From d97b173ee7baefb52fca8744339ca3dd2a614988 Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Thu, 23 Jun 2022 09:12:46 +0900
Subject: [PATCH] ACL\Login move public var to private: login

the former public var $login is now private and if it is set can be
checked with loginActionSet (true if login_login was in _POST as login
action.

Some info update for phpUnit ACL\Login test file
---
 4dev/tests/CoreLibsACLLoginTest.php | 29 +++++++++++++++++++----------
 www/includes/admin_header.php       |  2 +-
 www/lib/CoreLibs/ACL/Login.php      | 18 ++++++++++++++----
 3 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/4dev/tests/CoreLibsACLLoginTest.php b/4dev/tests/CoreLibsACLLoginTest.php
index 555f9873..8b1f39cd 100644
--- a/4dev/tests/CoreLibsACLLoginTest.php
+++ b/4dev/tests/CoreLibsACLLoginTest.php
@@ -157,16 +157,17 @@ final class CoreLibsACLLoginTest extends TestCase
 	 */
 	public function loginProvider(): array
 	{
-		// 0: mock settings/override flag settings
-		// 2: get array IN
-		// 1: post array IN
-		//    login_login, login_username, login_password, login_logout
-		//    change_password, pw_username, pw_old_password, pw_new_password,
-		//    pw_new_password_confirm
-		// 2: override session set
-		// 3: expected error code, 0 for all ok, 3000 for login page view
-		//    note that 1000 (no db), 2000 (no session) must be tested too
-		// 4: expected return array, eg login_error code, or other info data to match
+		// 0[mock]   : mock settings/override flag settings
+		// 1[get]    : get array IN
+		// 2[post]   : post array IN
+		//             login_login, login_username, login_password, login_logout
+		//             change_password, pw_username, pw_old_password, pw_new_password,
+		//             pw_new_password_confirm
+		// 3[session]: override session set
+		// 4[error]  : expected error code, 0 for all ok, 3000 for login page view
+		//             note that 1000 (no db), 2000 (no session) must be tested too
+		// 5[return] : expected return array, eg login_error code,
+		//             or other info data to match
 		$tests = [
 			'load, no login' => [
 				// error code, only for exceptions
@@ -1546,6 +1547,14 @@ final class CoreLibsACLLoginTest extends TestCase
 			);
 		}
 
+		// if _POST login set check this is matching
+		if (!empty($post['login_login'])) {
+			$this->assertTrue(
+				$login_mock->loginActionRun(),
+				'Assert that post login_login was pressed'
+			);
+		}
+
 		// always check, even on error or not set
 		if (!$login_mock->loginGetLoginUserIdUnclean()) {
 			$this->assertEquals(
diff --git a/www/includes/admin_header.php b/www/includes/admin_header.php
index 4ee6a15c..f5a073a1 100644
--- a/www/includes/admin_header.php
+++ b/www/includes/admin_header.php
@@ -108,7 +108,7 @@ $data = [
 ];
 // log action
 // no log if login
-if (!$login->login) {
+if (!$login->loginActionRun()) {
 	$cms->adbEditLog('Submit', $data, 'BINARY');
 }
 //------------------------------ logging end
diff --git a/www/lib/CoreLibs/ACL/Login.php b/www/lib/CoreLibs/ACL/Login.php
index c1b8fbdc..cdd4fef6 100644
--- a/www/lib/CoreLibs/ACL/Login.php
+++ b/www/lib/CoreLibs/ACL/Login.php
@@ -79,12 +79,12 @@ class Login
 	/** @var string source, either _GET or _POST or empty */
 	private $login_user_id_source = '';
 	/** @var bool set to true if illegal characters where found in the login user id string */
-	private $login_unclear = false;
+	private $login_user_id_unclear = false;
 	// is set to one if login okay, or EUID is set and user is okay to access this page
 	/** @var bool */
 	private $permission_okay = false;
 	/** @var string pressed login */
-	public $login;
+	private $login = '';
 	/** @var string master action command */
 	private $action;
 	/** @var string login name */
@@ -1564,7 +1564,7 @@ EOM;
 			);
 			// flag unclean input data
 			if ($login_user_id_changed > 0) {
-				$this->login_unclear = true;
+				$this->login_user_id_unclear = true;
 				// error for invalid user id?
 				$this->log->debug('LOGIN USER ID', 'Invalid characters: '
 					. $login_user_id_changed . ' in loginUserId: '
@@ -2139,6 +2139,16 @@ EOM;
 		return false;
 	}
 
+	/**
+	 * Returns true if login button was pressed
+	 *
+	 * @return bool If login action was run, return true
+	 */
+	public function loginActionRun(): bool
+	{
+		return empty($this->login) ? false : true;
+	}
+
 	/**
 	 * Returns current set loginUserId or empty if unset
 	 *
@@ -2167,7 +2177,7 @@ EOM;
 	 */
 	public function loginGetLoginUserIdUnclean(): bool
 	{
-		return $this->login_unclear;
+		return $this->login_user_id_unclear;
 	}
 
 	/**