Master update of include files

First step to clean up all files that are not mandatory for outside
access
* move all header/footer/smarty/set_paths/config files (inc) into
includes/ folder
* generate basic config.php that JUST loads the config.inc file (search)
* config.inc file has sub sections for db access arrays and host
configs, so config.inc is more static
* Also move edit base and template arrays to the include folder
* move the language po files to the 4dev folder as they do not need to
sit outside
* remove not maintained "files.php"

TODO:
split out templates and language files into external layout group
perhaps drop the whole sub template include path thing as this is
actually never really used and more annoying to maintain

eg: layout/frontend/default/ -> layout/frontend
eg: layout/fronend/default/template -> includes/frontend/template

Also check splitting out the NOT define parts of the config.inc file
G_TITLE, EDIT_STYLESHEET, EDIT_JAVASCRIPT, STYLESHEET, JAVASCRIPT
to default define?

4dev/database/ORDER

@@ -1,5 +1,7 @@
 # functions
 function/update_function.sql
+function/random_string.sql
+function/edit_set_access_uid.sql
 # generic tables
 table/edit_temp_files.sql
 table/edit_generic.sql
@@ -18,9 +20,11 @@ table/edit_user.sql
 table/edit_log.sql
 table/edit_access.sql
 table/edit_access_user.sql
+table/edit_access_data.sql
 # all triggers (after all tables have been created)
 trigger/trg_edit_access_right.sql
 trigger/trg_edit_access.sql
+trigger/trg_edit_access_data.sql
 trigger/trg_edit_access_user.sql
 trigger/trg_edit_generic.sql
 trigger/trg_edit_group.sql
@@ -33,3 +37,6 @@ trigger/trg_edit_scheme.sql
 trigger/trg_edit_user.sql
 trigger/trg_edit_visible_group.sql
 trigger/trg_edit_menu_group.sql
+trigger/trg_set_edit_access_uid.sql
+# insert data
+data/edit_tables.sql

4dev/database/data/edit_tables.sql

@@ -0,0 +1,147 @@
+-- edit tables insert data in order
+
+-- edit visible group
+DELETE FROM edit_visible_group;
+INSERT INTO edit_visible_group (name, flag) VALUES ('Main Menu', 'main');
+INSERT INTO edit_visible_group (name, flag) VALUES ('Data popup Menu', 'datapopup');
+
+-- edit menu group
+DELETE FROM edit_menu_group;
+INSERT INTO edit_menu_group (name, flag, order_number) VALUES ('Admin Menu', 'admin', 1);
+INSERT INTO edit_menu_group (name, flag, order_number) VALUES ('Admin Data Popup Menu', 'AdminDataPopup', 2);
+
+-- edit page
+DELETE FROM edit_page;
+INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_pages.php', 'Edit Pages', 1, 1, 1);
+INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_users.php', 'Edit Users', 2, 1, 1);
+INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_languages.php', 'Edit Languages', 3, 1, 1);
+INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_schemes.php', 'Edit Schemes', 4, 1, 1);
+INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_groups.php', 'Edit Groups', 5, 1, 1);
+INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_visible_group.php', 'Edit Visible Groups', 6, 1, 1);
+INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_menu_group.php', 'Edit Menu Groups', 7, 1, 1);
+INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_access.php', 'Edit Access', 8, 1, 1);
+INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_order.php', 'Edit Order', 9, 1, 0);
+
+-- edit visible group
+DELETE FROM edit_page_visible_group;
+INSERT INTO edit_page_visible_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Pages'), (SELECT edit_visible_group_id FROM edit_visible_group WHERE flag = 'main'));
+INSERT INTO edit_page_visible_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Users'), (SELECT edit_visible_group_id FROM edit_visible_group WHERE flag = 'main'));
+INSERT INTO edit_page_visible_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Languages'), (SELECT edit_visible_group_id FROM edit_visible_group WHERE flag = 'main'));
+INSERT INTO edit_page_visible_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Schemes'), (SELECT edit_visible_group_id FROM edit_visible_group WHERE flag = 'main'));
+INSERT INTO edit_page_visible_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Groups'), (SELECT edit_visible_group_id FROM edit_visible_group WHERE flag = 'main'));
+INSERT INTO edit_page_visible_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Visible Groups'), (SELECT edit_visible_group_id FROM edit_visible_group WHERE flag = 'main'));
+INSERT INTO edit_page_visible_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Menu Groups'), (SELECT edit_visible_group_id FROM edit_visible_group WHERE flag = 'main'));
+INSERT INTO edit_page_visible_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Access'), (SELECT edit_visible_group_id FROM edit_visible_group WHERE flag = 'main'));
+-- INSERT INTO edit_page_visible_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Order'), (SELECT edit_visible_group_id FROM edit_visible_group WHERE flag = 'main'));
+
+-- edit page menu group
+DELETE FROM edit_page_menu_group;
+INSERT INTO edit_page_menu_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Pages'), (SELECT edit_menu_group_id FROM edit_menu_group WHERE flag = 'admin'));
+INSERT INTO edit_page_menu_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Users'), (SELECT edit_menu_group_id FROM edit_menu_group WHERE flag = 'admin'));
+INSERT INTO edit_page_menu_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Languages'), (SELECT edit_menu_group_id FROM edit_menu_group WHERE flag = 'admin'));
+INSERT INTO edit_page_menu_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Schemes'), (SELECT edit_menu_group_id FROM edit_menu_group WHERE flag = 'admin'));
+INSERT INTO edit_page_menu_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Groups'), (SELECT edit_menu_group_id FROM edit_menu_group WHERE flag = 'admin'));
+INSERT INTO edit_page_menu_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Visible Groups'), (SELECT edit_menu_group_id FROM edit_menu_group WHERE flag = 'admin'));
+INSERT INTO edit_page_menu_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Menu Groups'), (SELECT edit_menu_group_id FROM edit_menu_group WHERE flag = 'admin'));
+INSERT INTO edit_page_menu_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Access'), (SELECT edit_menu_group_id FROM edit_menu_group WHERE flag = 'admin'));
+-- INSERT INTO edit_page_menu_group VALUES ((SELECT edit_page_id FROM edit_page WHERE name = 'Edit Order'), (SELECT edit_menu_group_id FROM edit_menu_group WHERE flag = 'admin'));
+
+
+-- edit access right
+DELETE FROM edit_access_right;
+INSERT INTO edit_access_right (name, level, type) VALUES ('Default', -1, 'default');
+INSERT INTO edit_access_right (name, level, type) VALUES ('No Access', 0, 'none');
+INSERT INTO edit_access_right (name, level, type) VALUES ('Read', 20, 'read');
+INSERT INTO edit_access_right (name, level, type) VALUES ('Translator', 30, 'mod_trans');
+INSERT INTO edit_access_right (name, level, type) VALUES ('Modify', 40, 'mod');
+INSERT INTO edit_access_right (name, level, type) VALUES ('Create/Write', 60, 'write');
+INSERT INTO edit_access_right (name, level, type) VALUES ('Delete', 80, 'del');
+INSERT INTO edit_access_right (name, level, type) VALUES ('Site Admin', 90, 'siteadmin');
+INSERT INTO edit_access_right (name, level, type) VALUES ('Admin', 100, 'admin');
+
+-- edit scheme
+DELETE FROM edit_scheme;
+INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Default Scheme', 'E0E2FF', 1);
+INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Admin', 'CC7E7E', 1);
+INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Visitor', 'B0C4B3', 1);
+INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('User', '1E789E', 1);
+
+-- edit language
+DELETE FROM edit_language;
+INSERT INTO edit_language (short_name, long_name, iso_name, order_number, enabled, lang_default) VALUES ('en', 'English', 'UTF-8', 1, 1, 1);
+INSERT INTO edit_language (short_name, long_name, iso_name, order_number, enabled, lang_default) VALUES ('ja', 'Japanese', 'UTF-8', 2, 1, 0);
+
+-- edit group
+DELETE FROM edit_group;
+INSERT INTO edit_group (name, enabled, edit_scheme_id, edit_access_right_id) VALUES ('Admin', 1, (SELECT edit_scheme_id FROM edit_scheme WHERE name = 'Admin'), (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin'));
+INSERT INTO edit_group (name, enabled, edit_scheme_id, edit_access_right_id) VALUES ('User', 1, (SELECT edit_scheme_id FROM edit_scheme WHERE name = 'User'), (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'write'));
+
+-- edit page access
+DELETE FROM edit_page_access;
+INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1,
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_page_id FROM edit_page WHERE name = 'Edit Pages'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1,
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_page_id FROM edit_page WHERE name = 'Edit Users'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1,
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_page_id FROM edit_page WHERE name = 'Edit Languages'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1,
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_page_id FROM edit_page WHERE name = 'Edit Schemes'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1,
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_page_id FROM edit_page WHERE name = 'Edit Groups'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1,
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_page_id FROM edit_page WHERE name = 'Edit Visible Groups'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1,
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_page_id FROM edit_page WHERE name = 'Edit Menu Groups'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1,
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_page_id FROM edit_page WHERE name = 'Edit Access'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1,
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_page_id FROM edit_page WHERE name = 'Edit Order'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+
+-- edit user
+-- inserts admin user so basic users can be created
+DELETE FROM edit_user;
+INSERT INTO edit_user (username, password, enabled, debug, db_debug, email, protected, admin, edit_language_id, edit_group_id, edit_scheme_id, edit_access_right_id) VALUES ('admin', 'admin', 1, 1, 1, '', 1, 1,
+    (SELECT edit_language_id FROM edit_language WHERE short_name = 'en'),
+    (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
+    (SELECT edit_scheme_id FROM edit_scheme WHERE name = 'Admin'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);
+
+-- edit access
+DELETE FROM edit_access;
+INSERT INTO edit_access (name, enabled, protected) VALUES ('Admin Access', 't', 1);
+
+-- edit access user
+DELETE FROM edit_access_user;
+INSERT INTO edit_access_user (edit_default, enabled, edit_access_id, edit_user_id, edit_access_right_id) VALUES (1, 1,
+    (SELECT edit_access_id FROM edit_access WHERE uid = 'AdminAccess'),
+    (SELECT edit_user_id FROM edit_user WHERE username = 'admin'),
+    (SELECT edit_access_right_id FROM edit_access_right WHERE type = 'admin')
+);

4dev/database/function/edit_log_partition_insert.sql

@@ -0,0 +1,59 @@
+CREATE OR REPLACE FUNCTION edit_log_insert_trigger ()
+RETURNS TRIGGER AS
+$$
+DECLARE
+	start_date DATE := '2010-01-01';
+	end_date DATE;
+	timeformat TEXT := 'YYYY';
+	selector TEXT := 'year';
+	_interval INTERVAL;
+	table_name TEXT;
+BEGIN
+	-- get year and month from edit_log date so we can build the target edit_log table
+
+	-- move interval
+	_interval := '1 ' || selector;
+	-- current table name
+	table_name := 'edit_log_' || to_char(NEW.event_date, timeformat);
+
+	-- we are in valid start time area
+	IF (NEW.event_date >= start_date) THEN
+		BEGIN
+			EXECUTE 'INSERT INTO ' || quote_ident(table_name) || ' SELECT ($1).*' USING NEW;
+		-- if insert failed because of missing table, create new below
+		EXCEPTION
+		WHEN undefined_table THEN
+			-- another block, so in case the creation fails here too
+			BEGIN
+				-- create new talbe here + all indexes
+				start_date := date_trunc(selector, NEW.event_date);
+				end_date := date_trunc(selector, NEW.event_date + _interval);
+				-- creat table
+				EXECUTE 'CREATE TABLE IF NOT EXISTS ' || quote_ident(table_name) || ' ( CHECK ( event_date >= ' || quote_literal(start_date) || ' AND event_date < ' || quote_literal(end_date) || ' ) ) INHERITS (edit_log)';
+				-- create all indexes and triggers
+				EXECUTE 'ALTER TABLE ' || quote_ident(table_name) || ' ADD PRIMARY KEY (edit_log_id)';
+				-- FK constraints
+				EXECUTE 'ALTER TABLE ' || quote_ident(table_name) || ' ADD CONSTRAINT fk_' || quote_ident(table_name) || '_euid_fkey FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE CASCADE';
+				-- generic trigger
+				EXECUTE 'CREATE TRIGGER trg_' || quote_ident(table_name) || ' BEFORE INSERT OR UPDATE ON ' || quote_ident(table_name) || ' FOR EACH ROW EXECUTE PROCEDURE set_edit_generic()';
+
+				-- insert try again
+				EXECUTE 'INSERT INTO ' || quote_ident(table_name) || ' SELECT ($1).*' USING NEW;
+			EXCEPTION
+			WHEN OTHERS THEN
+				-- if this faled, throw it into the overflow table (so we don't loose anything)
+				INSERT INTO edit_log_overflow VALUES (NEW.*);
+			END;
+		-- other errors, insert into overlow
+		WHEN OTHERS THEN
+			-- if this faled, throw it into the overflow table (so we don't loose anything)
+			INSERT INTO edit_log_overflow VALUES (NEW.*);
+		END;
+	ELSE
+		-- if outside valid date, insert into overflow
+		INSERT INTO edit_log_overflow VALUES (NEW.*);
+	END IF;
+	RETURN NULL;
+END
+$$
+LANGUAGE 'plpgsql'

4dev/database/function/edit_set_access_uid.sql

@@ -1,6 +1,6 @@
 -- add uid add for edit_access table
 
-CREATE OR REPLACE FUNCTION set_edit_access_uid() RETURNS TRIGGER AS 
+CREATE OR REPLACE FUNCTION set_edit_access_uid() RETURNS TRIGGER AS
 $$
 	DECLARE
 		myrec RECORD;

4dev/database/function/random_string.sql

@@ -0,0 +1,18 @@
+-- create random string with length X
+
+CREATE FUNCTION random_string(randomLength int)
+RETURNS text AS $$
+SELECT array_to_string(
+	ARRAY(
+		SELECT substring(
+			'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',
+			trunc(random() * 62)::int + 1,
+			1
+		)
+		FROM generate_series(1, randomLength) AS gs(x)
+	),
+	''
+)
+$$ LANGUAGE SQL
+RETURNS NULL ON NULL INPUT
+VOLATILE; -- LEAKPROOF;

4dev/database/function/set_edit_generic.sql

@@ -0,0 +1,15 @@
+-- adds the created or updated date tags
+
+CREATE OR REPLACE FUNCTION set_edit_generic() RETURNS TRIGGER AS '
+	DECLARE
+		random_length INT = 12; -- that should be long enough
+	BEGIN
+		IF TG_OP = ''INSERT'' THEN
+			NEW.date_created := ''now'';
+			NEW.cuid := random_string(random_length);
+		ELSIF TG_OP = ''UPDATE'' THEN
+			NEW.date_updated := ''now'';
+		END IF;
+		RETURN NEW;
+	END;
+' LANGUAGE 'plpgsql';

4dev/database/function/set_uid.sql

@@ -0,0 +1,12 @@
+-- adds the created or updated date tags
+
+CREATE OR REPLACE FUNCTION set_uid() RETURNS TRIGGER AS '
+	DECLARE
+		random_length INT = 12; -- that should be long enough
+	BEGIN
+		IF TG_OP = ''INSERT'' THEN
+			NEW.uid := random_string(random_length);
+		END IF;
+		RETURN NEW;
+	END;
+' LANGUAGE 'plpgsql';

4dev/database/table/edit_access.sql

@@ -8,10 +8,10 @@
 -- DROP TABLE edit_access;
 CREATE TABLE edit_access (
 	edit_access_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(255) UNIQUE,
+	name	VARCHAR UNIQUE,
 	description	VARCHAR,
-	COLOR	VARCHAR
+	color	VARCHAR,
+	uid	VARCHAR,
+	enabled	BOOLEAN DEFAULT 'true',
+	protected INT
 ) INHERITS (edit_generic) WITHOUT OIDS;
-
-DELETE FROM edit_access;
-INSERT INTO edit_access (name) VALUES ('Admin Access');

4dev/database/table/edit_access_right.sql

@@ -14,14 +14,3 @@ CREATE TABLE edit_access_right (
 	type VARCHAR,
 	UNIQUE (level,type)
 ) INHERITS (edit_generic) WITHOUT OIDS;
-
-DELETE FROM edit_access_right;
-INSERT INTO edit_access_right (name, level, type) VALUES ('Default', -1, 'default');
-INSERT INTO edit_access_right (name, level, type) VALUES ('No Access', 0, 'none');
-INSERT INTO edit_access_right (name, level, type) VALUES ('Read', 20, 'read');
-INSERT INTO edit_access_right (name, level, type) VALUES ('Translator', 30, 'mod_trans');
-INSERT INTO edit_access_right (name, level, type) VALUES ('Modify', 40, 'mod');
-INSERT INTO edit_access_right (name, level, type) VALUES ('Create/Write', 60, 'write');
-INSERT INTO edit_access_right (name, level, type) VALUES ('Delete', 80, 'del');
-INSERT INTO edit_access_right (name, level, type) VALUES ('Site Admin', 90, 'siteadmin');
-INSERT INTO edit_access_right (name, level, type) VALUES ('Admin', 100, 'admin');

4dev/database/table/edit_access_user.sql

@@ -17,6 +17,3 @@ CREATE TABLE edit_access_user (
 	FOREIGN KEY (edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 ) INHERITS (edit_generic) WITHOUT OIDS;
-
-DELETE FROM edit_access_user;
-INSERT INTO edit_access_user (edit_default, edit_access_id, edit_user_id, edit_access_right_id) VALUES (1, 1, 1, 8);

4dev/database/table/edit_generic.sql

@@ -7,7 +7,7 @@
 
 -- DROP TABLE edit_generic;
 CREATE TABLE edit_generic (
-	eg_status	INT,
+	cuid	VARCHAR,
 	date_created	TIMESTAMP WITHOUT TIME ZONE DEFAULT clock_timestamp(),
 	date_updated	TIMESTAMP WITHOUT TIME ZONE
 );

4dev/database/table/edit_group.sql

@@ -8,12 +8,10 @@
 -- DROP TABLE edit_group;
 CREATE TABLE edit_group (
 	edit_group_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(50),
+	name	VARCHAR,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	edit_scheme_id INT,
 	edit_access_right_id INT NOT NULL,
 	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 ) INHERITS (edit_generic) WITHOUT OIDS;
-
-INSERT INTO edit_group (name, enabled, edit_scheme_id, edit_access_right_id) VALUES ('Admin', 1, 2, 8);

4dev/database/table/edit_language.sql

@@ -9,12 +9,10 @@
 -- DROP TABLE edit_language;
 CREATE TABLE edit_language (
 	edit_language_id SERIAL PRIMARY KEY,
-	short_name VARCHAR(2),
+	short_name VARCHAR,
-	long_name VARCHAR(70),
+	long_name VARCHAR,
-	iso_name VARCHAR(12),
+	iso_name VARCHAR,
 	order_number INT,
 	enabled SMALLINT NOT NULL DEFAULT 0,
-	lang_default SMALLINT NOT NULL DEFAULT 0 UNIQUE
+	lang_default SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;
-
-INSERT INTO edit_language (short_name, long_name, iso_name, order_number, enabled, lang_default) VALUES ('en', 'English', 'UTF-8', 1, 1, 1);

4dev/database/table/edit_menu_group.sql

@@ -8,11 +8,9 @@
 -- DROP TABLE edit_menu_group;
 CREATE TABLE edit_menu_group (
 	edit_menu_group_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(255),
+	name	VARCHAR,
-	flag	VARCHAR(50),
+	flag	VARCHAR,
 	order_number	INT NOT NULL
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
-DELETE FROM edit_menu_group;
+
-INSERT INTO edit_menu_group (name, flag, order_number) VALUES ('Admin Menu', 'admin', 1);
-INSERT INTO edit_menu_group (name, flag, order_number) VALUES ('Admin Data Popup Menu', 'AdminDataPopup', 2);

4dev/database/table/edit_page.sql

@@ -8,8 +8,8 @@
 -- DROP TABLE edit_page;
 CREATE TABLE edit_page (
 	edit_page_id	SERIAL PRIMARY KEY,
-	filename	VARCHAR(70),
+	filename	VARCHAR,
-	name	VARCHAR(255) UNIQUE,
+	name	VARCHAR UNIQUE,
 	order_number INT NOT NULL,
 	online	SMALLINT NOT NULL DEFAULT 0,
 	menu	SMALLINT NOT NULL DEFAULT 0,
@@ -17,14 +17,3 @@ CREATE TABLE edit_page (
 	popup_x	SMALLINT,
 	popup_y SMALLINT
 ) INHERITS (edit_generic) WITHOUT OIDS;
-
-DELETE FROM edit_page;
-INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_pages.php', 'Edit Pages', 1, 1, 1);
-INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_users.php', 'Edit Users', 2, 1, 1);
-INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_languages.php', 'Edit Languages', 3, 1, 1);
-INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_schemes.php', 'Edit Schemes', 4, 1, 1);
-INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_groups.php', 'Edit Groups', 5, 1, 1);
-INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_visible_group.php', 'Edit Visible Groups', 6, 1, 1);
-INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_menu_group.php', 'Edit Menu Groups', 7, 1, 1);
-INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_access.php', 'Edit Access', 8, 1, 1);
-INSERT INTO edit_page (filename, name, order_number, online, menu) VALUES ('edit_order.php', 'Edit Order', 9, 1, 0);

4dev/database/table/edit_page_access.sql

@@ -17,12 +17,4 @@ CREATE TABLE edit_page_access (
 	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
-INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1, 1, 1, 8);
+
-INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1, 1, 2, 8);
-INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1, 1, 3, 8);
-INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1, 1, 4, 8);
-INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1, 1, 5, 8);
-INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1, 1, 6, 8);
-INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1, 1, 7, 8);
-INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1, 1, 8, 8);
-INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_right_id) VALUES (1, 1, 9, 8);

4dev/database/table/edit_page_menu_group.sql

@@ -12,12 +12,3 @@ CREATE TABLE edit_page_menu_group (
 	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	FOREIGN KEY (edit_menu_group_id) REFERENCES edit_menu_group (edit_menu_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 );
-
-DELETE FROM edit_page_menu_group;
-INSERT INTO edit_page_menu_group VALUES (1, 1);
-INSERT INTO edit_page_menu_group VALUES (2, 1);
-INSERT INTO edit_page_menu_group VALUES (3, 1);
-INSERT INTO edit_page_menu_group VALUES (4, 1);
-INSERT INTO edit_page_menu_group VALUES (5, 1);
-INSERT INTO edit_page_menu_group VALUES (6, 1);
-INSERT INTO edit_page_menu_group VALUES (7, 1);

4dev/database/table/edit_page_visible_group.sql

@@ -12,12 +12,3 @@ CREATE TABLE edit_page_visible_group (
 	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	FOREIGN KEY (edit_visible_group_id) REFERENCES edit_visible_group (edit_visible_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 );
-
-DELETE FROM edit_page_visible_group;
-INSERT INTO edit_page_visible_group VALUES (1, 1);
-INSERT INTO edit_page_visible_group VALUES (2, 1);
-INSERT INTO edit_page_visible_group VALUES (3, 1);
-INSERT INTO edit_page_visible_group VALUES (4, 1);
-INSERT INTO edit_page_visible_group VALUES (5, 1);
-INSERT INTO edit_page_visible_group VALUES (6, 1);
-INSERT INTO edit_page_visible_group VALUES (7, 1);

4dev/database/table/edit_query_string.sql

@@ -8,8 +8,8 @@
 -- DROP TABLE edit_query_string;
 CREATE TABLE edit_query_string (
 	edit_query_string_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(255),
+	name	VARCHAR,
-	value	VARCHAR(255),
+	value	VARCHAR,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	dynamic	SMALLINT NOT NULL DEFAULT 0,
 	edit_page_id	INT NOT NULL,

4dev/database/table/edit_scheme.sql

@@ -9,12 +9,8 @@
 CREATE TABLE edit_scheme (
 	edit_scheme_id	SERIAL PRIMARY KEY,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
-	name	VARCHAR(50),
+	name	VARCHAR,
-	header_color	VARCHAR(7),
+	header_color	VARCHAR,
-	css_file	VARCHAR(50),
+	css_file	VARCHAR,
-	template	VARCHAR(50)
+	template	VARCHARs
 ) INHERITS (edit_generic) WITHOUT OIDS;
-
-INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Default Scheme', '#E0E2FF', 1);
-INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Admin', '#CC7E7E', 1);
-INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Visitor', '#B0C4B3', 1);

4dev/database/table/edit_temp_files.sql

@@ -7,5 +7,5 @@
 
 -- DROP TABLE temp_files;
 CREATE TABLE temp_files (
-	filename	VARCHAR(250)
+	filename	VARCHAR
 );

4dev/database/table/edit_user.sql

@@ -8,8 +8,13 @@
 -- DROP TABLE edit_user;
 CREATE TABLE edit_user (
 	edit_user_id	SERIAL PRIMARY KEY,
+	connect_edit_user_id	INT, -- possible reference to other user
 	username	VARCHAR UNIQUE,
 	password	VARCHAR,
+	first_name	VARCHAR,
+	last_name	VARCHAR,
+	first_name_furigana	VARCHAR,
+	last_name_furigana	VARCHAR,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	debug	SMALLINT NOT NULL DEFAULT 0,
 	db_debug	SMALLINT NOT NULL DEFAULT 0,
@@ -27,12 +32,9 @@ CREATE TABLE edit_user (
 	locked	SMALLINT DEFAULT 0,
 	password_change_date	TIMESTAMP WITHOUT TIME ZONE, -- only when password is first set or changed
 	password_change_interval	INTERVAL, -- null if no change is needed, or d/m/y time interval
+	FOREIGN KEY (connect_edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	FOREIGN KEY (edit_language_id) REFERENCES edit_language (edit_language_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 ) INHERITS (edit_generic) WITHOUT OIDS;
-
--- inserts admin user so basic users can be created
-DELETE FROM edit_user;
-INSERT INTO edit_user (username, password, enabled, debug, db_debug, email, protected, admin, edit_language_id, edit_group_id, edit_scheme_id, edit_access_right_id) VALUES ('admin', 'admin', 1, 1, 1, '', 1, 1, 1, 1, 2, 8);

4dev/database/table/edit_visible_group.sql

@@ -8,8 +8,8 @@
 -- DROP TABLE edit_visible_group;
 CREATE TABLE edit_visible_group (
 	edit_visible_group_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(255),
+	name	VARCHAR,
-	flag	VARCHAR(50)
+	flag	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
 DELETE FROM edit_visible_group;

4dev/database/trigger/trg_edit_access.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_access ON edit_access;
+DROP TRIGGER trg_edit_access ON edit_access;
 CREATE TRIGGER trg_edit_access
 BEFORE INSERT OR UPDATE ON edit_access
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_access_data.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_access_data ON edit_access_data;
+DROP TRIGGER trg_edit_access_data ON edit_access_data;
 CREATE TRIGGER trg_edit_access_data
 BEFORE INSERT OR UPDATE ON edit_access_data
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_access_right.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_access_right ON edit_access_right;
+DROP TRIGGER trg_edit_access_right ON edit_access_right;
 CREATE TRIGGER trg_edit_access_right
 BEFORE INSERT OR UPDATE ON edit_access_right
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_access_user.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_access_user ON edit_access_user;
+DROP TRIGGER trg_edit_access_user ON edit_access_user;
 CREATE TRIGGER trg_edit_access_user
 BEFORE INSERT OR UPDATE ON edit_access_user
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_group.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_group ON edit_group;
+DROP TRIGGER trg_edit_group ON edit_group;
 CREATE TRIGGER trg_edit_group
 BEFORE INSERT OR UPDATE ON edit_group
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_language.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_language ON edit_language;
+DROP TRIGGER trg_edit_language ON edit_language;
 CREATE TRIGGER trg_edit_language
 BEFORE INSERT OR UPDATE ON edit_language
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_log.sql

@@ -1,4 +1,9 @@
--- DROP TRIGGER trg_edit_log ON edit_log;
+DROP TRIGGER trg_edit_log ON edit_log;
 CREATE TRIGGER trg_edit_log
 BEFORE INSERT OR UPDATE ON edit_log
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();
+
+DROP TRIGGER trg_edit_log_insert_partition ON edit_log;
+CREATE TRIGGER trg_edit_log_insert_partition
+BEFORE INSERT OR UPDATE ON edit_log
+FOR EACH ROW EXECUTE PROCEDURE edit_log_insert_trigger();

4dev/database/trigger/trg_edit_menu_group.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_visible_group ON edit_visible_group;
+DROP TRIGGER trg_edit_menu_group ON edit_menu_group;
 CREATE TRIGGER trg_edit_menu_group
 BEFORE INSERT OR UPDATE ON edit_menu_group
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_page.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_page ON edit_page;
+DROP TRIGGER trg_edit_page ON edit_page;
 CREATE TRIGGER trg_edit_page
 BEFORE INSERT OR UPDATE ON edit_page
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_page_access.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_page_access ON edit_page_access;
+DROP TRIGGER trg_edit_page_access ON edit_page_access;
 CREATE TRIGGER trg_edit_page_access
 BEFORE INSERT OR UPDATE ON edit_page_access
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_query_string.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_query_string ON edit_query_string;
+DROP TRIGGER trg_edit_query_string ON edit_query_string;
 CREATE TRIGGER trg_edit_query_string
 BEFORE INSERT OR UPDATE ON edit_query_string
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_scheme.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_scheme ON edit_scheme;
+DROP TRIGGER trg_edit_scheme ON edit_scheme;
 CREATE TRIGGER trg_edit_scheme
 BEFORE INSERT OR UPDATE ON edit_scheme
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_user.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_user ON edit_user;
+DROP TRIGGER trg_edit_user ON edit_user;
 CREATE TRIGGER trg_edit_user
 BEFORE INSERT OR UPDATE ON edit_user
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_visible_group.sql

@@ -1,4 +1,4 @@
--- DROP TRIGGER trg_edit_visible_group ON edit_visible_group;
+DROP TRIGGER trg_edit_visible_group ON edit_visible_group;
 CREATE TRIGGER trg_edit_visible_group
 BEFORE INSERT OR UPDATE ON edit_visible_group
-FOR EACH ROW EXECUTE PROCEDURE set_generic();
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

README.md

@@ -18,7 +18,9 @@ The active branch, which is the namespace branch
 
 ### legacy
 
-The old non namepsace format layout. This will only get bug fixes and no new development
+The old non namepsace format layout.
+This is fully deprecated and will no longer be maintaned.
+last tested PHP 5.6 and PHP 7.0
 
 ### namespace
 

www/admin/.htaccess

@@ -1,3 +1,7 @@
-php_value xdebug.profiler_output_dir /home/developer/html/adidas/20081208_catalogue/4dev/xdebug/
+# php_value xdebug.profiler_output_dir /home/developer/xdebug/
-php_value xdebug.profiler_output_name timestamp 
+# php_value xdebug.profiler_output_name timestamp
-php_value xdebug.profiler_enable 0
+# php_value xdebug.profiler_enable 0
+# all .inc files are denied access from outside
+<Files "*.inc">
+	Require all denied
+</Files>

www/admin/class_test.php

@@ -1,4 +1,5 @@
 <?php
+
 $DEBUG_ALL_OVERRIDE = 0; // set to 1 to debug on live/remote server locations
 $DEBUG_ALL = 1;
 $PRINT_ALL = 1;
@@ -13,9 +14,12 @@ ob_start();
 // basic class test file
 define('USE_DATABASE', true);
 // sample config
-require("config.inc");
+// require("config.inc");
+require 'config.php';
 // set session name
-DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME);
+if (!defined('SET_SESSION_NAME')) {
+	DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME);
+}
 // define log file id
 DEFINE('LOG_FILE_ID', 'classTest');
 // set language for l10n
@@ -94,6 +98,9 @@ print "DIRECT MULTIPLE INSERT STATUS: $status | PRIMARY KEYS: ".print_r($basic->
 // no returning, but not needed ;
 $status = $basic->dbExec("INSERT INTO foo (test) VALUES ('FOO; TEST ".time()."');");
 print "DIRECT INSERT STATUS: $status | PRIMARY KEY: ".$basic->insert_id." | PRIMARY KEY EXT: ".print_r($basic->insert_id_ext, 1)."<br>";
+// UPDATE WITH RETURNING
+$status = $basic->dbExec("UPDATE foo SET test = 'SOMETHING DIFFERENT' WHERE foo_id = 3688452 RETURNING test");
+print "UPDATE STATUS: $status | RETURNING EXT: ".print_r($basic->insert_id_ext, 1)."<br>";
 
 # db write class test
 $table = 'foo';
@@ -181,8 +188,14 @@ print "OTHER SCHEMA INSERT STATUS: ".$status." | PK NAME: ".$basic->pk_name.", P
 // time string thest
 $timestamp = 5887998.33445;
 $time_string = $basic->timeStringFormat($timestamp);
+print "PLANE TIME STRING: ".$timestamp."<br>";
 print "TIME STRING TEST: ".$time_string."<br>";
-print "REVERSE TIME STRING: ".$basic->stringToTime($time_string);
+print "REVERSE TIME STRING: ".$basic->stringToTime($time_string)."<br>";
+if (round($timestamp, 4) == $basic->stringToTime($time_string)) {
+	print "REVERSE TIME STRING MATCH<br>";
+} else {
+	print "REVERSE TRIME STRING DO NOT MATCH<br>";
+}
 
 // magic links test
 print $basic->magicLinks('user@bubu.at').'<br>';
@@ -193,6 +206,9 @@ $date_1 = '2017/1/5';
 $date_2 = '2017-01-05';
 print "COMPARE DATE: ".$basic->compareDate($date_1, $date_2)."<br>";
 
+
+// array re
+
 // print error messages
 print $login->printErrorMsg();
 print $basic->printErrorMsg();

www/admin/config.inc

@@ -1 +0,0 @@
-../configs/config.inc

www/admin/config.php

@@ -0,0 +1,25 @@
+<?php
+/********************************************************************
+* AUTHOR: Clemens Schwaighofer
+* CREATED: 2018/10/11
+* SHORT DESCRIPTION:
+* pre config included -> includes master config
+* HISTORY:
+*********************************************************************/
+
+define('CONFIG_PATH', 'configs'.DIRECTORY_SEPARATOR);
+// config path prefix search, start with 0, got down each level __DIR__ has, if nothing found -> bail
+$CONFIG_PATH_PREFIX = '';
+for ($dir_pos = 0, $dir_max = count(explode('/', __DIR__)); $dir_pos <= $dir_max; $dir_pos ++) {
+	$CONFIG_PATH_PREFIX .= '..'.DIRECTORY_SEPARATOR;
+	if (file_exists($CONFIG_PATH_PREFIX.CONFIG_PATH.'config.inc')) {
+		require $CONFIG_PATH_PREFIX.CONFIG_PATH.'config.inc';
+		break;
+	}
+}
+// fail if no base DS is not set
+if (!defined('DS')) {
+	exit('Base config unloadable');
+}
+
+// __END__

www/admin/edit_access.php

@@ -1 +1 @@
-edit_base.inc
+../includes/edit_base.inc

www/admin/edit_groups.php

@@ -1 +1 @@
-edit_base.inc
+../includes/edit_base.inc

www/admin/edit_languages.php

@@ -1 +1 @@
-edit_base.inc
+../includes/edit_base.inc

www/admin/edit_menu_group.php

@@ -1 +1 @@
-edit_base.inc
+../includes/edit_base.inc

www/admin/edit_order.php

@@ -16,7 +16,7 @@ $DB_DEBUG = 1;
 extract($_GET, EXTR_SKIP);
 extract($_POST, EXTR_SKIP);
 
-include("config.inc");
+require 'config.php';
 // set session name
 define('SET_SESSION_NAME', EDIT_SESSION_NAME);
 // overrride debug flags

www/admin/edit_pages.php

@@ -1 +1 @@
-edit_base.inc
+../includes/edit_base.inc

www/admin/edit_schemes.php

@@ -1 +1 @@
-edit_base.inc
+../includes/edit_base.inc

www/admin/edit_users.php

@@ -1 +1 @@
-edit_base.inc
+../includes/edit_base.inc

www/admin/edit_visible_group.php

@@ -1 +1 @@
-edit_base.inc
+../includes/edit_base.inc

www/admin/files.php

@@ -1,456 +0,0 @@
-<?php
-/********************************************************************
-* AUTHOR: Clemens Schwaighofer
-* CREATED: 2005/07/13
-* SHORT DESCRIPTION:
-* Create categories for CMS
-* HISTORY:
-* 2005/08/19 (cs) changed the mime type get from the _FILE to mime get fkt
-*********************************************************************/
-
-// DEBUG vars here
-$DEBUG_ALL = 1;
-$DB_DEBUG = 1;
-$DEBUG_TMPL = 1;
-
-//------------------------------ header
-require("header.inc");
-$MASTER_TEMPLATE_NAME = 'cms_popup.tpl';
-$TEMPLATE_NAME = 'cms_files.tpl';
-$PAGE_WIDTH = 750;
-require("set_paths.inc");
-//------------------------------ header
-
-//------------------------------ processing data start
-$form_name = $_GET['form'];
-$value_name = $_GET['name'];
-$data_id = $_GET['id'];
-$show_type = $_GET['type']; // P (pic), F (flash), V (video), D (document: word), A (document: pdf), B (binary); , separated string
-
-// default view is list
-if (!$view && !$data_id) {
-	$view = 'list';
-} elseif (!$view && $data_id) {
-	$view = 'list';
-}
-// default is online
-if (!isset($online)) {
-	$online = 't';
-}
-// if not set, it is a fresh load
-if (!$show_amount) {
-	$fresh_load = 1;
-}
-// the next two are for page view
-if (!$start_row) {
-	$start_row = 0;
-}
-if (!$show_amount) {
-	$show_amount = 12;
-}
-if (!$show_type) {
-	$show_type = 'P';
-}
-
-// yes no list (online)
-$yesno_list['f'] = 'No';
-$yesno_list['t'] = 'Yes';
-// order list
-$sort_order_list['date_created'] = 'ID / Insert time'; // default
-$sort_order_list['file_name'] = 'File Name';
-$sort_order_list['file_size'] = 'File Size';
-$sort_order_list['mime_type'] = 'Mime Type';
-$sort_order_list['name_en'] = 'Alt Name English';
-$sort_order_list['name_ja'] = 'Alt Name Japanese';
-$sort_order_list['date_updated'] = 'Updated';
-if (!$sort_order) {
-	$sort_order = 'date_created';
-}
-$sort_direction_list['ASC'] = 'Normal';
-$sort_direction_list['DESC'] = 'Reverse';
-if (!$sort_direction) {
-	$sort_direction = 'ASC';
-}
-// set if we need to write to any of the set live queues
-// a) on page save with set_live
-// b) global page with live_queue
-// set via QUEUE variable
-
-// create 0 entries for: templates, menu, data_group?
-if ($cms->action == 'new' && $cms->action_yes == 'true') {
-	unset($file_uid);
-	unset($file_id);
-	unset($file_type);
-	$new_okay = 1;
-}
-// file type: P picture, M mouse over picutre, F flash, V video, B binary
-if ($cms->action == 'save') {
-	if (!$file_type) {
-		$file_type = 'B';
-	}
-	$file_ok = false;
-	if (!$_FILES['file_up']['name'] && !$file_uid) {
-		$cms->messages[] = array('msg' => 'No file name given', 'class' => 'error');
-		$error = 1;
-	}
-	if (!$_FILES['file_up']['name'] && $file_uid) {
-		$file_ok = true;
-	}
-	// echo "FILE TYPE: ".$_FILES['file_up']['type']."<br>";
-	foreach (split(',', $show_type) as $_show_type) {
-		// check if the uploaded filename matches to the given type
-		if ($_FILES['file_up']['name'] && preg_match("/jpeg|png|gif/", $_FILES['file_up']['type']) && preg_match("/P/", $show_type)) {
-			$file_ok = true;
-		}
-		if ($_FILES['file_up']['name'] && preg_match("/swf/", $_FILES['file_up']['type']) && preg_match("/F/", $show_type)) {
-			$file_ok = true;
-		}
-		if ($_FILES['file_up']['name'] && preg_match("/video/", $_FILES['file_up']['type']) && preg_match("/V/", $show_type)) {
-			$file_ok = true;
-		}
-		if ($_FILES['file_up']['name'] && preg_match("/msword|vnd.oasis.opendocument.text/", $_FILES['file_up']['type']) && preg_match("/D/", $show_type)) {
-			$file_ok = true;
-		}
-		if ($_FILES['file_up']['name'] && preg_match("/pdf/", $_FILES['file_up']['type']) && preg_match("/A/", $show_type)) {
-			$file_ok = true;
-		}
-		if ($_FILES['file_up']['name'] && preg_match("/B/", $show_type)) {
-			$file_ok = true;
-		}
-	}
-	// write out error messages according to show type
-	if (!$file_ok) {
-		if (preg_match("/P/", $show_type)) {
-			$cms->messages[] = array('msg' => 'File is not a JPEG/PNG/GIF file', 'class' => 'error');
-			$error = 1;
-		}
-		if (preg_match("/F/", $show_type)) {
-			$cms->messages[] = array('msg' => 'File is not a Flash File', 'class' => 'error');
-			$error = 1;
-		}
-		if (preg_match("/V/", $show_type)) {
-			$cms->messages[] = array('msg' => 'File is not a Video', 'class' => 'error');
-			$error = 1;
-		}
-		if (preg_match("/D/", $show_type)) {
-			$cms->messages[] = array('msg' => 'File is not a DOC/ODT file', 'class' => 'error');
-			$error = 1;
-		}
-		if (preg_match("/A/", $show_type)) {
-			$cms->messages[] = array('msg' => 'File is not a PDF file', 'class' => 'error');
-			$error = 1;
-		}
-		if (preg_match("/B/", $show_type)) {
-			$cms->messages[] = array('msg' => 'No valid file was given', 'class' => 'error');
-			$error = 1;
-		}
-	}
-	// binary: all okay
-	// if no error, save data
-	if (!$error) {
-		if ($_FILES['file_up']['name']) {
-			$mime_type = $_FILES['file_up']['type'];
-			$file_size = $_FILES['file_up']['size'];
-			$file_name = $_FILES['file_up']['name'];
-			// get picture size
-			list($width, $height) = getimagesize($_FILES['file_up']['tmp_name']);
-			$cms->debug('upload', "Width: $width X Height: $height");
-			// set the file type and the target folder
-			if (preg_match("/jpeg|png|gif/", $mime_type)) {
-				$file_type = 'P';
-			} elseif (preg_match("/swf/", $mime_type)) {
-				$file_type = 'F';
-			} elseif (preg_match("/video/", $mime_type)) {
-				$file_type = 'V';
-			} elseif (preg_match("/msword|vnd.oasis.opendocument.text/", $mime_type)) {
-				$file_type = 'D';
-			} elseif (preg_match("/pdf/", $mime_type)) {
-				$file_type = 'A';
-			} elseif ($mime_type) {
-				$file_type = 'B';
-			}
-		}
-		// if we have an id -> updated
-		if ($file_uid) {
-			$q = "UPDATE file SET";
-			$q_set = " name_en = '".addslashes($name_en)."', name_ja = '".addslashes($name_ja)."', file_name = '".addslashes($file_name)."', online = '".$online."' ";
-			if ($_FILES['file_up']['name']) {
-				$q_set .= ", type = '".$file_type."', mime_type = '$mime_type', file_size = $file_size, size_x = $width, size_y = $height ";
-			}
-			$q .= $q_set."WHERE file_uid = '".$file_uid."'";
-			$cms->db_exec($q);
-			if (QUEUE == 'live_queue') {
-				$sql_action = 'UPDATE';
-				$sql_data = $q_set;
-			}
-		} else {
-			// insert new data
-			$file_uid = md5(uniqid(rand(), true));
-			$q = "INSERT INTO file (name_en, name_ja, file_name, online, mime_type, file_size, size_x, size_y, file_uid, type) VALUES (";
-			$q .= "'".addslashes($name_en)."', '".addslashes($name_ja)."', '".addslashes($file_name)."', '".$online."', '".$mime_type."', ";
-			$q .= "$file_size, ".(($width) ? $width : 'NULL').", ".(($height) ? $height : 'NULL').", '".$file_uid."', '".$file_type."')";
-			$cms->db_exec($q);
-			$file_id = $cms->insert_id;
-			// if queue
-			if (QUEUE == 'live_queue') {
-				$sql_data = $q;
-				$sql_action = 'INSERT';
-			}
-		}
-		$size_x = $width;
-		$size_y = $height;
-		$file = DEV_SCHEMA."_".$file_uid;
-		// now upload the file
-		if ($_FILES['file_up']['name']) {
-			$upload_file = BASE.MEDIA.$cms->data_path[$file_type].$file;
-			// wipe out any old tmp data for this new upload
-			if (is_array(glob(BASE.TMP."thumb_".$file."*"))) {
-				foreach (glob(BASE.TMP."thumb_".$file."*") as $filename) {
-					@unlink($filename);
-				}
-			}
-			# copy file to correct path
-			$error = move_uploaded_file($_FILES['file_up']['tmp_name'], $upload_file);
-
-			$cms->debug('file_upload', "UP: $upload_file");
-			$cms->debug('file_upload', "Orig: ".$cms->printAr($_FILES['file_up']));
-
-			// because I get bogus error info from move_uploaded_file ...
-			$error = 0;
-			if ($error) {
-				$cms->debug('file_upload', "ERROR: $error | INI FSize: ".ini_get("upload_max_filesize"));
-				$cms->messages[] = array('msg' => 'File upload failed', 'class' => 'error');
-				$q = "DELETE FROM file WHERE file_uid = '".$file_uid."'";
-				$cms->db_exec($q);
-				unset($file_id);
-				unset($file_uid);
-				$view = 'list';
-			} else {
-				$cms->messages[] = array('msg' => 'File upload successful', 'class' => 'warning');
-				// $view = 'list';
-			}
-		} // if file upload
-		// create thumbs + file size
-		$picture = $cms->cache_pictures.$cms->adbCreateThumbnail($file, 400, 280, $file_type, '', $cms->cache_pictures_root);
-		$picture_small = $cms->cache_pictures.$cms->adbCreateThumbnail($file, 80, 60, $file_type, '', $cms->cache_pictures_root);
-		$file_size = $cms->adbByteStringFormat($file_size);
-		// for live queue this is here needed
-		if (QUEUE == 'live_queue') {
-			$q = "INSERT INTO ".GLOBAL_DB_SCHEMA.".live_queue (queue_key, key_value, key_name, type, target, data, group_key, action";
-			if ($_FILES['file_up']['name']) {
-				$q .= ", file";
-			}
-			$q .= ") VALUES ('".$cms->queue_name."', '".$file_uid."', 'file_uid', '".$sql_action."', 'file', '".$cms->db_escape_string($sql_data)."', '".$cms->queue_key."', '".$cms->action."'";
-			if ($_FILES['file_up']['name']) {
-				$q .= ", '".BASE.MEDIA.$cms->data_path[$file_type].$file."#".BASE.MEDIA.$cms->data_path[$file_type].PUBLIC_SCHEMA."_".$file_uid."'";
-			}
-			$q .= ")";
-			$cms->db_exec($q);
-		}
-	} // if not error
-}
-if ($cms->action == 'delete' && $cms->action_yes == 'true') {
-	$file_uid = $cms->action_id;
-	$q = "SELECT type FROM file WHERE file_uid = '".$file_uid."'";
-	list ($file_type) = $cms->db_return_row($q);
-	// get the file type for the file path
-	$q = "DELETE FROM file WHERE file_uid = '".$file_uid."'";
-	$cms->db_exec($q);
-	if (QUEUE == 'set_live') {
-		$q = "INSERT INTO ".GLOBAL_DB_SCHEMA.".set_live (table_name, pkid, delete_flag) VALUES ('".$cms->page_name."', ".$file_uid.", 't')";
-		$cms->db_exec($q);
-	}
-	if (QUEUE == 'live_queue') {
-		$q = "INSERT INTO ".GLOBAL_DB_SCHEMA.".live_queue (queue_key, key_value, key_name, type, target, data, group_key, action, file) VALUES (";
-		$q .= "'".$cms->queue_name."', '".$file_uid."', 'file_uid', 'DELETE', 'file', '', '".$cms->queue_key."', '".$cms->action."', '".BASE.MEDIA.$cms->data_path[$file_type].PUBLIC_SCHEMA."_".$file_uid."')";
-	}
-	@unlink(BASE.MEDIA.$cms->data_path[$file_type].DEV_SCHEMA."_".$file_uid);
-	unset($file_uid);
-	unset($file_id);
-	$delete_done = 1;
-	$view = 'list';
-}
-if ($cms->action == 'load') {
-	$file_uid = $cms->action_id;
-	// load the data
-	$q = "SELECT file_id, name_en, name_ja, file_name, online, mime_type, file_size, size_x, size_y, type FROM file WHERE file_uid = '".$file_uid."'";
-	list($file_id, $name_en, $name_ja, $file_name, $online, $mime_type, $file_size, $size_x, $size_y, $file_type) = $cms->db_return_row($q);
-	// create thumbnail for edit view
-	$file = DEV_SCHEMA."_".$file_uid;
-	// thumbnails are only valid for pictures
-	$picture = $cms->cache_pictures.$cms->adbCreateThumbnail($file, 400, 280, $file_type, '', $cms->cache_pictures_root);
-	$picture_small = $cms->cache_pictures.$cms->adbCreateThumbnail($file, 80, 60, $file_type, '', $cms->cache_pictures_root);
-	$file_size = $cms->adbByteStringFormat($file_size);
-	// view to edit
-	$view = 'edit';
-}
-if ($cms->action == 'add_new') {
-	$view = 'edit';
-}
-if ($cms->action == 'view_files' && $cms->action_yes == 'true') {
-	$view = 'list';
-}
-// set delete live
-if ($cms->action_flag == 'set_live' && $cms->action = 'set_delete') {
-	$q = "SELECT file_uid, pkid, type FROM ".LOGIN_DB_SCHEMA.".set_live sl, file f WHERE sl.pkid = f.file_uid table_name = '".$cms->page_name."' AND delete_flag = 't'";
-	while ($res = $cms->db_return($q)) {
-		$q_del = "DELETE FROM ".PUBLIC_SCHEMA.".file WHERE file_uid = '".$res['pkid'].'"';
-		$cms->db_exec($q_del);
-		@unlink(BASE.MEDIA.$cms->data_path[$res['type']].PUBLIC_SCHEMA."_".$res['file_uid']);
-	}
-	$q = "DELETE FROM ".LOGIN_DB_SCHEMA.".set_live WHERE table_name = '".$cms->page_name."' AND delete_flag = 't'";
-	$cms->db_exec($q);
-}
-if (DEV_SCHEMA != PUBLIC_SCHEMA) {
-	// read out possible deleted, to add "delete from live"
-	$q = "SELECT pkid FROM ".LOGIN_DB_SCHEMA.".set_live WHERE table_name = '".$cms->page_name."' AND delete_flag = 't'";
-	while ($res = $cms->db_return($q, 3)) {
-		$cms->DATA['set_delete'][]['pkid'] = $res['pkid'];
-	}
-}
-// get th max entries
-$q = "SELECT COUNT(file_uid) FROM file ";
-$q_search_where = "WHERE type in ('".str_replace(',', "','", $show_type)."') ";
-if ($search_what) {
-	$q_search_where .= "AND LOWER(name_en) LIKE '%".addslashes(strtolower($search_what))."%' OR name_ja LIKE '%".addslashes($search_what)."%' OR LOWER(file_name) LIKE '%".addslashes(strtolower($search_what))."%' ";
-}
-$q .= $q_search_where;
-// get selection from show_type
-list ($file_count) = $cms->db_return_row($q);
-
-if ($cms->action == 'browse') {
-	// browse in the list of data
-	switch ($cms->action_id) {
-		case "<<<<":
-			$start_row = 0;
-			break;
-		case "<":
-			$start_row -= $show_amount;
-			break;
-		case ">":
-			$start_row += $show_amount;
-			break;
-		case ">>>>":
-			$start_row = $file_count - $show_amount;
-			break;
-		case "gopage":
-			// for page is page -1, so page 1 start from 0, etc
-			$start_row = ((($cms->action_value - 1) > 0) ? ($cms->action_value - 1) * $show_amount : 0);
-			$current_page = $cms->action_value;
-			break;
-	}
-}
-
-// check overflow
-if ($start_row < 0) {
-	$start_row = 0;
-}
-if ($start_row > $file_count) {
-	$start_row = $file_count - $show_amount;
-}
-
-// if we have a "fresh_load"
-if ($fresh_load) {
-	$count = 1;
-	$q = "SELECT file_uid FROM file ";
-	if ($q_search_where) {
-		$q .= $q_search_where;
-	}
-	$q .= "ORDER BY ".$sort_order." ".$sort_direction." ";
-	while ($res = $cms->db_return($q)) {
-		// if data_id is set and not file_id, go to the page where the current highlight is, but only if this is a "virgin" load of the page
-		if ($data_id && ($data_id == $res['file_uid'])) {
-			$current_page = floor(($count / $show_amount));
-			$start_row = $current_page * $show_amount;
-			$current_page ++;
-		}
-		$count ++;
-	}
-}
-
-// page forward/back buttons settings
-if ($start_row > 0) {
-	$cms->DATA['show_back'] = 1;
-}
-$cms->DATA['page_number'] = ceil($start_row / $show_amount) + 1;
-$cms->DATA['page_count'] = ceil($file_count / $show_amount);
-if ($cms->DATA['page_count'] > 2 && !$current_page) {
-	$current_page = 1;
-}
-if (($start_row + $show_amount) < $file_count) {
-	$cms->DATA['show_forward'] = 1;
-}
-
-$q = "SELECT file_id, name_en, name_ja, file_name, online, mime_type, file_size, size_x, size_y, file_uid, type FROM file ";
-// if search what, search in name_en, name_ja, file_name for the string
-if ($q_search_where) {
-	$q .= $q_search_where;
-}
-$q .= "ORDER BY ".$sort_order." ".$sort_direction." ";
-$q .= "LIMIT ".$show_amount." OFFSET ".$start_row;
-while ($res = $cms->db_return($q)) {
-	$data_files[] = array (
-		'id' => $res['file_id'],
-		'name_en' => $res['name_en'],
-		'name_ja' => $res['name_ja'],
-		'file_name' => $res['file_name'],
-		'online' => $res['online'],
-		'mime_type' => $res['mime_type'],
-		'file_size' => $cms->adbByteStringFormat($res['file_size']),
-		'size_x' => $res['size_x'],
-		'size_y' => $res['size_y'],
-		'file_uid' => $res['file_uid'],
-		'file_type' => $res['type'],
-		'picture' => $cms->cache_pictures.$cms->adbCreateThumbnail(DEV_SCHEMA.'_'.$res['file_uid'], 80, 60, $res['type'], '', $cms->cache_pictures_root)
-	);
-}
-
-$cms->DATA['show_type'] = $show_type;
-$cms->DATA['data_files'] = $data_files;
-$cms->DATA['view'] = $view;
-$cms->DATA['images_path'] = MEDIA.$cms->data_path[$file_type];
-// get vars for position (only when)
-$cms->DATA['form_name'] = $form_name;
-$cms->DATA['value_name'] = $value_name;
-$cms->DATA['file_id'] = $file_id;
-$cms->DATA['file_uid'] = $file_uid;
-
-// write back all the other vars
-if (!($delete_done || $new_okay)) {
-	// data name
-	$cms->DATA['file_name'] = $file_name;
-	$cms->DATA['name_en'] = $name_en;
-	$cms->DATA['name_ja'] = $name_ja;
-	$cms->DATA['mime_type'] = $mime_type;
-	$cms->DATA['file_size'] = $file_size;
-	$cms->DATA['size_x'] = $size_x;
-	$cms->DATA['size_y'] = $size_y;
-	$cms->DATA['online'] = $online;
-	$cms->DATA['picture'] = $picture;
-	$cms->DATA['picture_small'] = $picture_small;
-	$cms->DATA['file_type'] = $file_type;
-}
-$cms->DATA['sort_order_list'] = $sort_order_list;
-$cms->DATA['sort_order'] = $sort_order;
-$cms->DATA['sort_direction_list'] = $sort_direction_list;
-$cms->DATA['sort_direction'] = $sort_direction;
-$cms->DATA['search_what'] = $search_what;
-$cms->DATA['current_page'] = $current_page;
-$cms->DATA['yesno_list'] = $yesno_list;
-$cms->DATA['start_row'] = $start_row;
-$cms->DATA['show_amount'] = $show_amount;
-if ($data_id) {
-	$cms->DATA['data_id'] = $data_id;
-}
-$cms->DATA['top'] = 0;
-$cms->DATA['left'] = 0;
-
-//------------------------------ processing data end
-
-//------------------------------ smarty start
-require("smarty.inc");
-//------------------------------ smarty end
-
-//------------------------------ footer
-require("footer.inc");
-//------------------------------ footer

www/admin/namespace_test.php

@@ -11,7 +11,7 @@ $DB_DEBUG = 1;
 ob_start();
 
 // admin class tests
-require 'config.inc' ;
+require 'config.php';
 DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME);
 
 echo "DIR: ".DIR."<br>ROOT: ".ROOT."<br>BASE: ".BASE."<br>";

www/admin/qq_file_upload_ajax.php

@@ -0,0 +1,46 @@
+<?php
+
+$DEBUG_ALL = 1;
+$ECHO_ALL = 0;
+$PRINT_ALL = 1;
+
+// load the Basic && qq file uploader here
+require 'config.php';
+// class load
+$base = new CoreLibs\Basic();
+$base->debug('AJAX UPLOAD', 'START Backend');
+// set max upload size
+$MAX_UPLOAD_SIZE = $base->StringByteFormat(ini_get('upload_max_filesize'));
+
+// test for qqFileUploader (AJAX side)
+$allowedExtensions = array ('csv', 'zip', 'jpg', 'pdf', 'bz2');
+$sizeLimit = $MAX_UPLOAD_SIZE; // as set in php ini
+$base->debug('AJAX UPLOAD', 'Size: '.$sizeLimit.', Memory Limit: '.ini_get('memory_limit'));
+$uploader = new CoreLibs\Upload\qqFileUploader($allowedExtensions, $sizeLimit);
+// either in post or get
+$_action= $_POST['action'] ? $_POST['action'] : $_GET['action'];
+$_task_uid = $_POST['task_uid'] ? $_POST['task_uid'] : $_GET['task_uid'];
+$get_post['start'] = microtime(true);
+$base->debug('AJAX UPLOAD', 'Action: '.$_action.', Task UID: '.$_task_uid.' => '.$base->dateStringFormat($get_post['start']));
+
+$upload_path = ROOT.MEDIA.UPLOADS;
+$get_post['result'] = $uploader->handleUpload($upload_path, false);
+$base->debug('AJAX UPLOAD', 'Memory peak: '.$base->ByteStringFormat(memory_get_usage()).' | '.$base->ByteStringFormat(memory_get_peak_usage()));
+
+// set file name
+$get_post['filename'] = $uploader->uploadFileName;
+$get_post['type'] = $uploader->uploadFileExt;
+$get_post['filesize'] = filesize($uploader->uploadFileName);
+$get_post['filesize_formated'] = $base->ByteStringFormat($get_post['filesize']);
+$get_post['end'] = microtime(true);
+$get_post['time'] = $get_post['end'] - $get_post['start'];
+
+$base->debug('AJAX RESULT', $base->printAr($get_post));
+// return data
+$output = htmlspecialchars(json_encode($get_post), ENT_NOQUOTES);
+// $base->debug('AJAX JSON', $output);
+print $output;
+
+$base->printErrorMsg();
+
+// __END__

www/admin/qq_file_upload_front.php

@@ -0,0 +1,225 @@
+<?php
+
+$DEBUG_ALL = 1;
+$ECHO_ALL = 0;
+$PRINT_ALL = 1;
+
+// test file for qqFileUploader (HTML side)
+// load the Basic class here
+require 'config.php';
+$base = new CoreLibs\Basic();
+// set max upload size
+$MAX_UPLOAD_SIZE = $base->StringByteFormat(ini_get('upload_max_filesize'));
+$base->debug('UPLOADED FRONT', 'With max size: '.$MAX_UPLOAD_SIZE);
+
+// very basic template output with super basic div for two file upload
+?>
+<html>
+<head>
+<title>File upload AJAX</title>
+<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
+<style type="text/css">
+.normal {
+	width: 25%;
+}
+.flx-s {
+	align-content: stretch;
+	display: flex;
+	flex: 1 100%;
+}
+.uploadError {
+	font-weight: bold;
+	color: red;
+}
+.uploadCancel {
+	font-weight: bold;
+	color: orange;
+}
+
+.qq-file-upload-button {
+	border: 1px solid #999999;
+	border-radius: 2px 2px 2px 2px;
+	box-shadow: 0 10px rgba(255, 255, 255, 0.3) inset, 0 10px rgba(255, 255, 255, 0.2) inset, 0 10px 2px rgba(255, 255, 255, 0.25) inset, 0 -1px 2px rgba(0, 0, 0, 0.3) inset;
+	text-align: center;
+	padding: 3px 5px 3px;
+	background-color: #cacaca;
+	margin: 2px;
+}
+
+.qq-file-upload-button:hover {
+	box-shadow: 0 10px 2px rgba(107, 107, 107, 0.2) inset, 0 12px rgba(107, 107, 107, 0.05) inset, 0 12px 2px rgba(107, 107, 107, 0.1) inset, 0 -1px 2px rgba(255, 255, 255, 0.3) inset;
+}
+
+.qq-file-upload-button:active {
+	border: 1px solid red;
+	background-color: rgba(80, 80, 80, 0.5);
+}
+
+.qq-upload-cancel {
+	border: 1px solid red;
+	border-radius: 2px;
+	text-align: center;
+	padding: 3px 5px 3px;
+	background-color: #eb652d;
+	margin: 2px;
+}
+.qq-upload-cancel:hover {
+	background-color: #eb8686;
+}
+.qq-upload-cancel:active {
+	border: 1px solid black;
+	background-color: #eb2d2d;
+}
+
+.progressBarOutside {
+	background-color: #f1f1f1;
+	color: black;
+	width: 100%;
+}
+
+.progressBarInside {
+	background-color: #1e9e84;
+	border-radius: 4px;
+	padding: 0.01em;
+	text-align: center;
+	font-size: 0.8em;
+}
+
+</style>
+<script src="layout/default/javascript/prototype.js" type="text/javascript"></script>
+<script src="layout/default/javascript/file-uploader/fileuploader.js" type="text/javascript"></script>
+<script type="text/javascript">
+function formatBytes(bytes)
+{
+	var i = -1;
+	do {
+		bytes = bytes / 1024;
+		i++;
+	} while (bytes > 99);
+
+	// return Math.max(bytes, 0.1).toFixed(1) + ['kB', 'MB', 'GB', 'TB', 'PB', 'EB'][i];
+	return parseFloat(Math.round(bytes * Math.pow(10, 2)) / Math.pow(10, 2)) + ['kB', 'MB', 'GB', 'TB', 'PB', 'EB'][i];
+}
+var MAX_UPLOAD_SIZE = <?=$MAX_UPLOAD_SIZE;?>;
+// function to add an AJAX uploadeder to the set
+function createUploaderSin(divName, divNumber) {
+	divID = divName + '_' + divNumber;
+	console.log('Div: %s, Number: %s => ID: %s', divName, divNumber, divID);
+	$(divID + '_Cancel').hide();
+	var uploader = new qq.FileUploaderBasic({
+		// element: document.getElementById(divID),
+		element: $(divID),
+		cancel: $(divID + '_Cancel'),
+		action: 'qq_file_upload_ajax.php',
+		multiple: false,
+		button: $(divID),
+		allowedExtensions: ['csv', 'zip', 'jpg', 'pdf', 'bz2'],
+		sizeLimit: MAX_UPLOAD_SIZE, // size set from php ini
+		name: divID,
+		params: {
+			'file_pos': divNumber, // we need to add here ID or something
+			'action': 'upload',
+			'task_uid': divNumber // -> test for some internal uid
+		},
+		onSubmit: function(id, filename, target) {
+			console.log('File upload: "%s", ID: "%s" => "%s"', filename, id, target);
+			// remove any assigned error classes and flags
+			if ($(target + '_ProgressText').hasClassName('uploadError') || $(target + '_ProgressText').hasClassName('uploadCancel')) {
+				$(target + '_ProgressText').className = '';
+				$(target + '_Error').value = 0;
+			}
+			$(target + '_ProgressText').innerHTML = 'Start uploading file: ' + filename;
+			$(target + '_Cancel').show();
+			// disabled stuff here
+		},
+		onProgress: function(id, filename, loaded, total, target) {
+			console.log('Progress for file: "%s", ID: "%s", loaded: "%s", total: "%s" => "%s"', id, filename, loaded, total, target);
+			var percent = Math.round((loaded / total) * 100);
+			$(target + '_ProgressBar').innerHTML = percent + '%';
+			$(target + '_ProgressBar').style.width = percent + '%';
+			$(target + '_ProgressText').innerHTML = 'Uploading: ' + filename + ', ' + formatBytes(loaded) + '/' + formatBytes(total);
+		},
+		onComplete: function(id, filename, responseJSON, target) {
+			console.log('File upload for file "%s", id "%s" done with status "%s" => "%s", And success: %s', filename, id, responseJSON, target, responseJSON.result.success);
+			if (responseJSON.result.success) {
+				$(target + '_ProgressBar').innerHTML = '100%';
+				$(target + '_ProgressBar').style.width = '100%';
+				$(target + '_ProgressText').innerHTML = 'Uploaded: ' + filename + ' (' + responseJSON.filesize_formated + ')';
+				// also write hidden vars for this (file name, etc)
+				// for that we replace the divName part from the target and get just the pos number ?
+				// $(target + 'Name').value = filename;
+				// $(target + 'NameUpload').value = responseJSON.filename;
+				// $(target + 'Type').value = responseJSON.type;
+				// $(target + 'Size').value = responseJSON.filesize;
+			} else {
+				// set the error class
+				$(target + '_ProgressText').className = 'uploadError';
+				// flag error
+				$(target + '_Error').value = 1;
+				// and write the error
+				$(target + '_ProgressText').innerHTML = 'UPLOAD FAILED FOR FILE: ' + filename;
+			}
+			// renable stuff here
+			$(target + '_Cancel').hide();
+		},
+		onCancel: function (id, filename, target) {
+			// cancel upload
+			console.log('File upload cancled for file "%s", id "%s"', filename, id);
+			// upload cancel
+			$(target + '_ProgressText').className = 'uploadCancel';
+			$(target + '_Error').value = 1;
+			$(target + '_ProgressText').innerHTML = 'UPLOAD CANCELED FOR FILE: ' + filename;
+			$(target + '_Cancel').hide();
+		},
+		/*showMessage: function(message) {
+			console.log('MESSAGE: %s', message);
+		}, */
+		debug: true
+	});
+	// console.log('INIT Nr %s => cnt: %s', divNumber, uploader);
+	return uploader;
+}
+</script>
+</head>
+
+<body>
+<div id="masterGroup">
+	<div>File upload via AJAX (MAX SIZE: <?=$base->byteStringFormat($MAX_UPLOAD_SIZE);?>)</div>
+	<div class="flx-s">
+		<div id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_MF5tISORiay7" class="normal qq-file-upload-button" style="width: 20%">Upload File</div>
+		<div style="width: 5%">
+			<div id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_MF5tISORiay7_Cancel" class="qq-upload-cancel">X</div>
+		</div>
+		<div style="width: 75%; padding: 5px;">
+			<div id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_MF5tISORiay7_ProgressText"></div>
+			<div class="progressBarOutside">
+				<div class="progressBarInside" id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_MF5tISORiay7_ProgressBar" style="width: 0%">0%</div>
+			</div>
+		</div>
+		<input type="hidden" name="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_MF5tISORiay7_Error" id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_MF5tISORiay7_Error" value="">
+	</div>
+	<div class="flx-s">
+		<div id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_Ww9iWKrl3Xou" class="normal qq-file-upload-button" style="width: 20%">Upload File</div>
+		<div style="width: 5%">
+			<div id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_Ww9iWKrl3Xou_Cancel" class="qq-upload-cancel">X</div>
+		</div>
+		<div style="width: 75%; padding: 5px;">
+			<div id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_Ww9iWKrl3Xou_ProgressText"></div>
+			<div class="progressBarOutside">
+				<div class="progressBarInside" id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_Ww9iWKrl3Xou_ProgressBar" style="width: 0%">0%</div>
+			</div>
+		</div>
+		<input type="hidden" name="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_Ww9iWKrl3Xou_Error" id="Uploader_3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_Ww9iWKrl3Xou_Error" value="">
+	</div>
+</div>
+</body>
+</html>
+<script type="text/javascript">
+// attach uploader to div areas
+createUploaderSin('Uploader', '3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_MF5tISORiay7');
+createUploaderSin('Uploader', '3WD7MAFmjAux_dlvvu13tezNj_XeSO0Ovauli0_Ww9iWKrl3Xou');
+</script>
+<?php
+$base->printErrorMsg();
+
+// __END__

www/admin/smarty_test.php

@@ -7,14 +7,16 @@ $DB_DEBUG = 1;
 $LOG_PER_RUN = 1;
 
 define('USE_DATABASE', true);
-require("header.inc");
+define('USE_HEADER', true);
+require 'config.php';
+require BASE.INCLUDES.'admin_header.inc';
 $MASTER_TEMPLATE_NAME = 'main_body.tpl';
 $TEMPLATE_NAME = 'smarty_test.tpl';
 $PAGE_WIDTH = 750;
-require("set_paths.inc");
+require BASE.INCLUDES.'admin_set_paths.inc';
 
 // smarty test
 $cms->DATA['SMARTY_TEST'] = 'Test Data';
 
-require("smarty.inc");
+require BASE.INCLUDES.'admin_smarty.inc';
-require("footer.inc");
+require BASE.INCLUDES.'admin_footer.inc';

www/admin/table_arrays/array_edit_visible_group.inc

@@ -1,30 +0,0 @@
-<?
-	$edit_visible_group = array (
-		"table_array" => array (
-			"edit_visible_group_id" => array (
-				"value" => $GLOBALS["edit_visible_group_id"],
-				"type" => "hidden",
-				"pk" => 1
-			),
-			"name" => array (
-				"value" => $GLOBALS["name"],
-				"output_name" => $this->l->__("Group name"),
-				"mandatory" => 1,
-				"type" => "text"
-			),
-			"flag" => array (
-				"value" => $GLOBALS["flag"],
-				"output_name" => $this->l->__("Flag"),
-				"mandatory" => 1,
-				"type" => "text",
-				"error_check" => "alphanumeric|unique"
-			)
-		),
-		"table_name" => "edit_visible_group",
-		"load_query" => "SELECT edit_visible_group_id, name FROM edit_visible_group ORDER BY name",
-		"show_fields" => array (
-			array (
-				"name" => "name"
-			)
-		)
-	);

www/admin/various_class_test.php

@@ -0,0 +1,97 @@
+<?php
+
+$DEBUG_ALL_OVERRIDE = 0; // set to 1 to debug on live/remote server locations
+$DEBUG_ALL = 1;
+$PRINT_ALL = 1;
+$DB_DEBUG = 1;
+
+// admin class tests
+// require 'config.inc';
+require 'config.php';
+DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME);
+$base = new CoreLibs\Basic();
+
+print "THIS HOST: ".HOST_NAME.", with PROTOCOL: ".HOST_PROTOCOL." is running SSL: ".HOST_SSL."<br>";
+print "DIR: ".DIR."<br>";
+print "BASE: ".BASE."<br>";
+print "ROOT: ".ROOT."<br>";
+print "HOST: ".$HOST_NAME." => DB HOST: ".$DB_HOST[$HOST_NAME]." => ".MAIN_DB."<br>";
+
+// $test = array (
+// 	'A' => array (
+// 		'B' => array (),
+// 		'C' => array (
+// 			'D' => array (),
+// 			'E' => array (
+// 				'F' => array ()
+// 			)
+// 		)
+// 	),
+// 	'1' => array (),
+// 	'2' => array (),
+// 	'3' => array (
+// 		'G' => array ()
+// 	)
+// );
+
+$base->debug('ARRAY', $base->printAr($test));
+
+function rec($pre, $cur, $node = array ())
+{
+	if (!is_array($node)) {
+		$node = array ();
+	}
+	print "<div style='color: green;'>#### PRE: ".$pre.", CUR: ".$cur.", N-c: ".count($node)." [".join('|', array_keys($node))."]</div>";
+	if (!$pre) {
+		print "** <span style='color: red;'>NEW</span><br>";
+		$node[$cur] = array ();
+	} else {
+		if (array_key_exists($pre, $node)) {
+			print "+ <span style='color: orange;'>KEY FOUND:</span> ".$pre.", add: ".$cur."<br>";
+			$node[$pre][$cur] = array ();
+		} else {
+			print "- NOT FOUND: loop<br>";
+			foreach ($node as $_pre => $_cur) {
+				print "> TRY: ".$_pre." => ".count($_cur)." [".join('|', array_keys($_cur))."]<br>";
+				if (count($_cur) > 0) {
+					$node[$_pre] = rec($pre, $cur, $_cur);
+				}
+			}
+		}
+	}
+	return $node;
+}
+
+function flattenArrayKey(array $array, array $return = array ())
+{
+	foreach ($array as $key => $sub) {
+		$return[] = $key;
+		if (count($sub) > 0) {
+			$return = flattenArrayKey($sub, $return);
+		}
+	}
+	return $return;
+}
+
+// core
+$test = rec('', 'A', $test);
+$test = rec('', '1', $test);
+$test = rec('', '2', $test);
+$test = rec('', '3', $test);
+$test = rec('3', 'G', $test);
+$test = rec('A', 'B', $test);
+$test = rec('A', 'C', $test);
+$test = rec('C', 'D', $test);
+$test = rec('C', 'E', $test);
+$test = rec('E', 'F', $test);
+// new
+$test = rec('C', 'U', $test);
+$test = rec('F', 'U', $test);
+$test = rec('', 'Al', $test);
+$test = rec('B', 'B1', $test);
+$base->debug('REC', $base->printAr($test));
+print "FLATTEN: ".$base->printAr(flattenArrayKey($test))."<br>";
+
+print $base->printErrorMsg();
+
+// __END__

www/configs/config.db.inc

@@ -0,0 +1,25 @@
+<?php
+/********************************************************************
+* AUTHOR: Clemens Schwaighofer
+* CREATED: 2018/10/11
+* SHORT DESCRIPTION:
+* configuration file for database settings
+* HISTORY:
+*********************************************************************/
+
+// please be VERY carefull only to change the right side
+$DB_CONFIG = array (
+	'test' => array (
+		'db_name' => 'gullevek',
+		'db_user' => 'gullevek',
+		'db_pass' => 'gullevek',
+		'db_host' => 'db.tokyo.tequila.jp',
+		'db_port' => '5432',
+		'db_schema' => 'public',
+		'db_type' => 'pgsql',
+		'db_encoding' => '',
+		'db_ssl' => 'disable' // allow, disable, require, prefer
+	)
+);
+
+// __END__

www/configs/config.host.inc

@@ -0,0 +1,33 @@
+<?php
+/********************************************************************
+* AUTHOR: Clemens Schwaighofer
+* CREATED: 2018/10/11
+* SHORT DESCRIPTION:
+* configuration file for core host settings
+* - DB access name (array group from config.db)
+* - location (test/stage/live)
+* - debug flag (true/false)
+* - DB path (eg PUBLIC_SCHEMA)
+* - stie lang
+* HISTORY:
+*********************************************************************/
+
+// each host has a different db_host
+// development host
+$DB_HOST['soba.tokyo.tequila.jp'] = 'test';
+// target host (live)
+//	$DB_TARGET_HOST['soba'] = '<DB ID>';
+// url redirect database
+//	$DB_URL_REDIRECT_HOST['soba'] = '<DB ID>';
+// location flagging
+// test/dev/live
+$LOCATION['soba.tokyo.tequila.jp'] = 'test';
+// show DEBUG override
+// true/false
+$DEBUG_FLAG['soba.tokyo.tequila.jp'] = true;
+// set postgresql paths (schemas)
+$DB_PATH['soba.tokyo.tequila.jp'] = PUBLIC_SCHEMA;
+// site language
+$SITE_LANG['soba.tokyo.tequila.jp'] = 'en_utf8';
+
+// __END__

www/configs/config.inc

@@ -1,6 +1,6 @@
 <?
 /********************************************************************
-* AUTHOR: Clemens "Gullevek" Schwaighofer (www.gullevek.org)
+* AUTHOR: Clemens Schwaighofer
 * CREATED: 2003/06/10
 * SHORT DESCRIPTION:
 *   configuration file
@@ -9,79 +9,82 @@
 
 /************* SESSION NAMES *************/
 // backend
-DEFINE('EDIT_SESSION_NAME', "<ADMIN SESSION NAME>");
+DEFINE('EDIT_SESSION_NAME', '<ADMIN SESSION NAME>');
 // frontend
-DEFINE('SESSION_NAME', "<SESSION NAME>");
+DEFINE('SESSION_NAME', '<SESSION NAME>');
 // set the session name
 define('SET_SESSION_NAME', EDIT_SESSION_NAME);
 
 /************* LANGUAGE / ENCODING *******/
-DEFINE('DEFAULT_LANG', "en_utf8");
+DEFINE('DEFAULT_LANG', 'en_utf8');
 // default web page encoding setting
-DEFINE('DEFAULT_ENCODING', "UTF-8");
+DEFINE('DEFAULT_ENCODING', 'UTF-8');
 
 /************* PATHS *********************/
+// directory seperator
+DEFINE('DS', DIRECTORY_SEPARATOR);
 // ** NEW/BETTER DIR DECLARATIONS **
 // path to original file (if symlink)
-DEFINE('DIR', __DIR__."/");
+DEFINE('DIR', __DIR__.DS);
-// libs base path based on DIR
+// base dir root folder level
-DEFINE('LIBDIR', DIR.'libs/');
+DEFINE('BASE', str_replace('configs', '', __DIR__));
-// SMARTY path based on DIR
-DEFINE('SMARTYDIR', DIR.'Smarty/');
-// table arrays for Class Form
-DEFINE('TABLEARRAYDIR', DIR.'table_arrays/');
 
 // ** OLD DIR DECLARATIONS **
 // path to document root of file called
-DEFINE('ROOT', getcwd()."/");
+DEFINE('ROOT', getcwd().DS);
 // libs path
-DEFINE('LIBS', "libs/");
+DEFINE('LIB', 'lib'.DS);
+DEFINE('LIBS', 'lib'.DS);
 // includes (strings, arrays for static, etc)
-DEFINE('INCLUDES', "includes/");
+DEFINE('INCLUDES', 'includes'.DS);
 // layout base path
-DEFINE('LAYOUT', 'layout/');
+DEFINE('LAYOUT', 'layout'.DS);
 // pic-root (compatible to CMS)
-DEFINE('PICTURES', "images/");
+DEFINE('PICTURES', 'images'.DS);
 // images
-DEFINE('IMAGES', "images/");
+DEFINE('IMAGES', 'images'.DS);
 // icons (below the images/ folder)
-DEFINE('ICONS', 'icons/');
+DEFINE('ICONS', 'icons'.DS);
 // media
-DEFINE('MEDIA', "media/");
+DEFINE('MEDIA', 'media'.DS);
 // flash-root (below media)
-DEFINE('FLASH', "flash/");
+DEFINE('FLASH', 'flash'.DS);
 // uploads (anything to keep)
-DEFINE('UPLOADS', "uploads/");
+DEFINE('UPLOADS', 'uploads'.DS);
 // files (binaries) (below media)
-DEFINE('BINARIES', "binaries/");
+DEFINE('BINARIES', 'binaries'.DS);
 // files (videos) (below media)
-DEFINE('VIDEOS', "videos/");
+DEFINE('VIDEOS', 'videos'.DS);
 // files (documents) (below media)
-DEFINE('DOCUMENTS', "documents/");
+DEFINE('DOCUMENTS', 'documents'.DS);
 // files (pdfs) (below media)
-DEFINE('PDFS', "documents/");
+DEFINE('PDFS', 'documents'.DS);
+// CSV
+DEFINE('CSV', 'csv'.DS);
 // css
-DEFINE('CSS', "css/");
+DEFINE('CSS', 'css'.DS);
 // js
-DEFINE('JS', "javascript/");
+DEFINE('JS', 'javascript'.DS);
 // table arrays
-DEFINE('TABLE_ARRAYS', "table_arrays/");
+DEFINE('TABLE_ARRAYS', 'table_arrays'.DS);
 // smarty libs path
-DEFINE('SMARTY', "Smarty/");
+DEFINE('SMARTY', 'Smarty'.DS);
 // po langs
-DEFINE('LANG', "lang/");
+DEFINE('LANG', 'lang'.DS);
 // cache path
-DEFINE('CACHE', "cache/");
+DEFINE('CACHE', 'cache'.DS);
 // temp path
-DEFINE('TMP', "tmp/");
+DEFINE('TMP', 'tmp'.DS);
 // log files
-DEFINE('LOG', 'log/');
+DEFINE('LOG', 'log'.DS);
+// compiled template folder
+DEFINE('TEMPLATES_C', 'templates_c'.DS);
 // template base
-DEFINE('TEMPLATES', "templates/");
+DEFINE('TEMPLATES', 'templates'.DS);
 // frontend template dir', only for admin
-DEFINE('TEMPLATES_FRONTEND', "templates_frontend/");
+DEFINE('TEMPLATES_FRONTEND', 'templates_frontend'.DS);
 // default template
-DEFINE('DEFAULT_TEMPLATE', "default/");
+DEFINE('DEFAULT_TEMPLATE', 'default'.DS);
 // default template file
 DEFINE('DEFAULT_TEMPLATE_FILE', 'default.tpl');
 
@@ -99,14 +102,14 @@ DEFINE('DEFAULT_ACL_SEND', 70);
 DEFINE('DEFAULT_ACL_DEL', 80);
 DEFINE('DEFAULT_ACL_ADMIN', 100); */
 // SSL host name
-//	DEFINE('SSL_HOST', "ssl.host.name");
+//	DEFINE('SSL_HOST', 'ssl.host.name');
 // error page strictness, Default is 3
 // 1: only show error page as the last mesure if really no mid & aid can be loaded and found at all
 // 2: if template not found, do not search, show error template
 // 3: if default template is not found, show error template, do not fall back to default tree
 // 4: very strict, even on normal fixable errors through error
 //	DEFINE('ERROR_STRICT', 3);
-// allow page caching in general, set to "FALSE" if you do debugging or development!
+// allow page caching in general, set to 'FALSE' if you do debugging or development!
 //	DEFINE('ALLOW_SMARTY_CACHE', FALSE);
 // cache life time, in seconds, default here is 2 days (172800s)
 // -1 is never expire cache
@@ -131,6 +134,11 @@ DEFINE('PAGE_WIDTH', 800);
 // the default template name
 DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 
+// below two can be defined here, but they should be
+// defined in either the header file or the file itself
+/************* LOGGING *******************/
+// DEFINE('LOG_FILE_ID', '');
+
 /************* QUEUE TABLE *************/
 // if we have a dev/live system
 // set_live is a per page/per item
@@ -142,37 +150,38 @@ DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 DEFINE('PUBLIC_SCHEMA', 'public');
 DEFINE('DEV_SCHEMA', 'public');
 DEFINE('TEST_SCHEMA', 'public');
+DEFINE('LIVE_SCHEMA', 'public');
 
 // non constant part
 /************* DB ACCESS *****************/
 // please be VERY carefull only to change the right side
 $DB_CONFIG = array (
-	"<db id>" => array (
+	'<db id>' => array (
-		"db_name" => "<database>",
+		'db_name' => '<database>',
-		"db_user" => "<user>",
+		'db_user' => '<user>',
-		"db_pass" => "<password>",
+		'db_pass' => '<password>',
-		"db_host" => "<host>",
+		'db_host' => '<host>',
-		"db_port" => "5432",
+		'db_port' => '5432',
-		"db_schema" => "public", // if not set, uses public
+		'db_schema' => 'public', // if not set, uses public
-		"db_type" => "pgsql",
+		'db_type' => 'pgsql',
-		"db_encoding" => '',
+		'db_encoding' => '',
-		"db_ssl" => 'disable' // allow, disable, require, prefer
+		'db_ssl' => 'disable' // allow, disable, require, prefer
 	)
 );
 
 // File and Folder paths
 // ID is TARGET (first array element)
-//	$PATHS["test"]["csv_path"] = "";
+//	$PATHS['test']['csv_path'] = '';
-//	$PATHS["test"]["perl_bin"] = "";
+//	$PATHS['test']['perl_bin'] = '';
-//	$PATHS["test"]["redirect_url"] = "";
+//	$PATHS['test']['redirect_url'] = '';
 
 // each host has a different db_host
 // development host
-$DB_HOST['<host>'] = "<db id>";
+$DB_HOST['<host>'] = '<db id>';
 // target host (live)
-//	$DB_TARGET_HOST['<host>'] = "<DB ID>";
+//	$DB_TARGET_HOST['<host>'] = '<DB ID>';
 // url redirect database
-//	$DB_URL_REDIRECT_HOST['<host>'] = "<DB ID>";
+//	$DB_URL_REDIRECT_HOST['<host>'] = '<DB ID>';
 // location flagging
 // test/dev/live
 $LOCATION['<host>'] = '<test|live|remote|etc>';
@@ -188,9 +197,9 @@ $USE_DATABASE = defined('USE_DATABASE') ? USE_DATABASE : true;
 // live frontend pages
 // ** missing live domains **
 // get the name without the port
-list($HOST_NAME, $PORT) = array_pad(explode(":", $_SERVER['HTTP_HOST'], 2), 2, null);
+list($HOST_NAME) = array_pad(explode(':', $_SERVER['HTTP_HOST'], 2), 2, null);
 if (!$DB_HOST[$HOST_NAME] && $USE_DATABASE) {
-	echo "No matching DB config found. Contact Admin<br>";
+	echo 'No matching DB config found. Contact Admin<br>';
 	exit -1;
 }
 
@@ -217,11 +226,11 @@ DEFINE('SHOW_ALL_ERRORS', false); // show all errors if debug_all & show_error_h
 $G_TITLE = '<OVERALL PAGE TITLE>';
 
 /************ STYLE SHEETS / JS **********/
-$EDIT_STYLESHEET = "edit.css";
+$EDIT_STYLESHEET = 'edit.css';
-$EDIT_JAVASCRIPT = "edit.js";
+$EDIT_JAVASCRIPT = 'edit.js';
 
-$STYLESHEET = "frontend.css";
+$STYLESHEET = 'frontend.css';
-$JAVASCRIPT = "frontend.js";
+$JAVASCRIPT = 'frontend.js';
 
 /************* CONVERT *******************/
 $paths = array (
@@ -231,14 +240,14 @@ $paths = array (
 );
 // find convert
 foreach ($paths as $path) {
-	if (file_exists($path."/convert") && is_file($path."/convert")) {
+	if (file_exists($path.DS.'convert') && is_file($path.DS.'convert')) {
 		// image magick convert location
-		DEFINE('CONVERT', $path."/convert");
+		DEFINE('CONVERT', $path.DS.'convert');
 	}
 }
 
 // turn off debug if debug flag is OFF
-if (DEBUG == false) {
+if (defined('DEBUG') && DEBUG == false) {
 	$ECHO_ALL = 0;
 	$DEBUG_ALL = 0;
 	$PRINT_ALL = 0;
@@ -249,27 +258,7 @@ if (DEBUG == false) {
 // any other global definitons here
 //	DEFINE('SOME_ID', <SOME VALUE>);
 
-// function that will be called on top of each class include to load the class
+// read auto loader
-function _spl_autoload($include_file)
+require BASE.LIB.'autoloader.php';
-{
+
-	// where to search for the files to include
+# __END__
-	$dirs = array (
-		LIBDIR,
-		SMARTYDIR,
-		TABLEARRAYDIR,
-		'',
-		LIBS,
-		SMARTY,
-		TABLE_ARRAYS,
-		__DIR__.'/'.LIBS,
-		__DIR__.'/'.SMARTY
-	);
-	// try to find and load the class ifle
-	foreach ($dirs as $folder) {
-		if (file_exists($folder.$include_file))	{
-			require_once($folder.$include_file);
-			return true;
-		}
-	}
-	return false;
-}

www/configs/config.template.inc

@@ -1,6 +1,6 @@
 <?php
 /********************************************************************
-* AUTHOR: Clemens "Gullevek" Schwaighofer (www.gullevek.org)
+* AUTHOR: Clemens Schwaighofer
 * CREATED: 2003/06/10
 * SHORT DESCRIPTION:
 *   configuration file
@@ -8,17 +8,19 @@
 *********************************************************************/
 
 /************* SESSION NAMES *************/
+// server name HASH
+DEFINE('SERVER_NAME_HASH', hash('crc32b', $_SERVER['HTTP_HOST']));
 // backend
-DEFINE('EDIT_SESSION_NAME', "<ADMIN SESSION NAME>");
+DEFINE('EDIT_SESSION_NAME', '<ADMIN SESSION NAME>'.SERVER_NAME_HASH);
 // frontend
-DEFINE('SESSION_NAME', "<SESSION NAME>");
+DEFINE('SESSION_NAME', '<SESSION NAME>'.SERVER_NAME_HASH);
-// set the session name
+// SET_SESSION_NAME should be set in the header if a special session name is needed
-define('SET_SESSION_NAME', EDIT_SESSION_NAME);
+// DEFINE('SET_SESSION_NAME', SESSION_NAME);
 
 /************* LANGUAGE / ENCODING *******/
-DEFINE('DEFAULT_LANG', "en_utf8");
+DEFINE('DEFAULT_LANG', 'en_utf8');
 // default web page encoding setting
-DEFINE('DEFAULT_ENCODING', "UTF-8");
+DEFINE('DEFAULT_ENCODING', 'UTF-8');
 
 /************* PATHS *********************/
 // directory seperator
@@ -35,52 +37,58 @@ DEFINE('ROOT', getcwd().DS);
 // libs path
 DEFINE('LIB', 'lib'.DS);
 DEFINE('LIBS', 'lib'.DS);
+// configs folder
+DEFINE('CONFIGS', 'configs'.DS);
 // includes (strings, arrays for static, etc)
 DEFINE('INCLUDES', 'includes'.DS);
 // layout base path
 DEFINE('LAYOUT', 'layout'.DS);
 // pic-root (compatible to CMS)
-DEFINE('PICTURES', "images".DS);
+DEFINE('PICTURES', 'images'.DS);
 // images
-DEFINE('IMAGES', "images".DS);
+DEFINE('IMAGES', 'images'.DS);
 // icons (below the images/ folder)
 DEFINE('ICONS', 'icons'.DS);
 // media
-DEFINE('MEDIA', "media".DS);
+DEFINE('MEDIA', 'media'.DS);
 // flash-root (below media)
-DEFINE('FLASH', "flash".DS);
+DEFINE('FLASH', 'flash'.DS);
 // uploads (anything to keep)
-DEFINE('UPLOADS', "uploads".DS);
+DEFINE('UPLOADS', 'uploads'.DS);
 // files (binaries) (below media)
-DEFINE('BINARIES', "binaries".DS);
+DEFINE('BINARIES', 'binaries'.DS);
 // files (videos) (below media)
-DEFINE('VIDEOS', "videos".DS);
+DEFINE('VIDEOS', 'videos'.DS);
 // files (documents) (below media)
-DEFINE('DOCUMENTS', "documents".DS);
+DEFINE('DOCUMENTS', 'documents'.DS);
 // files (pdfs) (below media)
-DEFINE('PDFS', "documents".DS);
+DEFINE('PDFS', 'documents'.DS);
+// CSV
+DEFINE('CSV', 'csv'.DS);
 // css
-DEFINE('CSS', "css".DS);
+DEFINE('CSS', 'css'.DS);
 // js
-DEFINE('JS', "javascript".DS);
+DEFINE('JS', 'javascript'.DS);
 // table arrays
-DEFINE('TABLE_ARRAYS', "table_arrays".DS);
+DEFINE('TABLE_ARRAYS', 'table_arrays'.DS);
 // smarty libs path
-DEFINE('SMARTY', "Smarty".DS);
+DEFINE('SMARTY', 'Smarty'.DS);
 // po langs
-DEFINE('LANG', "lang".DS);
+DEFINE('LANG', 'lang'.DS);
 // cache path
-DEFINE('CACHE', "cache".DS);
+DEFINE('CACHE', 'cache'.DS);
 // temp path
-DEFINE('TMP', "tmp".DS);
+DEFINE('TMP', 'tmp'.DS);
 // log files
 DEFINE('LOG', 'log'.DS);
+// compiled template folder
+DEFINE('TEMPLATES_C', 'templates_c'.DS);
 // template base
-DEFINE('TEMPLATES', "templates".DS);
+DEFINE('TEMPLATES', 'templates'.DS);
 // frontend template dir', only for admin
-DEFINE('TEMPLATES_FRONTEND', "templates_frontend".DS);
+DEFINE('TEMPLATES_FRONTEND', 'templates_frontend'.DS);
 // default template
-DEFINE('DEFAULT_TEMPLATE', "default".DS);
+DEFINE('DEFAULT_TEMPLATE', 'default'.DS);
 // default template file
 DEFINE('DEFAULT_TEMPLATE_FILE', 'default.tpl');
 
@@ -98,14 +106,14 @@ DEFINE('DEFAULT_ACL_SEND', 70);
 DEFINE('DEFAULT_ACL_DEL', 80);
 DEFINE('DEFAULT_ACL_ADMIN', 100); */
 // SSL host name
-//	DEFINE('SSL_HOST', "ssl.host.name");
+//	DEFINE('SSL_HOST', 'ssl.host.name');
 // error page strictness, Default is 3
 // 1: only show error page as the last mesure if really no mid & aid can be loaded and found at all
 // 2: if template not found, do not search, show error template
 // 3: if default template is not found, show error template, do not fall back to default tree
 // 4: very strict, even on normal fixable errors through error
 //	DEFINE('ERROR_STRICT', 3);
-// allow page caching in general, set to "FALSE" if you do debugging or development!
+// allow page caching in general, set to 'FALSE' if you do debugging or development!
 //	DEFINE('ALLOW_SMARTY_CACHE', FALSE);
 // cache life time, in seconds, default here is 2 days (172800s)
 // -1 is never expire cache
@@ -116,6 +124,9 @@ DEFINE('DEFAULT_ACL_ADMIN', 100); */
 DEFINE('LOGOUT_TARGET', '');
 // password change allowed
 DEFINE('PASSWORD_CHANGE', false);
+// min/max password length
+DEFINE('PASSWORD_MIN_LENGTH', 8);
+DEFINE('PASSWORD_MAX_LENGTH', 255);
 
 /************* AJAX / ACCESS *************/
 // ajax request type
@@ -130,6 +141,11 @@ DEFINE('PAGE_WIDTH', 800);
 // the default template name
 DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 
+// below two can be defined here, but they should be
+// defined in either the header file or the file itself
+/************* LOGGING *******************/
+// DEFINE('LOG_FILE_ID', '');
+
 /************* QUEUE TABLE *************/
 // if we have a dev/live system
 // set_live is a per page/per item
@@ -141,45 +157,58 @@ DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 DEFINE('PUBLIC_SCHEMA', 'public');
 DEFINE('DEV_SCHEMA', 'public');
 DEFINE('TEST_SCHEMA', 'public');
+DEFINE('LIVE_SCHEMA', 'public');
+
+/************* OTHER PATHS *****************/
+// File and Folder paths
+// ID is TARGET (first array element)
+//	$PATHS['test']['csv_path'] = '';
+//	$PATHS['test']['perl_bin'] = '';
+//	$PATHS['test']['redirect_url'] = '';
 
 // non constant part
 /************* DB ACCESS *****************/
-// please be VERY carefull only to change the right side
+if (file_exists(BASE.CONFIGS.'config.db.inc')) {
-$DB_CONFIG = array (
+	require BASE.CONFIGS.'config.db.inc';
-	"<DB ID>" => array (
+}
-		"db_name" => "<DB NAME>",
+// -> below in config.db.inc
-		"db_user" => "<DB USER>",
+// *** START ***
-		"db_pass" => "<DB PASSWORD>",
+// // please be VERY carefull only to change the right side
-		"db_host" => "<DB HOST>",
+// $DB_CONFIG = array (
-		"db_port" => "5432",
+// 	'<DB ID>' => array (
-		"db_schema" => "<DB SCHEMA>", // if not set, uses public
+// 		'db_name' => '<DB NAME>',
-		"db_type" => "pgsql",
+// 		'db_user' => '<DB USER>',
-		"db_encoding" => '',
+// 		'db_pass' => '<DB PASSWORD>',
-		"db_ssl" => 'disable' // allow, disable, require, prefer
+// 		'db_host' => '<DB HOST>',
-	)
+// 		'db_port' => '5432',
-);
+// 		'db_schema' => '<DB SCHEMA>', // if not set, uses public
-
+// 		'db_type' => 'pgsql',
-// File and Folder paths
+// 		'db_encoding' => '',
-// ID is TARGET (first array element)
+// 		'db_ssl' => 'disable' // allow, disable, require, prefer
-//	$PATHS["test"]["csv_path"] = "";
+// 	)
-//	$PATHS["test"]["perl_bin"] = "";
+// );
-//	$PATHS["test"]["redirect_url"] = "";
+// *** END ***
-
+if (file_exists(BASE.CONFIGS.'config.host.inc')) {
-// each host has a different db_host
+	require BASE.CONFIGS.'config.host.inc';
-// development host
+}
-$DB_HOST['<HOST NAME>'] = "<DB ID>";
+// // -> below in config.host.inc
-// target host (live)
+// *** START ***
-//	$DB_TARGET_HOST['<HOST NAME>'] = "<DB ID>";
+// // each host has a different db_host
-// url redirect database
+// // development host
-//	$DB_URL_REDIRECT_HOST['<HOST NAME>'] = "<DB ID>";
+// $DB_HOST['<HOST NAME>'] = '<DB ID>';
-// location flagging
+// // target host (live)
-// test/dev/live
+// //	$DB_TARGET_HOST['<HOST NAME>'] = '<DB ID>';
-$LOCATION['<HOST NAME>'] = '<test|live|remote|etc>';
+// // url redirect database
-// show DEBUG override
+// //	$DB_URL_REDIRECT_HOST['<HOST NAME>'] = '<DB ID>';
-// true/false
+// // location flagging
-$DEBUG_FLAG['<HOST NAME>'] = true;
+// // test/dev/live
-// set postgresql paths (schemas)
+// $LOCATION['<HOST NAME>'] = '<test|live|remote|etc>';
-$DB_PATH['<HOST NAME>'] = PUBLIC_SCHEMA;
+// // show DEBUG override
+// // true/false
+// $DEBUG_FLAG['<HOST NAME>'] = true;
+// // set postgresql paths (schemas)
+// $DB_PATH['<HOST NAME>'] = PUBLIC_SCHEMA;
+// *** END ***
 
 // set the USE_DATABASE var, if there is nothing set, we assume TRUE
 $USE_DATABASE = defined('USE_DATABASE') ? USE_DATABASE : true;
@@ -187,12 +216,22 @@ $USE_DATABASE = defined('USE_DATABASE') ? USE_DATABASE : true;
 // live frontend pages
 // ** missing live domains **
 // get the name without the port
-list($HOST_NAME, $PORT) = array_pad(explode(":", $_SERVER['HTTP_HOST'], 2), 2, null);
+list($HOST_NAME, $PORT) = array_pad(explode(':', $_SERVER['HTTP_HOST'], 2), 2, null);
 if (!$DB_HOST[$HOST_NAME] && $USE_DATABASE) {
-	echo "No matching DB config found. Contact Admin<br>";
+	echo 'No matching DB config found. Contact Admin<br>';
 	exit -1;
 }
-
+// set HOST name
+DEFINE('HOST_NAME', $HOST_NAME);
+// set SSL on
+if ((array_key_exists('HTTPS', $_SERVER) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ||
+	$_SERVER['SERVER_PORT'] == 443) {
+	DEFINE('HOST_SSL', true);
+	DEFINE('HOST_PROTOCOL', 'https://');
+} else {
+	DEFINE('HOST_SSL', false);
+	DEFINE('HOST_PROTOCOL', 'http://');
+}
 // define the static names
 DEFINE('LOGIN_DB', $DB_HOST[$HOST_NAME]);
 DEFINE('MAIN_DB', $DB_HOST[$HOST_NAME]);
@@ -216,11 +255,11 @@ DEFINE('SHOW_ALL_ERRORS', false); // show all errors if debug_all & show_error_h
 $G_TITLE = '<OVERALL PAGE TITLE>';
 
 /************ STYLE SHEETS / JS **********/
-$EDIT_STYLESHEET = "edit.css";
+$EDIT_STYLESHEET = 'edit.css';
-$EDIT_JAVASCRIPT = "edit.js";
+$EDIT_JAVASCRIPT = 'edit.js';
 
-$STYLESHEET = "frontend.css";
+$STYLESHEET = 'frontend.css';
-$JAVASCRIPT = "frontend.js";
+$JAVASCRIPT = 'frontend.js';
 
 /************* CONVERT *******************/
 $paths = array (
@@ -230,9 +269,9 @@ $paths = array (
 );
 // find convert
 foreach ($paths as $path) {
-	if (file_exists($path."/convert") && is_file($path."/convert")) {
+	if (file_exists($path.'/convert') && is_file($path.'/convert')) {
 		// image magick convert location
-		DEFINE('CONVERT', $path."/convert");
+		DEFINE('CONVERT', $path.'/convert');
 	}
 }
 

www/includes/admin_header.inc

@@ -10,7 +10,7 @@
 //------------------------------ variable init start
 // for dev test we set full error reporting; writes everything, except E_ERROR into logs/php_error-<day>.log
 if ($DEBUG_ALL && $ENABLE_ERROR_HANDLING) {
-	include("libs/Error.Handling.inc");
+	include("../lib/Error.Handling.inc");
 }
 // predefine vars
 $lang = '';
@@ -22,7 +22,6 @@ extract($_POST, EXTR_SKIP);
 //------------------------------ library include start
 // set output to quiet for load of classes & session settings
 ob_start();
-require("config.inc");
 //------------------------------ library include end
 
 //------------------------------ basic variable settings start

www/includes/admin_set_paths.inc

@@ -32,7 +32,7 @@ if ($_SESSION['DEFAULT_CHARSET']) {
 if ($_SESSION['DEFAULT_LANG']) {
 	$lang = $_SESSION['DEFAULT_LANG'];
 } elseif (!$lang) {
-	$lang = DEFAULT_LANG;
+	$lang = defined('SITE_LANG') ? SITE_LANG : DEFAULT_LANG;
 }
 // create the char lang encoding
 $lang_short = substr($lang, 0, 2);
@@ -55,13 +55,13 @@ $cms->CSS_SPECIAL_TEMPLATE_NAME = @$CSS_NAME;
 $cms->JS_SPECIAL_TEMPLATE_NAME = @$JS_NAME;
 
 // set basic template path (tmp)
-$smarty->setTemplateDir(LAYOUT.$TEMPLATE_DIR.TEMPLATES);
+$smarty->setTemplateDir(LAYOUT.$TEMPLATE_DIR.TEMPLATES); // no outside
-$cms->lang_dir = LAYOUT.$TEMPLATE_DIR.LANG;
+$cms->lang_dir = LAYOUT.$TEMPLATE_DIR.LANG; // no outside
-$cms->includes = LAYOUT.$TEMPLATE_DIR.INCLUDES;
+$cms->includes = BASE.INCLUDES; // no longer in templates, only global
 $cms->javascript = LAYOUT.$TEMPLATE_DIR.JS;
 $cms->css = LAYOUT.$TEMPLATE_DIR.CSS;
 $cms->pictures = LAYOUT.$TEMPLATE_DIR.IMAGES;
-$cms->cache_pictures = LAYOUT.$TEMPLATE_DIR.CACHE.IMAGES;
+$cms->cache_pictures = LAYOUT.$TEMPLATE_DIR.CACHE;
 $cms->cache_pictures_root = ROOT.$cms->cache_pictures;
 if (!is_dir($cms->cache_pictures_root)) {
 	mkdir($cms->cache_pictures_root);
@@ -80,20 +80,13 @@ if (!file_exists(ROOT.$smarty->getTemplateDir()[0].DS.MASTER_TEMPLATE_NAME)) {
 	$smarty->setTemplateDir(LAYOUT.DEFAULT_TEMPLATE.TEMPLATES);
 	$template_set = DEFAULT_TEMPLATE;
 }
-// loop to check if dir exists
-// check if file exists, if not reset to default path
-
-// check if the javascript folder exists in the template path, if not fall back to default
-if (!is_dir($cms->javascript)) {
-	$cms->javascript = LAYOUT.DEFAULT_TEMPLATE.JS;
-}
 // check if lang_dir folder exists in the template path, if not fall back to default
 if (!is_dir($cms->lang_dir)) {
 	$cms->lang_dir = LAYOUT.DEFAULT_TEMPLATE.LANG;
 }
-// check if include folder exists in the template path, if not fall back to default
+// check if the javascript folder exists in the template path, if not fall back to default
-if (!is_dir($cms->includes)) {
+if (!is_dir($cms->javascript)) {
-	$cms->includes = LAYOUT.DEFAULT_TEMPLATE.INCLUDES;
+	$cms->javascript = LAYOUT.DEFAULT_TEMPLATE.JS;
 }
 // check if css folder exists in the template path, if not fall back to default
 if (!is_dir($cms->css)) {
@@ -103,17 +96,49 @@ if (!is_dir($cms->pictures)) {
 	$cms->pictures = LAYOUT.DEFAULT_TEMPLATE.PICTURES;
 }
 if (!is_dir($cms->cache_pictures)) {
-	$cms->cache_pictures = LAYOUT.DEFAULT_TEMPLATE.CACHE.IMAGES;
+	$cms->cache_pictures = LAYOUT.DEFAULT_TEMPLATE.CACHE;
+	$cms->cache_pictures_root = ROOT.$cms->cache_pictures;
 }
 
 // if the template_dir is != DEFAULT_TEMPLATE, then try to make a lang switch
 // if the default lang is not like the lang given, switch lang
-if (false === strstr(LAYOUT.DEFAULT_TEMPLATE.LANG, $cms->lang_dir) || strcasecmp(DEFAULT_LANG, $lang)) {
+if (false === strstr(LAYOUT.DEFAULT_TEMPLATE.LANG, $cms->lang_dir) ||
-	$cms->debug('LANG', 'Orig: '.LAYOUT.DEFAULT_TEMPLATE.LANG.', New: '.$cms->lang_dir.' | Orig Lang: '.DEFAULT_LANG.', New Lang: '.$lang);
+	strcasecmp(defined('SITE_LANG') ? SITE_LANG : DEFAULT_LANG, $lang)
+) {
+	$cms->debug('LANG', 'Orig: '.LAYOUT.DEFAULT_TEMPLATE.LANG.', New: '.$cms->lang_dir.' | Orig Lang: '.(defined('SITE_LANG') ? SITE_LANG : DEFAULT_LANG).', New Lang: '.$lang);
 	$cms->l->l10nReloadMOfile($lang, $cms->lang_dir);
-	$smarty->l10n->l10nReloadMOfile($lang, $cms->lang_dir);
+		// if we have login class
+	if ($login) {
+		$login->l->l10nReloadMOfile($lang, $cms->lang_dir);
+	}
+	// if we have smarty template class
+	if ($smarty) {
+		$smarty->l10n->l10nReloadMOfile($lang, $cms->lang_dir);
+	}
+}
+
+// javascrip translate data as template for auto translate
+if (!$TEMPLATE_TRANSLATE) {
+	$cms->debug('LANG', 'Load lang: '.$lang.', for page file jsTranslate_'.$lang.'.tpl');
+	$TEMPLATE_TRANSLATE = 'jsTranslate_'.$lang.'.tpl';
+} else {
+	// we assume we have some fixed set
+	// we must add _<$lang>
+	// if .tpl, put before .tpl
+	// if not .tpl, add _<$lang>.tpl
+	if (strpos($TEMPLATE_TRANSLATE, '.tpl')) {
+		$TEMPLATE_TRANSLATE = str_replace('.tpl', '_'.$lang.'.tpl', $TEMPLATE_TRANSLATE);
+	} else {
+		$TEMPLATE_TRANSLATE .= '_'.$lang.'.tpl';
+	}
+}
+// if we can't find it, dump it
+if (!file_exists($smarty->getTemplateDir()[0].DS.$TEMPLATE_TRANSLATE)) {
+	unset($TEMPLATE_TRANSLATE);
 }
 
 //	$cms->debug("LANGUAGE", "L: $lang | ".$cms->lang_dir." | MO File: ".$cms->l->mofile);
 $cms->debug("LANGUAGE", "SL: ".$_SESSION['DEFAULT_CHARSET']." | ".$_SESSION['LANG']." | ".$_SESSION['DEFAULT_LANG']);
 $cms->debug("TEMPLATE", "P: ".$smarty->getTemplateDir()[0]);
+
+# __END__

www/includes/admin_smarty.inc

@@ -90,7 +90,7 @@ $cms->DEBUG_DATA['DEBUG'] = @$DEBUG_TMPL;
 // create main data array
 $cms->CONTENT_DATA = array_merge($cms->HEADER, $cms->DATA, $cms->DEBUG_DATA);
 // data is 1:1 mapping (all vars, values, etc)
-while (list($key, $value) = each($cms->CONTENT_DATA)) {
+foreach ($cms->CONTENT_DATA as $key => $value) {
 	$smarty->assign($key, $value);
 }
 if (is_dir(BASE.TEMPLATES_C)) {
@@ -100,3 +100,5 @@ if (is_dir(BASE.CACHE)) {
 	$smarty->setCacheDir(BASE.CACHE);
 }
 $smarty->display($MASTER_TEMPLATE_NAME, $TEMPLATE.$lang, $TEMPLATE.$lang);
+
+# __END__

www/includes/edit_base.inc

@@ -24,10 +24,10 @@ extract($_POST, EXTR_SKIP);
 
 $table_width = 750;
 // this is for certain CMS modules that set a relative path
-define(REL_PATH, '');
+define('REL_PATH', '');
 
 ob_start();
-include("config.inc");
+require 'config.php';
 // set session name here
 define('SET_SESSION_NAME', EDIT_SESSION_NAME);
 // overrride debug flags
@@ -137,10 +137,13 @@ $DATA['GROUP_NAME'] = $_SESSION["GROUP_NAME"];
 $DATA['GROUP_LEVEL'] = $_SESSION["GROUP_LEVEL"];
 $PAGES = $_SESSION["PAGES"];
 
-//$form->debug('menu', $form->print_ar($PAGES));
+//$form->debug('menu', $form->printAr($PAGES));
 
-// baue nav aus $PAGES ...
+// build nav from $PAGES ...
-for ($i = 0; $i < count($PAGES); $i ++) {
+if (!is_array($PAGES)) {
+	$PAGES = array ();
+}
+for ($i = 0, $i_max = count($PAGES); $i < $i_max; $i ++) {
 	if ($PAGES[$i]["menu"] && $PAGES[$i]["online"]) {
 		$menuarray[] = $PAGES[$i];
 	}
@@ -204,6 +207,7 @@ if ($form->yes) {
 			$elements[] = $form->formCreateElement("login_error_date_last");
 			$elements[] = $form->formCreateElement("login_error_date_first");
 			$elements[] = $form->formCreateElement("enabled");
+			$elements[] = $form->formCreateElement("protected");
 			$elements[] = $form->formCreateElement("username");
 			$elements[] = $form->formCreateElement("password");
 			$elements[] = $form->formCreateElement("password_change_interval");
@@ -283,6 +287,8 @@ if ($form->yes) {
 			break;
 		case "edit_access":
 			$elements[] = $form->formCreateElement("name");
+			$elements[] = $form->formCreateElement("enabled");
+			$elements[] = $form->formCreateElement("protected");
 			$elements[] = $form->formCreateElement("color");
 			$elements[] = $form->formCreateElement("description");
 			// add name/value list here
@@ -292,7 +298,7 @@ if ($form->yes) {
 			print "[No valid page definition given]";
 			break;
 	}
-//		$form->debug('edit', "Elements: <pre>".$form->print_ar($elements));
+//		$form->debug('edit', "Elements: <pre>".$form->printAr($elements));
 	$DATA['elements'] = $elements;
 	$DATA['hidden'] = $form->formCreateHiddenFields();
 	$DATA['save_delete'] = $form->formCreateSaveDelete();
@@ -304,7 +310,7 @@ $DEBUG_DATA['DEBUG'] = $DEBUG_TMPL;
 // create main data array
 $CONTENT_DATA = array_merge($HEADER, $DATA, $DEBUG_DATA);
 // data is 1:1 mapping (all vars, values, etc)
-while (list($key, $value) = each($CONTENT_DATA)) {
+foreach ($CONTENT_DATA as $key => $value) {
 	$smarty->assign($key, $value);
 }
 if (is_dir(BASE.TEMPLATES_C)) {

www/includes/table_arrays/array_edit_access.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_access = array (
 	"table_array" => array (
 		"edit_access_id" => array (
@@ -28,6 +28,26 @@ $edit_access = array (
 			"error_check" => "custom",
 			"error_regex" => "/[\dA-Fa-f]{6}/",
 			"error_example" => "F6A544"
+		),
+		"enabled" => array (
+			"value" => $GLOBALS["enabled"],
+			"output_name" => "Enabled",
+			"type" => "binary",
+			"int" => 1,
+			"element_list" => array (
+				"1" => "Yes",
+				"0" => "No"
+			)
+		),
+		"protected" => array (
+			"value" => $GLOBALS["protected"],
+			"output_name" => "Protected",
+			"type" => "binary",
+			"int" => 1,
+			"element_list" => array (
+				"1" => "Yes",
+				"0" => "No"
+			)
 		)
 	),
 	"table_name" => "edit_access",
@@ -74,3 +94,5 @@ $edit_access = array (
 		)
 	)
 );
+
+# __END__

www/includes/table_arrays/array_edit_groups.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_groups = array (
 	"table_array" => array (
 		"edit_group_id" => array (
@@ -97,3 +97,5 @@ $edit_groups = array (
 		) // edit pages ggroup
 	)
 );
+
+# __END__

www/includes/table_arrays/array_edit_languages.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_languages=array (
 	"table_array" => array (
 		"edit_language_id" => array (
@@ -70,3 +70,5 @@ $edit_languages=array (
 	),
 	"table_name" => "edit_language"
 );
+
+# __END__

www/includes/table_arrays/array_edit_menu_group.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_menu_group = array (
 	"table_array" => array (
 		"edit_menu_group_id" => array (
@@ -35,3 +35,5 @@ $edit_menu_group = array (
 		)
 	)
 );
+
+# __END__

www/includes/table_arrays/array_edit_pages.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_pages = array (
 	"table_array" => array (
 		"edit_page_id" => array (
@@ -26,7 +26,7 @@ $edit_pages = array (
 			"int" => 1,
 			"order" => 1
 		),
-/*			"flag" => array (
+		/* "flag" => array (
 			"value" => $GLOBALS["flag"],
 			"output_name" => "Page Flag",
 			"type" => "drop_down_array",
@@ -175,3 +175,5 @@ $edit_pages = array (
 		) // query_string element list
 	) // element list
 );
+
+# __END__

www/includes/table_arrays/array_edit_schemes.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_schemes = array (
 	"table_array" => array (
 		"edit_scheme_id" => array (
@@ -53,3 +53,4 @@ $edit_schemes = array (
 	)
 ); // main array
 
+# __END__

www/includes/table_arrays/array_edit_users.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_users = array (
 	"table_array" => array (
 		"edit_user_id" => array (
@@ -29,6 +29,7 @@ $edit_users = array (
 			)
 		),
 		// password date when first insert and password is set, needs special field with connection to password
+		// password reset force interval, if set, user needs to reset password after X time period
 		'password_change_interval' => array (
 			'value' => $GLOBALS['password_change_interval'],
 			'output_name' => 'Password change interval',
@@ -38,7 +39,6 @@ $edit_users = array (
 			'size' => 5, // make it 5 chars long
 			'length' => 5
 		),
-		// password reset force interval, if set, user needs to reset password after X time period
 		"enabled" => array (
 			"value" => $GLOBALS["enabled"],
 			"output_name" => "Enabled",
@@ -163,10 +163,15 @@ $edit_users = array (
 			"type" => "view",
 			"empty" => "-"
 		),
-		// planned delete lock flag
 		"protected" => array (
 			"value" => $GLOBALS["protected"],
-			"int" => 1
+			"output_name" => "Protected",
+			"type" => "binary",
+			"int" => 1,
+			"element_list" => array (
+				"1" => "Yes",
+				"0" => "No"
+			)
 		)
 	),
 	"load_query" => "SELECT edit_user_id, username, enabled, debug, db_debug, strict, locked, login_error_count FROM edit_user ORDER BY username",
@@ -251,3 +256,5 @@ $edit_users = array (
 		) // edit pages ggroup
 	)
 );
+
+# __END__

www/includes/table_arrays/array_edit_visible_group.inc

@@ -0,0 +1,32 @@
+<?php
+$edit_visible_group = array (
+	"table_array" => array (
+		"edit_visible_group_id" => array (
+			"value" => $GLOBALS["edit_visible_group_id"],
+			"type" => "hidden",
+			"pk" => 1
+		),
+		"name" => array (
+			"value" => $GLOBALS["name"],
+			"output_name" => $this->l->__("Group name"),
+			"mandatory" => 1,
+			"type" => "text"
+		),
+		"flag" => array (
+			"value" => $GLOBALS["flag"],
+			"output_name" => $this->l->__("Flag"),
+			"mandatory" => 1,
+			"type" => "text",
+			"error_check" => "alphanumeric|unique"
+		)
+	),
+	"table_name" => "edit_visible_group",
+	"load_query" => "SELECT edit_visible_group_id, name FROM edit_visible_group ORDER BY name",
+	"show_fields" => array (
+		array (
+			"name" => "name"
+		)
+	)
+);
+
+# __END__

www/layout/admin/default/css/edit.css

@@ -272,7 +272,7 @@ input[type="text"]:focus, textarea:focus, select:focus {
 }
 
 /* spacer for line break in float elements */
-.spacer {
+.clr, .spacer {
 	clear: both;
 }
 
@@ -367,6 +367,30 @@ input[type="text"]:focus, textarea:focus, select:focus {
 	font-size: 8px;
 }
 
+/* NEW VERSION with CSS key frame animation */
+.progress {
+	width: 100px;
+	height: 100px;
+	background: rgba(255, 255, 255, 0.6);
+	border: 20px solid rgba(255, 255, 255 ,0.25);
+	border-left-color: rgba(3, 155, 229 ,1);
+	border-top-color: rgba(3, 155, 229 ,1);
+	border-radius: 50%;
+	display: inline-block;
+	animation: rotate 600ms infinite linear;
+	/* align */
+	left: 0;
+	top: 0;
+	position: absolute;
+	z-index: 100;
+}
+/* Animation for above progress */
+@keyframes rotate {
+	to {
+		transform: rotate(1turn)
+	}
+}
+
 /* ***************************** ADMIN EDIT INTERFACE COLORS ********************************* */
 /* set all colors here and not in the config file */
 /* for edit interface */

www/layout/admin/default/css/file-uploader/fileuploader.css

@@ -0,0 +1,88 @@
+.qq-uploader {
+	position: relative;
+	width: 100%;
+}
+
+.qq-upload-button {
+    display: block; /* or inline-block */
+    width: 105px;
+    padding: 7px 0;
+    text-align: center;
+    background: #880000;
+    border-bottom: 1px solid #ddd;
+    color: #fff;
+}
+.qq-upload-button-hover {
+	background: #cc0000;
+}
+.qq-upload-button-focus {
+	outline: 1px dotted black;
+}
+
+.qq-upload-drop-area {
+    position: absolute;
+    top: 0;
+    left: 0;
+    width: 100%;
+    height: 100%;
+    min-height: 70px;
+    z-index: 2;
+    background: #FF9797;
+    text-align: center;
+}
+.qq-upload-drop-area span {
+    display: block;
+    position: absolute;
+    top: 50%;
+    width: 100%;
+    margin-top: -8px;
+    font-size: 16px;
+}
+.qq-upload-drop-area-active {
+	background:
+	#FF7171;
+}
+
+.qq-upload-list {
+	margin:
+	15px 35px;
+	padding: 0;
+	list-style: disc;
+}
+.qq-upload-list li {
+	margin: 0;
+	padding: 0;
+	line-height: 15px;
+	font-size: 12px;
+}
+.qq-upload-file, .qq-upload-spinner, .qq-upload-size, .qq-upload-cancel, .qq-upload-failed-text {
+    margin-right: 7px;
+}
+
+.qq-upload-file {
+}
+.qq-upload-spinner {
+	display: inline-block;
+	/*background: url("loading.gif");*/
+	width: 15px;
+	height: 15px;
+	vertical-align: text-bottom;
+	/* non gif css rotate */
+	background: rgba(255, 255, 255, 0.6);
+	border: 2px solid rgba(255, 255, 255, 0.25);
+	border-left-color: rgba(102, 102, 102 ,1);
+	border-right-color: rgba(102, 102, 102 ,1);
+	border-radius: 50%;
+	animation: rotate 600ms infinite linear;
+}
+
+.qq-upload-size, .qq-upload-cancel {
+	font-size: 11px;
+}
+
+.qq-upload-failed-text {
+	display: none;
+}
+.qq-upload-fail .qq-upload-failed-text {
+	display: inline;
+}

www/layout/admin/default/javascript/edit.js

@@ -2,6 +2,8 @@
 	code is taken and adapted from dokuwiki
 */
 
+/* jshint esversion: 6 */
+
 /**
  * Some browser detection
  */
@@ -207,3 +209,240 @@ function formatBytes(bytes)
 
 	return parseFloat(Math.round(bytes * Math.pow(10, 2)) / Math.pow(10, 2)) + ['kB', 'MB', 'GB', 'TB', 'PB', 'EB'][i];
 }
+
+// *** DOM MANAGEMENT FUNCTIONS
+// METHOD: cel [create element]
+// PARAMS: tag: must set tag (div, span, etc)
+//         id: optional set for id, if input, select will be used for name
+//         content: text content inside, is skipped if sub elements exist
+//         css: array for css tags
+//         options: anything else (value, placeholder, OnClick, style)
+// RETURN: object
+// DESC  : creates object for DOM element creation flow
+const cel = (tag, id = '', content = '', css = [], options = {}) =>
+	element = {
+		tag: tag,
+		id: id,
+		name: options.name, // override name if set [name gets ignored in tree build anyway]
+		content: content,
+		css: css,
+		options: options,
+		sub: []
+	};
+
+// METHOD: ael [attach element]
+// PARAMS: base: object where to attach/search
+//         attach: the object to be attached
+//         id: optional id, if given search in base for this id and attach there
+// RETURN: "none", technically there is no return needed
+// DESC  : attach a cel created object to another to create a basic DOM tree
+function ael(base, attach, id = '')
+{
+	if (id) {
+		// base id match already
+		if (base.id == id) {
+			base.sub.push(attach);
+		} else {
+			// sub check
+			if (base.sub.length > 0) {
+				base.sub.each(function(t) {
+					// recursive call to sub element
+					ael(t, attach, id);
+				});
+			}
+		}
+	} else {
+		base.sub.push(attach);
+	}
+	return base;
+}
+
+// METHOD: aelx [attach n elements]
+// PARAMS: base: object to where we attach the elements
+//         attach 1..n: attach directly to the base element those attachments
+// RETURN: "none", technically there is no return needed
+// DESC  : directly attach n elements to one master base element
+//         this type does not support attach with optional id
+function aelx(base, ...attach)
+{
+	attach.each(function(t) {
+		base.sub.push(Object.assign({}, t));
+	});
+	return base;
+}
+
+// METHOD: rel [rese element]
+// PARAMS: cel created element
+// RETURN: "none", is self change, but returns base.sub
+// DESC  : resets the sub elements of the base element given
+const rel = (base) => base.sub = [];
+
+// METHOD: rcssel [remove a css from the element]
+// PARAMS: element, style sheet to remove
+// RETURN: "none", in place because of reference
+// DESC  : searches and removes style from css array
+function rcssel(element, css)
+{
+	let css_index = element.css.indexOf(css);
+	if (css_index > -1) {
+		element.css.splice(css_index, 1);
+	}
+}
+
+// METHOD acssel [add css element]
+// PARAMS: element, style sheet to add
+// RETURN: "none", in place add because of reference
+// DESC  : adds a new style sheet to the element given
+function acssel(element, css)
+{
+	let css_index = element.css.indexOf(css);
+	if (css_index == -1) {
+		element.css.push(css);
+	}
+}
+
+// METHOD: scssel
+// PARAMS: element, style to remove, style to add
+// RETURN: "none", in place add because of reference
+// DESC  : removes one css and adds another
+//         is a wrapper around rcssel/acssel
+function scssel(element, rcss, acss)
+{
+	rcssel(element, rcss);
+	acssel(element, acss);
+}
+
+// METHOD: phfo [produce html from object]
+// PARAMS: object tree with dom element declarations
+// RETURN: HTML string that can be used as innerHTML
+// DESC  : parses the object tree created with cel/ael
+//         and converts it into an HTML string that can
+//         be inserted into the page
+function phfo(tree)
+{
+	// holds the elements
+	let content = [];
+	// main part line
+	let line = '<' + tree.tag;
+	// first id, if set
+	if (tree.id) {
+		line += ' id="' + tree.id + '"';
+		// if anything input (input, textarea, select then add name too)
+		if (['input', 'textarea', 'select'].includes(tree.tag)) {
+			line += ' name="' + (tree.name ? tree.name : tree.id) + '"';
+		}
+	}
+	// second CSS
+	if (tree.css.length > 0) {
+		line += ' class="';
+		tree.css.each(function(t) {
+			line += t + ' ';
+		});
+		// strip last space
+		line = line.slice(0, -1);
+		line += '"';
+	}
+	// options is anything key = "data"
+	if (tree.options) {
+		// ignores id, name, class as key
+		for (const [key, item] of Object.entries(tree.options)) {
+			if (!['id', 'name', 'class'].includes(key)) {
+				line += ' ' + key + '="' + item + '"';
+			}
+		}
+	}
+	// finish open tag
+	line += '>';
+	// push finished line
+	content.push(line);
+	// dive into sub tree to attach sub nodes
+	// NOTES: we can have content (text) AND sub nodes at the same level
+	// CONTENT (TEXT) takes preference over SUB NODE in order
+	if (tree.sub.length > 0) {
+		if (tree.content) {
+			content.push(tree.content);
+		}
+		tree.sub.each(function(t) {
+			content.push(phfo(t));
+		});
+	} else if (tree.content) {
+		content.push(tree.content);
+	}
+	// if not input close
+	if (tree.tag != 'input') {
+		content.push('</' + tree.tag + '>');
+	}
+	// combine to string
+	return content.join('');
+}
+
+// BLOCK: html wrappers for quickly creating html data blocks
+// METHOD: html_options
+// PARAMS: name/id, array for the options, selected item uid
+//         options_only [def false] if this is true, it will not print the select part
+//         return_string [def false]: return as string and not as element
+//         sort [def '']: if empty as is, else allowed 'keys', 'values' all others are ignored
+// RETURN: html with build options block
+// DESC  : creates an select/options drop down block.
+//         the array needs to be key -> value format. key is for the option id and value is for the data output
+function html_options(name, data, selected = '', options_only = false, return_string = false, sort = '')
+{
+	let content = [];
+	let element_select;
+	let element_option;
+	let data_list = []; // for sorted output
+	// set outside select, gets stripped on return if options only is true
+	element_select = cel('select', name);
+	if (isObject(data)) {
+		// console.log('Call for %s, options: %s', name, options_only);
+		// console.log('Call for %s, options: %s', name, options_only);
+		if (sort == 'keys') {
+			data_list = Object.keys(data).sort();
+		} else if (sort == 'values') {
+			data_list = Object.keys(data).sort((a, b) => ('' + data[a]).localeCompare(data[b]));
+		} else {
+			data_list = Object.keys(data);
+		}
+		// console.log('ORDER: %s', data_list);
+		// use the previously sorted list
+		// for (const [key, value] of Object.entries(data)) {
+		for (const key of data_list) {
+			let value = data[key];
+			console.log('options: key: %s, value: %s', key, value);
+			// basic options init
+			let options = {
+				'label': value,
+				'value': key
+			};
+			// add selected if matching
+			if (selected == key) {
+				options.selected = '';
+			}
+			// create the element option
+			element_option = cel('option', '', value, '', options);
+			// attach it to the select element
+			ael(element_select, element_option);
+		}
+	}
+	// if with select part, convert to text
+	if (!options_only) {
+		if (return_string) {
+			content.push(phfo(element_select));
+			return content.join('');
+		} else {
+			return element_select;
+		}
+	} else {
+		// strip select part
+		if (return_string) {
+			element_select.sub.each(function(t) {
+				content.push(phfo(t));
+			});
+			return content.join('');
+		} else {
+			return element_select.sub;
+		}
+	}
+}
+
+/* END */

www/layout/admin/default/javascript/scriptaculous/prototype-1.7.3.0.js

@@ -1,4 +1,4 @@
-/*  Prototype JavaScript framework, version 1.7.2
+/*  Prototype JavaScript framework, version 1.7.3
  *  (c) 2005-2010 Sam Stephenson
  *
  *  Prototype is freely distributable under the terms of an MIT-style license.
@@ -8,7 +8,7 @@
 
 var Prototype = {
 
-  Version: '1.7.2',
+  Version: '1.7.3',
 
   Browser: (function(){
     var ua = navigator.userAgent;
@@ -621,7 +621,7 @@ Object.extend(String.prototype, (function() {
   }
 
   function stripTags() {
-    return this.replace(/<\w+(\s+("[^"]*"|'[^']*'|[^>])+)?>|<\/\w+>/gi, '');
+    return this.replace(/<\w+(\s+("[^"]*"|'[^']*'|[^>])+)?(\/)?>|<\/\w+>/gi, '');
   }
 
   function stripScripts() {
@@ -734,7 +734,7 @@ Object.extend(String.prototype, (function() {
 
   function evalJSON(sanitize) {
     var json = this.unfilterJSON(),
-        cx = /[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;
+        cx = /[\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff\u0000]/g;
     if (cx.test(json)) {
       json = json.replace(cx, function (a) {
         return '\\u' + ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
@@ -1332,10 +1332,9 @@ Array.from = $A;
   }
 
   if (arrayProto.some) {
-    var some = wrapNative(Array.prototype.some);
+    some = wrapNative(Array.prototype.some);
   }
 
-
   function every(iterator) {
     if (this == null) throw new TypeError();
     iterator = iterator || Prototype.K;
@@ -1352,22 +1351,16 @@ Array.from = $A;
   }
 
   if (arrayProto.every) {
-    var every = wrapNative(Array.prototype.every);
+    every = wrapNative(Array.prototype.every);
   }
 
-  var _reduce = arrayProto.reduce;
-  function inject(memo, iterator) {
-    iterator = iterator || Prototype.K;
-    var context = arguments[2];
-    return _reduce.call(this, iterator.bind(context), memo);
-  }
-
-  if (!arrayProto.reduce) {
-    var inject = Enumerable.inject;
-  }
 
   Object.extend(arrayProto, Enumerable);
 
+  if (arrayProto.entries === Enumerable.entries) {
+    delete arrayProto.entries;
+  }
+
   if (!arrayProto._reverse)
     arrayProto._reverse = arrayProto.reverse;
 
@@ -1383,7 +1376,6 @@ Array.from = $A;
     any:       some,
     every:     every,
     all:       every,
-    inject:    inject,
 
     clear:     clear,
     first:     first,
@@ -2146,12 +2138,12 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
 
 
   function visible(element) {
-    return $(element).style.display !== 'none';
+    return $(element).getStyle('display') !== 'none';
   }
 
   function toggle(element, bool) {
     element = $(element);
-    if (Object.isUndefined(bool))
+    if (typeof bool !== 'boolean')
       bool = !Element.visible(element);
     Element[bool ? 'show' : 'hide'](element);
 
@@ -2683,6 +2675,7 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
 
   function descendantOf_DOM(element, ancestor) {
     element = $(element), ancestor = $(ancestor);
+    if (!element || !ancestor) return false;
     while (element = element.parentNode)
       if (element === ancestor) return true;
     return false;
@@ -2690,12 +2683,14 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
 
   function descendantOf_contains(element, ancestor) {
     element = $(element), ancestor = $(ancestor);
+    if (!element || !ancestor) return false;
     if (!ancestor.contains) return descendantOf_DOM(element, ancestor);
     return ancestor.contains(element) && ancestor !== element;
   }
 
   function descendantOf_compareDocumentPosition(element, ancestor) {
     element = $(element), ancestor = $(ancestor);
+    if (!element || !ancestor) return false;
     return (element.compareDocumentPosition(ancestor) & 8) === 8;
   }
 
@@ -2800,8 +2795,10 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
     for (var attr in attributes) {
       name = table.names[attr] || attr;
       value = attributes[attr];
-      if (table.values[attr])
+      if (table.values[attr]) {
-        name = table.values[attr](element, value) || name;
+        value = table.values[attr](element, value);
+        if (Object.isUndefined(value)) continue;
+      }
       if (value === false || value === null)
         element.removeAttribute(name);
       else if (value === true)
@@ -2979,7 +2976,9 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
 
     values: {
       checked: function(element, value) {
-        element.checked = !!value;
+        value = !!value;
+        element.checked = value;
+        return value ? 'checked' : null;
       },
 
       style: function(element, value) {
@@ -3124,8 +3123,11 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
       value = element.currentStyle[style];
     }
 
-    if (style === 'opacity' && !STANDARD_CSS_OPACITY_SUPPORTED)
+    if (style === 'opacity') {
-      return getOpacity_IE(element);
+      if (!STANDARD_CSS_OPACITY_SUPPORTED)
+        return getOpacity_IE(element);
+      else return value ? parseFloat(value) : 1.0;
+    }
 
     if (value === 'auto') {
       if ((style === 'width' || style === 'height') && Element.visible(element))
@@ -3177,7 +3179,7 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
     if (value < 0.00001) value = 0;
 
     style.filter = stripAlphaFromFilter_IE(filter) +
-     'alpha(opacity=' + (value * 100) + ')';
+     ' alpha(opacity=' + (value * 100) + ')';
 
     return element;
   }
@@ -3193,7 +3195,7 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
 
     var filter = Element.getStyle(element, 'filter');
     if (filter.length === 0) return 1.0;
-    var match = (filter || '').match(/alpha\(opacity=(.*)\)/);
+    var match = (filter || '').match(/alpha\(opacity=(.*)\)/i);
     if (match && match[1]) return parseFloat(match[1]) / 100;
     return 1.0;
   }
@@ -3519,7 +3521,7 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
     return boxWidth - bl - br - pl - pr;
   }
 
-  if ('currentStyle' in document.documentElement) {
+  if (!Object.isUndefined(document.documentElement.currentStyle) && !Prototype.Browser.Opera) {
     getRawStyle = getRawStyle_IE;
   }
 
@@ -4047,15 +4049,19 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
   function getOffsetParent(element) {
     element = $(element);
 
+    function selfOrBody(element) {
+      return isHtml(element) ? $(document.body) : $(element);
+    }
+
     if (isDocument(element) || isDetached(element) || isBody(element) || isHtml(element))
       return $(document.body);
 
     var isInline = (Element.getStyle(element, 'display') === 'inline');
-    if (!isInline && element.offsetParent) return $(element.offsetParent);
+    if (!isInline && element.offsetParent) return selfOrBody(element.offsetParent);
 
     while ((element = element.parentNode) && element !== document.body) {
       if (Element.getStyle(element, 'position') !== 'static') {
-        return isHtml(element) ? $(document.body) : $(element);
+        return selfOrBody(element);
       }
     }
 
@@ -4093,8 +4099,8 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
       }
     } while (element);
 
-    valueL -= layout.get('margin-top');
+    valueL -= layout.get('margin-left');
-    valueT -= layout.get('margin-left');
+    valueT -= layout.get('margin-top');
 
     return new Element.Offset(valueL, valueT);
   }
@@ -4265,6 +4271,8 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
       offsetLeft: 0
     }, options || {});
 
+    var docEl = document.documentElement;
+
     source  = $(source);
     element = $(element);
     var p, delta, layout, styles = {};
@@ -4278,19 +4286,41 @@ Ajax.PeriodicalUpdater = Class.create(Ajax.Base, {
       }
     }
 
+    function pageScrollXY() {
+      var x = 0, y = 0;
+      if (Object.isNumber(window.pageXOffset)) {
+        x = window.pageXOffset;
+        y = window.pageYOffset;
+      } else if (document.body && (document.body.scrollLeft || document.body.scrollTop)) {
+        x = document.body.scrollLeft;
+        y = document.body.scrollTop;
+      } else if (docEl && (docEl.scrollLeft || docEl.scrollTop)) {
+        x = docEl.scrollLeft;
+        y = docEl.scrollTop;
+      }
+      return { x: x, y: y };
+    }
+
+    var pageXY = pageScrollXY();
+
+
     if (options.setWidth || options.setHeight) {
       layout = Element.getLayout(source);
     }
 
     if (options.setLeft)
-      styles.left = (p[0] - delta[0] + options.offsetLeft) + 'px';
+      styles.left = (p[0] + pageXY.x - delta[0] + options.offsetLeft) + 'px';
     if (options.setTop)
-      styles.top  = (p[1] - delta[1] + options.offsetTop)  + 'px';
+      styles.top  = (p[1] + pageXY.y - delta[1] + options.offsetTop)  + 'px';
 
-    if (options.setWidth)
+    var currentLayout = element.getLayout();
-      styles.width  = layout.get('border-box-width')  + 'px';
+
-    if (options.setHeight)
+    if (options.setWidth) {
-      styles.height = layout.get('border-box-height') + 'px';
+      styles.width = layout.get('width')  + 'px';
+    }
+    if (options.setHeight) {
+      styles.height = layout.get('height') + 'px';
+    }
 
     return Element.setStyle(element, styles);
   }
@@ -4488,15 +4518,29 @@ Prototype.Selector = (function() {
   };
 })();
 Prototype._original_property = window.Sizzle;
+
+;(function () {
+  function fakeDefine(fn) {
+    Prototype._actual_sizzle = fn();
+  }
+  fakeDefine.amd = true;
+
+  if (typeof define !== 'undefined' && define.amd) {
+    Prototype._original_define = define;
+    Prototype._actual_sizzle = null;
+    window.define = fakeDefine;
+  }
+})();
+
 /*!
- * Sizzle CSS Selector Engine v@VERSION
+ * Sizzle CSS Selector Engine v1.10.18
  * http://sizzlejs.com/
  *
  * Copyright 2013 jQuery Foundation, Inc. and other contributors
  * Released under the MIT license
  * http://jquery.org/license
  *
- * Date: @DATE
+ * Date: 2014-02-05
  */
 (function( window ) {
 
@@ -6229,6 +6273,22 @@ if ( typeof define === "function" && define.amd ) {
 
 })( window );
 
+;(function() {
+  if (typeof Sizzle !== 'undefined') {
+    return;
+  }
+
+  if (typeof define !== 'undefined' && define.amd) {
+    window.Sizzle = Prototype._actual_sizzle;
+    window.define = Prototype._original_define;
+    delete Prototype._actual_sizzle;
+    delete Prototype._original_define;
+  } else if (typeof module !== 'undefined' && module.exports) {
+    window.Sizzle = module.exports;
+    module.exports = {};
+  }
+})();
+
 ;(function(engine) {
   var extendElements = Prototype.Selector.extendElements;
 
@@ -6870,7 +6930,7 @@ Form.EventObserver = Class.create(Abstract.EventObserver, {
 
   Event._isCustomEvent = isCustomEvent;
 
-  function getRegistryForElement(element, uid) {
+  function getOrCreateRegistryFor(element, uid) {
     var CACHE = GLOBAL.Event.cache;
     if (Object.isUndefined(uid))
       uid = getUniqueElementID(element);
@@ -6886,7 +6946,7 @@ Form.EventObserver = Class.create(Abstract.EventObserver, {
 
 
   function register(element, eventName, handler) {
-    var registry = getRegistryForElement(element);
+    var registry = getOrCreateRegistryFor(element);
     if (!registry[eventName]) registry[eventName] = [];
     var entries = registry[eventName];
 
@@ -6906,9 +6966,8 @@ Form.EventObserver = Class.create(Abstract.EventObserver, {
   }
 
   function unregister(element, eventName, handler) {
-    var registry = getRegistryForElement(element);
+    var registry = getOrCreateRegistryFor(element);
-    var entries = registry[eventName];
+    var entries = registry[eventName] || [];
-    if (!entries) return;
 
     var i = entries.length, entry;
     while (i--) {
@@ -6918,10 +6977,16 @@ Form.EventObserver = Class.create(Abstract.EventObserver, {
       }
     }
 
-    if (!entry) return;
+    if (entry) {
+      var index = entries.indexOf(entry);
+      entries.splice(index, 1);
+    }
 
-    var index = entries.indexOf(entry);
+    if (entries.length === 0) {
-    entries.splice(index, 1);
+      delete registry[eventName];
+      if (Object.keys(registry).length === 1 && ('element' in registry))
+        destroyRegistryForElement(element);
+    }
 
     return entry;
   }
@@ -7020,14 +7085,24 @@ Form.EventObserver = Class.create(Abstract.EventObserver, {
   }
 
   function stopObservingEventName(element, eventName) {
-    var registry = getRegistryForElement(element);
+    var registry = getOrCreateRegistryFor(element);
     var entries = registry[eventName];
-    if (!entries) return;
+    if (entries) {
-    delete registry[eventName];
+      delete registry[eventName];
+    }
+
+    entries = entries || [];
 
     var i = entries.length;
     while (i--)
       removeEvent(element, eventName, entries[i].responder);
+
+    for (var name in registry) {
+      if (name === 'element') continue;
+      return; // There is another registered event
+    }
+
+    destroyRegistryForElement(element);
   }
 
 
@@ -7194,7 +7269,8 @@ Form.EventObserver = Class.create(Abstract.EventObserver, {
 
   function createResponderForCustomEvent(uid, eventName, handler) {
     return function(event) {
-      var element = Event.cache[uid].element;
+      var cache = Event.cache[uid];
+      var element =  cache && cache.element;
 
       if (Object.isUndefined(event.eventName))
         return false;
@@ -7283,7 +7359,9 @@ Hash.toQueryString = Object.toQueryString;
 
 var Toggle = { display: Element.toggle };
 
-Element.Methods.childOf = Element.Methods.descendantOf;
+Element.addMethods({
+  childOf: Element.Methods.descendantOf
+});
 
 var Insertion = {
   Before: function(element, content) {

www/layout/admin/default/javascript/scriptaculous/prototype.js

@@ -1 +1 @@
-prototype-1.7.2.0.js
+prototype-1.7.3.0.js

www/layout/frontend/default/css/frontend.css

@@ -3,3 +3,27 @@
 	color: #a4a4a4;
 	font-size: 8px;
 }
+
+/* NEW VERSION with CSS key frame animation */
+.progress {
+	width: 100px;
+	height: 100px;
+	background: rgba(255, 255, 255, 0.6);
+	border: 20px solid rgba(255, 255, 255 ,0.25);
+	border-left-color: rgba(3, 155, 229 ,1);
+	border-top-color: rgba(3, 155, 229 ,1);
+	border-radius: 50%;
+	display: inline-block;
+	animation: rotate 600ms infinite linear;
+	/* align */
+	left: 0;
+	top: 0;
+	position: absolute;
+	z-index: 100;
+}
+/* Animation for above progress */
+@keyframes rotate {
+	to {
+		transform: rotate(1turn)
+	}
+}

www/lib/CoreLibs/ACL/Login.inc

@@ -69,12 +69,29 @@ class Login extends \CoreLibs\DB\IO
 	private $logout; // logout button
 	private $login_error; // login error code, can be matched to the array login_error_msg, which holds the string
 	private $password_change = false; // if this is set to true, the user can change passwords
+	private $password_change_ok = false; // password change was successful
+	private $password_forgot = false; // can we reset password and mail to user with new password set screen
+	private $password_forgot_ok = false; // password forgot mail send ok
 	private $pw_change_deny_users = array (); // array of users for which the password change is forbidden
 
+	// if we have password change we need to define some rules
+	private $password_min_length = PASSWORD_MIN_LENGTH;
+	// max length is fixed as 255 (for input type max), if set highter, it will be set back to 255
+	private $password_max_length = PASSWORD_MAX_LENGTH;
+	// can have several regexes, if nothing set, all is ok
+	private $password_valid_chars = array (
+		// '^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{8,}$',
+		// '^(?.*(\pL)u)(?=.*(\pN)u)(?=.*([^\pL\pN])u).{8,}',
+	);
+
 	// all possible login error conditions
 	private $login_error_msg = array ();
 	// this is an array holding all strings & templates passed from the outside (translation)
-	private $login_template = array ('strings' => array (), 'password_change' => '', 'template' => '');
+	private $login_template = array (
+		'strings' => array (),
+		'password_change' => '',
+		'template' => ''
+	);
 
 	// acl vars
 	public $acl = array ();
@@ -99,7 +116,18 @@ class Login extends \CoreLibs\DB\IO
 
 		// no session could be found at all
 		if (!session_id()) {
-			echo "<b>Session not started!</b><br>Use 'session_start();'.<br>For less problems with other session, you can set a session name with 'session_name(\"name\");'.<br>";
+			echo "<b>Session not started!</b><br>Use 'session_start();'.<br>";
+			echo "For less problems with other session, you can set a session name with 'session_name(\"name\");'.<br>";
+			exit;
+		}
+
+		// pre-check that password min/max lengths are inbetween 1 and 255;
+		if ($this->password_max_length > 255) {
+			echo "<b>Settings problem</b> PMaL<br>";
+			exit;
+		}
+		if ($this->password_min_length < 1) {
+			echo "<b>Settings problem</b> PMiL<br>";
 			exit;
 		}
 
@@ -107,7 +135,15 @@ class Login extends \CoreLibs\DB\IO
 
 		// if we have a search path we need to set it, to use the correct DB to login
 		// check what schema to use. if there is a login schema use this, else check if there is a schema set in the config, or fall back to DB_SCHEMA if this exists, if this also does not exists use public schema
-		$SCHEMA = defined('LOGIN_DB_SCHEMA') ? LOGIN_DB_SCHEMA : ($db_config['db_schema'] ? $db_config['db_schema'] : (defined('DB_SCHEMA') ? DB_SCHEMA : 'public'));
+		if (defined('LOGIN_DB_SCHEMA')) {
+			$SCHEMA = LOGIN_DB_SCHEMA;
+		} elseif ($db_config['db_schema']) {
+			$SCHEMA = $db_config['db_schema'];
+		} elseif (defined('DB_SCHEMA')) {
+			$SCHEMA = DB_SCHEMA;
+		} else {
+			$SCHEMA = 'public';
+		}
 		// set schema if schema differs to schema set in db conneciton
 		if ($this->dbGetSchema() && $this->dbGetSchema() != $SCHEMA) {
 			$this->dbExec("SET search_path TO ".$SCHEMA);
@@ -161,6 +197,10 @@ class Login extends \CoreLibs\DB\IO
 		if (defined('PASSWORD_CHANGE')) {
 			$this->password_change = PASSWORD_CHANGE;
 		}
+		// NOTE: forgot password flow with email
+		if (defined('PASSWORD_FORGOT')) {
+			$this->password_forgot = PASSWORD_FORGOT;
+		}
 		// max login counts before error reporting
 		$this->max_login_error_count = 10;
 		// users that never get locked, even if they are set strict
@@ -198,6 +238,10 @@ class Login extends \CoreLibs\DB\IO
 		if ($this->password_change) {
 			$this->loginPasswordChange();
 		}
+		// password forgot
+		if ($this->password_forgot) {
+			$this->loginPasswordForgot();
+		}
 		// if !$euid || permission not okay, print login screan
 		echo $this->loginPrintLogin();
 		// closing all connections, depending on error status, exit
@@ -229,6 +273,61 @@ class Login extends \CoreLibs\DB\IO
 		parent::__destruct();
 	}
 
+	// METHOD: loginPasswordCheck
+	// PARAMS: hash, optional password, to override
+	// RETURN: true or false
+	// DESC  : checks if password is valid, sets internal error login variable
+	private function loginPasswordCheck($hash, $password = '')
+	{
+		// check with what kind of prefix the password begins:
+		// $2a$ or $2y$: BLOWFISCH
+		// $1$: MD5
+		// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
+		// if no $ => normal password
+		// NOW, if we have a password encoded, but not the correct encoder available, throw special error
+		$password_ok = false;
+		if (!$password) {
+			$password = $this->password;
+		}
+		if ((preg_match("/^\\$2(a|y)\\$/", $hash) && CRYPT_BLOWFISH != 1) ||
+			(preg_match("/^\\$1\\$/", $hash) && CRYPT_MD5 != 1) ||
+			(preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) && CRYPT_STD_DES != 1)
+		) {
+			// this means password cannot be decrypted because of missing crypt methods
+			$this->login_error = 9999;
+			$password_ok = false;
+		} elseif ((preg_match("/^\\$2(a)\\$/", $hash) ||
+			// old password have $07$ so we check this
+			(preg_match("/^\\$2(y)\\$/", $hash) && preg_match("/\\$07\\$/", $hash)) ||
+			preg_match("/^\\$1\\$/", $hash) ||
+			preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash)) &&
+			!$this->verifyCryptString($password, $hash)
+		) {
+			// check passwword as crypted, $2a$ or $2y$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
+			// this is only for OLD $07$ password
+			$this->login_error = 1011;
+			$password_ok = false;
+		} elseif (preg_match("/^\\$2y\\$/", $hash) &&
+			!$this->passwordVerify($password, $hash)
+		) {
+			// this is the new password hash methid, is only $2y$
+			$this->login_error = 1013;
+			$password_ok = false;
+		} elseif (!preg_match("/^\\$2(a|y)\\$/", $hash) &&
+			!preg_match("/^\\$1\\$/", $hash) &&
+			!preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) &&
+			$hash != $password
+		) {
+			// check old plain password, case sensitive
+			$this->login_error = 1012;
+			$password_ok = false;
+		} else {
+			// all ok
+			$password_ok = true;
+		}
+		return $password_ok;
+	}
+
 	// METHOD: loginLoginUser
 	// WAS   : login_login_user
 	// PARAMS: none
@@ -242,11 +341,13 @@ class Login extends \CoreLibs\DB\IO
 				$this->login_error = 102;
 			} else {
 				// we have to get the themes in here too
-				$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
+				$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, ";
+				$q .= "eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
 				$q .= "debug, db_debug, ";
 				$q .= "eareu.level AS user_level, eareu.type AS user_type, ";
 				$q .= "eareg.level AS group_level, eareg.type AS group_type, ";
-				$q .= "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, first.header_color AS first_header_color, second.header_color AS second_header_color, second.template ";
+				$q .= "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, first.header_color AS first_header_color, ";
+				$q .= "second.header_color AS second_header_color, second.template ";
 				$q .= "FROM edit_user eu ";
 				$q .= "LEFT JOIN edit_scheme second ON (second.edit_scheme_id = eu.edit_scheme_id AND second.enabled = 1), ";
 				$q .= "edit_language el, edit_group eg, ";
@@ -257,7 +358,7 @@ class Login extends \CoreLibs\DB\IO
 				$q .= "eu.edit_access_right_id = eareu.edit_access_right_id AND ";
 				$q .= "eg.edit_access_right_id = eareg.edit_access_right_id AND ";
 				// password match is done in script, against old plain or new blowfish encypted
-				$q .= "(LOWER(username) = '".strtolower($this->username)."') ";
+				$q .= "(LOWER(username) = '".$this->dbEscapeString(strtolower($this->username))."') ";
 				$res = $this->dbReturn($q);
 				// username is wrong, but we throw for wrong username and wrong password the same error
 				if (!$this->cursor_ext[md5($q)]["num_rows"]) {
@@ -265,13 +366,6 @@ class Login extends \CoreLibs\DB\IO
 				} else {
 					// if login errors is half of max errors and the last login error was less than 10s ago, forbid any new login try
 
-					// check with what kind of prefix the password begins:
-					// $2a$ or $2y$: BLOWFISCH
-					// $1$: MD5
-					// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
-					// if no $ => normal password
-					// NOW, if we have a password encoded, but not the correct encoder available, throw special error
-
 					// check flow
 					// - user is enabled
 					// - user is not locked
@@ -285,27 +379,16 @@ class Login extends \CoreLibs\DB\IO
 					} elseif ($res['locked']) {
 						// user is locked, either set or auto set
 						$this->login_error = 105;
-					} elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) && CRYPT_BLOWFISH != 1) ||
+					} elseif (!$this->loginPasswordCheck($res['password'])) {
-						(preg_match("/^\\$1\\$/", $res['password']) && CRYPT_MD5 != 1) ||
+						// none to be set, set in login password check
-						(preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && CRYPT_STD_DES != 1)
-					) {
-						// this means password cannot be decrypted because of missing crypt methods
-						$this->login_error = 9999;
-					} elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) ||
-						preg_match("/^\\$1\\$/", $res['password']) ||
-						preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password'])) &&
-						!$this->verifyCryptString($this->password, $res['password'])
-					) {
-						// check passwword as crypted, $2a$ or $2y$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
-						$this->login_error = 1011;
-					} elseif (!preg_match("/^\\$2(a|y)\\$/", $res['password']) &&
-						!preg_match("/^\\$1\\$/", $res['password']) &&
-						!preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) &&
-						$res['password'] != $this->password
-					) {
-						// check old plain password, non case sensitive
-						$this->login_error = 1012;
 					} else {
+						// check if the current password is an invalid hash and do a rehash and set password
+						// $this->debug('LOGIN', 'Hash: '.$res['password'].' -> VERIFY: '.($this->passwordVerify($this->password, $res['password']) ? 'OK' : 'FAIL').' => HASH: '.($this->passwordRehashCheck($res['password']) ? 'NEW NEEDED' : 'OK'));
+						if ($this->passwordRehashCheck($res['password'])) {
+							// update password hash to new one now
+							$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->passwordSet($this->password))."' WHERE edit_user_id = ".$res['edit_user_id'];
+							$this->dbExec($q);
+						}
 						// normal user processing
 						// set class var and session var
 						$_SESSION["EUID"] = $this->euid = $res["edit_user_id"];
@@ -329,13 +412,16 @@ class Login extends \CoreLibs\DB\IO
 							$_SESSION["DEFAULT_LANG"] = $res["lang_short"].'_'.strtolower(str_replace('-', '', $res["lang_iso"]));
 							// reset any login error count for this user
 							if ($res['login_error_count'] > 0) {
-								$q = "UPDATE edit_user SET login_error_count = 0, login_error_date_last = NULL, login_error_date_first = NULL WHERE edit_user_id = ".$res['edit_user_id'];
+								$q = "UPDATE edit_user ";
+								$q .= "SET login_error_count = 0, login_error_date_last = NULL, login_error_date_first = NULL ";
+								$q .= "WHERE edit_user_id = ".$res['edit_user_id'];
 								$this->dbExec($q);
 							}
 							$pages = array();
 							$edit_page_ids = array();
 							// set pages access
-							$q = "SELECT ep.edit_page_id, filename, ep.name AS edit_page_name, ep.order_number AS edit_page_order, menu, popup, popup_x, popup_y, online, ear.level, ear.type ";
+							$q = "SELECT ep.edit_page_id, filename, ep.name AS edit_page_name, ep.order_number AS edit_page_order, menu, ";
+							$q .= "popup, popup_x, popup_y, online, ear.level, ear.type ";
 							$q .= "FROM edit_page ep, edit_page_access epa, edit_access_right ear ";
 							$q .= "WHERE ep.edit_page_id = epa.edit_page_id AND ear.edit_access_right_id = epa.edit_access_right_id ";
 							$q .= "AND epa.enabled = 1 AND epa.edit_group_id = ".$res["edit_group_id"]." ";
@@ -515,7 +601,7 @@ class Login extends \CoreLibs\DB\IO
 			unset($_SESSION["GROUP_NAME"]);
 			unset($_SESSION["HEADER_COLOR"]);
 			session_destroy();
-			// he prints the login screen again
+			// then prints the login screen again
 			$this->permission_okay = 0;
 		}
 	}
@@ -538,87 +624,91 @@ class Login extends \CoreLibs\DB\IO
 	//         * if an account ACL is set, set this parallel, account ACL overrides user ACL if it applies
 	//         * if edit access ACL level is set, use this, else use page
 	//         set all base ACL levels as a list keyword -> ACL number
-	public function loginSetAcl()
+	private function loginSetAcl()
 	{
-		// we start with the default acl
+		// only set acl if we have permission okay
-		$this->acl['base'] = DEFAULT_ACL_LEVEL;
+		if ($this->permission_okay) {
+			// we start with the default acl
+			$this->acl['base'] = DEFAULT_ACL_LEVEL;
 
-		// set admin flag and base to 100
+			// set admin flag and base to 100
-		if ($_SESSION['ADMIN']) {
+			if ($_SESSION['ADMIN']) {
-			$this->acl['admin'] = 1;
+				$this->acl['admin'] = 1;
-			$this->acl['base'] = 100;
+				$this->acl['base'] = 100;
-		} else {
-			// now go throw the flow and set the correct ACL
-			// user > page > group
-			// group ACL 0
-			if ($_SESSION['GROUP_ACL_LEVEL'] != -1) {
-				$this->acl['base'] = $_SESSION['GROUP_ACL_LEVEL'];
-			}
-			// page ACL 1
-			if ($_SESSION['PAGES_ACL_LEVEL'][$this->page_name] != -1) {
-				$this->acl['base'] = $_SESSION['PAGES_ACL_LEVEL'][$this->page_name];
-			}
-			// user ACL 2
-			if ($_SESSION['USER_ACL_LEVEL'] != -1) {
-				$this->acl['base'] = $_SESSION['USER_ACL_LEVEL'];
-			}
-		}
-
-		// set the current page acl
-		// start with default acl
-		// set group if not -1, overrides default
-		// set page if not -1, overrides group set
-		$this->acl['page'] = DEFAULT_ACL_LEVEL;
-		if ($_SESSION['GROUP_ACL_LEVEL'] != -1) {
-			$this->acl['page'] = $_SESSION['GROUP_ACL_LEVEL'];
-		}
-		if (isset($_SESSION['PAGES_ACL_LEVEL'][$this->page_name]) && $_SESSION['PAGES_ACL_LEVEL'][$this->page_name] != -1) {
-			$this->acl['page'] = $_SESSION['PAGES_ACL_LEVEL'][$this->page_name];
-		}
-
-		// PER ACCOUNT (UNIT/edit access)->
-		foreach ($_SESSION['UNIT'] as $ea_id => $unit) {
-			// if admin flag is set, all units are set to 100
-			if ($this->acl['admin']) {
-				$this->acl['unit'][$ea_id] = $this->acl['base'];
 			} else {
-				if ($unit['acl_level'] != -1) {
+				$this->acl['admin'] = 0;
-					$this->acl['unit'][$ea_id] = $unit['acl_level'];
+				// now go throw the flow and set the correct ACL
-				} else {
+				// user > page > group
-					$this->acl['unit'][$ea_id] = $this->acl['base'];
+				// group ACL 0
+				if ($_SESSION['GROUP_ACL_LEVEL'] != -1) {
+					$this->acl['base'] = $_SESSION['GROUP_ACL_LEVEL'];
+				}
+				// page ACL 1
+				if ($_SESSION['PAGES_ACL_LEVEL'][$this->page_name] != -1) {
+					$this->acl['base'] = $_SESSION['PAGES_ACL_LEVEL'][$this->page_name];
+				}
+				// user ACL 2
+				if ($_SESSION['USER_ACL_LEVEL'] != -1) {
+					$this->acl['base'] = $_SESSION['USER_ACL_LEVEL'];
 				}
 			}
-			// detail name/level set
+
-			$this->acl['unit_detail'][$ea_id] = array (
+			// set the current page acl
-				'name' => $unit['name'],
+			// start with default acl
-				'uid' => $unit['uid'],
+			// set group if not -1, overrides default
-				'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'],
+			// set page if not -1, overrides group set
-				'default' => $unit['default'],
+			$this->acl['page'] = DEFAULT_ACL_LEVEL;
-				'data' => $unit['data']
+			if ($_SESSION['GROUP_ACL_LEVEL'] != -1) {
-			);
+				$this->acl['page'] = $_SESSION['GROUP_ACL_LEVEL'];
-			// set default
-			if ($unit['default']) {
-				$this->acl['unit_id'] = $unit['id'];
-				$this->acl['unit_name'] = $unit['name'];
-				$this->acl['unit_uid'] = $unit['uid'];
 			}
+			if (isset($_SESSION['PAGES_ACL_LEVEL'][$this->page_name]) && $_SESSION['PAGES_ACL_LEVEL'][$this->page_name] != -1) {
+				$this->acl['page'] = $_SESSION['PAGES_ACL_LEVEL'][$this->page_name];
+			}
+
+			// PER ACCOUNT (UNIT/edit access)->
+			foreach ($_SESSION['UNIT'] as $ea_id => $unit) {
+				// if admin flag is set, all units are set to 100
+				if ($this->acl['admin']) {
+					$this->acl['unit'][$ea_id] = $this->acl['base'];
+				} else {
+					if ($unit['acl_level'] != -1) {
+						$this->acl['unit'][$ea_id] = $unit['acl_level'];
+					} else {
+						$this->acl['unit'][$ea_id] = $this->acl['base'];
+					}
+				}
+				// detail name/level set
+				$this->acl['unit_detail'][$ea_id] = array (
+					'name' => $unit['name'],
+					'uid' => $unit['uid'],
+					'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'],
+					'default' => $unit['default'],
+					'data' => $unit['data']
+				);
+				// set default
+				if ($unit['default']) {
+					$this->acl['unit_id'] = $unit['id'];
+					$this->acl['unit_name'] = $unit['name'];
+					$this->acl['unit_uid'] = $unit['uid'];
+				}
+			}
+			// flag if to show extra edit access drop downs (because user has multiple groups assigned)
+			if (count($_SESSION['UNIT']) > 1) {
+				$this->acl['show_ea_extra'] = 1;
+			} else {
+				$this->acl['show_ea_extra'] = 0;
+			}
+			// set the default edit access
+			$this->acl['default_edit_access'] = $_SESSION['UNIT_DEFAULT'];
+			// integrate the type acl list, but only for the keyword -> level
+			foreach ($this->default_acl_list as $level => $data) {
+				$this->acl['min'][$data['type']] = $level;
+			}
+			// set the full acl list too
+			$this->acl['acl_list'] = $_SESSION['DEFAULT_ACL_LIST'];
+			// debug
+			// $this->debug('ACL', $this->print_ar($this->acl));
 		}
-		// flag if to show extra edit access drop downs (because user has multiple groups assigned)
-		if (count($_SESSION['UNIT']) > 1) {
-			$this->acl['show_ea_extra'] = 1;
-		} else {
-			$this->acl['show_ea_extra'] = 0;
-		}
-		// set the default edit access
-		$this->acl['default_edit_access'] = $_SESSION['UNIT_DEFAULT'];
-		// integrate the type acl list, but only for the keyword -> level
-		foreach ($this->default_acl_list as $level => $data) {
-			$this->acl['min'][$data['type']] = $level;
-		}
-		// set the full acl list too
-		$this->acl['acl_list'] = $_SESSION['DEFAULT_ACL_LIST'];
-		// debug
-//			$this->debug('ACL', $this->print_ar($this->acl));
 	}
 
 	// METHOD: loginCheckEditAccess
@@ -635,6 +725,44 @@ class Login extends \CoreLibs\DB\IO
 		}
 	}
 
+	// METHOD: loginPasswordChangeValidPassword
+	// PARAMS: the new password
+	// RETURN: true or false
+	// DESC  : checks if the password is in a valid format
+	private function loginPasswordChangeValidPassword($password)
+	{
+		$is_valid_password = true;
+		// check for valid in regex arrays in list
+		if (is_array($this->password_valid_chars)) {
+			foreach ($this->password_valid_chars as $password_valid_chars) {
+				if (!preg_match("/$password_valid_chars/", $password)) {
+					$is_valid_password = false;
+				}
+			}
+		}
+		// check for min length
+		if (strlen($password) < $this->password_min_length || strlen($password) > $this->password_max_length) {
+			$is_valid_password = false;
+		}
+		return $is_valid_password;
+	}
+
+	// METHOD: loginSetPasswordMinLength
+	// PARAMS: set the minimum length
+	// RETURN: true/false on success
+	// DESC  : sets the minium length and checks on valid
+	public function loginSetPasswordMinLength($length)
+	{
+		// check that numeric, positive numeric, not longer than max input string lenght
+		// and not short than min password length
+		if (is_numeric($length) && $length >= PASSWORD_MIN_LENGTH && $length <= $this->password_max_length) {
+			$this->password_min_length = $length;
+			return true;
+		} else {
+			return false;
+		}
+	}
+
 	// METHOD: loginPasswordChange
 	// WAS   : login_password_change
 	// PARAMS: none
@@ -646,7 +774,7 @@ class Login extends \CoreLibs\DB\IO
 			$event = 'Password Change';
 			// check that given username is NOT in the deny list, else silent skip (with error log)
 			if (!in_array($this->pw_username, $this->pw_change_deny_users)) {
-				if (!$this->pw_username || !$this->pw_password) {
+				if (!$this->pw_username || !$this->pw_old_password) {
 					$this->login_error = 200;
 					$data = 'Missing username or old password.';
 				}
@@ -662,9 +790,9 @@ class Login extends \CoreLibs\DB\IO
 				}
 				// check old passwords match -> error
 				if (!$this->login_error) {
-					$q = "SELECT edit_user_id FROM edit_user WHERE enabled = 1 AND username = '".$this->dbEscapeString($this->pw_username)."' AND password = '".$this->dbEscapeString($this->pw_old_password)."'";
+					$q = "SELECT edit_user_id, password FROM edit_user WHERE enabled = 1 AND username = '".$this->dbEscapeString($this->pw_username)."'";
-					list ($edit_user_id) = $this->dbReturnRow($q);
+					list ($edit_user_id, $old_password_hash) = $this->dbReturnRow($q);
-					if (!$edit_user_id) {
+					if (!$edit_user_id || !$this->loginPasswordCheck($old_password_hash, $this->pw_old_password)) {
 						// old password wrong
 						$this->login_error = 202;
 						$data = 'The old password does not match';
@@ -681,15 +809,23 @@ class Login extends \CoreLibs\DB\IO
 				if (!$this->login_error) {
 					if ($this->pw_new_password != $this->pw_new_password_confirm) {
 						$this->login_error = 204;
-						$data = 'The new passwords do not match: '.$this->pw_new_password.' == '.$this->pw_new_password_confirm;
+						$data = 'The new passwords do not match';
+					}
+				}
+				// password shall match to something in minimum length or form
+				if (!$this->login_error) {
+					if (!$this->loginPasswordChangeValidPassword($this->pw_new_password)) {
+						$this->login_error = 205;
+						$data = 'The new password string is not valid';
 					}
 				}
 				// no error change this users password
 				if (!$this->login_error) {
 					// update the user (edit_user_id) with the new password
-					$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->cryptString($this->pw_new_password))."' WHERE edit_user_id = ".$edit_user_id;
+					$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->passwordSet($this->pw_new_password))."' WHERE edit_user_id = ".$edit_user_id;
 					$this->dbExec($q);
-					$data = 'Password change for user "'.$this->pw_username.'" from "'.$this->pw_old_password.'" to "'.$this->pw_new_password.'"';
+					$data = 'Password change for user "'.$this->pw_username.'"';
+					$this->password_change_ok = true;
 				}
 			} else {
 				// illegal user error
@@ -697,14 +833,14 @@ class Login extends \CoreLibs\DB\IO
 				$data = 'Illegal user for password change: '.$this->pw_username;
 			}
 			// log this password change attempt
-			$this->write_log($event, $data, $this->login_error, $pw_username, $pw_old_password);
+			$this->writeLog($event, $data, $this->login_error, $this->pw_username);
 		} // button pressed
 	}
 
 	// METHOD: loginPrintLogin
 	// WAS   : login_print_login
 	// PARAMS: none
-	// RETURN: none
+	// RETURN: html data for login page
 	// DESC  : prints out login html part if no permission (error) is set
 	private function loginPrintLogin()
 	{
@@ -727,29 +863,43 @@ class Login extends \CoreLibs\DB\IO
 				// pre change the data in the PASSWORD_CHANGE_DIV first
 				foreach ($this->login_template['strings'] as $string => $data) {
 					if ($data) {
-						$html_string_password_change = str_replace("{".$string."}", $data, $html_string_password_change);
+						$html_string_password_change = str_replace('{'.$string.'}', $data, $html_string_password_change);
 					}
 				}
+				// print error messagae
+				if ($this->login_error) {
+					$html_string_password_change = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string_password_change);
+				} else {
+					$html_string_password_change = str_replace('{ERROR_MSG}', '<br>', $html_string_password_change);
+				}
+				// if pw change action, show the float again
+				if ($this->change_password && !$this->password_change_ok) {
+					$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '<script language="JavaScript">ShowHideDiv(\'pw_change_div\');</script>', $html_string_password_change);
+				} else {
+					$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
+				}
 				$this->login_template['strings']['PASSWORD_CHANGE_DIV'] = $html_string_password_change;
 			}
 
 			// put in the logout redirect string
 			if ($this->logout && $LOGOUT_TARGET) {
-				$html_string = str_replace("{LOGOUT_TARGET}", '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
+				$html_string = str_replace('{LOGOUT_TARGET}', '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
 			} else {
-				$html_string = str_replace("{LOGOUT_TARGET}", '', $html_string);
+				$html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
 			}
 
 			// print error messagae
 			if ($this->login_error) {
-				$html_string = str_replace("{ERROR_MSG}", $this->login_error_msg[$this->login_error]."<br>", $html_string);
+				$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string);
+			} elseif ($this->password_change_ok && $this->password_change) {
+				$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[300].'<br>', $html_string);
 			} else {
-				$html_string = str_replace("{ERROR_MSG}", "<br>", $html_string);
+				$html_string = str_replace('{ERROR_MSG}', '<br>', $html_string);
 			}
 
 			// create the replace array context
 			foreach ($this->login_template['strings'] as $string => $data) {
-				$html_string = str_replace("{".$string."}", $data, $html_string);
+				$html_string = str_replace('{'.$string.'}', $data, $html_string);
 			}
 
 			// return the created HTML here
@@ -760,7 +910,7 @@ class Login extends \CoreLibs\DB\IO
 	// METHOD: loginCloseClass
 	// WAS   : login_close_class
 	// PARAMS: none
-	// RETURN: none
+	// RETURN: true on permission ok, false on permission wrong
 	// DESC  : last function called, writes log and prints out error msg and exists script if permission 0
 	private function loginCloseClass()
 	{
@@ -779,13 +929,13 @@ class Login extends \CoreLibs\DB\IO
 			// prepare for log
 			if ($this->euid) {
 				// get user from user table
-				$q = "SELECT username, password FROM edit_user WHERE edit_user_id = ".$this->euid;
+				$q = "SELECT username FROM edit_user WHERE edit_user_id = ".$this->euid;
-				list($username, $password) = $this->dbReturnRow($q);
+				list($username) = $this->dbReturnRow($q);
 			} // if euid is set, get username (or try)
-			$this->writeLog($event, '', $this->login_error, $username, $password);
+			$this->writeLog($event, '', $this->login_error, $username);
 		} // write log under certain settings
 		// now close DB connection
-//			$this->error_msg = $this->_login();
+		// $this->error_msg = $this->_login();
 		if (!$this->permission_okay) {
 			return false;
 		} else {
@@ -795,47 +945,50 @@ class Login extends \CoreLibs\DB\IO
 
 	// METHOD: loginSetTemplates
 	// WAS   : login_set_templates
-	// PARAMS:
+	// PARAMS: none
 	// RETURN: none
 	// DESC  : checks if there are external templates, if not uses internal fallback ones
 	private function loginSetTemplates()
 	{
 		$strings = array (
-			'HTML_TITLE' => $this->l->__("LOGIN"),
+			'HTML_TITLE' => $this->l->__('LOGIN'),
-			'TITLE' => $this->l->__("LOGIN"),
+			'TITLE' => $this->l->__('LOGIN'),
-			'USERNAME' => $this->l->__("Username"),
+			'USERNAME' => $this->l->__('Username'),
-			'PASSWORD' => $this->l->__("Password"),
+			'PASSWORD' => $this->l->__('Password'),
-			'LOGIN' => $this->l->__("Login"),
+			'LOGIN' => $this->l->__('Login'),
 			'ERROR_MSG' => '',
 			'LOGOUT_TARGET' => '',
 			'PASSWORD_CHANGE_BUTTON_VALUE' => $this->l->__('Change Password')
 		);
 
 		$error_msgs = array (
-			"100" => $this->l->__("Fatal Error: <b>[EUID] came in as GET/POST!</b>"), // actually obsolete
+			'100' => $this->l->__('Fatal Error: <b>[EUID] came in as GET/POST!</b>'), // actually obsolete
-			"1010" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // user not found
+			'1010' => $this->l->__('Fatal Error: <b>Login Failed - Wrong Username or Password</b>'), // user not found
-			"1011" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // blowfish password wrong
+			'1011' => $this->l->__('Fatal Error: <b>Login Failed - Wrong Username or Password</b>'), // blowfish password wrong
-			"1012" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // fallback md5 password wrong
+			'1012' => $this->l->__('Fatal Error: <b>Login Failed - Wrong Username or Password</b>'), // fallback md5 password wrong
-			"102" => $this->l->__("Fatal Error: <b>Login Failed - Please enter username and password</b>"),
+			'1013' => $this->l->__('Fatal Error: <b>Login Failed - Wrong Username or Password</b>'), // new password_hash wrong
-			"103" => $this->l->__("Fatal Error: <b>You do not have the rights to access this Page</b>"),
+			'102' => $this->l->__('Fatal Error: <b>Login Failed - Please enter username and password</b>'),
-			"104" => $this->l->__("Fatal Error: <b>Login Failed - User not enabled</b>"),
+			'103' => $this->l->__('Fatal Error: <b>You do not have the rights to access this Page</b>'),
-			"105" => $this->l->__("Fatal Error: <b>Login Failed - User is locked</b>"),
+			'104' => $this->l->__('Fatal Error: <b>Login Failed - User not enabled</b>'),
-			"220" => $this->l->__("Fatal Error: <b>Password change - The user could not be found</b>"), // actually this is an illegal user, but I mask it
+			'105' => $this->l->__('Fatal Error: <b>Login Failed - User is locked</b>'),
-			'200' => $this->l->__("Fatal Error: <b>Password change - Please enter username and old password</b>"),
+			'220' => $this->l->__('Fatal Error: <b>Password change - The user could not be found</b>'), // actually this is an illegal user, but I mask it
-			"201" => $this->l->__("Fatal Error: <b>Password change - The user could not be found</b>"),
+			'200' => $this->l->__('Fatal Error: <b>Password change - Please enter username and old password</b>'),
-			"202" => $this->l->__("Fatal Error: <b>Password change - The old password is not correct</b>"),
+			'201' => $this->l->__('Fatal Error: <b>Password change - The user could not be found</b>'),
-			"203" => $this->l->__("Fatal Error: <b>Password change - Please fill out both new password fields</b>"),
+			'202' => $this->l->__('Fatal Error: <b>Password change - The old password is not correct</b>'),
-			"204" => $this->l->__("Fatal Error: <b>Password change - The new passwords do not match</b>"),
+			'203' => $this->l->__('Fatal Error: <b>Password change - Please fill out both new password fields</b>'),
-			"9999" => $this->l->__("Fatal Error: <b>necessary crypt engine could not be found</b>. Login is impossible") // this is bad bad error
+			'204' => $this->l->__('Fatal Error: <b>Password change - The new passwords do not match</b>'),
+			'205' => $this->l->__('Fatal Error: <b>Password change - The new password is not in a valid format</b>'), // we should also not here WHAT is valid
+			'300' => $this->l->__('Success: <b>Password change successful</b>'), // for OK password change
+			'9999' => $this->l->__('Fatal Error: <b>necessary crypt engine could not be found</b>. Login is impossible') // this is bad bad error
 		);
 
 		// if password change is okay
 		if ($this->password_change) {
 			$strings = array_merge($strings, array (
 				'TITLE_PASSWORD_CHANGE' => 'Change Password for User',
-				'OLD_PASSWORD' => $this->l->__("Old Password"),
+				'OLD_PASSWORD' => $this->l->__('Old Password'),
-				'NEW_PASSWORD' => $this->l->__("New Password"),
+				'NEW_PASSWORD' => $this->l->__('New Password'),
-				'NEW_PASSWORD_CONFIRM' => $this->l->__("New Password confirm"),
+				'NEW_PASSWORD_CONFIRM' => $this->l->__('New Password confirm'),
 				'CLOSE' => $this->l->__('Close'),
 				'JS_SHOW_HIDE' => "function ShowHideDiv(id) { element = document.getElementById(id); if (element.className == 'visible' || !element.className) element.className = 'hidden'; else element.className = 'visible'; }",
 				'PASSWORD_CHANGE_BUTTON' => '<input type="button" name="pw_change" value="'.$strings['PASSWORD_CHANGE_BUTTON_VALUE'].'" OnClick="ShowHideDiv(\'pw_change_div\');">'
@@ -852,8 +1005,12 @@ class Login extends \CoreLibs\DB\IO
 <tr><td></td><td><input type="submit" name="change_password" value="{PASSWORD_CHANGE_BUTTON_VALUE}"><input type="button" name="pw_change" value="{CLOSE}" OnClick="ShowHideDiv('pw_change_div');"></td></tr>
 </table>
 </div>
+{PASSWORD_CHANGE_SHOW}
 EOM;
-		} else {
+		}
+		if ($this->password_forgot) {
+		}
+		if (!$this->password_change && !$this->password_forgot) {
 			$strings = array_merge($strings, array (
 				'JS_SHOW_HIDE' => '',
 				'PASSWORD_CHANGE_BUTTON' => '',
@@ -862,14 +1019,14 @@ EOM;
 		}
 
 		// first check if all strings are set from outside, if not, set with default ones
-		while (list($string, $data) = each($strings)) {
+		foreach ($strings as $string => $data) {
 			if (!array_key_exists($string, $this->login_template['strings'])) {
 				$this->login_template['strings'][$string] = $data;
 			}
 		}
 
 		// error msgs the same
-		while (list($code, $data) = each($error_msgs)) {
+		foreach ($error_msgs as $code => $data) {
 			if (!array_key_exists($code, $this->login_error_msg)) {
 				$this->login_error_msg[$code] = $data;
 			}
@@ -949,12 +1106,14 @@ EOM;
 	//        error -> if error, write error string (not enougth data, etc)
 	// RETURN: none
 	// DESC  : writes detailed data into the edit user log table (keep log what user does)
-	private function writeLog($event, $data, $error = "", $username = "", $password = "")
+	private function writeLog($event, $data, $error = '', $username = '')
 	{
 		if ($this->login) {
 				$this->action = 'Login';
 		} elseif ($this->logout) {
 				$this->action = 'Logout';
+		} else {
+			$this->action = '';
 		}
 		$_data_binary = array (
 				'_SESSION' => $_SESSION,
@@ -969,9 +1128,11 @@ EOM;
 		$q .= "(username, password, euid, event_date, event, error, data, data_binary, page, ";
 		$q .= "ip, user_agent, referer, script_name, query_string, server_name, http_host, http_accept, http_accept_charset, http_accept_encoding, session_id, ";
 		$q .= "action, action_id, action_yes, action_flag, action_menu, action_loaded, action_value, action_error) ";
-		$q .= "VALUES ('".$this->dbEscapeString($username)."', '".$this->dbEscapeString($password)."', ".(($this->euid) ? $this->euid : 'NULL').", ";
+		$q .= "VALUES ('".$this->dbEscapeString($username)."', 'PASSWORD', ".(($this->euid) ? $this->euid : 'NULL').", ";
 		$q .= "NOW(), '".$this->dbEscapeString($event)."', '".$this->dbEscapeString($error)."', '".$this->dbEscapeString($data)."', '".$data_binary."', '".$this->page_name."', ";
-		foreach (array('REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING') as $server_code) {
+		foreach (array(
+			'REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING'
+		) as $server_code) {
 			if (array_key_exists($server_code, $_SERVER)) {
 				$q .= "'".$this->dbEscapeString($_SERVER[$server_code])."', ";
 			} else {

www/lib/CoreLibs/Basic.inc

@@ -123,7 +123,7 @@ class Basic
 	private $log_print_file = 'error_msg##LOGID####LEVEL####CLASS####PAGENAME####DATE##';
 	private $log_file_unique_id; // a unique ID set only once for call derived from this class
 	public $log_print_file_date = 1; // if set add Y-m-d and do automatic daily rotation
-	private $log_file_id = LOG_FILE_ID ? LOG_FILE_ID : ''; // a alphanumeric name that has to be set as global definition
+	private $log_file_id = ''; // a alphanumeric name that has to be set as global definition
 	public $log_per_level = 0; // set, it will split per level (first parameter in debug call)
 	public $log_per_class = 0; // set, will split log per class
 	public $log_per_page = 0; // set, will split log per called file
@@ -148,12 +148,13 @@ class Basic
 	// error char for the char conver
 	public $mbErrorChar;
 
-	// crypt saslt prefix
+	// [!!! DEPRECATED !!!] crypt saslt prefix
 	public $cryptSaltPrefix = '';
 	public $cryptSaltSuffix = '';
 	public $cryptIterationCost = 7; // this is for staying backwards compatible with the old ones
 	public $cryptSaltSize = 22; // default 22 chars for blowfish, 2 for STD DES, 8 for MD5,
-
+	// new better password management
+	protected $password_options = array ();
 	// session name
 	private $session_name = '';
 	private $session_id = '';
@@ -178,9 +179,37 @@ class Basic
 			"class_author" => 'Clemens Schwaighofer'
 		);
 
+		// before we start any work, we should check that all MUST constants are defined
+		$abort = false;
+		foreach (array(
+			'DS', 'DIR', 'BASE', 'ROOT', 'LIB', 'INCLUDES', 'LAYOUT', 'PICTURES', 'FLASH', 'VIDEOS', 'DOCUMENTS', 'PDFS', 'BINARIES', 'ICONS',
+			'UPLOADS', 'CSV', 'JS', 'CSS', 'TABLE_ARRAYS', 'SMARTY', 'LANG', 'CACHE', 'TMP', 'LOG', 'TEMPLATES', 'TEMPLATES_C',
+			'TEMPLATES_FRONTEND', 'DEFAULT_TEMPLATE', 'DEFAULT_TEMPLATE_FILE', 'DEFAULT_LANG', 'DEFAULT_ENCODING', 'DEFAULT_HASH',
+			'DEFAULT_ACL_LEVEL', 'LOGOUT_TARGET', 'PASSWORD_CHANGE', 'AJAX_REQUEST_TYPE', 'USE_PROTOTYPE', 'USE_SCRIPTACULOUS', 'USE_JQUERY',
+			'PAGE_WIDTH', 'MASTER_TEMPLATE_NAME', 'PUBLIC_SCHEMA', 'TEST_SCHEMA', 'DEV_SCHEMA', 'LIVE_SCHEMA', 'LOGIN_DB', 'MAIN_DB', 'DB_SCHEMA',
+			'LOGIN_DB_SCHEMA', 'GLOBAL_DB_SCHEMA', 'TARGET', 'DEBUG', 'SHOW_ALL_ERRORS'
+		) as $constant) {
+			if (!defined($constant)) {
+				echo "Constant $constant misssing<br>";
+				$abort = true;
+			}
+		}
+		if ($abort === true) {
+			die('Core Constant missing. Check config file.');
+		}
+
 		// set the page name
 		$this->page_name = $this->getPageName();
 		$this->host_name = $this->getHostName();
+		// init the log file id
+		// * GLOBALS
+		// * CONSTANT
+		// can be overridden with basicSetLogFileId
+		if (isset($GLOBALS['LOG_FILE_ID'])) {
+			$this->basicSetLogId($GLOBALS['LOG_FILE_ID']);
+		} elseif (defined('LOG_FILE_ID')) {
+			$this->basicSetLogId(LOG_FILE_ID);
+		}
 
 		// set the paths matching to the valid file types
 		$this->data_path = array (
@@ -327,7 +356,7 @@ class Basic
 		// initial the session if there is no session running already
 		if (!session_id()) {
 			// check if we have an external session name given, else skip this step
-			if (SET_SESSION_NAME) {
+			if (defined('SET_SESSION_NAME')) {
 				// set the session name for possible later check
 				$this->session_name = SET_SESSION_NAME;
 			}
@@ -340,8 +369,10 @@ class Basic
 			$this->session_id = session_id();
 		}
 
-		// init crypt settings
+		// [!!! DEPRECATED !!!] init crypt settings
 		$this->cryptInit();
+		// new better password init
+		$this->passwordInit();
 
 		// start logging running time
 		$this->runningTime();
@@ -364,6 +395,22 @@ class Basic
 	// GENERAL METHODS
 	// *************************************************************
 
+	// METHOD: basicSetLogId
+	// PARAMS: string
+	// RETURN: current set string
+	// DESC  : sets the log file prefix id
+	//         must be alphanumeric only (\w)
+	public function basicSetLogId($string)
+	{
+		if (!isset($log_file_id)) {
+			$log_file_id = '';
+		}
+		if (isset($string) && preg_match("/^\w+$/", $string)) {
+			$this->log_file_id = $string;
+		}
+		return $log_file_id;
+	}
+
 	// METHOD: db_io_info
 	// PARAMS: show, default 1, if set to 0 won't write to error_msg var
 	// RETURN: string with info
@@ -431,7 +478,7 @@ class Basic
 	// DESC  : wrapper around microtime function to print out y-m-d h:i:s.ms
 	public static function printTime($set_microtime = -1)
 	{
-		list($microtime, $timestamp) = explode(" ", microtime());
+		list($microtime, $timestamp) = explode(' ', microtime());
 		$string = date("Y-m-d H:i:s", $timestamp);
 		// if microtime flag is -1 no round, if 0, no microtime, if >= 1, round that size
 		if ($set_microtime == -1) {
@@ -1088,6 +1135,53 @@ class Basic
 		return $ret_array;
 	}
 
+	// METHOD: arrayToString
+	// WAS   : ArrayToString
+	// PARAMS: array, connect char
+	// RETRUN: string
+	// DESC  : wrapper for join, but checks if input is an array and if not returns null
+	public static function arrayToString($array, $connect_char)
+	{
+		if (is_array($array)) {
+			return join($connect_char, $array);
+		} else {
+			return false;
+		}
+	}
+
+	// METHOD: flattenArray
+	// PARAMS: array in multi dimensions
+	// RETURN: returns a flatten array
+	// DESC  : converts multi dimensional array to a flat array
+	//         does NOT preserve keys
+	public static function flattenArray(array $array)
+	{
+		$return = array ();
+		array_walk_recursive(
+			$array,
+			function ($a) use (&$return) {
+				$return[] = $a;
+			}
+		);
+		return $return;
+	}
+
+	// METHOD: flattenArrayKey
+	// PARAMS: the array to flatten
+	// RETURN: flattened array with array keys as values in order of tree
+	// DESC  : note: the second parameter $return is automatically set
+	//         will loop through an array recursivly and write the array keys back
+	public static function flattenArrayKey(array $array, array $return = array ())
+	{
+		foreach ($array as $key => $sub) {
+			$return[] = $key;
+			if (count($sub) > 0) {
+				$return = Basic::flattenArrayKey($sub, $return);
+			}
+		}
+		return $return;
+	}
+
 	// METHOD: __mbMimeEncode
 	// WAS   : _mb_mime_encode
 	// PARAMS: string to encode, encoding to encode in
@@ -1221,17 +1315,20 @@ class Basic
 	//         xd xh xm xs xms to a timestamp.microtime format
 	public static function stringToTime($timestring)
 	{
-		$timestamp = '';
+		$timestamp = 0;
 		if (preg_match("/(d|h|m|s|ms)/", $timestring)) {
-			$timegroups = array (1 => 86400, 3 => 3600, 5 => 60, 7 => 1);
+			// pos for preg match read + multiply factor
+			$timegroups = array (2 => 86400, 4 => 3600, 6 => 60, 8 => 1);
+			// preg match: 0: full strsing
+			// 2, 4, 6, 8 are the to need values
 			preg_match("/^((\d+)d ?)?((\d+)h ?)?((\d+)m ?)?((\d+)s ?)?((\d+)ms)?$/", $timestring, $matches);
 			// multiply the returned matches and sum them up. the last one (ms) is added with .
-			for ($i = 1; $i <= 7; $i += 2) {
+			foreach ($timegroups as $i => $time_multiply) {
-				if ($matches[$i]) {
+				if (is_numeric($matches[$i])) {
-					$timestamp += ($matches[($i + 1)] * $timegroups[$i]);
+					$timestamp += $matches[$i] * $time_multiply;
 				}
 			}
-			if ($matches[10]) {
+			if (is_numeric($matches[10])) {
 				$timestamp .= '.'.$matches[10];
 			}
 			return $timestamp;
@@ -1283,7 +1380,7 @@ class Basic
 	// METHOD: compareDate
 	// WAS   : CompareDate
 	// PARAMS: start_date, end_date (both: YYYY-MM-DD)
-	// RETURN: -1 if the first date is smaller the last, 0 if both are equal, 1 if the end date is bigger than the last
+	// RETURN: -1 if the first date is smaller the last, 0 if both are equal, 1 if the first date is bigger than the last
 	// DESC  : splits & checks date, wrap around for check_date function
 	public static function compareDate($start_date, $end_date)
 	{
@@ -1330,7 +1427,7 @@ class Basic
 	public static function compareDateTime($start_datetime, $end_datetime)
 	{
 		// pre check for empty or wrong
-		if ($start_date == '--' || $end_date == '--' || !$start_date || !$end_date) {
+		if ($start_datetime == '--' || $end_datetime == '--' || !$start_datetime || !$end_datetime) {
 			return false;
 		}
 		$start_timestamp = strtotime($start_datetime);
@@ -1346,20 +1443,6 @@ class Basic
 		}
 	}
 
-	// METHOD: arrayToString
-	// WAS   : ArrayToString
-	// PARAMS: array, connect char
-	// RETRUN: string
-	// DESC  : wrapper for join, but checks if input is an array and if not returns null
-	public static function arrayToString($array, $connect_char)
-	{
-		if (is_array($array)) {
-			return join($connect_char, $array);
-		} else {
-			return false;
-		}
-	}
-
 	// METHOD: createThumbnail
 	// WAS   : CreateThumbnail
 	// PARAMS: pic -> picture where from we create a thumbnail
@@ -1630,6 +1713,11 @@ class Basic
 		return false;
 	}
 
+	// [!!! DEPRECATED !!!]
+	// ALL crypt* methids are DEPRECATED and SHALL NOT BE USED
+	// use the new password* instead
+
+	// [!!! DEPRECATED !!!] -> passwordInit
 	// METHOD: cryptInit
 	// PARAMS: none
 	// RETURN: none
@@ -1676,6 +1764,7 @@ class Basic
 		}
 	}
 
+	// [!!! DEPRECATED !!!] -> not needed
 	// METHOD: cryptSaltString
 	// PARAMS: random string length, default is 22 (for blowfish crypt)
 	// RETURN: random string
@@ -1703,6 +1792,7 @@ class Basic
 		return $salt_string;
 	}
 
+	// [!!! DEPRECATED !!!] -> passwordSet
 	// METHOD: cryptString
 	// PARAMS: string to be crypted (one way)
 	// RETURN: encrypted string
@@ -1714,6 +1804,7 @@ class Basic
 		return crypt($string, $this->cryptSaltPrefix.$this->cryptSaltString($this->cryptSaltSize).$this->cryptSaltSuffix);
 	}
 
+	// [!!! DEPRECATED !!!] -> passwordVerify
 	// METHOD: verifyCryptString
 	// PARAMS: plain string (eg password)
 	//         full crypted string (from cryptString
@@ -1729,6 +1820,61 @@ class Basic
 		}
 	}
 
+	// *** BETTER PASSWORD OPTIONS, must be used ***
+	// METHOD: passwordInit
+	// PARAMS: none
+	// RETURN: none
+	// DESC  : inits the password options set
+	//         currently this is et empty, and the default options are used
+	private function passwordInit()
+	{
+		// set default password cost: use default set automatically
+		$this->password_options = array (
+			// 'cost' => PASSWORD_BCRYPT_DEFAULT_COST
+		);
+	}
+
+	// METHOD: passwordSet
+	// PARAMS: password
+	// RETURN: hashed password
+	// DESC  : creates the password hash
+	public function passwordSet($password)
+	{
+		// always use the PHP default for the password
+		// password options ca be set in the password init, but should be kept as default
+		return password_hash($password, PASSWORD_DEFAULT, $this->password_options);
+	}
+
+	// METHOD: passwordVerify
+	// PARAMS: password and hash
+	// RETURN: true or false
+	// DESC  : checks if the entered password matches the hash
+	public function passwordVerify($password, $hash)
+	{
+		if (password_verify($password, $hash)) {
+			return true;
+		} else {
+			return false;
+		}
+		// in case something strange, return false on default
+		return false;
+	}
+
+	// METHOD: passwordRehashCheck
+	// PARAMS: hash
+	// RETURN: true or false
+	// DESC  : checks if the password needs to be rehashed
+	public function passwordRehashCheck($hash)
+	{
+		if (password_needs_rehash($hash, PASSWORD_DEFAULT, $this->password_options)) {
+			return true;
+		} else {
+			return false;
+		}
+		// in case of strange, force re-hash
+		return true;
+	}
+
 	// *** COLORS ***
 
 	// METHOD: hex2rgb

www/lib/CoreLibs/DB/IO.inc

@@ -461,15 +461,15 @@ class IO extends \CoreLibs\Basic
 	// WAS   : _check_query_for_select
 	// PARAMS: query
 	// RETURN: true if matching, false if not
-	// DESC  : checks if query is a SELECT or SHOW, if not error, 0 return
+	// DESC  : checks if query is a SELECT, SHOW or WITH, if not error, 0 return
-	// NOTE  : Query needs to start with SELECT or SHOW. if starts with "with" it is ignored
+	// NOTE  : Query needs to start with SELECT, SHOW or WITH. if starts with "with" it is ignored
 	private function __checkQueryForSelect($query)
 	{
 		// perhaps allow spaces before select ?!?
-		if (!preg_match("/^(select|show) /i", $query)) {
+		if (preg_match("/^(select|show|with) /i", $query)) {
-			return false;
+			return true;
 		}
-		return true;
+		return false;
 	}
 
 	// METHOD: __checkQueryForInsert
@@ -481,16 +481,26 @@ class IO extends \CoreLibs\Basic
 	// NOTE  : Queries need to start with INSERT, UPDATE, DELETE. Anything else is ignored
 	private function __checkQueryForInsert($query, $pure = false)
 	{
-		if (!preg_match("/^insert /i", $query) && !preg_match("/^update /i", $query) && !preg_match("/^delete /i", $query)) {
+		if ($pure && preg_match("/^insert /i", $query)) {
-			return false;
-		}
-		if (!$pure) {
 			return true;
-		} elseif (preg_match("/^insert /i", $query)) {
-			return true;
-		} else {
-			return false;
 		}
+		if (!$pure && preg_match("/^(insert|update|delete) /i", $query)) {
+			return true;
+		}
+		return false;
+	}
+
+	// METHOD: __checkQueryForUpdate
+	// PARAMS: query
+	// RETURN: true if UPDATE, else false
+	// DESC  : returns true if the query starts with UPDATE
+	// NOTE  : query NEEDS to start with UPDATE
+	private function __checkQueryForUpdate($query)
+	{
+		if (preg_match("/^update /i", $query)) {
+			return true;
+		}
+		return false;
 	}
 
 	// METHOD: __printArray
@@ -501,7 +511,7 @@ class IO extends \CoreLibs\Basic
 	// NOTE  : used in db_dump_data only
 	private function __printArray($array)
 	{
-		while (list($key, $value) = each($array)) {
+		foreach ($array as $key => $value) {
 			$string .= $this->nbsp.'<b>'.$key.'</b> => ';
 			if (is_array($value)) {
 				$this->nbsp .= '&nbsp;&nbsp;&nbsp;';
@@ -567,7 +577,7 @@ class IO extends \CoreLibs\Basic
 			// write detailed error log
 		}
 		if ($this->warning_id) {
-			$this->__dbDebug('db', '<span style="color: orange;"><b>DB-Warning</b> '.$this->warning_id.': '.$this->error_string[$this->warning_id].($msg ? ', '.$msg : '').'</span>', 'DB_ERROR', $where_called);
+			$this->__dbDebug('db', '<span style="color: orange;"><b>DB-Warning</b> '.$this->warning_id.': '.$this->error_string[$this->warning_id].($msg ? ', '.$msg : '').'</span>', 'DB_WARNING', $where_called);
 			$this->had_warning = $this->warning_id;
 		}
 		// unset the error/warning vars
@@ -683,15 +693,22 @@ class IO extends \CoreLibs\Basic
 					$this->query = preg_replace("/(;\s*)$/", '', $this->query);
 					$this->query .= " RETURNING ".$this->pk_name;
 					$this->returning_id = true;
-				} elseif (preg_match("/ returning (.*)/i", $this->query, $matches) && $this->pk_name && $this->pk_name != 'NULL') {
+				} elseif (preg_match("/ returning (.*)/i", $this->query, $matches)) {
-					// add the primary key if it is not in the returning set
+					if ($this->pk_name && $this->pk_name != 'NULL') {
-					if (!preg_match("/$this->pk_name/", $matches[1])) {
+						// add the primary key if it is not in the returning set
-						$this->query .= " , ".$this->pk_name;
+						if (!preg_match("/$this->pk_name/", $matches[1])) {
+							$this->query .= " , ".$this->pk_name;
+						}
 					}
 					$this->returning_id = true;
 				}
 			}
 		}
+		// if we have an UPDATE and RETURNING, flag for true, but do not add anything
+		if ($this->__checkQueryForUpdate($this->query) && preg_match("/ returning (.*)/i", $this->query, $matches)) {
+			$this->returning_id = true;
+		}
+		// $this->debug('DB IO', 'Q: '.$this->query.', RETURN: '.$this->returning_id);
 		// for DEBUG, only on first time ;)
 		if ($this->db_debug) {
 			$this->__dbDebug('db', $this->query, '__dbPrepareExec', 'Q');
@@ -752,7 +769,9 @@ class IO extends \CoreLibs\Basic
 				// if not select do here
 				// count affected rows
 				$this->num_rows = $this->db_functions->__dbAffectedRows($this->cursor);
-				if ($this->__checkQueryForInsert($this->query, true) && $this->pk_name != 'NULL') {
+				if (($this->__checkQueryForInsert($this->query, true) && $this->pk_name != 'NULL') ||
+					($this->__checkQueryForUpdate($this->query) && $this->returning_id)
+				) {
 					// set insert_id
 					// if we do not have a returning, we try to get it via the primary key and another select
 					if (!$this->returning_id) {
@@ -770,14 +789,16 @@ class IO extends \CoreLibs\Basic
 						// if we have only one, revert from array to single
 						if (count($this->insert_id) == 1) {
 							// echo "* SINGLE DATA CONVERT: ".count($this->insert_id[0])." => ".array_key_exists($this->pk_name, $this->insert_id[0])."<br>";
-							// echo "* PK DIRECT: ".$this->insert_id[0][$this->pk_name]."<Br>";
+							// echo "* PK DIRECT: ".(isset($this->insert_id[0][$this->pk_name]) ? $this->insert_id[0][$this->pk_name] : '[NO PK NAME SET]' )."<Br>";
 							// if this has only the pk_name, then only return this, else array of all data (but without the position)
 							// example if insert_id[0]['foo'] && insert_id[0]['bar'] it will become insert_id['foo'] & insert_id['bar']
 							// if only ['foo_id'] and it is the PK then the PK is directly written to the insert_id
 							if (count($this->insert_id[0]) > 1 || !array_key_exists($this->pk_name, $this->insert_id[0])) {
 								$this->insert_id_ext = $this->insert_id[0];
-								$this->insert_id = $this->insert_id[0][$this->pk_name];
+								if (isset($this->insert_id[0][$this->pk_name])) {
-							} elseif ($this->insert_id[0][$this->pk_name]) {
+									$this->insert_id = $this->insert_id[0][$this->pk_name];
+								}
+							} elseif (isset($this->insert_id[0][$this->pk_name])) {
 								$this->insert_id = $this->insert_id[0][$this->pk_name];
 							}
 						} elseif (count($this->insert_id) == 0) {
@@ -1111,7 +1132,7 @@ class IO extends \CoreLibs\Basic
 					$this->cursor_ext[$md5]['read_rows'] ++;
 					// if reset is <3 caching is done, else no
 					if ($reset < 3) {
-						while (list($field_name, $data) = each($return)) {
+						foreach ($return as $field_name => $data) {
 							$temp[$field_name] = $data;
 						}
 						$this->cursor_ext[$md5][] = $temp;
@@ -1621,6 +1642,12 @@ class IO extends \CoreLibs\Basic
 			if ($string == 'f' || $string == 'false') {
 				return false;
 			}
+			// fallback in case top is not t/f, default on set unset
+			if ($string) {
+				return true;
+			} else {
+				return false;
+			}
 		} else {
 			if ($string) {
 				return 't';
@@ -1656,7 +1683,7 @@ class IO extends \CoreLibs\Basic
 			return false;
 		}
 		$not_write_update_array = array ();
-		return $this->dbWriteData_ext($write_array, $primary_key, $table, $not_write_array, $not_write_update_array, $data);
+		return $this->dbWriteDataExt($write_array, $primary_key, $table, $not_write_array, $not_write_update_array, $data);
 	}
 
 	// METHOD: dbWriteDataExt