Fix long lines, fix timestamp method, fix db error to warning

DB IO: On multiple PK return it say DB_ERROR, but this is actually a
warning DB_WARNING
Login: fix long lines and make SCHEMA set better with if instead of
terinary
Basic: fix string to time with loop over array parts and not for loop

www/admin/class_test.php

@@ -1,4 +1,5 @@
 <?php
+
 $DEBUG_ALL_OVERRIDE = 0; // set to 1 to debug on live/remote server locations
 $DEBUG_ALL = 1;
 $PRINT_ALL = 1;
@@ -15,7 +16,9 @@ define('USE_DATABASE', true);
 // sample config
 require("config.inc");
 // set session name
-DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME);
+if (!defined('SET_SESSION_NAME')) {
+	DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME);
+}
 // define log file id
 DEFINE('LOG_FILE_ID', 'classTest');
 // set language for l10n
@@ -181,8 +184,14 @@ print "OTHER SCHEMA INSERT STATUS: ".$status." | PK NAME: ".$basic->pk_name.", P
 // time string thest
 $timestamp = 5887998.33445;
 $time_string = $basic->timeStringFormat($timestamp);
+print "PLANE TIME STRING: ".$timestamp."<br>";
 print "TIME STRING TEST: ".$time_string."<br>";
-print "REVERSE TIME STRING: ".$basic->stringToTime($time_string);
+print "REVERSE TIME STRING: ".$basic->stringToTime($time_string)."<br>";
+if (round($timestamp, 4) == $basic->stringToTime($time_string)) {
+	print "REVERSE TIME STRING MATCH<br>";
+} else {
+	print "REVERSE TRIME STRING DO NOT MATCH<br>";
+}
 
 // magic links test
 print $basic->magicLinks('user@bubu.at').'<br>';

www/admin/files.php

@@ -52,6 +52,9 @@ if (!$show_type) {
 	$show_type = 'P';
 }
 
+// set edit access array
+$edit_access_ids = array_keys($cms->user_unit);
+
 // yes no list (online)
 $yesno_list['f'] = 'No';
 $yesno_list['t'] = 'Yes';
@@ -262,9 +265,16 @@ if ($cms->action == 'delete' && $cms->action_yes == 'true') {
 	}
 	if (QUEUE == 'live_queue') {
 		$q = "INSERT INTO ".GLOBAL_DB_SCHEMA.".live_queue (queue_key, key_value, key_name, type, target, data, group_key, action, file) VALUES (";
-		$q .= "'".$cms->queue_name."', '".$file_uid."', 'file_uid', 'DELETE', 'file', '', '".$cms->queue_key."', '".$cms->action."', '".BASE.MEDIA.$cms->data_path[$file_type].PUBLIC_SCHEMA."_".$file_uid."')";
+		$q .= "'".$cms->queue_name."', '".$file_uid."', 'file_uid', 'DELETE', 'file', '', '".$cms->queue_key."', '".$cms->action."', '".
+		$q .= BASE.MEDIA.$cms->data_path[$file_type].PUBLIC_SCHEMA."_".$file_uid."')";
 	}
 	@unlink(BASE.MEDIA.$cms->data_path[$file_type].DEV_SCHEMA."_".$file_uid);
+	// wipe out any old cache data for this new upload
+	if (is_array(glob($cms->cache_pictures."thumb_".TEST_SCHEMA."_".$file_uid."*"))) {
+		foreach (glob($cms->cache_pictures."thumb_".TEST_SCHEMA."_".$file_uid."*") as $filename) {
+			@unlink($filename);
+		}
+	}
 	unset($file_uid);
 	unset($file_id);
 	$delete_done = 1;
@@ -297,6 +307,12 @@ if ($cms->action_flag == 'set_live' && $cms->action = 'set_delete') {
 		$q_del = "DELETE FROM ".PUBLIC_SCHEMA.".file WHERE file_uid = '".$res['pkid'].'"';
 		$cms->db_exec($q_del);
 		@unlink(BASE.MEDIA.$cms->data_path[$res['type']].PUBLIC_SCHEMA."_".$res['file_uid']);
+		// wipe out any old cache data for this new upload
+		if (is_array(glob($cms->cache_pictures."thumb_".LIVE_SCHEMA."_".$file_uid."*"))) {
+			foreach (glob($cms->cache_pictures."thumb_".LIVE_SCHEMA."_".$file_uid."*") as $filename) {
+				@unlink($filename);
+			}
+		}
 	}
 	$q = "DELETE FROM ".LOGIN_DB_SCHEMA.".set_live WHERE table_name = '".$cms->page_name."' AND delete_flag = 't'";
 	$cms->db_exec($q);
@@ -304,13 +320,21 @@ if ($cms->action_flag == 'set_live' && $cms->action = 'set_delete') {
 if (DEV_SCHEMA != PUBLIC_SCHEMA) {
 	// read out possible deleted, to add "delete from live"
 	$q = "SELECT pkid FROM ".LOGIN_DB_SCHEMA.".set_live WHERE table_name = '".$cms->page_name."' AND delete_flag = 't'";
+	if ($cms->access_rights['base_acl'] < 90) {
+		$q .= "AND edit_access_id IN (".join(',', $edit_access_ids).") ";
+	}
 	while ($res = $cms->db_return($q, 3)) {
 		$cms->DATA['set_delete'][]['pkid'] = $res['pkid'];
 	}
 }
 // get th max entries
 $q = "SELECT COUNT(file_uid) FROM file ";
-$q_search_where = "WHERE type in ('".str_replace(',', "','", $show_type)."') ";
+$q_search_where = "WHERE ";
+// only for current edit_access id, unless it is an admin user, then he can see all of them
+if ($cms->access_rights['base_acl'] < 90) {
+	$q_search_where .= "edit_access_id IN (".join(',', $edit_access_ids).") AND ";
+}
+$q_search_where .= "type in ('".str_replace(',', "','", $show_type)."') ";
 if ($search_what) {
 	$q_search_where .= "AND LOWER(name_en) LIKE '%".addslashes(strtolower($search_what))."%' OR name_ja LIKE '%".addslashes($search_what)."%' OR LOWER(file_name) LIKE '%".addslashes(strtolower($search_what))."%' ";
 }

www/admin/set_paths.inc

@@ -117,3 +117,5 @@ if (false === strstr(LAYOUT.DEFAULT_TEMPLATE.LANG, $cms->lang_dir) || strcasecmp
 //	$cms->debug("LANGUAGE", "L: $lang | ".$cms->lang_dir." | MO File: ".$cms->l->mofile);
 $cms->debug("LANGUAGE", "SL: ".$_SESSION['DEFAULT_CHARSET']." | ".$_SESSION['LANG']." | ".$_SESSION['DEFAULT_LANG']);
 $cms->debug("TEMPLATE", "P: ".$smarty->getTemplateDir()[0]);
+
+# __END__

www/admin/smarty.inc

@@ -90,7 +90,7 @@ $cms->DEBUG_DATA['DEBUG'] = @$DEBUG_TMPL;
 // create main data array
 $cms->CONTENT_DATA = array_merge($cms->HEADER, $cms->DATA, $cms->DEBUG_DATA);
 // data is 1:1 mapping (all vars, values, etc)
-while (list($key, $value) = each($cms->CONTENT_DATA)) {
+foreach ($cms->CONTENT_DATA as $key => $value) {
 	$smarty->assign($key, $value);
 }
 if (is_dir(BASE.TEMPLATES_C)) {
@@ -100,3 +100,5 @@ if (is_dir(BASE.CACHE)) {
 	$smarty->setCacheDir(BASE.CACHE);
 }
 $smarty->display($MASTER_TEMPLATE_NAME, $TEMPLATE.$lang, $TEMPLATE.$lang);
+
+# __END__

www/admin/table_arrays/array_edit_access.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_access = array (
 	"table_array" => array (
 		"edit_access_id" => array (
@@ -74,3 +74,5 @@ $edit_access = array (
 		)
 	)
 );
+
+# __END__

www/admin/table_arrays/array_edit_groups.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_groups = array (
 	"table_array" => array (
 		"edit_group_id" => array (
@@ -97,3 +97,5 @@ $edit_groups = array (
 		) // edit pages ggroup
 	)
 );
+
+# __END__

www/admin/table_arrays/array_edit_languages.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_languages=array (
 	"table_array" => array (
 		"edit_language_id" => array (
@@ -70,3 +70,5 @@ $edit_languages=array (
 	),
 	"table_name" => "edit_language"
 );
+
+# __END__

www/admin/table_arrays/array_edit_menu_group.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_menu_group = array (
 	"table_array" => array (
 		"edit_menu_group_id" => array (
@@ -35,3 +35,5 @@ $edit_menu_group = array (
 		)
 	)
 );
+
+# __END__

www/admin/table_arrays/array_edit_pages.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_pages = array (
 	"table_array" => array (
 		"edit_page_id" => array (
@@ -26,7 +26,7 @@ $edit_pages = array (
 			"int" => 1,
 			"order" => 1
 		),
-/*			"flag" => array (
+		/* "flag" => array (
 			"value" => $GLOBALS["flag"],
 			"output_name" => "Page Flag",
 			"type" => "drop_down_array",
@@ -175,3 +175,5 @@ $edit_pages = array (
 		) // query_string element list
 	) // element list
 );
+
+# __END__

www/admin/table_arrays/array_edit_schemes.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_schemes = array (
 	"table_array" => array (
 		"edit_scheme_id" => array (
@@ -53,3 +53,4 @@ $edit_schemes = array (
 	)
 ); // main array
 
+# __END__

www/admin/table_arrays/array_edit_users.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_users = array (
 	"table_array" => array (
 		"edit_user_id" => array (
@@ -251,3 +251,5 @@ $edit_users = array (
 		) // edit pages ggroup
 	)
 );
+
+# __END__

www/admin/table_arrays/array_edit_visible_group.inc

@@ -1,30 +1,32 @@
-<?
-	$edit_visible_group = array (
-		"table_array" => array (
-			"edit_visible_group_id" => array (
-				"value" => $GLOBALS["edit_visible_group_id"],
-				"type" => "hidden",
-				"pk" => 1
-			),
-			"name" => array (
-				"value" => $GLOBALS["name"],
-				"output_name" => $this->l->__("Group name"),
-				"mandatory" => 1,
-				"type" => "text"
-			),
-			"flag" => array (
-				"value" => $GLOBALS["flag"],
-				"output_name" => $this->l->__("Flag"),
-				"mandatory" => 1,
-				"type" => "text",
-				"error_check" => "alphanumeric|unique"
-			)
+<?php
+$edit_visible_group = array (
+	"table_array" => array (
+		"edit_visible_group_id" => array (
+			"value" => $GLOBALS["edit_visible_group_id"],
+			"type" => "hidden",
+			"pk" => 1
 		),
-		"table_name" => "edit_visible_group",
-		"load_query" => "SELECT edit_visible_group_id, name FROM edit_visible_group ORDER BY name",
-		"show_fields" => array (
-			array (
-				"name" => "name"
-			)
+		"name" => array (
+			"value" => $GLOBALS["name"],
+			"output_name" => $this->l->__("Group name"),
+			"mandatory" => 1,
+			"type" => "text"
+		),
+		"flag" => array (
+			"value" => $GLOBALS["flag"],
+			"output_name" => $this->l->__("Flag"),
+			"mandatory" => 1,
+			"type" => "text",
+			"error_check" => "alphanumeric|unique"
 		)
-	);
+	),
+	"table_name" => "edit_visible_group",
+	"load_query" => "SELECT edit_visible_group_id, name FROM edit_visible_group ORDER BY name",
+	"show_fields" => array (
+		array (
+			"name" => "name"
+		)
+	)
+);
+
+# __END__

www/configs/config.inc

@@ -21,67 +21,70 @@ DEFINE('DEFAULT_LANG', "en_utf8");
 DEFINE('DEFAULT_ENCODING', "UTF-8");
 
 /************* PATHS *********************/
+// directory seperator
+DEFINE('DS', DIRECTORY_SEPARATOR);
 // ** NEW/BETTER DIR DECLARATIONS **
 // path to original file (if symlink)
-DEFINE('DIR', __DIR__."/");
-// libs base path based on DIR
-DEFINE('LIBDIR', DIR.'libs/');
-// SMARTY path based on DIR
-DEFINE('SMARTYDIR', DIR.'Smarty/');
-// table arrays for Class Form
-DEFINE('TABLEARRAYDIR', DIR.'table_arrays/');
+DEFINE('DIR', __DIR__.DS);
+// base dir root folder level
+DEFINE('BASE', str_replace('configs', '', __DIR__));
 
 // ** OLD DIR DECLARATIONS **
 // path to document root of file called
-DEFINE('ROOT', getcwd()."/");
+DEFINE('ROOT', getcwd().DS);
 // libs path
-DEFINE('LIBS', "libs/");
+DEFINE('LIB', 'lib'.DS);
+DEFINE('LIBS', 'lib'.DS);
 // includes (strings, arrays for static, etc)
-DEFINE('INCLUDES', "includes/");
+DEFINE('INCLUDES', 'includes'.DS);
 // layout base path
-DEFINE('LAYOUT', 'layout/');
+DEFINE('LAYOUT', 'layout'.DS);
 // pic-root (compatible to CMS)
-DEFINE('PICTURES', "images/");
+DEFINE('PICTURES', "images".DS);
 // images
-DEFINE('IMAGES', "images/");
+DEFINE('IMAGES', "images".DS);
 // icons (below the images/ folder)
-DEFINE('ICONS', 'icons/');
+DEFINE('ICONS', 'icons'.DS);
 // media
-DEFINE('MEDIA', "media/");
+DEFINE('MEDIA', "media".DS);
 // flash-root (below media)
-DEFINE('FLASH', "flash/");
+DEFINE('FLASH', "flash".DS);
 // uploads (anything to keep)
-DEFINE('UPLOADS', "uploads/");
+DEFINE('UPLOADS', "uploads".DS);
 // files (binaries) (below media)
-DEFINE('BINARIES', "binaries/");
+DEFINE('BINARIES', "binaries".DS);
 // files (videos) (below media)
-DEFINE('VIDEOS', "videos/");
+DEFINE('VIDEOS', "videos".DS);
 // files (documents) (below media)
-DEFINE('DOCUMENTS', "documents/");
+DEFINE('DOCUMENTS', "documents".DS);
 // files (pdfs) (below media)
-DEFINE('PDFS', "documents/");
+DEFINE('PDFS', "documents".DS);
+// CSV
+DEFINE('CSV', 'csv'.DS);
 // css
-DEFINE('CSS', "css/");
+DEFINE('CSS', "css".DS);
 // js
-DEFINE('JS', "javascript/");
+DEFINE('JS', "javascript".DS);
 // table arrays
-DEFINE('TABLE_ARRAYS', "table_arrays/");
+DEFINE('TABLE_ARRAYS', "table_arrays".DS);
 // smarty libs path
-DEFINE('SMARTY', "Smarty/");
+DEFINE('SMARTY', "Smarty".DS);
 // po langs
-DEFINE('LANG', "lang/");
+DEFINE('LANG', "lang".DS);
 // cache path
-DEFINE('CACHE', "cache/");
+DEFINE('CACHE', "cache".DS);
 // temp path
-DEFINE('TMP', "tmp/");
+DEFINE('TMP', "tmp".DS);
 // log files
-DEFINE('LOG', 'log/');
+DEFINE('LOG', 'log'.DS);
+// compiled template folder
+DEFINE('TEMPLATES_C', 'templates_c'.DS);
 // template base
-DEFINE('TEMPLATES', "templates/");
+DEFINE('TEMPLATES', "templates".DS);
 // frontend template dir', only for admin
-DEFINE('TEMPLATES_FRONTEND', "templates_frontend/");
+DEFINE('TEMPLATES_FRONTEND', "templates_frontend".DS);
 // default template
-DEFINE('DEFAULT_TEMPLATE', "default/");
+DEFINE('DEFAULT_TEMPLATE', "default".DS);
 // default template file
 DEFINE('DEFAULT_TEMPLATE_FILE', 'default.tpl');
 
@@ -142,6 +145,7 @@ DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 DEFINE('PUBLIC_SCHEMA', 'public');
 DEFINE('DEV_SCHEMA', 'public');
 DEFINE('TEST_SCHEMA', 'public');
+DEFINE('LIVE_SCHEMA', 'public');
 
 // non constant part
 /************* DB ACCESS *****************/
@@ -249,27 +253,5 @@ if (DEBUG == false) {
 // any other global definitons here
 //	DEFINE('SOME_ID', <SOME VALUE>);
 
-// function that will be called on top of each class include to load the class
-function _spl_autoload($include_file)
-{
-	// where to search for the files to include
-	$dirs = array (
-		LIBDIR,
-		SMARTYDIR,
-		TABLEARRAYDIR,
-		'',
-		LIBS,
-		SMARTY,
-		TABLE_ARRAYS,
-		__DIR__.'/'.LIBS,
-		__DIR__.'/'.SMARTY
-	);
-	// try to find and load the class ifle
-	foreach ($dirs as $folder) {
-		if (file_exists($folder.$include_file))	{
-			require_once($folder.$include_file);
-			return true;
-		}
-	}
-	return false;
-}
+// read auto loader
+require BASE.LIB.'autoloader.php';

www/configs/config.template.inc

@@ -1,6 +1,6 @@
 <?php
 /********************************************************************
-* AUTHOR: Clemens "Gullevek" Schwaighofer (www.gullevek.org)
+* AUTHOR: Clemens Schwaighofer
 * CREATED: 2003/06/10
 * SHORT DESCRIPTION:
 *   configuration file
@@ -59,6 +59,8 @@ DEFINE('VIDEOS', "videos".DS);
 DEFINE('DOCUMENTS', "documents".DS);
 // files (pdfs) (below media)
 DEFINE('PDFS', "documents".DS);
+// CSV
+DEFINE('CSV', 'csv'.DS);
 // css
 DEFINE('CSS', "css".DS);
 // js
@@ -75,6 +77,8 @@ DEFINE('CACHE', "cache".DS);
 DEFINE('TMP', "tmp".DS);
 // log files
 DEFINE('LOG', 'log'.DS);
+// compiled template folder
+DEFINE('TEMPLATES_C', 'templates_c'.DS);
 // template base
 DEFINE('TEMPLATES', "templates".DS);
 // frontend template dir', only for admin
@@ -141,6 +145,7 @@ DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 DEFINE('PUBLIC_SCHEMA', 'public');
 DEFINE('DEV_SCHEMA', 'public');
 DEFINE('TEST_SCHEMA', 'public');
+DEFINE('LIVE_SCHEMA', 'public');
 
 // non constant part
 /************* DB ACCESS *****************/

www/layout/admin/default/css/edit.css

@@ -272,7 +272,7 @@ input[type="text"]:focus, textarea:focus, select:focus {
 }
 
 /* spacer for line break in float elements */
-.spacer {
+.clr, .spacer {
 	clear: both;
 }
 

www/lib/CoreLibs/ACL/Login.inc

@@ -69,8 +69,17 @@ class Login extends \CoreLibs\DB\IO
 	private $logout; // logout button
 	private $login_error; // login error code, can be matched to the array login_error_msg, which holds the string
 	private $password_change = false; // if this is set to true, the user can change passwords
+	private $password_change_ok = false; // password change was successful
 	private $pw_change_deny_users = array (); // array of users for which the password change is forbidden
 
+	// if we have password change we need to define some rules
+	private $password_min_length = 8;
+	// can have several regexes, if nothing set, all is ok
+	private $password_valid_chars = array (
+		// '^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{8,}$',
+		// '^(?.*(\pL)u)(?=.*(\pN)u)(?=.*([^\pL\pN])u).{8,}',
+	);
+
 	// all possible login error conditions
 	private $login_error_msg = array ();
 	// this is an array holding all strings & templates passed from the outside (translation)
@@ -99,7 +108,8 @@ class Login extends \CoreLibs\DB\IO
 
 		// no session could be found at all
 		if (!session_id()) {
-			echo "<b>Session not started!</b><br>Use 'session_start();'.<br>For less problems with other session, you can set a session name with 'session_name(\"name\");'.<br>";
+			echo "<b>Session not started!</b><br>Use 'session_start();'.<br>";
+			echo "For less problems with other session, you can set a session name with 'session_name(\"name\");'.<br>";
 			exit;
 		}
 
@@ -107,7 +117,15 @@ class Login extends \CoreLibs\DB\IO
 
 		// if we have a search path we need to set it, to use the correct DB to login
 		// check what schema to use. if there is a login schema use this, else check if there is a schema set in the config, or fall back to DB_SCHEMA if this exists, if this also does not exists use public schema
-		$SCHEMA = defined('LOGIN_DB_SCHEMA') ? LOGIN_DB_SCHEMA : ($db_config['db_schema'] ? $db_config['db_schema'] : (defined('DB_SCHEMA') ? DB_SCHEMA : 'public'));
+		if (defined('LOGIN_DB_SCHEMA')) {
+			$SCHEMA = LOGIN_DB_SCHEMA;
+		} elseif ($db_config['db_schema']) {
+			$SCHEMA = $db_config['db_schema'];
+		} elseif (defined('DB_SCHEMA')) {
+			$SCHEMA = DB_SCHEMA;
+		} else {
+			$SCHEMA = 'public';
+		}
 		// set schema if schema differs to schema set in db conneciton
 		if ($this->dbGetSchema() && $this->dbGetSchema() != $SCHEMA) {
 			$this->dbExec("SET search_path TO ".$SCHEMA);
@@ -229,6 +247,61 @@ class Login extends \CoreLibs\DB\IO
 		parent::__destruct();
 	}
 
+	// METHOD: loginPasswordCheck
+	// PARAMS: hash, optional password, to override
+	// RETURN: true or false
+	// DESC  : checks if password is valid, sets internal error login variable
+	private function loginPasswordCheck($hash, $password = '')
+	{
+		// check with what kind of prefix the password begins:
+		// $2a$ or $2y$: BLOWFISCH
+		// $1$: MD5
+		// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
+		// if no $ => normal password
+		// NOW, if we have a password encoded, but not the correct encoder available, throw special error
+		$password_ok = false;
+		if (!$password) {
+			$password = $this->password;
+		}
+		if ((preg_match("/^\\$2(a|y)\\$/", $hash) && CRYPT_BLOWFISH != 1) ||
+			(preg_match("/^\\$1\\$/", $hash) && CRYPT_MD5 != 1) ||
+			(preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) && CRYPT_STD_DES != 1)
+		) {
+			// this means password cannot be decrypted because of missing crypt methods
+			$this->login_error = 9999;
+			$password_ok = false;
+		} elseif ((preg_match("/^\\$2(a)\\$/", $hash) ||
+			// old password have $07$ so we check this
+			(preg_match("/^\\$2(y)\\$/", $hash) && preg_match("/\\$07\\$/", $hash)) ||
+			preg_match("/^\\$1\\$/", $hash) ||
+			preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash)) &&
+			!$this->verifyCryptString($password, $hash)
+		) {
+			// check passwword as crypted, $2a$ or $2y$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
+			// this is only for OLD $07$ password
+			$this->login_error = 1011;
+			$password_ok = false;
+		} elseif (preg_match("/^\\$2y\\$/", $hash) &&
+			!$this->passwordVerify($password, $hash)
+		) {
+			// this is the new password hash methid, is only $2y$
+			$this->login_error = 1013;
+			$password_ok = false;
+		} elseif (!preg_match("/^\\$2(a|y)\\$/", $hash) &&
+			!preg_match("/^\\$1\\$/", $hash) &&
+			!preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) &&
+			$hash != $password
+		) {
+			// check old plain password, case sensitive
+			$this->login_error = 1012;
+			$password_ok = false;
+		} else {
+			// all ok
+			$password_ok = true;
+		}
+		return $password_ok;
+	}
+
 	// METHOD: loginLoginUser
 	// WAS   : login_login_user
 	// PARAMS: none
@@ -242,11 +315,13 @@ class Login extends \CoreLibs\DB\IO
 				$this->login_error = 102;
 			} else {
 				// we have to get the themes in here too
-				$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
+				$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, ";
+				$q .= "eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
 				$q .= "debug, db_debug, ";
 				$q .= "eareu.level AS user_level, eareu.type AS user_type, ";
 				$q .= "eareg.level AS group_level, eareg.type AS group_type, ";
-				$q .= "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, first.header_color AS first_header_color, second.header_color AS second_header_color, second.template ";
+				$q .= "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, first.header_color AS first_header_color, ";
+				$q .= "second.header_color AS second_header_color, second.template ";
 				$q .= "FROM edit_user eu ";
 				$q .= "LEFT JOIN edit_scheme second ON (second.edit_scheme_id = eu.edit_scheme_id AND second.enabled = 1), ";
 				$q .= "edit_language el, edit_group eg, ";
@@ -265,13 +340,6 @@ class Login extends \CoreLibs\DB\IO
 				} else {
 					// if login errors is half of max errors and the last login error was less than 10s ago, forbid any new login try
 
-					// check with what kind of prefix the password begins:
-					// $2a$ or $2y$: BLOWFISCH
-					// $1$: MD5
-					// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
-					// if no $ => normal password
-					// NOW, if we have a password encoded, but not the correct encoder available, throw special error
-
 					// check flow
 					// - user is enabled
 					// - user is not locked
@@ -285,27 +353,16 @@ class Login extends \CoreLibs\DB\IO
 					} elseif ($res['locked']) {
 						// user is locked, either set or auto set
 						$this->login_error = 105;
-					} elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) && CRYPT_BLOWFISH != 1) ||
-						(preg_match("/^\\$1\\$/", $res['password']) && CRYPT_MD5 != 1) ||
-						(preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && CRYPT_STD_DES != 1)
-					) {
-						// this means password cannot be decrypted because of missing crypt methods
-						$this->login_error = 9999;
-					} elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) ||
-						preg_match("/^\\$1\\$/", $res['password']) ||
-						preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password'])) &&
-						!$this->verifyCryptString($this->password, $res['password'])
-					) {
-						// check passwword as crypted, $2a$ or $2y$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
-						$this->login_error = 1011;
-					} elseif (!preg_match("/^\\$2(a|y)\\$/", $res['password']) &&
-						!preg_match("/^\\$1\\$/", $res['password']) &&
-						!preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) &&
-						$res['password'] != $this->password
-					) {
-						// check old plain password, non case sensitive
-						$this->login_error = 1012;
+					} elseif (!$this->loginPasswordCheck($res['password'])) {
+						// none to be set, set in login password check
 					} else {
+						// check if the current password is an invalid hash and do a rehash and set password
+						// $this->debug('LOGIN', 'Hash: '.$res['password'].' -> VERIFY: '.($this->passwordVerify($this->password, $res['password']) ? 'OK' : 'FAIL').' => HASH: '.($this->passwordRehashCheck($res['password']) ? 'NEW NEEDED' : 'OK'));
+						if ($this->passwordRehashCheck($res['password'])) {
+							// update password hash to new one now
+							$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->passwordSet($this->password))."' WHERE edit_user_id = ".$res['edit_user_id'];
+							$this->dbExec($q);
+						}
 						// normal user processing
 						// set class var and session var
 						$_SESSION["EUID"] = $this->euid = $res["edit_user_id"];
@@ -335,7 +392,8 @@ class Login extends \CoreLibs\DB\IO
 							$pages = array();
 							$edit_page_ids = array();
 							// set pages access
-							$q = "SELECT ep.edit_page_id, filename, ep.name AS edit_page_name, ep.order_number AS edit_page_order, menu, popup, popup_x, popup_y, online, ear.level, ear.type ";
+							$q = "SELECT ep.edit_page_id, filename, ep.name AS edit_page_name, ep.order_number AS edit_page_order, menu, ";
+							$q .= "popup, popup_x, popup_y, online, ear.level, ear.type ";
 							$q .= "FROM edit_page ep, edit_page_access epa, edit_access_right ear ";
 							$q .= "WHERE ep.edit_page_id = epa.edit_page_id AND ear.edit_access_right_id = epa.edit_access_right_id ";
 							$q .= "AND epa.enabled = 1 AND epa.edit_group_id = ".$res["edit_group_id"]." ";
@@ -548,6 +606,7 @@ class Login extends \CoreLibs\DB\IO
 			$this->acl['admin'] = 1;
 			$this->acl['base'] = 100;
 		} else {
+			$this->acl['admin'] = 0;
 			// now go throw the flow and set the correct ACL
 			// user > page > group
 			// group ACL 0
@@ -618,7 +677,7 @@ class Login extends \CoreLibs\DB\IO
 		// set the full acl list too
 		$this->acl['acl_list'] = $_SESSION['DEFAULT_ACL_LIST'];
 		// debug
-//			$this->debug('ACL', $this->print_ar($this->acl));
+		// $this->debug('ACL', $this->print_ar($this->acl));
 	}
 
 	// METHOD: loginCheckEditAccess
@@ -635,6 +694,28 @@ class Login extends \CoreLibs\DB\IO
 		}
 	}
 
+	// METHOD: loginPasswordChangeValidPassword
+	// PARAMS: the new password
+	// RETURN: true or false
+	// DESC  : checks if the password is in a valid format
+	private function loginPasswordChangeValidPassword($password)
+	{
+		$is_valid_password = true;
+		// check for valid in regex arrays in list
+		if (is_array($this->password_valid_chars)) {
+			foreach ($this->password_valid_chars as $password_valid_chars) {
+				if (!preg_match("/$password_valid_chars/", $password)) {
+					$is_valid_password = false;
+				}
+			}
+		}
+		// check for min length
+		if (strlen($password) < $this->password_min_length) {
+			$is_valid_password = false;
+		}
+		return $is_valid_password;
+	}
+
 	// METHOD: loginPasswordChange
 	// WAS   : login_password_change
 	// PARAMS: none
@@ -646,7 +727,7 @@ class Login extends \CoreLibs\DB\IO
 			$event = 'Password Change';
 			// check that given username is NOT in the deny list, else silent skip (with error log)
 			if (!in_array($this->pw_username, $this->pw_change_deny_users)) {
-				if (!$this->pw_username || !$this->pw_password) {
+				if (!$this->pw_username || !$this->pw_old_password) {
 					$this->login_error = 200;
 					$data = 'Missing username or old password.';
 				}
@@ -662,9 +743,9 @@ class Login extends \CoreLibs\DB\IO
 				}
 				// check old passwords match -> error
 				if (!$this->login_error) {
-					$q = "SELECT edit_user_id FROM edit_user WHERE enabled = 1 AND username = '".$this->dbEscapeString($this->pw_username)."' AND password = '".$this->dbEscapeString($this->pw_old_password)."'";
-					list ($edit_user_id) = $this->dbReturnRow($q);
-					if (!$edit_user_id) {
+					$q = "SELECT edit_user_id, password FROM edit_user WHERE enabled = 1 AND username = '".$this->dbEscapeString($this->pw_username)."'";
+					list ($edit_user_id, $old_password_hash) = $this->dbReturnRow($q);
+					if (!$edit_user_id || !$this->loginPasswordCheck($old_password_hash, $this->pw_old_password)) {
 						// old password wrong
 						$this->login_error = 202;
 						$data = 'The old password does not match';
@@ -681,15 +762,23 @@ class Login extends \CoreLibs\DB\IO
 				if (!$this->login_error) {
 					if ($this->pw_new_password != $this->pw_new_password_confirm) {
 						$this->login_error = 204;
-						$data = 'The new passwords do not match: '.$this->pw_new_password.' == '.$this->pw_new_password_confirm;
+						$data = 'The new passwords do not match';
+					}
+				}
+				// password shall match to something in minimum length or form
+				if (!$this->login_error) {
+					if (!$this->loginPasswordChangeValidPassword($this->pw_new_password)) {
+						$this->login_error = 205;
+						$data = 'The new password string is not valid';
 					}
 				}
 				// no error change this users password
 				if (!$this->login_error) {
 					// update the user (edit_user_id) with the new password
-					$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->cryptString($this->pw_new_password))."' WHERE edit_user_id = ".$edit_user_id;
+					$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->passwordSet($this->pw_new_password))."' WHERE edit_user_id = ".$edit_user_id;
 					$this->dbExec($q);
-					$data = 'Password change for user "'.$this->pw_username.'" from "'.$this->pw_old_password.'" to "'.$this->pw_new_password.'"';
+					$data = 'Password change for user "'.$this->pw_username.'"';
+					$this->password_change_ok = true;
 				}
 			} else {
 				// illegal user error
@@ -697,7 +786,7 @@ class Login extends \CoreLibs\DB\IO
 				$data = 'Illegal user for password change: '.$this->pw_username;
 			}
 			// log this password change attempt
-			$this->write_log($event, $data, $this->login_error, $pw_username, $pw_old_password);
+			$this->writeLog($event, $data, $this->login_error, $this->pw_username);
 		} // button pressed
 	}
 
@@ -727,29 +816,43 @@ class Login extends \CoreLibs\DB\IO
 				// pre change the data in the PASSWORD_CHANGE_DIV first
 				foreach ($this->login_template['strings'] as $string => $data) {
 					if ($data) {
-						$html_string_password_change = str_replace("{".$string."}", $data, $html_string_password_change);
+						$html_string_password_change = str_replace('{'.$string.'}', $data, $html_string_password_change);
 					}
 				}
+				// print error messagae
+				if ($this->login_error) {
+					$html_string_password_change = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string_password_change);
+				} else {
+					$html_string_password_change = str_replace('{ERROR_MSG}', '<br>', $html_string_password_change);
+				}
+				// if pw change action, show the float again
+				if ($this->change_password && !$this->password_change_ok) {
+					$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '<script language="JavaScript">ShowHideDiv(\'pw_change_div\');</script>', $html_string_password_change);
+				} else {
+					$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
+				}
 				$this->login_template['strings']['PASSWORD_CHANGE_DIV'] = $html_string_password_change;
 			}
 
 			// put in the logout redirect string
 			if ($this->logout && $LOGOUT_TARGET) {
-				$html_string = str_replace("{LOGOUT_TARGET}", '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
+				$html_string = str_replace('{LOGOUT_TARGET}', '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
 			} else {
-				$html_string = str_replace("{LOGOUT_TARGET}", '', $html_string);
+				$html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
 			}
 
 			// print error messagae
 			if ($this->login_error) {
-				$html_string = str_replace("{ERROR_MSG}", $this->login_error_msg[$this->login_error]."<br>", $html_string);
+				$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string);
+			} elseif ($this->password_change_ok && $this->password_change) {
+				$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[300].'<br>', $html_string);
 			} else {
-				$html_string = str_replace("{ERROR_MSG}", "<br>", $html_string);
+				$html_string = str_replace('{ERROR_MSG}', '<br>', $html_string);
 			}
 
 			// create the replace array context
 			foreach ($this->login_template['strings'] as $string => $data) {
-				$html_string = str_replace("{".$string."}", $data, $html_string);
+				$html_string = str_replace('{'.$string.'}', $data, $html_string);
 			}
 
 			// return the created HTML here
@@ -782,10 +885,10 @@ class Login extends \CoreLibs\DB\IO
 				$q = "SELECT username, password FROM edit_user WHERE edit_user_id = ".$this->euid;
 				list($username, $password) = $this->dbReturnRow($q);
 			} // if euid is set, get username (or try)
-			$this->writeLog($event, '', $this->login_error, $username, $password);
+			$this->writeLog($event, '', $this->login_error, $username);
 		} // write log under certain settings
 		// now close DB connection
-//			$this->error_msg = $this->_login();
+		// $this->error_msg = $this->_login();
 		if (!$this->permission_okay) {
 			return false;
 		} else {
@@ -816,6 +919,7 @@ class Login extends \CoreLibs\DB\IO
 			"1010" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // user not found
 			"1011" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // blowfish password wrong
 			"1012" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // fallback md5 password wrong
+			"1013" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // new password_hash wrong
 			"102" => $this->l->__("Fatal Error: <b>Login Failed - Please enter username and password</b>"),
 			"103" => $this->l->__("Fatal Error: <b>You do not have the rights to access this Page</b>"),
 			"104" => $this->l->__("Fatal Error: <b>Login Failed - User not enabled</b>"),
@@ -826,6 +930,8 @@ class Login extends \CoreLibs\DB\IO
 			"202" => $this->l->__("Fatal Error: <b>Password change - The old password is not correct</b>"),
 			"203" => $this->l->__("Fatal Error: <b>Password change - Please fill out both new password fields</b>"),
 			"204" => $this->l->__("Fatal Error: <b>Password change - The new passwords do not match</b>"),
+			"205" => $this->l->__("Fatal Error: <b>Password change - The new password is not in a valid format</b>"), // we should also not here WHAT is valid
+			"300" => $this->l->__("Success: <b>Password change successful</b>"), // for OK password change
 			"9999" => $this->l->__("Fatal Error: <b>necessary crypt engine could not be found</b>. Login is impossible") // this is bad bad error
 		);
 
@@ -852,6 +958,7 @@ class Login extends \CoreLibs\DB\IO
 <tr><td></td><td><input type="submit" name="change_password" value="{PASSWORD_CHANGE_BUTTON_VALUE}"><input type="button" name="pw_change" value="{CLOSE}" OnClick="ShowHideDiv('pw_change_div');"></td></tr>
 </table>
 </div>
+{PASSWORD_CHANGE_SHOW}
 EOM;
 		} else {
 			$strings = array_merge($strings, array (
@@ -862,14 +969,14 @@ EOM;
 		}
 
 		// first check if all strings are set from outside, if not, set with default ones
-		while (list($string, $data) = each($strings)) {
+		foreach ($strings as $string => $data) {
 			if (!array_key_exists($string, $this->login_template['strings'])) {
 				$this->login_template['strings'][$string] = $data;
 			}
 		}
 
 		// error msgs the same
-		while (list($code, $data) = each($error_msgs)) {
+		foreach ($error_msgs as $code => $data) {
 			if (!array_key_exists($code, $this->login_error_msg)) {
 				$this->login_error_msg[$code] = $data;
 			}
@@ -949,12 +1056,14 @@ EOM;
 	//        error -> if error, write error string (not enougth data, etc)
 	// RETURN: none
 	// DESC  : writes detailed data into the edit user log table (keep log what user does)
-	private function writeLog($event, $data, $error = "", $username = "", $password = "")
+	private function writeLog($event, $data, $error = '', $username = '')
 	{
 		if ($this->login) {
 				$this->action = 'Login';
 		} elseif ($this->logout) {
 				$this->action = 'Logout';
+		} else {
+			$this->action = '';
 		}
 		$_data_binary = array (
 				'_SESSION' => $_SESSION,
@@ -969,9 +1078,11 @@ EOM;
 		$q .= "(username, password, euid, event_date, event, error, data, data_binary, page, ";
 		$q .= "ip, user_agent, referer, script_name, query_string, server_name, http_host, http_accept, http_accept_charset, http_accept_encoding, session_id, ";
 		$q .= "action, action_id, action_yes, action_flag, action_menu, action_loaded, action_value, action_error) ";
-		$q .= "VALUES ('".$this->dbEscapeString($username)."', '".$this->dbEscapeString($password)."', ".(($this->euid) ? $this->euid : 'NULL').", ";
+		$q .= "VALUES ('".$this->dbEscapeString($username)."', 'PASSWORD', ".(($this->euid) ? $this->euid : 'NULL').", ";
 		$q .= "NOW(), '".$this->dbEscapeString($event)."', '".$this->dbEscapeString($error)."', '".$this->dbEscapeString($data)."', '".$data_binary."', '".$this->page_name."', ";
-		foreach (array('REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING') as $server_code) {
+		foreach (array(
+			'REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING'
+		) as $server_code) {
 			if (array_key_exists($server_code, $_SERVER)) {
 				$q .= "'".$this->dbEscapeString($_SERVER[$server_code])."', ";
 			} else {

www/lib/CoreLibs/Basic.inc

@@ -123,7 +123,7 @@ class Basic
 	private $log_print_file = 'error_msg##LOGID####LEVEL####CLASS####PAGENAME####DATE##';
 	private $log_file_unique_id; // a unique ID set only once for call derived from this class
 	public $log_print_file_date = 1; // if set add Y-m-d and do automatic daily rotation
-	private $log_file_id = LOG_FILE_ID ? LOG_FILE_ID : ''; // a alphanumeric name that has to be set as global definition
+	private $log_file_id = ''; // a alphanumeric name that has to be set as global definition
 	public $log_per_level = 0; // set, it will split per level (first parameter in debug call)
 	public $log_per_class = 0; // set, will split log per class
 	public $log_per_page = 0; // set, will split log per called file
@@ -148,12 +148,13 @@ class Basic
 	// error char for the char conver
 	public $mbErrorChar;
 
-	// crypt saslt prefix
+	// [!!! DEPRECATED !!!] crypt saslt prefix
 	public $cryptSaltPrefix = '';
 	public $cryptSaltSuffix = '';
 	public $cryptIterationCost = 7; // this is for staying backwards compatible with the old ones
 	public $cryptSaltSize = 22; // default 22 chars for blowfish, 2 for STD DES, 8 for MD5,
-
+	// new better password management
+	protected $password_options = array ();
 	// session name
 	private $session_name = '';
 	private $session_id = '';
@@ -178,9 +179,30 @@ class Basic
 			"class_author" => 'Clemens Schwaighofer'
 		);
 
+		// before we start any work, we should check that all MUST constants are defined
+		$abort = false;
+		foreach (array(
+			'DS', 'DIR', 'BASE', 'ROOT', 'LIB', 'INCLUDES', 'LAYOUT', 'PICTURES', 'FLASH', 'VIDEOS', 'DOCUMENTS', 'PDFS', 'BINARIES', 'ICONS',
+			'UPLOADS', 'CSV', 'JS', 'CSS', 'TABLE_ARRAYS', 'SMARTY', 'LANG', 'CACHE', 'TMP', 'LOG', 'TEMPLATES', 'TEMPLATES_C',
+			'TEMPLATES_FRONTEND', 'DEFAULT_TEMPLATE', 'DEFAULT_TEMPLATE_FILE', 'DEFAULT_LANG', 'DEFAULT_ENCODING', 'DEFAULT_HASH',
+			'DEFAULT_ACL_LEVEL', 'LOGOUT_TARGET', 'PASSWORD_CHANGE', 'AJAX_REQUEST_TYPE', 'USE_PROTOTYPE', 'USE_SCRIPTACULOUS', 'USE_JQUERY',
+			'PAGE_WIDTH', 'MASTER_TEMPLATE_NAME', 'PUBLIC_SCHEMA', 'TEST_SCHEMA', 'DEV_SCHEMA', 'LIVE_SCHEMA', 'LOGIN_DB', 'MAIN_DB', 'DB_SCHEMA',
+			'LOGIN_DB_SCHEMA', 'GLOBAL_DB_SCHEMA', 'TARGET', 'DEBUG', 'SHOW_ALL_ERRORS'
+		) as $constant) {
+			if (!defined($constant)) {
+				echo "Constant $constant misssing<br>";
+				$abort = true;
+			}
+		}
+		if ($abort === true) {
+			die('Core Constant missing. Check config file.');
+		}
+
 		// set the page name
 		$this->page_name = $this->getPageName();
 		$this->host_name = $this->getHostName();
+		// init the log file id
+		$this->log_file_id = defined('LOG_FILE_ID') ? LOG_FILE_ID : '';
 
 		// set the paths matching to the valid file types
 		$this->data_path = array (
@@ -327,7 +349,7 @@ class Basic
 		// initial the session if there is no session running already
 		if (!session_id()) {
 			// check if we have an external session name given, else skip this step
-			if (SET_SESSION_NAME) {
+			if (defined('SET_SESSION_NAME')) {
 				// set the session name for possible later check
 				$this->session_name = SET_SESSION_NAME;
 			}
@@ -340,8 +362,10 @@ class Basic
 			$this->session_id = session_id();
 		}
 
-		// init crypt settings
+		// [!!! DEPRECATED !!!] init crypt settings
 		$this->cryptInit();
+		// new better password init
+		$this->passwordInit();
 
 		// start logging running time
 		$this->runningTime();
@@ -431,7 +455,7 @@ class Basic
 	// DESC  : wrapper around microtime function to print out y-m-d h:i:s.ms
 	public static function printTime($set_microtime = -1)
 	{
-		list($microtime, $timestamp) = explode(" ", microtime());
+		list($microtime, $timestamp) = explode(' ', microtime());
 		$string = date("Y-m-d H:i:s", $timestamp);
 		// if microtime flag is -1 no round, if 0, no microtime, if >= 1, round that size
 		if ($set_microtime == -1) {
@@ -1221,17 +1245,20 @@ class Basic
 	//         xd xh xm xs xms to a timestamp.microtime format
 	public static function stringToTime($timestring)
 	{
-		$timestamp = '';
+		$timestamp = 0;
 		if (preg_match("/(d|h|m|s|ms)/", $timestring)) {
-			$timegroups = array (1 => 86400, 3 => 3600, 5 => 60, 7 => 1);
+			// pos for preg match read + multiply factor
+			$timegroups = array (2 => 86400, 4 => 3600, 6 => 60, 8 => 1);
+			// preg match: 0: full strsing
+			// 2, 4, 6, 8 are the to need values
 			preg_match("/^((\d+)d ?)?((\d+)h ?)?((\d+)m ?)?((\d+)s ?)?((\d+)ms)?$/", $timestring, $matches);
 			// multiply the returned matches and sum them up. the last one (ms) is added with .
-			for ($i = 1; $i <= 7; $i += 2) {
-				if ($matches[$i]) {
-					$timestamp += ($matches[($i + 1)] * $timegroups[$i]);
+			foreach ($timegroups as $i => $time_multiply) {
+				if (is_numeric($matches[$i])) {
+					$timestamp += $matches[$i] * $time_multiply;
 				}
 			}
-			if ($matches[10]) {
+			if (is_numeric($matches[10])) {
 				$timestamp .= '.'.$matches[10];
 			}
 			return $timestamp;
@@ -1630,6 +1657,11 @@ class Basic
 		return false;
 	}
 
+	// [!!! DEPRECATED !!!]
+	// ALL crypt* methids are DEPRECATED and SHALL NOT BE USED
+	// use the new password* instead
+
+	// [!!! DEPRECATED !!!] -> passwordInit
 	// METHOD: cryptInit
 	// PARAMS: none
 	// RETURN: none
@@ -1676,6 +1708,7 @@ class Basic
 		}
 	}
 
+	// [!!! DEPRECATED !!!] -> not needed
 	// METHOD: cryptSaltString
 	// PARAMS: random string length, default is 22 (for blowfish crypt)
 	// RETURN: random string
@@ -1703,6 +1736,7 @@ class Basic
 		return $salt_string;
 	}
 
+	// [!!! DEPRECATED !!!] -> passwordSet
 	// METHOD: cryptString
 	// PARAMS: string to be crypted (one way)
 	// RETURN: encrypted string
@@ -1714,6 +1748,7 @@ class Basic
 		return crypt($string, $this->cryptSaltPrefix.$this->cryptSaltString($this->cryptSaltSize).$this->cryptSaltSuffix);
 	}
 
+	// [!!! DEPRECATED !!!] -> passwordVerify
 	// METHOD: verifyCryptString
 	// PARAMS: plain string (eg password)
 	//         full crypted string (from cryptString
@@ -1729,6 +1764,61 @@ class Basic
 		}
 	}
 
+	// *** BETTER PASSWORD OPTIONS, must be used ***
+	// METHOD: passwordInit
+	// PARAMS: none
+	// RETURN: none
+	// DESC  : inits the password options set
+	//         currently this is et empty, and the default options are used
+	private function passwordInit()
+	{
+		// set default password cost: use default set automatically
+		$this->password_options = array (
+			// 'cost' => PASSWORD_BCRYPT_DEFAULT_COST
+		);
+	}
+
+	// METHOD: passwordSet
+	// PARAMS: password
+	// RETURN: hashed password
+	// DESC  : creates the password hash
+	public function passwordSet($password)
+	{
+		// always use the PHP default for the password
+		// password options ca be set in the password init, but should be kept as default
+		return password_hash($password, PASSWORD_DEFAULT, $this->password_options);
+	}
+
+	// METHOD: passwordVerify
+	// PARAMS: password and hash
+	// RETURN: true or false
+	// DESC  : checks if the entered password matches the hash
+	public function passwordVerify($password, $hash)
+	{
+		if (password_verify($password, $hash)) {
+			return true;
+		} else {
+			return false;
+		}
+		// in case something strange, return false on default
+		return false;
+	}
+
+	// METHOD: passwordRehashCheck
+	// PARAMS: hash
+	// RETURN: true or false
+	// DESC  : checks if the password needs to be rehashed
+	public function passwordRehashCheck($hash)
+	{
+		if (password_needs_rehash($hash, PASSWORD_DEFAULT, $this->password_options)) {
+			return true;
+		} else {
+			return false;
+		}
+		// in case of strange, force re-hash
+		return true;
+	}
+
 	// *** COLORS ***
 
 	// METHOD: hex2rgb

www/lib/CoreLibs/DB/IO.inc

@@ -501,7 +501,7 @@ class IO extends \CoreLibs\Basic
 	// NOTE  : used in db_dump_data only
 	private function __printArray($array)
 	{
-		while (list($key, $value) = each($array)) {
+		foreach ($array as $key => $value) {
 			$string .= $this->nbsp.'<b>'.$key.'</b> => ';
 			if (is_array($value)) {
 				$this->nbsp .= '&nbsp;&nbsp;&nbsp;';
@@ -567,7 +567,7 @@ class IO extends \CoreLibs\Basic
 			// write detailed error log
 		}
 		if ($this->warning_id) {
-			$this->__dbDebug('db', '<span style="color: orange;"><b>DB-Warning</b> '.$this->warning_id.': '.$this->error_string[$this->warning_id].($msg ? ', '.$msg : '').'</span>', 'DB_ERROR', $where_called);
+			$this->__dbDebug('db', '<span style="color: orange;"><b>DB-Warning</b> '.$this->warning_id.': '.$this->error_string[$this->warning_id].($msg ? ', '.$msg : '').'</span>', 'DB_WARNING', $where_called);
 			$this->had_warning = $this->warning_id;
 		}
 		// unset the error/warning vars
@@ -1111,7 +1111,7 @@ class IO extends \CoreLibs\Basic
 					$this->cursor_ext[$md5]['read_rows'] ++;
 					// if reset is <3 caching is done, else no
 					if ($reset < 3) {
-						while (list($field_name, $data) = each($return)) {
+						foreach ($return as $field_name => $data) {
 							$temp[$field_name] = $data;
 						}
 						$this->cursor_ext[$md5][] = $temp;

www/lib/CoreLibs/Output/Form/Generate.inc

@@ -887,16 +887,16 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 					} // switch
 				} // for each error to check
 			} elseif ($value["mandatory"] &&
-						(
-							// for all "normal" fields
-							($this->table_array[$key]["type"] != "password" && $this->table_array[$key]["type"] != "drop_down_db_input" && !$this->table_array[$key]["value"]) ||
-							// for drop_down_db_input check if one of both fields filled
-							($this->table_array[$key]["type"] == "drop_down_db_input" && !$this->table_array[$key]["input_value"] && !$this->table_array[$key]["value"]) ||
-							// for password
-							($this->table_array[$key]["type"] == "password" && !$this->table_array[$key]["value"] && !$this->table_array[$key]["HIDDEN_value"])
-						)
-					// main if end
-					) {
+				(
+					// for all "normal" fields
+					($this->table_array[$key]["type"] != "password" && $this->table_array[$key]["type"] != "drop_down_db_input" && !$this->table_array[$key]["value"]) ||
+					// for drop_down_db_input check if one of both fields filled
+					($this->table_array[$key]["type"] == "drop_down_db_input" && !$this->table_array[$key]["input_value"] && !$this->table_array[$key]["value"]) ||
+					// for password
+					($this->table_array[$key]["type"] == "password" && !$this->table_array[$key]["value"] && !$this->table_array[$key]["HIDDEN_value"])
+				)
+			// main if end
+			) {
 				// if mandatory && no input
 				// $this->debug('form', "A: ".$this->table_array[$key]["type"]." -- ".$this->table_array[$key]["input_value"]." -- ".$this->table_array[$key]["value"]);
 				if (!$this->table_array[$key]["value"] && $this->table_array[$key]["type"] != "binary") {
@@ -1145,7 +1145,6 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	// DESC  : save a table, reference and all input fields
 	public function formSaveTableArray($addslashes = 0)
 	{
-//       global $_FILES;
 		// for drop_down_db_input check if text field is filled and if, if not yet in db ...
 		// and upload files
 		if (!is_array($this->table_array)) {
@@ -1154,9 +1153,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		reset($this->table_array);
 		while (list($key, $value) = each($this->table_array)) {
 			// drop_down_db with input + reference table
-//$this->debug('form', "A: ".$this->table_array[$key]["type"]." --- ".$this->table_array[$key]["input_value"]);
+			// $this->debug('form', "A: ".$this->table_array[$key]["type"]." --- ".$this->table_array[$key]["input_value"]);
 			if ($this->table_array[$key]["type"] == "drop_down_db_input" && $this->table_array[$key]["input_value"]) {
-//$this->debug('form', "HERE");
+				// $this->debug('form', "HERE");
 				// check if this text name already exists (lowercase compare)
 				$q = "SELECT ".$this->table_array[$key]["pk_name"]." FROM ".$this->table_array[$key]["table_name"]." WHERE LCASE(".$this->table_array[$key]["input_name"].") = '".$this->db_escape_string(strtolower($this->table_array[$key]["input_value"]))."'";
 				// if a where was given, add here
@@ -1208,10 +1207,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				// if smth in $$key_file -> save or overwrite
 				// if smth in $key && $$key_delete && !$$key_file-> delte
 				// if smth in $key, keep as is
-//           $_file=$key."_file";
-//           $_delete=$key."_delete";
-//$this->debug('form', "UF: ".$GLOBALS["_FILES"][$key."_file"]['name']);
-//$this->debug('form', "delete: ".$key."_delete => ".$GLOBALS[$key.'_delete']);
+				// $_file=$key."_file";
+				// $_delete=$key."_delete";
+				// $this->debug('form', "UF: ".$GLOBALS["_FILES"][$key."_file"]['name']);
+				// $this->debug('form', "delete: ".$key."_delete => ".$GLOBALS[$key.'_delete']);
 				if ($GLOBALS["_FILES"][$key."_file"]['name']) {
 					// check if dir exists
 					if (is_dir($this->table_array[$key]["save_dir"])) {
@@ -1240,11 +1239,11 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			// for password crypt it as blowfish, or if not available MD5
 			if ($this->table_array[$key]['type'] == 'password') {
 				if ($this->table_array[$key]["value"]) {
-					// password is stored in blowfish format, or in the format supported by this PHP version
-					$this->table_array[$key]["value"] = $this->cryptString($this->table_array[$key]["value"]);
+					// use the better new passwordSet instead of crypt based
+					$this->table_array[$key]['value'] = $this->passwordSet($this->table_array[$key]['value']);
 					$this->table_array[$key]["HIDDEN_value"] = $this->table_array[$key]["value"];
 				} else {
-//						$this->table_array[$key]["HIDDEN_value"] =
+					// $this->table_array[$key]["HIDDEN_value"] =
 				}
 			}
 		} // go through each field
@@ -1287,14 +1286,14 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 						$max = count($_POST[$prfx.$key]);
 					}
 				}
-//$this->debug('edit_error', "MAX: $max");
+				// $this->debug('edit_error', "MAX: $max");
 				// check if there is a hidden key, update, else insert
 				while (list($el_name, $data_array) = each($reference_array["elements"])) {
 					// this is only for reference_data part, at least one of the text fields need to be set for writing
 					$blow_write = array ();
-//$this->debug('edit_error_query', "QUERY: ".$this->print_ar($_POST));
+					// $this->debug('edit_error_query', "QUERY: ".$this->print_ar($_POST));
 					// go through all submitted data
-//						for ($i = 0; $i < count($_POST[$el_name]); $i ++)
+					// for ($i = 0; $i < count($_POST[$el_name]); $i ++)
 					for ($i = 0; $i < $max; $i ++) {
 						// if we have enable name & delete set, then only insert/update those which are flagged as active
 						// check if mandatory field is set, if not set "do not write flag"
@@ -1326,7 +1325,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 						// write all data (insert/update) because I don't know until all are processed if it is insert or update
 						// don't write primary key backup for update
 						// for reference_data type, only write if at least one text type field is set
-//$this->debug('edit_error', "I: $i | EL Name: $prfx$el_name | Data: ".$_POST[$prfx.$el_name][$i]." | Type: ".$type[$i]." | PK: ".$data_array["pk_id"].", Block write: ".$block_write[$i]);
+						// $this->debug('edit_error', "I: $i | EL Name: $prfx$el_name | Data: ".$_POST[$prfx.$el_name][$i]." | Type: ".$type[$i]." | PK: ".$data_array["pk_id"].", Block write: ".$block_write[$i]);
 						// only add elements that are not PK or FK flaged
 						if (!$data_array['pk_id'] && !$data_array['fk_id']) {
 							// update data list