Add ECUID (edit user cuid) to session and return in acl array

publish/last.published

@@ -1 +1 @@
-9.19.1
+9.21.0

src/ACL/Login.php

@@ -75,6 +75,8 @@ class Login
 {
 	/** @var ?int the user id var*/
 	private ?int $euid;
+	/** @var ?string the user cuid (note will be super seeded with uuid v4 later) */
+	private ?string $ecuid;
 	/** @var string _GET/_POST loginUserId parameter for non password login */
 	private string $login_user_id = '';
 	/** @var string source, either _GET or _POST or empty */
@@ -757,7 +759,7 @@ class Login
 		}
 		// have to get the global stuff here for setting it later
 		// we have to get the themes in here too
-		$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
+		$q = "SELECT eu.edit_user_id, eu.cuid, eu.username, eu.password, "
 			. "eu.edit_group_id, "
 			. "eg.name AS edit_group_name, eu.admin, "
 			// additinal acl lists
@@ -889,6 +891,7 @@ class Login
 			// normal user processing
 			// set class var and session var
 			$_SESSION['EUID'] = $this->euid = (int)$res['edit_user_id'];
+			$_SESSION['ECUID'] = $this->ecuid = (string)$res['cuid'];
 			// check if user is okay
 			$this->loginCheckPermissions();
 			if ($this->login_error == 0) {
@@ -1132,6 +1135,8 @@ class Login
 		// username (login), group name
 		$this->acl['user_name'] = $_SESSION['USER_NAME'];
 		$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
+		// edit user cuid
+		$this->acl['ecuid'] = $_SESSION['ECUID'];
 		// set additional acl
 		$this->acl['additional_acl'] = [
 			'user' => $_SESSION['USER_ADDITIONAL_ACL'],
@@ -1862,6 +1867,8 @@ HTML;
 		}
 		// if there is none, there is none, saves me POST/GET check
 		$this->euid = array_key_exists('EUID', $_SESSION) ? (int)$_SESSION['EUID'] : 0;
+		// TODO: allow load from cuid
+		// $this->ecuid = array_key_exists('ECUID', $_SESSION) ? (string)$_SESSION['ECUID'] : '';
 		// get login vars, are so, can't be changed
 		// prepare
 		// pass on vars to Object vars
@@ -2111,6 +2118,7 @@ HTML;
 		$this->session->sessionDestroy();
 		// unset euid
 		$this->euid = null;
+		$this->ecuid = null;
 		// then prints the login screen again
 		$this->permission_okay = false;
 	}
@@ -2128,11 +2136,12 @@ HTML;
 		if (empty($this->euid)) {
 			return $this->permission_okay;
 		}
+		// euid must match ecuid
 		// bail for previous wrong page match, eg if method is called twice
 		if ($this->login_error == 103) {
 			return $this->permission_okay;
 		}
-		$q = "SELECT ep.filename, "
+		$q = "SELECT ep.filename, eu.cuid, "
 			// base lock flags
 			. "eu.deleted, eu.enabled, eu.locked, "
 			// date based lock
@@ -2198,6 +2207,8 @@ HTML;
 		} else {
 			$this->login_error = 103;
 		}
+		// set ECUID
+		$_SESSION['ECUID'] = $this->ecuid = (string)$res['cuid'];
 		// if called from public, so we can check if the permissions are ok
 		return $this->permission_okay;
 	}
@@ -2503,6 +2514,16 @@ HTML;
 	{
 		return (string)$this->euid;
 	}
+
+	/**
+	 * Get the current set ECUID (edit user cuid)
+	 *
+	 * @return string ECUID as string
+	 */
+	public function loginGetEcid(): string
+	{
+		return (string)$this->ecuid;
+	}
 }
 
 // __END__

src/Convert/Color/Coordinates/HSB.php

@@ -26,7 +26,7 @@ class HSB implements Interface\CoordinatesInterface
 	private float $B = 0.0;
 
 	/** @var string color space: either ok or cie */
-	private string $colorspace = '';
+	private string $colorspace = ''; /** @phpstan-ignore-line */
 
 	/**
 	 * HSB (HSV) color coordinates

src/Convert/Color/Coordinates/HSL.php

@@ -25,7 +25,7 @@ class HSL implements Interface\CoordinatesInterface
 	/** @var float lightness (luminance) */
 	private float $L = 0.0;
 
-	/** @var string color space: either ok or cie */
+	/** @var string color space: either sRGB */
 	private string $colorspace = '';
 
 	/**

src/Create/Uids.php

@@ -56,26 +56,6 @@ class Uids
 	 */
 	public static function uuidv4(): string
 	{
-		/* return sprintf(
-			'%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
-			// 32 bits for "time_low"
-			mt_rand(0, 0xffff),
-			mt_rand(0, 0xffff),
-			// 16 bits for "time_mid"
-			mt_rand(0, 0xffff),
-			// 16 bits for "time_hi_and_version",
-			// four most significant bits holds version number 4
-			mt_rand(0, 0x0fff) | 0x4000,
-			// 16 bits, 8 bits for "clk_seq_hi_res",
-			// 8 bits for "clk_seq_low",
-			// two most significant bits holds zero and one for variant DCE1.1
-			mt_rand(0, 0x3fff) | 0x8000,
-			// 48 bits for "node"
-			mt_rand(0, 0xffff),
-			mt_rand(0, 0xffff),
-			mt_rand(0, 0xffff)
-		); */
-
 		$data = random_bytes(16);
 		assert(strlen($data) == 16);
 
@@ -93,6 +73,20 @@ class Uids
 		return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
 	}
 
+	/**
+	 * regex validate uuid v4
+	 *
+	 * @param  string $uuidv4
+	 * @return bool
+	 */
+	public static function validateUuuidv4(string $uuidv4): bool
+	{
+		if (!preg_match("/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/", $uuidv4)) {
+			return false;
+		}
+		return true;
+	}
+
 	/**
 	 * creates a uniq id based on lengths
 	 *

src/DB/SQL/Interface/SqlFunctions.php

@@ -285,6 +285,22 @@ interface SqlFunctions
 	 */
 	public function __dbConnectionBusySocketWait(int $timeout_seconds = 3): bool;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $parameter
+	 * @param  bool   $strip
+	 * @return string
+	 */
+	public function __dbVersionInfo(string $parameter, bool $strip = true): string;
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array<mixed>
+	 */
+	public function __dbVersionInfoParameterList(): array;
+
 	/**
 	 * Undocumented function
 	 *
@@ -292,6 +308,13 @@ interface SqlFunctions
 	 */
 	public function __dbVersion(): string;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @return int
+	 */
+	public function __dbVersionNumeric(): int;
+
 	/**
 	 * Undocumented function
 	 *
@@ -306,6 +329,14 @@ interface SqlFunctions
 		?int &$end = null
 	): ?array;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string      $parameter
+	 * @return string|bool
+	 */
+	public function __dbParameter(string $parameter): string|bool;
+
 	/**
 	 * Undocumented function
 	 *
@@ -343,6 +374,14 @@ interface SqlFunctions
 	 * @return string
 	 */
 	public function __dbGetEncoding(): string;
+
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $query
+	 * @return int
+	 */
+	public function __dbCountQueryParams(string $query): int;
 }
 
 // __END__

src/DB/SQL/PgSQL.php

@@ -407,17 +407,13 @@ class PgSQL implements Interface\SqlFunctions
 			}
 			// no PK name given at all
 			if (empty($pk_name)) {
-				// if name is plurar, make it singular
-				// if (preg_match("/.*s$/i", $table))
-				// 	$table = substr($table, 0, -1);
 				// set pk_name to "id"
 				$pk_name = $table . "_id";
 			}
-			$seq = ($schema ? $schema . '.' : '') . $table . "_" . $pk_name . "_seq";
-			$q = "SELECT CURRVAL('$seq') AS insert_id";
+			$q = "SELECT CURRVAL(pg_get_serial_sequence($1, $2)) AS insert_id";
 			// I have to do manually or I overwrite the original insert internal vars ...
-			if ($q = $this->__dbQuery($q)) {
-				if (is_array($res = $this->__dbFetchArray($q))) {
+			if ($cursor = $this->__dbQueryParams($q, [$table, $pk_name])) {
+				if (is_array($res = $this->__dbFetchArray($cursor))) {
 					list($id) = $res;
 				} else {
 					return false;
@@ -451,26 +447,36 @@ class PgSQL implements Interface\SqlFunctions
 					$table_prefix = $schema . '.';
 				}
 			}
+			$params = [$table_prefix . $table];
+			$replace = ['', ''];
 			// read from table the PK name
 			// faster primary key get
-			$q = "SELECT pg_attribute.attname AS column_name, "
-				. "format_type(pg_attribute.atttypid, pg_attribute.atttypmod) AS type "
-				. "FROM pg_index, pg_class, pg_attribute ";
+			$q = <<<SQL
+			SELECT
+				pg_attribute.attname AS column_name,
+				format_type(pg_attribute.atttypid, pg_attribute.atttypmod) AS type
+			FROM pg_index, pg_class, pg_attribute{PG_NAMESPACE}
+			WHERE
+				-- regclass translates the OID to the name
+				pg_class.oid = $1::regclass AND
+				indrelid = pg_class.oid AND
+				pg_attribute.attrelid = pg_class.oid AND
+				pg_attribute.attnum = any(pg_index.indkey) AND
+				indisprimary
+				{NSPNAME}
+			SQL;
 			if ($schema) {
-				$q .= ", pg_namespace ";
+				$params[] = $schema;
+				$replace = [
+					", pg_namespace",
+					"AND pg_class.relnamespace = pg_namespace.oid AND nspname = $2"
+				];
 			}
-			$q .= "WHERE "
-				// regclass translates the OID to the name
-				. "pg_class.oid = '" . $table_prefix . $table . "'::regclass AND "
-				. "indrelid = pg_class.oid AND ";
-			if ($schema) {
-				$q .= "nspname = '" . $schema . "' AND "
-					. "pg_class.relnamespace = pg_namespace.oid AND ";
-			}
-			$q .= "pg_attribute.attrelid = pg_class.oid AND "
-				. "pg_attribute.attnum = any(pg_index.indkey) "
-				. "AND indisprimary";
-			$cursor = $this->__dbQuery($q);
+			$cursor = $this->__dbQueryParams(str_replace(
+				['{PG_NAMESPACE}', '{NSPNAME}'],
+				$replace,
+				$q
+			), $params);
 			if ($cursor !== false) {
 				$__db_fetch_array = $this->__dbFetchArray($cursor);
 				if (!is_array($__db_fetch_array)) {
@@ -895,11 +901,13 @@ class PgSQL implements Interface\SqlFunctions
 	public function __dbSetSchema(string $db_schema): int
 	{
 		// check if schema actually exists
-		$query = "SELECT EXISTS("
-			. "SELECT 1 FROM information_schema.schemata "
-			. "WHERE schema_name = " . $this->__dbEscapeLiteral($db_schema)
-			. ")";
-		$cursor = $this->__dbQuery($query);
+		$query = <<<SQL
+		SELECT EXISTS (
+			SELECT 1 FROM information_schema.schemata
+			WHERE schema_name = $1
+		)
+		SQL;
+		$cursor = $this->__dbQueryParams($query, [$db_schema]);
 		// abort if execution fails
 		if ($cursor === false) {
 			return 1;

test/phpunit/ACL/CoreLibsACLLoginTest.php

@@ -243,6 +243,7 @@ final class CoreLibsACLLoginTest extends TestCase
 				[],
 				[
 					'EUID' => 1,
+					'ECUID' => 'abc',
 				],
 				2,
 				[],
@@ -260,6 +261,7 @@ final class CoreLibsACLLoginTest extends TestCase
 				[],
 				[
 					'EUID' => 1,
+					'ECUID' => 'abc',
 					'USER_NAME' => '',
 					'GROUP_NAME' => '',
 					'ADMIN' => 1,

test/phpunit/Create/CoreLibsCreateUidsTest.php

@@ -121,6 +121,7 @@ final class CoreLibsCreateUidsTest extends TestCase
 	 * must match 7e78fe0d-59b8-4637-af7f-e88d221a7d1e
 	 *
 	 * @covers ::uuidv4
+	 * @covers ::validateUuidv4
 	 * @testdox uuidv4 check that return is matching regex [$_dataName]
 	 *
 	 * @return void
@@ -129,13 +130,18 @@ final class CoreLibsCreateUidsTest extends TestCase
 	{
 		$uuid = \CoreLibs\Create\Uids::uuidv4();
 		$this->assertMatchesRegularExpression(
-			'/^[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}$/',
-			$uuid
+			'/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/',
+			$uuid,
+			'Failed regex check'
+		);
+		$this->assertTrue(
+			\CoreLibs\Create\Uids::validateUuuidv4($uuid),
+			'Failed validate regex method'
+		);
+		$this->assertFalse(
+			\CoreLibs\Create\Uids::validateUuuidv4('not-a-uuidv4'),
+			'Failed wrong uuid validated as true'
 		);
-		// $this->assertStringMatchesFormat(
-		// 	'%4s%4s-%4s-%4s-%4s-%4s%4s%4s',
-		// 	$uuid
-		// );
 	}
 
 	/**

test/phpunit/DB/CoreLibsDBIOTest.php

@@ -160,15 +160,12 @@ final class CoreLibsDBIOTest extends TestCase
 		// create the tables
 		$db->dbExec(
 			// primary key name is table + '_id'
+				// table_with_primary_key_id SERIAL PRIMARY KEY,
 			<<<SQL
 			CREATE TABLE table_with_primary_key (
-				table_with_primary_key_id SERIAL PRIMARY KEY,
+				table_with_primary_key_id INT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
 				$base_table
 			SQL
-			/* "CREATE TABLE table_with_primary_key ("
-			// primary key name is table + '_id'
-			. "table_with_primary_key_id SERIAL PRIMARY KEY, "
-			. $base_table */
 		);
 		$db->dbExec(
 			<<<SQL