Session:
regenerate session id after some time or random.
Default is 'never', can be 'interval' form 0 to 1h and random from always to 1 in 100
Session also checks that strict session settings are enabled
Login class:
Automatic re-read of acl settings after some time (default 5min, can be chnaged via option).
Default set strict headers, can be turned off via option
Moved various parts into their own methods and cleaned up double call logic.
Login is now recorded in the last login entry
no more debug flags are read from the database anymore
All options are set via array and not with a single option (was auto login)
all action data goes into a JSON block and the old action columns will be deprecated
Same for ip, new ip address block with all possible ip addeses
Additional HTTP_ data goes into the http_data block
new request_schema column to get if the request was done to http or https
Add a UUIDv4 column to edit_generic as cuuid, add the cuid column to all reads with
the cuuid too
The cuuid will replace the cuid and remove the EUID as the session login var
Moved the adbEditLog to login class as writeLog and renamed the current private writeLog to writeEditLog which is only for internal logging in the class
The Backend log class is deprecated and a new get all action var method has been added to get the action vars into the edit log
Fixed phpunit test runs with encoding test run and not resetting the
subsitute character back to default
Note: There are mime encoding failures for php 7.4 and 8.0 and one ACL
login failure test for php 7.4
- DB function had wrong column name
- Queries in ACL\Login had wrong column name
- Renamed from login_user_id_last_login to login_user_id_last_revalidate
to make it more clear what this column is
- add edit_user admin page output for this column
- add phpUnit test case for revalidate is needed and login with next
loginUserId is ok again
After revalidate time was reached, it was never reset because it used
the original loginUserId set date.
A new column has been added that gets reset every time the user logs in
with username and password if a loginUserId is set in the database
login_user_id is unique if not null (as index, constraint only with
PostgreSQL 15)
login_user_id_revalidate_after is not longer not null and default set,
no need for this
DB\Extended\ArrayIO:
add sql_read for datetime fields to change amount of data (eg only up
to minute) with to_char() method. sample: YYYY-MM-DD HH24:MI
Add date/datetime/emptynull for setting empty fields to null and not
empty string
Output\From\Generate:
Remove all fill for spacer and change them to placeholder html types.
Add datetime check next to date, time only checks
edit_user Admin Form:
add all new columns there
loginUserId parameter in _GET or _POST for direct login without username
and password.
This can be secured by:
- must login after x days from set loginUserId on
- can only login with loginUserId in given time range
- flag lock loginUserId
- import script with write to file option
- fix file names for functions
- add generic (non edit tables) for only set date, set uid or combine
- fix edit table edit_language insert data
- all trigger create remove the drop on exists, as in the flow the trigger will never exists
Update edit_access_data table and set unique check for edit_access_id +
name so we do not have two identical keys for one edit access set
Update config host and add more test domains for various access tests
Update Session and move cli check to Get\System class. Some other minor
session info updates
New method \Get\System::checkCLI() returns true if the sapi name has
cli inside, else false
Will check if there is a read_env_file.php and then run it to load .env
file in /configs folder
This file can hold secrets that are not to be checked into git
Updated edit.js file to be eslint compatible
When logged in, the last loggedin time is stored in the edit_user table,
additional to the normal logging.
More array() to [] conversion in config files, etc
Javascript: add math.round
Basic Class: Fix key length array mapping to more efficiont loop run
DB/IO: some name fixes in get key function description/comments
SmartyExtended: add CORE CSS/JS file include if exists. Follows after
MAIN and BEFORE page and special
DB IO return functions for inserted primary key and extended RETURNING
data
Add dev set for html options grouping addition for nested arrays/object
lists
Fix edit tables edit access uid declaration
Add password reset time/uid for a password reset flow
Add password valid regex check constants in master config
Add deep copy javascript object instead of direct copy to truly create
new element for attaching in the cel flow
Add attach array of cel elements intead of object with cel sub block
This is jquery only update
Add new overlay and action indicator for auto any overlay boxes.
Stack with GS_OB_S and min zIndex layer 10 and raise +1 for each new
show overlay call and lower for each hide call
Before it only listed files in current directory. Because of the hard
split select from both.
Add hostname/folder input (optional) to prefix files outside the same
folder.
Note: If no hostname/folder is set and two files in admin and frontend
have the same name they will be both highlighted as the point to the
same place.
- reference save was not 100% correct with isset/empty checks
- more missing fixes in admin_*inc files for non edit_* pages
- non edit page menu build fix
- fix non set smart core vars
- add update SQL for fixing missing cuid in edit_* tables
- ALL classes are E_NOTICE safe as far as possible.
There might be some minor things left over which will be cleaned up in
further testing
- Added declare(strict_types=1); on all pages for trying to make all
calls strict
- Added page_content sub content to edit_page, with this some inner page
content with ACL can be set, eg for use with Ajax/JS calls with backend.
Also alias can be set so the control ajax pages can back reference to
the master page content setting. Currently only one back reference is
allowed
- Note that the PAGES array has no numeric indexes, but uses the cuid as
index
* ACR list has new list at level 10 for listing but not reading/opening
* JS update for the html options create
if select multi allow selected as array for highlight
* Basic Class
- array merge recursive implementation
proper implementation that proper merges nested arrays. With key is
always string override
- array flat per key
For multi arrays flatten down a key -> value entry to set the value to
the level up in the leaf
eg:
foo -> bar -> KEY: value
and you go by KEY as search it will change to
foo -> bar: value
the JS dom rel function returns the full element.
The database import script has now test and step by step with retry
import functionality
various comment typo fixe
DB IO
- Update/Select/Insert checks are sane now and not reverse
- UPDATE can now use RETURNING
- meta table check in postgresql is supressing warning for not existing
table and just returns false
JS (edit)
- update for the html element creation functions
Basic:
- SITE LANG settings added to change default lang based on vhost
- log file id is now set more lienient via globals and not with a global
constant
DB Tables/Functions:
- fix wrong general function and set uid function was missing
