Session:
regenerate session id after some time or random.
Default is 'never', can be 'interval' form 0 to 1h and random from always to 1 in 100
Session also checks that strict session settings are enabled
Login class:
Automatic re-read of acl settings after some time (default 5min, can be chnaged via option).
Default set strict headers, can be turned off via option
Moved various parts into their own methods and cleaned up double call logic.
Login is now recorded in the last login entry
no more debug flags are read from the database anymore
All options are set via array and not with a single option (was auto login)
all action data goes into a JSON block and the old action columns will be deprecated
Same for ip, new ip address block with all possible ip addeses
Additional HTTP_ data goes into the http_data block
new request_schema column to get if the request was done to http or https
Add a UUIDv4 column to edit_generic as cuuid, add the cuid column to all reads with
the cuuid too
The cuuid will replace the cuid and remove the EUID as the session login var
Moved the adbEditLog to login class as writeLog and renamed the current private writeLog to writeEditLog which is only for internal logging in the class
The Backend log class is deprecated and a new get all action var method has been added to get the action vars into the edit log
- DB function had wrong column name
- Queries in ACL\Login had wrong column name
- Renamed from login_user_id_last_login to login_user_id_last_revalidate
to make it more clear what this column is
- add edit_user admin page output for this column
- add phpUnit test case for revalidate is needed and login with next
loginUserId is ok again
After revalidate time was reached, it was never reset because it used
the original loginUserId set date.
A new column has been added that gets reset every time the user logs in
with username and password if a loginUserId is set in the database
login_user_id is unique if not null (as index, constraint only with
PostgreSQL 15)
login_user_id_revalidate_after is not longer not null and default set,
no need for this
DB\Extended\ArrayIO:
add sql_read for datetime fields to change amount of data (eg only up
to minute) with to_char() method. sample: YYYY-MM-DD HH24:MI
Add date/datetime/emptynull for setting empty fields to null and not
empty string
Output\From\Generate:
Remove all fill for spacer and change them to placeholder html types.
Add datetime check next to date, time only checks
edit_user Admin Form:
add all new columns there
loginUserId parameter in _GET or _POST for direct login without username
and password.
This can be secured by:
- must login after x days from set loginUserId on
- can only login with loginUserId in given time range
- flag lock loginUserId
- import script with write to file option
- fix file names for functions
- add generic (non edit tables) for only set date, set uid or combine
- fix edit table edit_language insert data
- all trigger create remove the drop on exists, as in the flow the trigger will never exists
Update edit_access_data table and set unique check for edit_access_id +
name so we do not have two identical keys for one edit access set
Update config host and add more test domains for various access tests
Update Session and move cli check to Get\System class. Some other minor
session info updates
New method \Get\System::checkCLI() returns true if the sapi name has
cli inside, else false
When logged in, the last loggedin time is stored in the edit_user table,
additional to the normal logging.
More array() to [] conversion in config files, etc
Javascript: add math.round
Basic Class: Fix key length array mapping to more efficiont loop run
DB/IO: some name fixes in get key function description/comments
SmartyExtended: add CORE CSS/JS file include if exists. Follows after
MAIN and BEFORE page and special
Add password reset time/uid for a password reset flow
Add password valid regex check constants in master config
Add deep copy javascript object instead of direct copy to truly create
new element for attaching in the cel flow
Add attach array of cel elements intead of object with cel sub block
- ALL classes are E_NOTICE safe as far as possible.
There might be some minor things left over which will be cleaned up in
further testing
- Added declare(strict_types=1); on all pages for trying to make all
calls strict
- Added page_content sub content to edit_page, with this some inner page
content with ACL can be set, eg for use with Ajax/JS calls with backend.
Also alias can be set so the control ajax pages can back reference to
the master page content setting. Currently only one back reference is
allowed
- Note that the PAGES array has no numeric indexes, but uses the cuid as
index
Also remove all inserts from the table declaration and add them in a
separate file instead
Add add/remove css to element for the element js declarations
all edit_* have CUID random alphanumeric unique id with 12 characters
length.
automatically created on INSERT and not touched on update.
but can be udpated manually on UPDATE command.
on INSERT cuid is ALWAYS overwritten with auto create
Add CSS loading style sheet
- fix DB schema edit access with missing uid varchar column
- fix login class " to ' in some parts
- set basic prep area check for password forgot (not password change)
- ACL is only set if permission_okay, just in case some previous checks
skip
- ACL method is private, this should never be called from outside
- update some inline documentation
All DB columns that had a varchar(number) are changed to varchar.
The edit_language default unique grouping has been removed because this
does not work (you cannot have unique on this when it is 1/0 flag only)
Update Output\Form\Generate and edit_base to be PHP 7.2 compatible with
removing all old while (list() ... each()) entries. Fix all undefined
counts, etc.
Login class update is long line wraps and clean up of some nested
teniary parts
The login class and edit interface has added lock/strict login and a
basic layout add for forced change password in X days (not yet
implemented)
Also start adding pdo interface wrapper class for pgsql
