Add .env reading flow in config.php

Will check if there is a read_env_file.php and then run it to load .env
file in /configs folder

This file can hold secrets that are not to be checked into git

Updated edit.js file to be eslint compatible

www/configs/.env.example

@@ -0,0 +1,8 @@
+# Master configs
+BASE_NAME=
+G_TITLE=
+# DB configs
+DB_NAME_TEST=
+DB_USER_TEST=
+DB_PASS_TEST=
+DB_HOST_TEST=

www/configs/config.db.php

@@ -13,15 +13,15 @@ declare(strict_types=1);
 // please be VERY carefull only to change the right side
 $DB_CONFIG = [
 	'test' => [
-		'db_name' => 'clemens',
-		'db_user' => 'clemens',
-		'db_pass' => 'clemens',
-		'db_host' => 'db.tokyo.tequila.jp',
+		'db_name' => $_ENV['DB_NAME_TEST'] ?? '',
+		'db_user' => $_ENV['DB_USER_TEST'] ?? '',
+		'db_pass' => $_ENV['DB_PASS_TEST'] ?? '',
+		'db_host' => $_ENV['DB_HOST_TEST'] ?? '',
 		'db_port' => 5432,
 		'db_schema' => 'public',
 		'db_type' => 'pgsql',
 		'db_encoding' => '',
-		'db_ssl' => 'disable' // allow, disable, require, prefer
+		'db_ssl' => 'allow' // allow, disable, require, prefer
 	],
 ];
 

www/configs/config.master.php

@@ -84,7 +84,7 @@ define('DEFAULT_HASH', 'sha256');
 // default acl level
 define('DEFAULT_ACL_LEVEL', 80);
 // SSL host name
-// define('SSL_HOST', 'ssl.host.name');
+// define('SSL_HOST', $_ENV['SSL_HOST'] ?? '');
 // error page strictness, Default is 3
 // 1: only show error page as the last mesure if really no mid & aid can be loaded and found at all
 // 2: if template not found, do not search, show error template
@@ -139,7 +139,8 @@ define('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 /************* OVERALL CONTROL NAMES *************/
 // BELOW has HAS to be changed
 // base name for all session and log names
-define('BASE_NAME', 'CoreLibs');
+// only alphanumeric characters, strip all others
+define('BASE_NAME', preg_replace('/[^A-Za-z0-9]/', '', $_ENV['BASE_NAME'] ?? ''));
 
 /************* SESSION NAMES *************/
 // server name HASH
@@ -266,7 +267,7 @@ define('LOGIN_ENABLED', $SITE_CONFIG[HOST_NAME]['login_enabled']);
 define('SHOW_ALL_ERRORS', true);
 
 /************* GENERAL PAGE TITLE ********/
-define('G_TITLE', '<OVERALL FALLBACK PAGE TITLE>');
+define('G_TITLE', $_ENV['G_TITLE'] ?? '');
 
 /************ STYLE SHEETS / JS **********/
 define('ADMIN_STYLESHEET', 'edit.css');

www/configs/config.php

@@ -16,6 +16,13 @@ $CONFIG_PATH_PREFIX = '';
 for ($dir_pos = 0, $dir_max = count(explode(DIRECTORY_SEPARATOR, __DIR__)); $dir_pos <= $dir_max; $dir_pos++) {
 	$CONFIG_PATH_PREFIX .= '..' . DIRECTORY_SEPARATOR;
 	if (file_exists($CONFIG_PATH_PREFIX . CONFIG_PATH . 'config.master.php')) {
+		// check if there is an read env file, load it
+		if (file_exists($CONFIG_PATH_PREFIX . CONFIG_PATH . 'read_env_file.php')) {
+			require $CONFIG_PATH_PREFIX . CONFIG_PATH . 'read_env_file.php';
+			// load env variables first
+			readEnvFile($CONFIG_PATH_PREFIX . CONFIG_PATH);
+		}
+		// then load master config file that loads all other config files
 		require $CONFIG_PATH_PREFIX . CONFIG_PATH . 'config.master.php';
 		break;
 	}

www/configs/read_env_file.php

@@ -0,0 +1,84 @@
+<?php
+
+/**
+ * parses .env file
+ *
+ * Rules for .env file
+ * variable is any alphanumeric string followed by = on the same line
+ * content starts with the first non space part
+ * strings can be contained in "
+ * strings MUST be contained in " if they are multiline
+ * if string starts with " it will match until another " is found
+ * anything AFTER " is ignored
+ * if there are two variables with the same name only the first is used
+ * variables are case sensitive
+ *
+ * @param  string $path     Folder to file, default is __DIR__
+ * @param  string $env_file What file to load, default is .env
+ * @return int              -1 other error
+ *                          0 for success full load
+ *                          1 for file loadable, but no data inside
+ *                          2 for file not readable
+ *                          3 for file not found
+ */
+function readEnvFile(string $path = __DIR__, string $env_file = '.env'): int
+{
+	// default -1;
+	$status = -1;
+	$env_file_target = $path . DIRECTORY_SEPARATOR . $env_file;
+	// this is not a file -> abort
+	if (!is_file($env_file_target)) {
+		$status = 3;
+		return $status;
+	}
+	// cannot open file -> abort
+	if (($fp = fopen($env_file_target, 'r')) === false) {
+		$status = 2;
+		return $status;
+	}
+	// set to readable but not yet any data loaded
+	$status = 1;
+	$block = false;
+	$var = '';
+	while ($line = fgets($fp)) {
+		// main match for variable = value part
+		if (preg_match("/^\s*([\w_]+)\s*=\s*((\"?).*)/", $line, $matches)) {
+			$var = $matches[1];
+			$value = $matches[2];
+			$quotes = $matches[3];
+			// wirte only if env is not set yet, and write only the first time
+			if (empty($_ENV[$var])) {
+				if (!empty($quotes)) {
+					// match greedy for first to last so we move any " if there are
+					if (preg_match('/^"(.*[^\\\])"/U', $value, $matches)) {
+						$value = $matches[1];
+					} else {
+						// this is a multi line
+						$block = true;
+						// first " in string remove
+						// add removed new line back because this is a multi line
+						$value = ltrim($value, '"') . PHP_EOL;
+					}
+				}
+				// if block is set, we strip line of slashes
+				$_ENV[$var] = $block === true ? stripslashes($value) : $value;
+				// set successful load
+				$status = 0;
+			}
+		} elseif ($block === true) {
+			// read line until there is a unescaped "
+			// this also strips everything after the last "
+			if (preg_match("/(.*[^\\\])\"/", $line, $matches)) {
+				$block = false;
+				// strip ending " and EVERYTHING that follows after that
+				$line = $matches[1];
+			}
+			// strip line of slashes
+			$_ENV[$var] .= stripslashes($line);
+		}
+	}
+	fclose($fp);
+	return $status;
+}
+
+// __END__