Session:
regenerate session id after some time or random.
Default is 'never', can be 'interval' form 0 to 1h and random from always to 1 in 100
Session also checks that strict session settings are enabled
Login class:
Automatic re-read of acl settings after some time (default 5min, can be chnaged via option).
Default set strict headers, can be turned off via option
Moved various parts into their own methods and cleaned up double call logic.
Login is now recorded in the last login entry
no more debug flags are read from the database anymore
All options are set via array and not with a single option (was auto login)
all action data goes into a JSON block and the old action columns will be deprecated
Same for ip, new ip address block with all possible ip addeses
Additional HTTP_ data goes into the http_data block
new request_schema column to get if the request was done to http or https
Add a UUIDv4 column to edit_generic as cuuid, add the cuid column to all reads with
the cuuid too
The cuuid will replace the cuid and remove the EUID as the session login var
Moved the adbEditLog to login class as writeLog and renamed the current private writeLog to writeEditLog which is only for internal logging in the class
The Backend log class is deprecated and a new get all action var method has been added to get the action vars into the edit log
- remove auto load _POST vars
- Update color settings to # leading 6/8 digit hex code
- remove any global variable calls/requests
- fix some isset/empty clean ups (isset + set = !empty)
- fix on delete of reference data that loaded data was not shown again
- fix on reference data save error that wrong data is still shown and not removed
Fixed phpunit test runs with encoding test run and not resetting the
subsitute character back to default
Note: There are mime encoding failures for php 7.4 and 8.0 and one ACL
login failure test for php 7.4
Before it only listed files in current directory. Because of the hard
split select from both.
Add hostname/folder input (optional) to prefix files outside the same
folder.
Note: If no hostname/folder is set and two files in admin and frontend
have the same name they will be both highlighted as the point to the
same place.
DB\IO dbReturn method has a third parameter to set read only assoc and
not number data from the query
Install basic composer for trying out psalm
setting phpan/phpstan for basic static checking and do basic clean up on
all of the files
- ALL classes are E_NOTICE safe as far as possible.
There might be some minor things left over which will be cleaned up in
further testing
- Added declare(strict_types=1); on all pages for trying to make all
calls strict
- Added page_content sub content to edit_page, with this some inner page
content with ACL can be set, eg for use with Ajax/JS calls with backend.
Also alias can be set so the control ajax pages can back reference to
the master page content setting. Currently only one back reference is
allowed
- Note that the PAGES array has no numeric indexes, but uses the cuid as
index
* move all the libs into the correct folders
* libs folder is now called lib
* Smarty update to 3.1.30
* main config update with / is now set via core variable (dynamic)
If a user login fails and the user exists count the error and date of
last error.
If the user is set strict and the error login count is bigger than 10,
lock the user. User can only be unlocked from admin user.
Add new view only form table array type that is not saved, but only
viewed as is from the database value.
Add strict/lock yes/no into the edit user form.
Update edit user table with login error count, login error date, strict
and locked rows.
