+			'find single, prefix' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => null,
+				3 => true,
+				4 => [
+					'single' => [
+						0 => [
+							'value' => 'single',
+							'path' => ['single'],
+						],
+					],
+				],
+			],
+			'find single, flat' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => true,
+				3 => null,
+				4 => [
+					'single',
+				],
+			],
+			'find single, flat, prefix' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => true,
+				3 => true,
+				4 => [
+					'single' => [
+						'single',
+					],
+				],
+			],
+			// not found
+			'not found, standard' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => null,
+				3 => null,
+				4 => [],
+			],
+			'not found, standard, prefix' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => null,
+				3 => true,
+				4 => [
+					'NOT FOUND' => [],
+				],
+			],
+			'not found, flat' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => true,
+				3 => null,
+				4 => [],
+			],
+			'not found, flat, prefix' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => true,
+				3 => true,
+				4 => [
+					'NOT FOUND' => [],
+				],
+			],
+			// multi
+			'multiple found, standard' => [
+				0 => self::$array,
+				1 => ['same'],
+				2 => null,
+				3 => null,
+				4 => [
+					[
+						'value' => 'same',
+						'path' => ['a', 'same', ],
+					],
+					[
+						'value' => 'same',
+						'path' => ['same', ],
+					],
+					[
+						'value' => 'same',
+						'path' => ['deep', 'sub', 'same', ],
+					],
+				]
+			],
+			'multiple found, flat' => [
+				0 => self::$array,
+				1 => ['same'],
+				2 => true,
+				3 => null,
+				4 => ['same', 'same', 'same', ],
+			],
+			// search with multiple
+			'search multiple, standard' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => null,
+				3 => null,
+				4 => [
+					[
+						'value' => 'single',
+						'path' => ['single'],
+					],
+					[
+						'value' => 'bar',
+						'path' => ['deep', 'sub', 'nested', ],
+					],
+				],
+			],
+			'search multiple, prefix' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => null,
+				3 => true,
+				4 => [
+					'single' => [
+						[
+							'value' => 'single',
+							'path' => ['single'],
+						],
+					],
+					'nested' => [
+						[
+							'value' => 'bar',
+							'path' => ['deep', 'sub', 'nested', ],
+						],
+					],
+				],
+			],
+			'search multiple, flat' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => true,
+				3 => null,
+				4 => [
+					'single', 'bar',
+				],
+			],
+			'search multiple, flat, prefix' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => true,
+				3 => true,
+				4 => [
+					'single' => ['single', ],
+					'nested' => ['bar', ],
+				],
+			],
+		];
+	}
+
 	/**
 	 * provides array listing for the merge test
 	 *
@@ -691,6 +874,44 @@ final class CoreLibsCombinedArrayHandlerTest extends TestCase
 		);
 	}
 
+	/**
+	 * Undocumented function
+	 *
+	 * @covers::arraySearchKey
+	 * @dataProvider arraySearchKeyProvider
+	 * @testdox arraySearchKey Search array with keys and flat: $flat, prefix: $prefix [$_dataName]
+	 *
+	 * @param  array $input
+	 * @param  array $needles
+	 * @param  bool|null $flat
+	 * @param  bool|null $prefix
+	 * @param  array $expected
+	 * @return void
+	 */
+	public function testArraySearchKey(
+		array $input,
+		array $needles,
+		?bool $flat,
+		?bool $prefix,
+		array $expected
+	): void {
+		if ($flat === null && $prefix === null) {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles);
+		} elseif ($flat === null) {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles, prefix: $prefix);
+		} elseif ($prefix === null) {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles, flat: $flat);
+		} else {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles, $flat, $prefix);
+		}
+		// print "E: " . print_r($expected, true) . "\n";
+		// print "R: " . print_r($result, true) . "\n";
+		$this->assertEquals(
+			$expected,
+			$result
+		);
+	}
+
 	/**
 	 * Undocumented function
 	 *

test/phpunit/Language/CoreLibsLanguageGetLocaleTest.php

@@ -14,6 +14,13 @@ use PHPUnit\Framework\TestCase;
  */
 final class CoreLibsLanguageGetLocaleTest extends TestCase
 {
+	public const SITE_ENCODING = 'UTF-8';
+	public const SITE_LOCALE = 'en_US.UTF-8';
+	public const SITE_DOMAIN = 'admin';
+	public const LOCALE_PATH = __DIR__ . DIRECTORY_SEPARATOR
+		. 'includes' . DIRECTORY_SEPARATOR
+		. 'locale' . DIRECTORY_SEPARATOR;
+
 	/**
 	 * set all constant variables that must be set before call
 	 *
@@ -22,7 +29,7 @@ final class CoreLibsLanguageGetLocaleTest extends TestCase
 	public static function setUpBeforeClass(): void
 	{
 		// default web page encoding setting
-		if (!defined('DEFAULT_ENCODING')) {
+		/* if (!defined('DEFAULT_ENCODING')) {
 			define('DEFAULT_ENCODING', 'UTF-8');
 		}
 		if (!defined('DEFAULT_LOCALE')) {
@@ -35,9 +42,9 @@ final class CoreLibsLanguageGetLocaleTest extends TestCase
 		}
 		if (!defined('SITE_LOCALE')) {
 			define('SITE_LOCALE', DEFAULT_LOCALE);
-		}
+		} */
 		// just set
-		if (!defined('BASE')) {
+		/* if (!defined('BASE')) {
 			define('BASE', str_replace('/configs', '', __DIR__) . DIRECTORY_SEPARATOR);
 		}
 		if (!defined('INCLUDES')) {
@@ -51,7 +58,7 @@ final class CoreLibsLanguageGetLocaleTest extends TestCase
 		}
 		if (!defined('CONTENT_PATH')) {
 			define('CONTENT_PATH', 'frontend' . DIRECTORY_SEPARATOR);
-		}
+		} */
 		// array session
 		$_SESSION = [];
 		global $_SESSION;
@@ -62,7 +69,7 @@ final class CoreLibsLanguageGetLocaleTest extends TestCase
 	 *
 	 * @return array<mixed>
 	 */
-	public function setLocaleProvider(): array
+	/* public function setLocaleProvider(): array
 	{
 		return [
 			// 0: locale
@@ -233,7 +240,7 @@ final class CoreLibsLanguageGetLocaleTest extends TestCase
 			// TODO invalid params (bad path) (no override)
 			// TODO param calls, but with override set
 		];
-	}
+	} */
 
 	/**
 	  * Undocumented function
@@ -252,7 +259,7 @@ final class CoreLibsLanguageGetLocaleTest extends TestCase
 	  * @param  string|null  $deprecation_message
 	  * @return void
 	  */
-	public function testsetLocale(
+	/* public function testsetLocale(
 		?string $language,
 		?string $domain,
 		?string $encoding,
@@ -347,6 +354,214 @@ final class CoreLibsLanguageGetLocaleTest extends TestCase
 		// unset all vars
 		$_SESSION = [];
 		unset($GLOBALS['OVERRIDE_LANG']);
+	} */
+
+	/**
+	 * all the test data
+	 *
+	 * @return array<mixed>
+	 */
+	public function setLocaleFromSessionProvider(): array
+	{
+		return [
+			// 0: locale
+			// 1: domain
+			// 2: encoding
+			// 3: path
+			// 4: SESSION: DEFAULT_LOCALE
+			// 5: SESSION: DEFAULT_CHARSET
+			// 5: SESSION: DEFAULT_DOMAIN
+			// 6: SESSION: LOCALE_PATH
+			// 6: expected array
+			// 7: deprecation message
+			'all session vars set' => [
+				// lang, domain, encoding, path
+				self::SITE_LOCALE, self::SITE_DOMAIN, self::SITE_ENCODING, self::LOCALE_PATH,
+				// SESSION SETTINGS: locale, charset, domain, path
+				'ja_JP.UTF-8', 'UTF-8', 'admin', __DIR__ . '/locale_other/',
+				// return array
+				[
+					'locale' => 'ja_JP.UTF-8',
+					'lang' => 'ja_JP',
+					'domain' => 'admin',
+					'encoding' => 'UTF-8',
+					'path' => "/^\/(.*\/)?locale_other\/$/",
+				],
+			],
+			// param lang and domain (no override)
+			'no session set, only parameters' => [
+				// lang, domain, encoding, path
+				self::SITE_LOCALE, self::SITE_DOMAIN, self::SITE_ENCODING, self::LOCALE_PATH,
+				// SESSION SETTINGS: locale, charset, domain, path
+				null, null, null, null,
+				// return array
+				[
+					'locale' => 'en_US.UTF-8',
+					'lang' => 'en_US',
+					'domain' => 'admin',
+					'encoding' => 'UTF-8',
+					'path' => "/^\/(.*\/)?includes\/locale\/$/",
+				],
+			],
+			// special parse session check for locales
+			'all session vars set, short lang' => [
+				// lang, domain, encoding, path
+				self::SITE_LOCALE, self::SITE_DOMAIN, self::SITE_ENCODING, self::LOCALE_PATH,
+				// SESSION SETTINGS: locale, charset, domain, path
+				'ja', 'UTF-8', 'admin', __DIR__ . '/locale_other/',
+				// return array
+				[
+					'locale' => 'ja',
+					'lang' => 'ja',
+					'domain' => 'admin',
+					'encoding' => 'UTF-8',
+					'path' => "/^\/(.*\/)?locale_other\/$/",
+				],
+			],
+			// lang with modifier
+			// param lang and domain (no override)
+			'long locale, domain, encoding params, no sessions' => [
+				// lang, domain, encoding, path
+				self::SITE_LOCALE, self::SITE_DOMAIN, self::SITE_ENCODING, self::LOCALE_PATH,
+				// SESSION SETTINGS: locale, charset, domain, path
+				'de_CH.UTF-8@euro', 'admin', 'UTF-8',  __DIR__ . '/includes/locale/',
+				// return array
+				[
+					'locale' => 'de_CH.UTF-8@euro',
+					'lang' => 'de_CH',
+					'domain' => 'admin',
+					'encoding' => 'UTF-8',
+					'path' => "/^\/(.*\/)?includes\/locale\/$/",
+				],
+			],
+			// missing session values check
+			// special parse session check for locales
+			'session missing encoding, set from parameters' => [
+				// lang, domain, encoding, path
+				self::SITE_LOCALE, self::SITE_DOMAIN, self::SITE_ENCODING, self::LOCALE_PATH,
+				// SESSION SETTINGS: locale, charset, domain, path
+				'ja', null, 'admin', __DIR__ . '/locale_other/',
+				// return array
+				[
+					'locale' => 'ja',
+					'lang' => 'ja',
+					'domain' => 'admin',
+					'encoding' => 'UTF-8',
+					'path' => "/^\/(.*\/)?locale_other\/$/",
+				],
+			],
+			// null return check for invalid entries
+			'no session set, only parameters, all invalid' => [
+				// lang, domain, encoding, path
+				'###', '&&&&', '$$$$', 'foo_bar_path',
+				// SESSION SETTINGS: locale, charset, domain, path
+				null, null, null, null,
+				// return array
+				[
+					'locale' => null,
+					'lang' => null,
+					'domain' => null,
+					'encoding' => null,
+					'path' => null,
+				],
+			],
+			// invalid session names, fall backup
+			'all session vars are invalid, fallback' => [
+				// lang, domain, encoding, path
+				self::SITE_LOCALE, self::SITE_DOMAIN, self::SITE_ENCODING, self::LOCALE_PATH,
+				// SESSION SETTINGS: locale, charset, domain, path
+				'###', '&&&&', '$$$$', 'foo_bar_path',
+				// return array
+				[
+					'locale' => 'en_US.UTF-8',
+					'lang' => 'en_US',
+					'domain' => 'admin',
+					'encoding' => 'UTF-8',
+					'path' => "/^\/(.*\/)?includes\/locale\/$/",
+				],
+			],
+		];
+	}
+
+	/**
+	  * Undocumented function
+	  *
+	  * @covers ::setLocale
+	  * @dataProvider setLocaleFromSessionProvider
+	  * @testdox lang settings lang $language, domain $domain, encoding $encoding, path $path; session lang: $SESSION_DEFAULT_LOCALE, session char: $SESSION_DEFAULT_CHARSET [$_dataName]
+	  *
+	  * @param  string|      $language
+	  * @param  string|      $domain
+	  * @param  string|      $encoding
+	  * @param  string|      $path
+	  * @param  string|null  $SESSION_DEFAULT_LOCALE
+	  * @param  string|null  $SESSION_DEFAULT_CHARSET
+	  * @param  string|null  $SESSION_DEFAULT_DOMAIN
+	  * @param  string|null  $SESSION_LOCALE_PATH
+	  * @param  array<mixed> $expected
+	  * @return void
+	  */
+	public function testsetLocaleFromSession(
+		string $language,
+		string $domain,
+		string $encoding,
+		string $path,
+		?string $SESSION_DEFAULT_LOCALE,
+		?string $SESSION_DEFAULT_CHARSET,
+		?string $SESSION_DEFAULT_DOMAIN,
+		?string $SESSION_LOCALE_PATH,
+		array $expected,
+	): void {
+		$return_lang_settings = [];
+		global $_SESSION;
+		// set override
+		if ($SESSION_DEFAULT_LOCALE !== null) {
+			$_SESSION['DEFAULT_LOCALE'] = $SESSION_DEFAULT_LOCALE;
+		}
+		if ($SESSION_DEFAULT_CHARSET !== null) {
+			$_SESSION['DEFAULT_CHARSET'] = $SESSION_DEFAULT_CHARSET;
+		}
+		if ($SESSION_DEFAULT_DOMAIN !== null) {
+			$_SESSION['DEFAULT_DOMAIN'] = $SESSION_DEFAULT_DOMAIN;
+		}
+		if ($SESSION_LOCALE_PATH !== null) {
+			$_SESSION['LOCALE_PATH'] = $SESSION_LOCALE_PATH;
+		}
+		$return_lang_settings  = \CoreLibs\Language\GetLocale::setLocaleFromSession(
+			$language,
+			$domain,
+			$encoding,
+			$path
+		);
+		// print "RETURN: " . print_r($return_lang_settings, true) . "\n";
+		foreach (
+			[
+				'locale', 'lang', 'domain', 'encoding', 'path'
+			] as $key
+		) {
+			$value = $expected[$key];
+			if (
+				!empty($value) &&
+				strpos($value, "/") === 0
+			) {
+				// this is regex
+				$this->assertMatchesRegularExpression(
+					$value,
+					$return_lang_settings[$key] ?? '',
+					'assert regex failed for ' . $key
+				);
+			} else {
+				// assert equal
+				$this->assertEquals(
+					$value,
+					$return_lang_settings[$key],
+					'assert equal failed for ' . $key
+				);
+			}
+		}
+		// unset all vars
+		$_SESSION = [];
+		unset($GLOBALS['OVERRIDE_LANG']);
 	}
 }
 

test/phpunit/Language/CoreLibsLanguageL10nTest.php

@@ -84,94 +84,141 @@ final class CoreLibsLanguageL10nTest extends TestCase
 	{
 		return [
 			// 0: locale
-			// 1: domain
-			// 2: encoding
+			// 1: encoding
+			// 2: domain
 			// 3: path
 			// 4: locale expected
 			// 5: locale set expected
 			// 6: lang expected
-			// 7: encoding expected
-			// 8: domain exepcted
-			// 9: context (null for none)
-			// 10: test string in
-			// 11: test translated
-			// 12: deprecation message (until removed)
+			// 7: lang short expected
+			// 8: encoding expected
+			// 9: domain exepcted
+			// 10: context (null for none)
+			// 11: test string in
+			// 12: test translated
+			// 13: deprecation message (until removed)
 			// new style load
 			'gettext load en' => [
 				'en_US.UTF-8',
+				'UTF-8',
 				'frontend',
 				__DIR__ . DIRECTORY_SEPARATOR . 'includes' . DIRECTORY_SEPARATOR . 'locale' . DIRECTORY_SEPARATOR,
-				//
+				// 4, 5, 6, 7, 8, 9
 				'en_US.UTF-8',
 				'en_US',
 				'en_US',
+				'en',
 				'UTF-8',
 				'frontend',
+				// 10
 				null,
+				// 11, 12
 				'Original',
 				'Translated frontend en_US',
+				// 13
 				null,
 			],
 			'gettext load en' => [
 				'en_US.UTF-8',
+				'UTF-8',
 				'frontend',
 				__DIR__ . DIRECTORY_SEPARATOR . 'includes' . DIRECTORY_SEPARATOR . 'locale' . DIRECTORY_SEPARATOR,
 				//
 				'en_US.UTF-8',
 				'en_US',
 				'en_US',
+				'en',
 				'UTF-8',
 				'frontend',
+				//
 				'context',
+				//
 				'Original',
 				'Original context frontend en_US',
+				//
 				null,
 			],
 			'gettext load ja' => [
 				'ja_JP.UTF-8',
+				'UTF-8',
 				'admin',
 				__DIR__ . DIRECTORY_SEPARATOR . 'includes' . DIRECTORY_SEPARATOR . 'locale' . DIRECTORY_SEPARATOR,
 				//
 				'ja_JP.UTF-8',
 				'ja_JP',
 				'ja_JP',
+				'ja',
 				'UTF-8',
 				'admin',
+				//
 				null,
+				//
 				'Original',
 				'Translated admin ja_JP',
+				//
+				null,
+			],
+			// load short locale with different encoding
+			'gettext load short ja no encoding' => [
+				'ja',
+				'SJIS',
+				'admin',
+				__DIR__ . DIRECTORY_SEPARATOR . 'includes' . DIRECTORY_SEPARATOR . 'locale' . DIRECTORY_SEPARATOR,
+				//
+				'ja',
+				'ja',
+				'ja',
+				'ja',
+				'SJIS',
+				'admin',
+				//
+				null,
+				//
+				'Original',
+				'Translated admin ja_JP',
+				//
 				null,
 			],
 			// mixed path and domain [DEPRECATED]
 			'mixed path and domain [DEPRECATED]' => [
 				'en_US.UTF-8',
+				'UTF-8',
 				__DIR__ . DIRECTORY_SEPARATOR . 'includes' . DIRECTORY_SEPARATOR . 'locale' . DIRECTORY_SEPARATOR,
 				'frontend',
 				//
 				'en_US.UTF-8',
 				'en_US',
 				'en_US',
+				'en',
 				'UTF-8',
 				'frontend',
+				//
 				'context',
+				//
 				'Original',
 				'Original context frontend en_US',
+				//
 				'L10n constructor parameter switch is no longer supported. domain is 2nd, path is 3rd parameter'
 			],
 			// unset path
 			'unset path with locale and domain [DEPRECATED]' => [
 				'ja_JP.UTF-8',
+				'UTF-8',
 				'admin',
 				null,
 				//
 				'ja_JP.UTF-8',
 				'ja_JP',
 				'ja_JP',
+				'ja',
 				'UTF-8',
 				'admin',
+				//
 				null,
+				//
 				'Original',
 				'Translated admin ja_JP',
+				//
 				'Empty path parameter is no longer allowed if locale and domain are set',
 			],
 			// null set
@@ -179,15 +226,20 @@ final class CoreLibsLanguageL10nTest extends TestCase
 				'',
 				'',
 				'',
+				'',
 				//
 				'',
 				'',
 				'',
 				'',
+				'', // unset on empty call
 				'',
+				//
 				null,
+				//
 				'Original',
 				'Original',
+				//
 				null,
 			]
 		];
@@ -201,11 +253,13 @@ final class CoreLibsLanguageL10nTest extends TestCase
 	 * @testdox check l10n init with Locale $locale, Path $path, Domain $domain, Legacy: $legacy with $context [$_dataName]
 	 *
 	 * @param  string|null $locale
+	 * @param  string|null $encoding
 	 * @param  string|null $domain
 	 * @param  string|null $path
 	 * @param  string      $locale_expected
 	 * @param  string      $locale_set_expected
 	 * @param  string      $lang_expected
+	 * @param  string      $lang_short_expected
 	 * @param  string      $encoding_expected
 	 * @param  string      $domain_expected
 	 * @param  string|null $context
@@ -216,11 +270,13 @@ final class CoreLibsLanguageL10nTest extends TestCase
 	 */
 	public function testL10nObject(
 		?string $locale,
+		?string $encoding,
 		?string $domain,
 		?string $path,
 		string $locale_expected,
 		string $locale_set_expected,
 		string $lang_expected,
+		string $lang_short_expected,
 		string $encoding_expected,
 		string $domain_expected,
 		?string $context,
@@ -241,16 +297,18 @@ final class CoreLibsLanguageL10nTest extends TestCase
 		if ($locale === null) {
 			$l10n = new \CoreLibs\Language\L10n();
 		} elseif ($domain === null) {
-			// same as if locale is null
+			// deprecated, locale + domain must be set, handled like empty calls
 			$l10n = new \CoreLibs\Language\L10n($locale);
 		} elseif ($path === null) {
-			// deprecated, path must be set
+			// deprecated, path must be set, will thow DEPRECATION error, handled like empty
 			$l10n = new \CoreLibs\Language\L10n($locale, $domain);
-		} else {
+		} elseif ($encoding === null) {
+			// if encoding not found will be UTF-8
 			$l10n = new \CoreLibs\Language\L10n($locale, $domain, $path);
+		} else {
+			$l10n = new \CoreLibs\Language\L10n($locale, $domain, $path, $encoding);
 		}
 		restore_error_handler();
-		// print "LOC: " . $locale . ", " . $l10n->getLocale() . ", " . $locale_expected . "\n";
 		// print "MO: " . $l10n->getMoFile() . "\n";
 		$this->assertEquals(
 			$locale_expected,
@@ -286,6 +344,7 @@ final class CoreLibsLanguageL10nTest extends TestCase
 			[
 				'locale' => $locale_expected,
 				'lang' => $lang_expected,
+				'lang_short' => $lang_short_expected,
 				'domain' => $domain_expected,
 				'encoding' => $encoding_expected,
 				'path' => $path

test/phpunit/Language/includes/locale/ja

@@ -0,0 +1 @@
+ja_JP

test/phpunit/Security/CoreLibsSecurityPasswordTest.php

@@ -7,11 +7,11 @@ namespace tests;
 use PHPUnit\Framework\TestCase;
 
 /**
- * Test class for Check\Password
- * @coversDefaultClass \CoreLibs\Check\Password
- * @testdox \CoreLibs\Check\Password method tests
+ * Test class for Security\Password
+ * @coversDefaultClass \CoreLibs\Security\Password
+ * @testdox \CoreLibs\Security\Password method tests
  */
-final class CoreLibsCheckPasswordTest extends TestCase
+final class CoreLibsSecurityPasswordTest extends TestCase
 {
 	public function passwordProvider(): array
 	{
@@ -46,7 +46,7 @@ final class CoreLibsCheckPasswordTest extends TestCase
 	{
 		$this->assertEquals(
 			$expected,
-			\CoreLibs\Check\Password::passwordVerify($input, \CoreLibs\Check\Password::passwordSet($input_hash))
+			\CoreLibs\Security\Password::passwordVerify($input, \CoreLibs\Security\Password::passwordSet($input_hash))
 		);
 	}
 
@@ -65,7 +65,7 @@ final class CoreLibsCheckPasswordTest extends TestCase
 	{
 		$this->assertEquals(
 			$expected,
-			\CoreLibs\Check\Password::passwordRehashCheck($input)
+			\CoreLibs\Security\Password::passwordRehashCheck($input)
 		);
 	}
 }

test/phpunit/Security/CoreLibsSecuritySymmetricEncryption.php

@@ -0,0 +1,172 @@
+<?php
+
+declare(strict_types=1);
+
+namespace tests;
+
+use PHPUnit\Framework\TestCase;
+use CoreLibs\Security\CreateKey;
+use CoreLibs\Security\SymmetricEncryption;
+
+/**
+ * Test class for Security\SymmetricEncryption and Security\CreateKey
+ * @coversDefaultClass \CoreLibs\Security\SymmetricEncryption
+ * @testdox \CoreLibs\Security\SymmetricEncryption method tests
+ */
+final class CoreLibsSecuritySymmetricEncryption extends TestCase
+{
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerEncryptDecryptSuccess(): array
+	{
+		return [
+			'valid string' => [
+				'input' => 'I am a secret',
+				'expected' => 'I am a secret',
+			],
+		];
+	}
+
+	/**
+	 * test encrypt/decrypt produce correct output
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptDecryptSuccess
+	 * @testdox encrypt/decrypt $input must be $expected [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $expected
+	 * @return void
+	 */
+	public function testEncryptDecryptSuccess(string $input, string $expected): void
+	{
+		$key = CreateKey::generateRandomKey();
+		$encrypted = SymmetricEncryption::encrypt($input, $key);
+		$decrypted = SymmetricEncryption::decrypt($encrypted, $key);
+
+		$this->assertEquals(
+			$expected,
+			$decrypted
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerEncryptFailed(): array
+	{
+		return [
+			'wrong decryption key' => [
+				'input' => 'I am a secret',
+				'excpetion_message' => 'Invalid Key'
+			],
+		];
+	}
+
+	/**
+	 * Test decryption with wrong key
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptFailed
+	 * @testdox decrypt with wrong key $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testEncryptFailed(string $input, string $exception_message): void
+	{
+		$key = CreateKey::generateRandomKey();
+		$encrypted = SymmetricEncryption::encrypt($input, $key);
+		$wrong_key = CreateKey::generateRandomKey();
+		$this->expectExceptionMessage($exception_message);
+		SymmetricEncryption::decrypt($encrypted, $wrong_key);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerWrongKey(): array
+	{
+		return [
+			'not hex key' => [
+				'key' => 'not_a_hex_key',
+				'exception_message' => 'Invalid hex key'
+			],
+			'too short hex key' => [
+				'key' => '1cabd5cba9e042f12522f4ff2de5c31d233b',
+				'excpetion_message' => 'Key is not the correct size (must be '
+					. 'SODIUM_CRYPTO_SECRETBOX_KEYBYTES bytes long).'
+			],
+		];
+	}
+
+	/**
+	 * test invalid key provided to decrypt or encrypt
+	 *
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongKey
+	 * @testdox wrong key $key throws $exception_message [$_dataName]
+	 *
+	 * @param  string $key
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongKey(string $key, string $exception_message): void
+	{
+		$this->expectExceptionMessage($exception_message);
+		SymmetricEncryption::encrypt('test', $key);
+		// we must encrypt valid thing first so we can fail with the wrong kjey
+		$enc_key = CreateKey::generateRandomKey();
+		$encrypted = SymmetricEncryption::encrypt('test', $enc_key);
+		$this->expectExceptionMessage($exception_message);
+		SymmetricEncryption::decrypt($encrypted, $key);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerWrongCiphertext(): array
+	{
+		return [
+			'too short ciphertext' => [
+				'input' => 'short',
+				'exception_message' => 'Invalid ciphertext (too short)'
+			],
+		];
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongCiphertext
+	 * @testdox too short ciphertext $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongCiphertext(string $input, string $exception_message): void
+	{
+		$key = CreateKey::generateRandomKey();
+		$this->expectExceptionMessage($exception_message);
+		SymmetricEncryption::decrypt($input, $key);
+	}
+}
+
+// __END__