All DB columns are set to varchar, PHP 7.2 compatible fixes

All DB columns that had a varchar(number) are changed to varchar.
The edit_language default unique grouping has been removed because this
does not work (you cannot have unique on this when it is 1/0 flag only)

Update Output\Form\Generate and edit_base to be PHP 7.2 compatible with
removing all old while (list() ... each()) entries. Fix all undefined
counts, etc.

Login class update is long line wraps and clean up of some nested
teniary parts

4dev/database/table/edit_access.sql

@@ -8,7 +8,7 @@
 -- DROP TABLE edit_access;
 CREATE TABLE edit_access (
 	edit_access_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(255) UNIQUE,
+	name	VARCHAR UNIQUE,
 	description	VARCHAR,
 	COLOR	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_group.sql

@@ -8,7 +8,7 @@
 -- DROP TABLE edit_group;
 CREATE TABLE edit_group (
 	edit_group_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(50),
+	name	VARCHAR,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	edit_scheme_id INT,
 	edit_access_right_id INT NOT NULL,

4dev/database/table/edit_language.sql

@@ -9,12 +9,12 @@
 -- DROP TABLE edit_language;
 CREATE TABLE edit_language (
 	edit_language_id SERIAL PRIMARY KEY,
-	short_name VARCHAR(2),
+	short_name VARCHAR,
-	long_name VARCHAR(70),
+	long_name VARCHAR,
-	iso_name VARCHAR(12),
+	iso_name VARCHAR,
 	order_number INT,
 	enabled SMALLINT NOT NULL DEFAULT 0,
-	lang_default SMALLINT NOT NULL DEFAULT 0 UNIQUE
+	lang_default SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
 INSERT INTO edit_language (short_name, long_name, iso_name, order_number, enabled, lang_default) VALUES ('en', 'English', 'UTF-8', 1, 1, 1);

4dev/database/table/edit_menu_group.sql

@@ -8,8 +8,8 @@
 -- DROP TABLE edit_menu_group;
 CREATE TABLE edit_menu_group (
 	edit_menu_group_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(255),
+	name	VARCHAR,
-	flag	VARCHAR(50),
+	flag	VARCHAR,
 	order_number	INT NOT NULL
 ) INHERITS (edit_generic) WITHOUT OIDS;
 

4dev/database/table/edit_page.sql

@@ -8,8 +8,8 @@
 -- DROP TABLE edit_page;
 CREATE TABLE edit_page (
 	edit_page_id	SERIAL PRIMARY KEY,
-	filename	VARCHAR(70),
+	filename	VARCHAR,
-	name	VARCHAR(255) UNIQUE,
+	name	VARCHAR UNIQUE,
 	order_number INT NOT NULL,
 	online	SMALLINT NOT NULL DEFAULT 0,
 	menu	SMALLINT NOT NULL DEFAULT 0,

4dev/database/table/edit_query_string.sql

@@ -8,8 +8,8 @@
 -- DROP TABLE edit_query_string;
 CREATE TABLE edit_query_string (
 	edit_query_string_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(255),
+	name	VARCHAR,
-	value	VARCHAR(255),
+	value	VARCHAR,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	dynamic	SMALLINT NOT NULL DEFAULT 0,
 	edit_page_id	INT NOT NULL,

4dev/database/table/edit_scheme.sql

@@ -9,12 +9,12 @@
 CREATE TABLE edit_scheme (
 	edit_scheme_id	SERIAL PRIMARY KEY,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
-	name	VARCHAR(50),
+	name	VARCHAR,
-	header_color	VARCHAR(7),
+	header_color	VARCHAR,
-	css_file	VARCHAR(50),
+	css_file	VARCHAR,
-	template	VARCHAR(50)
+	template	VARCHARs
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
-INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Default Scheme', '#E0E2FF', 1);
+INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Default Scheme', 'E0E2FF', 1);
-INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Admin', '#CC7E7E', 1);
+INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Admin', 'CC7E7E', 1);
-INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Visitor', '#B0C4B3', 1);
+INSERT INTO edit_scheme (name, header_color, enabled) VALUES ('Visitor', 'B0C4B3', 1);

4dev/database/table/edit_temp_files.sql

@@ -7,5 +7,5 @@
 
 -- DROP TABLE temp_files;
 CREATE TABLE temp_files (
-	filename	VARCHAR(250)
+	filename	VARCHAR
 );

4dev/database/table/edit_visible_group.sql

@@ -8,8 +8,8 @@
 -- DROP TABLE edit_visible_group;
 CREATE TABLE edit_visible_group (
 	edit_visible_group_id	SERIAL PRIMARY KEY,
-	name	VARCHAR(255),
+	name	VARCHAR,
-	flag	VARCHAR(50)
+	flag	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
 DELETE FROM edit_visible_group;

README.md

@@ -18,7 +18,9 @@ The active branch, which is the namespace branch
 
 ### legacy
 
-The old non namepsace format layout. This will only get bug fixes and no new development
+The old non namepsace format layout.
+This is fully deprecated and will no longer be maintaned.
+last tested PHP 5.6 and PHP 7.0
 
 ### namespace
 

www/admin/class_test.php

@@ -1,4 +1,5 @@
 <?php
+
 $DEBUG_ALL_OVERRIDE = 0; // set to 1 to debug on live/remote server locations
 $DEBUG_ALL = 1;
 $PRINT_ALL = 1;
@@ -15,7 +16,9 @@ define('USE_DATABASE', true);
 // sample config
 require("config.inc");
 // set session name
-DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME);
+if (!defined('SET_SESSION_NAME')) {
+	DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME);
+}
 // define log file id
 DEFINE('LOG_FILE_ID', 'classTest');
 // set language for l10n
@@ -181,8 +184,14 @@ print "OTHER SCHEMA INSERT STATUS: ".$status." | PK NAME: ".$basic->pk_name.", P
 // time string thest
 $timestamp = 5887998.33445;
 $time_string = $basic->timeStringFormat($timestamp);
+print "PLANE TIME STRING: ".$timestamp."<br>";
 print "TIME STRING TEST: ".$time_string."<br>";
-print "REVERSE TIME STRING: ".$basic->stringToTime($time_string);
+print "REVERSE TIME STRING: ".$basic->stringToTime($time_string)."<br>";
+if (round($timestamp, 4) == $basic->stringToTime($time_string)) {
+	print "REVERSE TIME STRING MATCH<br>";
+} else {
+	print "REVERSE TRIME STRING DO NOT MATCH<br>";
+}
 
 // magic links test
 print $basic->magicLinks('user@bubu.at').'<br>';

www/admin/edit_base.inc

@@ -24,7 +24,7 @@ extract($_POST, EXTR_SKIP);
 
 $table_width = 750;
 // this is for certain CMS modules that set a relative path
-define(REL_PATH, '');
+define('REL_PATH', '');
 
 ob_start();
 include("config.inc");
@@ -137,7 +137,7 @@ $DATA['GROUP_NAME'] = $_SESSION["GROUP_NAME"];
 $DATA['GROUP_LEVEL'] = $_SESSION["GROUP_LEVEL"];
 $PAGES = $_SESSION["PAGES"];
 
-//$form->debug('menu', $form->print_ar($PAGES));
+//$form->debug('menu', $form->printAr($PAGES));
 
 // baue nav aus $PAGES ...
 for ($i = 0; $i < count($PAGES); $i ++) {
@@ -292,7 +292,7 @@ if ($form->yes) {
 			print "[No valid page definition given]";
 			break;
 	}
-//		$form->debug('edit', "Elements: <pre>".$form->print_ar($elements));
+//		$form->debug('edit', "Elements: <pre>".$form->printAr($elements));
 	$DATA['elements'] = $elements;
 	$DATA['hidden'] = $form->formCreateHiddenFields();
 	$DATA['save_delete'] = $form->formCreateSaveDelete();
@@ -304,7 +304,7 @@ $DEBUG_DATA['DEBUG'] = $DEBUG_TMPL;
 // create main data array
 $CONTENT_DATA = array_merge($HEADER, $DATA, $DEBUG_DATA);
 // data is 1:1 mapping (all vars, values, etc)
-while (list($key, $value) = each($CONTENT_DATA)) {
+foreach ($CONTENT_DATA as $key => $value) {
 	$smarty->assign($key, $value);
 }
 if (is_dir(BASE.TEMPLATES_C)) {

www/admin/files.php

@@ -52,6 +52,9 @@ if (!$show_type) {
 	$show_type = 'P';
 }
 
+// set edit access array
+$edit_access_ids = array_keys($cms->user_unit);
+
 // yes no list (online)
 $yesno_list['f'] = 'No';
 $yesno_list['t'] = 'Yes';
@@ -262,9 +265,16 @@ if ($cms->action == 'delete' && $cms->action_yes == 'true') {
 	}
 	if (QUEUE == 'live_queue') {
 		$q = "INSERT INTO ".GLOBAL_DB_SCHEMA.".live_queue (queue_key, key_value, key_name, type, target, data, group_key, action, file) VALUES (";
-		$q .= "'".$cms->queue_name."', '".$file_uid."', 'file_uid', 'DELETE', 'file', '', '".$cms->queue_key."', '".$cms->action."', '".BASE.MEDIA.$cms->data_path[$file_type].PUBLIC_SCHEMA."_".$file_uid."')";
+		$q .= "'".$cms->queue_name."', '".$file_uid."', 'file_uid', 'DELETE', 'file', '', '".$cms->queue_key."', '".$cms->action."', '".
+		$q .= BASE.MEDIA.$cms->data_path[$file_type].PUBLIC_SCHEMA."_".$file_uid."')";
 	}
 	@unlink(BASE.MEDIA.$cms->data_path[$file_type].DEV_SCHEMA."_".$file_uid);
+	// wipe out any old cache data for this new upload
+	if (is_array(glob($cms->cache_pictures."thumb_".TEST_SCHEMA."_".$file_uid."*"))) {
+		foreach (glob($cms->cache_pictures."thumb_".TEST_SCHEMA."_".$file_uid."*") as $filename) {
+			@unlink($filename);
+		}
+	}
 	unset($file_uid);
 	unset($file_id);
 	$delete_done = 1;
@@ -297,6 +307,12 @@ if ($cms->action_flag == 'set_live' && $cms->action = 'set_delete') {
 		$q_del = "DELETE FROM ".PUBLIC_SCHEMA.".file WHERE file_uid = '".$res['pkid'].'"';
 		$cms->db_exec($q_del);
 		@unlink(BASE.MEDIA.$cms->data_path[$res['type']].PUBLIC_SCHEMA."_".$res['file_uid']);
+		// wipe out any old cache data for this new upload
+		if (is_array(glob($cms->cache_pictures."thumb_".LIVE_SCHEMA."_".$file_uid."*"))) {
+			foreach (glob($cms->cache_pictures."thumb_".LIVE_SCHEMA."_".$file_uid."*") as $filename) {
+				@unlink($filename);
+			}
+		}
 	}
 	$q = "DELETE FROM ".LOGIN_DB_SCHEMA.".set_live WHERE table_name = '".$cms->page_name."' AND delete_flag = 't'";
 	$cms->db_exec($q);
@@ -304,13 +320,21 @@ if ($cms->action_flag == 'set_live' && $cms->action = 'set_delete') {
 if (DEV_SCHEMA != PUBLIC_SCHEMA) {
 	// read out possible deleted, to add "delete from live"
 	$q = "SELECT pkid FROM ".LOGIN_DB_SCHEMA.".set_live WHERE table_name = '".$cms->page_name."' AND delete_flag = 't'";
+	if ($cms->access_rights['base_acl'] < 90) {
+		$q .= "AND edit_access_id IN (".join(',', $edit_access_ids).") ";
+	}
 	while ($res = $cms->db_return($q, 3)) {
 		$cms->DATA['set_delete'][]['pkid'] = $res['pkid'];
 	}
 }
 // get th max entries
 $q = "SELECT COUNT(file_uid) FROM file ";
-$q_search_where = "WHERE type in ('".str_replace(',', "','", $show_type)."') ";
+$q_search_where = "WHERE ";
+// only for current edit_access id, unless it is an admin user, then he can see all of them
+if ($cms->access_rights['base_acl'] < 90) {
+	$q_search_where .= "edit_access_id IN (".join(',', $edit_access_ids).") AND ";
+}
+$q_search_where .= "type in ('".str_replace(',', "','", $show_type)."') ";
 if ($search_what) {
 	$q_search_where .= "AND LOWER(name_en) LIKE '%".addslashes(strtolower($search_what))."%' OR name_ja LIKE '%".addslashes($search_what)."%' OR LOWER(file_name) LIKE '%".addslashes(strtolower($search_what))."%' ";
 }

www/admin/set_paths.inc

@@ -117,3 +117,5 @@ if (false === strstr(LAYOUT.DEFAULT_TEMPLATE.LANG, $cms->lang_dir) || strcasecmp
 //	$cms->debug("LANGUAGE", "L: $lang | ".$cms->lang_dir." | MO File: ".$cms->l->mofile);
 $cms->debug("LANGUAGE", "SL: ".$_SESSION['DEFAULT_CHARSET']." | ".$_SESSION['LANG']." | ".$_SESSION['DEFAULT_LANG']);
 $cms->debug("TEMPLATE", "P: ".$smarty->getTemplateDir()[0]);
+
+# __END__

www/admin/smarty.inc

@@ -90,7 +90,7 @@ $cms->DEBUG_DATA['DEBUG'] = @$DEBUG_TMPL;
 // create main data array
 $cms->CONTENT_DATA = array_merge($cms->HEADER, $cms->DATA, $cms->DEBUG_DATA);
 // data is 1:1 mapping (all vars, values, etc)
-while (list($key, $value) = each($cms->CONTENT_DATA)) {
+foreach ($cms->CONTENT_DATA as $key => $value) {
 	$smarty->assign($key, $value);
 }
 if (is_dir(BASE.TEMPLATES_C)) {
@@ -100,3 +100,5 @@ if (is_dir(BASE.CACHE)) {
 	$smarty->setCacheDir(BASE.CACHE);
 }
 $smarty->display($MASTER_TEMPLATE_NAME, $TEMPLATE.$lang, $TEMPLATE.$lang);
+
+# __END__

www/admin/table_arrays/array_edit_access.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_access = array (
 	"table_array" => array (
 		"edit_access_id" => array (
@@ -74,3 +74,5 @@ $edit_access = array (
 		)
 	)
 );
+
+# __END__

www/admin/table_arrays/array_edit_groups.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_groups = array (
 	"table_array" => array (
 		"edit_group_id" => array (
@@ -97,3 +97,5 @@ $edit_groups = array (
 		) // edit pages ggroup
 	)
 );
+
+# __END__

www/admin/table_arrays/array_edit_languages.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_languages=array (
 	"table_array" => array (
 		"edit_language_id" => array (
@@ -70,3 +70,5 @@ $edit_languages=array (
 	),
 	"table_name" => "edit_language"
 );
+
+# __END__

www/admin/table_arrays/array_edit_menu_group.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_menu_group = array (
 	"table_array" => array (
 		"edit_menu_group_id" => array (
@@ -35,3 +35,5 @@ $edit_menu_group = array (
 		)
 	)
 );
+
+# __END__

www/admin/table_arrays/array_edit_pages.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_pages = array (
 	"table_array" => array (
 		"edit_page_id" => array (
@@ -26,7 +26,7 @@ $edit_pages = array (
 			"int" => 1,
 			"order" => 1
 		),
-/*			"flag" => array (
+		/* "flag" => array (
 			"value" => $GLOBALS["flag"],
 			"output_name" => "Page Flag",
 			"type" => "drop_down_array",
@@ -175,3 +175,5 @@ $edit_pages = array (
 		) // query_string element list
 	) // element list
 );
+
+# __END__

www/admin/table_arrays/array_edit_schemes.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_schemes = array (
 	"table_array" => array (
 		"edit_scheme_id" => array (
@@ -53,3 +53,4 @@ $edit_schemes = array (
 	)
 ); // main array
 
+# __END__

www/admin/table_arrays/array_edit_users.inc

@@ -1,4 +1,4 @@
-<?
+<?php
 $edit_users = array (
 	"table_array" => array (
 		"edit_user_id" => array (
@@ -251,3 +251,5 @@ $edit_users = array (
 		) // edit pages ggroup
 	)
 );
+
+# __END__

www/admin/table_arrays/array_edit_visible_group.inc

@@ -1,30 +1,32 @@
-<?
+<?php
-	$edit_visible_group = array (
+$edit_visible_group = array (
-		"table_array" => array (
+	"table_array" => array (
-			"edit_visible_group_id" => array (
+		"edit_visible_group_id" => array (
-				"value" => $GLOBALS["edit_visible_group_id"],
+			"value" => $GLOBALS["edit_visible_group_id"],
-				"type" => "hidden",
+			"type" => "hidden",
-				"pk" => 1
+			"pk" => 1
-			),
-			"name" => array (
-				"value" => $GLOBALS["name"],
-				"output_name" => $this->l->__("Group name"),
-				"mandatory" => 1,
-				"type" => "text"
-			),
-			"flag" => array (
-				"value" => $GLOBALS["flag"],
-				"output_name" => $this->l->__("Flag"),
-				"mandatory" => 1,
-				"type" => "text",
-				"error_check" => "alphanumeric|unique"
-			)
 		),
-		"table_name" => "edit_visible_group",
+		"name" => array (
-		"load_query" => "SELECT edit_visible_group_id, name FROM edit_visible_group ORDER BY name",
+			"value" => $GLOBALS["name"],
-		"show_fields" => array (
+			"output_name" => $this->l->__("Group name"),
-			array (
+			"mandatory" => 1,
-				"name" => "name"
+			"type" => "text"
-			)
+		),
+		"flag" => array (
+			"value" => $GLOBALS["flag"],
+			"output_name" => $this->l->__("Flag"),
+			"mandatory" => 1,
+			"type" => "text",
+			"error_check" => "alphanumeric|unique"
 		)
-	);
+	),
+	"table_name" => "edit_visible_group",
+	"load_query" => "SELECT edit_visible_group_id, name FROM edit_visible_group ORDER BY name",
+	"show_fields" => array (
+		array (
+			"name" => "name"
+		)
+	)
+);
+
+# __END__

www/configs/config.inc

@@ -1,6 +1,6 @@
 <?
 /********************************************************************
-* AUTHOR: Clemens "Gullevek" Schwaighofer (www.gullevek.org)
+* AUTHOR: Clemens Schwaighofer
 * CREATED: 2003/06/10
 * SHORT DESCRIPTION:
 *   configuration file
@@ -9,79 +9,82 @@
 
 /************* SESSION NAMES *************/
 // backend
-DEFINE('EDIT_SESSION_NAME', "<ADMIN SESSION NAME>");
+DEFINE('EDIT_SESSION_NAME', '<ADMIN SESSION NAME>');
 // frontend
-DEFINE('SESSION_NAME', "<SESSION NAME>");
+DEFINE('SESSION_NAME', '<SESSION NAME>');
 // set the session name
 define('SET_SESSION_NAME', EDIT_SESSION_NAME);
 
 /************* LANGUAGE / ENCODING *******/
-DEFINE('DEFAULT_LANG', "en_utf8");
+DEFINE('DEFAULT_LANG', 'en_utf8');
 // default web page encoding setting
-DEFINE('DEFAULT_ENCODING', "UTF-8");
+DEFINE('DEFAULT_ENCODING', 'UTF-8');
 
 /************* PATHS *********************/
+// directory seperator
+DEFINE('DS', DIRECTORY_SEPARATOR);
 // ** NEW/BETTER DIR DECLARATIONS **
 // path to original file (if symlink)
-DEFINE('DIR', __DIR__."/");
+DEFINE('DIR', __DIR__.DS);
-// libs base path based on DIR
+// base dir root folder level
-DEFINE('LIBDIR', DIR.'libs/');
+DEFINE('BASE', str_replace('configs', '', __DIR__));
-// SMARTY path based on DIR
-DEFINE('SMARTYDIR', DIR.'Smarty/');
-// table arrays for Class Form
-DEFINE('TABLEARRAYDIR', DIR.'table_arrays/');
 
 // ** OLD DIR DECLARATIONS **
 // path to document root of file called
-DEFINE('ROOT', getcwd()."/");
+DEFINE('ROOT', getcwd().DS);
 // libs path
-DEFINE('LIBS', "libs/");
+DEFINE('LIB', 'lib'.DS);
+DEFINE('LIBS', 'lib'.DS);
 // includes (strings, arrays for static, etc)
-DEFINE('INCLUDES', "includes/");
+DEFINE('INCLUDES', 'includes'.DS);
 // layout base path
-DEFINE('LAYOUT', 'layout/');
+DEFINE('LAYOUT', 'layout'.DS);
 // pic-root (compatible to CMS)
-DEFINE('PICTURES', "images/");
+DEFINE('PICTURES', 'images'.DS);
 // images
-DEFINE('IMAGES', "images/");
+DEFINE('IMAGES', 'images'.DS);
 // icons (below the images/ folder)
-DEFINE('ICONS', 'icons/');
+DEFINE('ICONS', 'icons'.DS);
 // media
-DEFINE('MEDIA', "media/");
+DEFINE('MEDIA', 'media'.DS);
 // flash-root (below media)
-DEFINE('FLASH', "flash/");
+DEFINE('FLASH', 'flash'.DS);
 // uploads (anything to keep)
-DEFINE('UPLOADS', "uploads/");
+DEFINE('UPLOADS', 'uploads'.DS);
 // files (binaries) (below media)
-DEFINE('BINARIES', "binaries/");
+DEFINE('BINARIES', 'binaries'.DS);
 // files (videos) (below media)
-DEFINE('VIDEOS', "videos/");
+DEFINE('VIDEOS', 'videos'.DS);
 // files (documents) (below media)
-DEFINE('DOCUMENTS', "documents/");
+DEFINE('DOCUMENTS', 'documents'.DS);
 // files (pdfs) (below media)
-DEFINE('PDFS', "documents/");
+DEFINE('PDFS', 'documents'.DS);
+// CSV
+DEFINE('CSV', 'csv'.DS);
 // css
-DEFINE('CSS', "css/");
+DEFINE('CSS', 'css'.DS);
 // js
-DEFINE('JS', "javascript/");
+DEFINE('JS', 'javascript'.DS);
 // table arrays
-DEFINE('TABLE_ARRAYS', "table_arrays/");
+DEFINE('TABLE_ARRAYS', 'table_arrays'.DS);
 // smarty libs path
-DEFINE('SMARTY', "Smarty/");
+DEFINE('SMARTY', 'Smarty'.DS);
 // po langs
-DEFINE('LANG', "lang/");
+DEFINE('LANG', 'lang'.DS);
 // cache path
-DEFINE('CACHE', "cache/");
+DEFINE('CACHE', 'cache'.DS);
 // temp path
-DEFINE('TMP', "tmp/");
+DEFINE('TMP', 'tmp'.DS);
 // log files
-DEFINE('LOG', 'log/');
+DEFINE('LOG', 'log'.DS);
+// compiled template folder
+DEFINE('TEMPLATES_C', 'templates_c'.DS);
 // template base
-DEFINE('TEMPLATES', "templates/");
+DEFINE('TEMPLATES', 'templates'.DS);
 // frontend template dir', only for admin
-DEFINE('TEMPLATES_FRONTEND', "templates_frontend/");
+DEFINE('TEMPLATES_FRONTEND', 'templates_frontend'.DS);
 // default template
-DEFINE('DEFAULT_TEMPLATE', "default/");
+DEFINE('DEFAULT_TEMPLATE', 'default'.DS);
 // default template file
 DEFINE('DEFAULT_TEMPLATE_FILE', 'default.tpl');
 
@@ -99,14 +102,14 @@ DEFINE('DEFAULT_ACL_SEND', 70);
 DEFINE('DEFAULT_ACL_DEL', 80);
 DEFINE('DEFAULT_ACL_ADMIN', 100); */
 // SSL host name
-//	DEFINE('SSL_HOST', "ssl.host.name");
+//	DEFINE('SSL_HOST', 'ssl.host.name');
 // error page strictness, Default is 3
 // 1: only show error page as the last mesure if really no mid & aid can be loaded and found at all
 // 2: if template not found, do not search, show error template
 // 3: if default template is not found, show error template, do not fall back to default tree
 // 4: very strict, even on normal fixable errors through error
 //	DEFINE('ERROR_STRICT', 3);
-// allow page caching in general, set to "FALSE" if you do debugging or development!
+// allow page caching in general, set to 'FALSE' if you do debugging or development!
 //	DEFINE('ALLOW_SMARTY_CACHE', FALSE);
 // cache life time, in seconds, default here is 2 days (172800s)
 // -1 is never expire cache
@@ -131,6 +134,11 @@ DEFINE('PAGE_WIDTH', 800);
 // the default template name
 DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 
+// below two can be defined here, but they should be
+// defined in either the header file or the file itself
+/************* LOGGING *******************/
+// DEFINE('LOG_FILE_ID', '');
+
 /************* QUEUE TABLE *************/
 // if we have a dev/live system
 // set_live is a per page/per item
@@ -142,37 +150,38 @@ DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 DEFINE('PUBLIC_SCHEMA', 'public');
 DEFINE('DEV_SCHEMA', 'public');
 DEFINE('TEST_SCHEMA', 'public');
+DEFINE('LIVE_SCHEMA', 'public');
 
 // non constant part
 /************* DB ACCESS *****************/
 // please be VERY carefull only to change the right side
 $DB_CONFIG = array (
-	"<db id>" => array (
+	'<db id>' => array (
-		"db_name" => "<database>",
+		'db_name' => '<database>',
-		"db_user" => "<user>",
+		'db_user' => '<user>',
-		"db_pass" => "<password>",
+		'db_pass' => '<password>',
-		"db_host" => "<host>",
+		'db_host' => '<host>',
-		"db_port" => "5432",
+		'db_port' => '5432',
-		"db_schema" => "public", // if not set, uses public
+		'db_schema' => 'public', // if not set, uses public
-		"db_type" => "pgsql",
+		'db_type' => 'pgsql',
-		"db_encoding" => '',
+		'db_encoding' => '',
-		"db_ssl" => 'disable' // allow, disable, require, prefer
+		'db_ssl' => 'disable' // allow, disable, require, prefer
 	)
 );
 
 // File and Folder paths
 // ID is TARGET (first array element)
-//	$PATHS["test"]["csv_path"] = "";
+//	$PATHS['test']['csv_path'] = '';
-//	$PATHS["test"]["perl_bin"] = "";
+//	$PATHS['test']['perl_bin'] = '';
-//	$PATHS["test"]["redirect_url"] = "";
+//	$PATHS['test']['redirect_url'] = '';
 
 // each host has a different db_host
 // development host
-$DB_HOST['<host>'] = "<db id>";
+$DB_HOST['<host>'] = '<db id>';
 // target host (live)
-//	$DB_TARGET_HOST['<host>'] = "<DB ID>";
+//	$DB_TARGET_HOST['<host>'] = '<DB ID>';
 // url redirect database
-//	$DB_URL_REDIRECT_HOST['<host>'] = "<DB ID>";
+//	$DB_URL_REDIRECT_HOST['<host>'] = '<DB ID>';
 // location flagging
 // test/dev/live
 $LOCATION['<host>'] = '<test|live|remote|etc>';
@@ -188,9 +197,9 @@ $USE_DATABASE = defined('USE_DATABASE') ? USE_DATABASE : true;
 // live frontend pages
 // ** missing live domains **
 // get the name without the port
-list($HOST_NAME, $PORT) = array_pad(explode(":", $_SERVER['HTTP_HOST'], 2), 2, null);
+list($HOST_NAME) = array_pad(explode(':', $_SERVER['HTTP_HOST'], 2), 2, null);
 if (!$DB_HOST[$HOST_NAME] && $USE_DATABASE) {
-	echo "No matching DB config found. Contact Admin<br>";
+	echo 'No matching DB config found. Contact Admin<br>';
 	exit -1;
 }
 
@@ -217,11 +226,11 @@ DEFINE('SHOW_ALL_ERRORS', false); // show all errors if debug_all & show_error_h
 $G_TITLE = '<OVERALL PAGE TITLE>';
 
 /************ STYLE SHEETS / JS **********/
-$EDIT_STYLESHEET = "edit.css";
+$EDIT_STYLESHEET = 'edit.css';
-$EDIT_JAVASCRIPT = "edit.js";
+$EDIT_JAVASCRIPT = 'edit.js';
 
-$STYLESHEET = "frontend.css";
+$STYLESHEET = 'frontend.css';
-$JAVASCRIPT = "frontend.js";
+$JAVASCRIPT = 'frontend.js';
 
 /************* CONVERT *******************/
 $paths = array (
@@ -231,14 +240,14 @@ $paths = array (
 );
 // find convert
 foreach ($paths as $path) {
-	if (file_exists($path."/convert") && is_file($path."/convert")) {
+	if (file_exists($path.DS.'convert') && is_file($path.DS.'convert')) {
 		// image magick convert location
-		DEFINE('CONVERT', $path."/convert");
+		DEFINE('CONVERT', $path.DS.'convert');
 	}
 }
 
 // turn off debug if debug flag is OFF
-if (DEBUG == false) {
+if (defined('DEBUG') && DEBUG == false) {
 	$ECHO_ALL = 0;
 	$DEBUG_ALL = 0;
 	$PRINT_ALL = 0;
@@ -249,27 +258,7 @@ if (DEBUG == false) {
 // any other global definitons here
 //	DEFINE('SOME_ID', <SOME VALUE>);
 
-// function that will be called on top of each class include to load the class
+// read auto loader
-function _spl_autoload($include_file)
+require BASE.LIB.'autoloader.php';
-{
+
-	// where to search for the files to include
+# __END__
-	$dirs = array (
-		LIBDIR,
-		SMARTYDIR,
-		TABLEARRAYDIR,
-		'',
-		LIBS,
-		SMARTY,
-		TABLE_ARRAYS,
-		__DIR__.'/'.LIBS,
-		__DIR__.'/'.SMARTY
-	);
-	// try to find and load the class ifle
-	foreach ($dirs as $folder) {
-		if (file_exists($folder.$include_file))	{
-			require_once($folder.$include_file);
-			return true;
-		}
-	}
-	return false;
-}

www/configs/config.template.inc

@@ -1,6 +1,6 @@
 <?php
 /********************************************************************
-* AUTHOR: Clemens "Gullevek" Schwaighofer (www.gullevek.org)
+* AUTHOR: Clemens Schwaighofer
 * CREATED: 2003/06/10
 * SHORT DESCRIPTION:
 *   configuration file
@@ -59,6 +59,8 @@ DEFINE('VIDEOS', "videos".DS);
 DEFINE('DOCUMENTS', "documents".DS);
 // files (pdfs) (below media)
 DEFINE('PDFS', "documents".DS);
+// CSV
+DEFINE('CSV', 'csv'.DS);
 // css
 DEFINE('CSS', "css".DS);
 // js
@@ -75,6 +77,8 @@ DEFINE('CACHE', "cache".DS);
 DEFINE('TMP', "tmp".DS);
 // log files
 DEFINE('LOG', 'log'.DS);
+// compiled template folder
+DEFINE('TEMPLATES_C', 'templates_c'.DS);
 // template base
 DEFINE('TEMPLATES', "templates".DS);
 // frontend template dir', only for admin
@@ -141,6 +145,7 @@ DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 DEFINE('PUBLIC_SCHEMA', 'public');
 DEFINE('DEV_SCHEMA', 'public');
 DEFINE('TEST_SCHEMA', 'public');
+DEFINE('LIVE_SCHEMA', 'public');
 
 // non constant part
 /************* DB ACCESS *****************/

www/layout/admin/default/css/edit.css

@@ -272,7 +272,7 @@ input[type="text"]:focus, textarea:focus, select:focus {
 }
 
 /* spacer for line break in float elements */
-.spacer {
+.clr, .spacer {
 	clear: both;
 }
 

www/lib/CoreLibs/ACL/Login.inc

@@ -69,8 +69,17 @@ class Login extends \CoreLibs\DB\IO
 	private $logout; // logout button
 	private $login_error; // login error code, can be matched to the array login_error_msg, which holds the string
 	private $password_change = false; // if this is set to true, the user can change passwords
+	private $password_change_ok = false; // password change was successful
 	private $pw_change_deny_users = array (); // array of users for which the password change is forbidden
 
+	// if we have password change we need to define some rules
+	private $password_min_length = 8;
+	// can have several regexes, if nothing set, all is ok
+	private $password_valid_chars = array (
+		// '^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{8,}$',
+		// '^(?.*(\pL)u)(?=.*(\pN)u)(?=.*([^\pL\pN])u).{8,}',
+	);
+
 	// all possible login error conditions
 	private $login_error_msg = array ();
 	// this is an array holding all strings & templates passed from the outside (translation)
@@ -99,7 +108,8 @@ class Login extends \CoreLibs\DB\IO
 
 		// no session could be found at all
 		if (!session_id()) {
-			echo "<b>Session not started!</b><br>Use 'session_start();'.<br>For less problems with other session, you can set a session name with 'session_name(\"name\");'.<br>";
+			echo "<b>Session not started!</b><br>Use 'session_start();'.<br>";
+			echo "For less problems with other session, you can set a session name with 'session_name(\"name\");'.<br>";
 			exit;
 		}
 
@@ -107,7 +117,15 @@ class Login extends \CoreLibs\DB\IO
 
 		// if we have a search path we need to set it, to use the correct DB to login
 		// check what schema to use. if there is a login schema use this, else check if there is a schema set in the config, or fall back to DB_SCHEMA if this exists, if this also does not exists use public schema
-		$SCHEMA = defined('LOGIN_DB_SCHEMA') ? LOGIN_DB_SCHEMA : ($db_config['db_schema'] ? $db_config['db_schema'] : (defined('DB_SCHEMA') ? DB_SCHEMA : 'public'));
+		if (defined('LOGIN_DB_SCHEMA')) {
+			$SCHEMA = LOGIN_DB_SCHEMA;
+		} elseif ($db_config['db_schema']) {
+			$SCHEMA = $db_config['db_schema'];
+		} elseif (defined('DB_SCHEMA')) {
+			$SCHEMA = DB_SCHEMA;
+		} else {
+			$SCHEMA = 'public';
+		}
 		// set schema if schema differs to schema set in db conneciton
 		if ($this->dbGetSchema() && $this->dbGetSchema() != $SCHEMA) {
 			$this->dbExec("SET search_path TO ".$SCHEMA);
@@ -229,6 +247,61 @@ class Login extends \CoreLibs\DB\IO
 		parent::__destruct();
 	}
 
+	// METHOD: loginPasswordCheck
+	// PARAMS: hash, optional password, to override
+	// RETURN: true or false
+	// DESC  : checks if password is valid, sets internal error login variable
+	private function loginPasswordCheck($hash, $password = '')
+	{
+		// check with what kind of prefix the password begins:
+		// $2a$ or $2y$: BLOWFISCH
+		// $1$: MD5
+		// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
+		// if no $ => normal password
+		// NOW, if we have a password encoded, but not the correct encoder available, throw special error
+		$password_ok = false;
+		if (!$password) {
+			$password = $this->password;
+		}
+		if ((preg_match("/^\\$2(a|y)\\$/", $hash) && CRYPT_BLOWFISH != 1) ||
+			(preg_match("/^\\$1\\$/", $hash) && CRYPT_MD5 != 1) ||
+			(preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) && CRYPT_STD_DES != 1)
+		) {
+			// this means password cannot be decrypted because of missing crypt methods
+			$this->login_error = 9999;
+			$password_ok = false;
+		} elseif ((preg_match("/^\\$2(a)\\$/", $hash) ||
+			// old password have $07$ so we check this
+			(preg_match("/^\\$2(y)\\$/", $hash) && preg_match("/\\$07\\$/", $hash)) ||
+			preg_match("/^\\$1\\$/", $hash) ||
+			preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash)) &&
+			!$this->verifyCryptString($password, $hash)
+		) {
+			// check passwword as crypted, $2a$ or $2y$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
+			// this is only for OLD $07$ password
+			$this->login_error = 1011;
+			$password_ok = false;
+		} elseif (preg_match("/^\\$2y\\$/", $hash) &&
+			!$this->passwordVerify($password, $hash)
+		) {
+			// this is the new password hash methid, is only $2y$
+			$this->login_error = 1013;
+			$password_ok = false;
+		} elseif (!preg_match("/^\\$2(a|y)\\$/", $hash) &&
+			!preg_match("/^\\$1\\$/", $hash) &&
+			!preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) &&
+			$hash != $password
+		) {
+			// check old plain password, case sensitive
+			$this->login_error = 1012;
+			$password_ok = false;
+		} else {
+			// all ok
+			$password_ok = true;
+		}
+		return $password_ok;
+	}
+
 	// METHOD: loginLoginUser
 	// WAS   : login_login_user
 	// PARAMS: none
@@ -242,11 +315,13 @@ class Login extends \CoreLibs\DB\IO
 				$this->login_error = 102;
 			} else {
 				// we have to get the themes in here too
-				$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
+				$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, ";
+				$q .= "eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
 				$q .= "debug, db_debug, ";
 				$q .= "eareu.level AS user_level, eareu.type AS user_type, ";
 				$q .= "eareg.level AS group_level, eareg.type AS group_type, ";
-				$q .= "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, first.header_color AS first_header_color, second.header_color AS second_header_color, second.template ";
+				$q .= "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, first.header_color AS first_header_color, ";
+				$q .= "second.header_color AS second_header_color, second.template ";
 				$q .= "FROM edit_user eu ";
 				$q .= "LEFT JOIN edit_scheme second ON (second.edit_scheme_id = eu.edit_scheme_id AND second.enabled = 1), ";
 				$q .= "edit_language el, edit_group eg, ";
@@ -257,7 +332,7 @@ class Login extends \CoreLibs\DB\IO
 				$q .= "eu.edit_access_right_id = eareu.edit_access_right_id AND ";
 				$q .= "eg.edit_access_right_id = eareg.edit_access_right_id AND ";
 				// password match is done in script, against old plain or new blowfish encypted
-				$q .= "(LOWER(username) = '".strtolower($this->username)."') ";
+				$q .= "(LOWER(username) = '".$this->dbEscapeString(strtolower($this->username))."') ";
 				$res = $this->dbReturn($q);
 				// username is wrong, but we throw for wrong username and wrong password the same error
 				if (!$this->cursor_ext[md5($q)]["num_rows"]) {
@@ -265,13 +340,6 @@ class Login extends \CoreLibs\DB\IO
 				} else {
 					// if login errors is half of max errors and the last login error was less than 10s ago, forbid any new login try
 
-					// check with what kind of prefix the password begins:
-					// $2a$ or $2y$: BLOWFISCH
-					// $1$: MD5
-					// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
-					// if no $ => normal password
-					// NOW, if we have a password encoded, but not the correct encoder available, throw special error
-
 					// check flow
 					// - user is enabled
 					// - user is not locked
@@ -285,27 +353,16 @@ class Login extends \CoreLibs\DB\IO
 					} elseif ($res['locked']) {
 						// user is locked, either set or auto set
 						$this->login_error = 105;
-					} elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) && CRYPT_BLOWFISH != 1) ||
+					} elseif (!$this->loginPasswordCheck($res['password'])) {
-						(preg_match("/^\\$1\\$/", $res['password']) && CRYPT_MD5 != 1) ||
+						// none to be set, set in login password check
-						(preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && CRYPT_STD_DES != 1)
-					) {
-						// this means password cannot be decrypted because of missing crypt methods
-						$this->login_error = 9999;
-					} elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) ||
-						preg_match("/^\\$1\\$/", $res['password']) ||
-						preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password'])) &&
-						!$this->verifyCryptString($this->password, $res['password'])
-					) {
-						// check passwword as crypted, $2a$ or $2y$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
-						$this->login_error = 1011;
-					} elseif (!preg_match("/^\\$2(a|y)\\$/", $res['password']) &&
-						!preg_match("/^\\$1\\$/", $res['password']) &&
-						!preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) &&
-						$res['password'] != $this->password
-					) {
-						// check old plain password, non case sensitive
-						$this->login_error = 1012;
 					} else {
+						// check if the current password is an invalid hash and do a rehash and set password
+						// $this->debug('LOGIN', 'Hash: '.$res['password'].' -> VERIFY: '.($this->passwordVerify($this->password, $res['password']) ? 'OK' : 'FAIL').' => HASH: '.($this->passwordRehashCheck($res['password']) ? 'NEW NEEDED' : 'OK'));
+						if ($this->passwordRehashCheck($res['password'])) {
+							// update password hash to new one now
+							$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->passwordSet($this->password))."' WHERE edit_user_id = ".$res['edit_user_id'];
+							$this->dbExec($q);
+						}
 						// normal user processing
 						// set class var and session var
 						$_SESSION["EUID"] = $this->euid = $res["edit_user_id"];
@@ -335,7 +392,8 @@ class Login extends \CoreLibs\DB\IO
 							$pages = array();
 							$edit_page_ids = array();
 							// set pages access
-							$q = "SELECT ep.edit_page_id, filename, ep.name AS edit_page_name, ep.order_number AS edit_page_order, menu, popup, popup_x, popup_y, online, ear.level, ear.type ";
+							$q = "SELECT ep.edit_page_id, filename, ep.name AS edit_page_name, ep.order_number AS edit_page_order, menu, ";
+							$q .= "popup, popup_x, popup_y, online, ear.level, ear.type ";
 							$q .= "FROM edit_page ep, edit_page_access epa, edit_access_right ear ";
 							$q .= "WHERE ep.edit_page_id = epa.edit_page_id AND ear.edit_access_right_id = epa.edit_access_right_id ";
 							$q .= "AND epa.enabled = 1 AND epa.edit_group_id = ".$res["edit_group_id"]." ";
@@ -548,6 +606,7 @@ class Login extends \CoreLibs\DB\IO
 			$this->acl['admin'] = 1;
 			$this->acl['base'] = 100;
 		} else {
+			$this->acl['admin'] = 0;
 			// now go throw the flow and set the correct ACL
 			// user > page > group
 			// group ACL 0
@@ -618,7 +677,7 @@ class Login extends \CoreLibs\DB\IO
 		// set the full acl list too
 		$this->acl['acl_list'] = $_SESSION['DEFAULT_ACL_LIST'];
 		// debug
-//			$this->debug('ACL', $this->print_ar($this->acl));
+		// $this->debug('ACL', $this->print_ar($this->acl));
 	}
 
 	// METHOD: loginCheckEditAccess
@@ -635,6 +694,28 @@ class Login extends \CoreLibs\DB\IO
 		}
 	}
 
+	// METHOD: loginPasswordChangeValidPassword
+	// PARAMS: the new password
+	// RETURN: true or false
+	// DESC  : checks if the password is in a valid format
+	private function loginPasswordChangeValidPassword($password)
+	{
+		$is_valid_password = true;
+		// check for valid in regex arrays in list
+		if (is_array($this->password_valid_chars)) {
+			foreach ($this->password_valid_chars as $password_valid_chars) {
+				if (!preg_match("/$password_valid_chars/", $password)) {
+					$is_valid_password = false;
+				}
+			}
+		}
+		// check for min length
+		if (strlen($password) < $this->password_min_length) {
+			$is_valid_password = false;
+		}
+		return $is_valid_password;
+	}
+
 	// METHOD: loginPasswordChange
 	// WAS   : login_password_change
 	// PARAMS: none
@@ -646,7 +727,7 @@ class Login extends \CoreLibs\DB\IO
 			$event = 'Password Change';
 			// check that given username is NOT in the deny list, else silent skip (with error log)
 			if (!in_array($this->pw_username, $this->pw_change_deny_users)) {
-				if (!$this->pw_username || !$this->pw_password) {
+				if (!$this->pw_username || !$this->pw_old_password) {
 					$this->login_error = 200;
 					$data = 'Missing username or old password.';
 				}
@@ -662,9 +743,9 @@ class Login extends \CoreLibs\DB\IO
 				}
 				// check old passwords match -> error
 				if (!$this->login_error) {
-					$q = "SELECT edit_user_id FROM edit_user WHERE enabled = 1 AND username = '".$this->dbEscapeString($this->pw_username)."' AND password = '".$this->dbEscapeString($this->pw_old_password)."'";
+					$q = "SELECT edit_user_id, password FROM edit_user WHERE enabled = 1 AND username = '".$this->dbEscapeString($this->pw_username)."'";
-					list ($edit_user_id) = $this->dbReturnRow($q);
+					list ($edit_user_id, $old_password_hash) = $this->dbReturnRow($q);
-					if (!$edit_user_id) {
+					if (!$edit_user_id || !$this->loginPasswordCheck($old_password_hash, $this->pw_old_password)) {
 						// old password wrong
 						$this->login_error = 202;
 						$data = 'The old password does not match';
@@ -681,15 +762,23 @@ class Login extends \CoreLibs\DB\IO
 				if (!$this->login_error) {
 					if ($this->pw_new_password != $this->pw_new_password_confirm) {
 						$this->login_error = 204;
-						$data = 'The new passwords do not match: '.$this->pw_new_password.' == '.$this->pw_new_password_confirm;
+						$data = 'The new passwords do not match';
+					}
+				}
+				// password shall match to something in minimum length or form
+				if (!$this->login_error) {
+					if (!$this->loginPasswordChangeValidPassword($this->pw_new_password)) {
+						$this->login_error = 205;
+						$data = 'The new password string is not valid';
 					}
 				}
 				// no error change this users password
 				if (!$this->login_error) {
 					// update the user (edit_user_id) with the new password
-					$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->cryptString($this->pw_new_password))."' WHERE edit_user_id = ".$edit_user_id;
+					$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->passwordSet($this->pw_new_password))."' WHERE edit_user_id = ".$edit_user_id;
 					$this->dbExec($q);
-					$data = 'Password change for user "'.$this->pw_username.'" from "'.$this->pw_old_password.'" to "'.$this->pw_new_password.'"';
+					$data = 'Password change for user "'.$this->pw_username.'"';
+					$this->password_change_ok = true;
 				}
 			} else {
 				// illegal user error
@@ -697,7 +786,7 @@ class Login extends \CoreLibs\DB\IO
 				$data = 'Illegal user for password change: '.$this->pw_username;
 			}
 			// log this password change attempt
-			$this->write_log($event, $data, $this->login_error, $pw_username, $pw_old_password);
+			$this->writeLog($event, $data, $this->login_error, $this->pw_username);
 		} // button pressed
 	}
 
@@ -727,29 +816,43 @@ class Login extends \CoreLibs\DB\IO
 				// pre change the data in the PASSWORD_CHANGE_DIV first
 				foreach ($this->login_template['strings'] as $string => $data) {
 					if ($data) {
-						$html_string_password_change = str_replace("{".$string."}", $data, $html_string_password_change);
+						$html_string_password_change = str_replace('{'.$string.'}', $data, $html_string_password_change);
 					}
 				}
+				// print error messagae
+				if ($this->login_error) {
+					$html_string_password_change = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string_password_change);
+				} else {
+					$html_string_password_change = str_replace('{ERROR_MSG}', '<br>', $html_string_password_change);
+				}
+				// if pw change action, show the float again
+				if ($this->change_password && !$this->password_change_ok) {
+					$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '<script language="JavaScript">ShowHideDiv(\'pw_change_div\');</script>', $html_string_password_change);
+				} else {
+					$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
+				}
 				$this->login_template['strings']['PASSWORD_CHANGE_DIV'] = $html_string_password_change;
 			}
 
 			// put in the logout redirect string
 			if ($this->logout && $LOGOUT_TARGET) {
-				$html_string = str_replace("{LOGOUT_TARGET}", '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
+				$html_string = str_replace('{LOGOUT_TARGET}', '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
 			} else {
-				$html_string = str_replace("{LOGOUT_TARGET}", '', $html_string);
+				$html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
 			}
 
 			// print error messagae
 			if ($this->login_error) {
-				$html_string = str_replace("{ERROR_MSG}", $this->login_error_msg[$this->login_error]."<br>", $html_string);
+				$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string);
+			} elseif ($this->password_change_ok && $this->password_change) {
+				$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[300].'<br>', $html_string);
 			} else {
-				$html_string = str_replace("{ERROR_MSG}", "<br>", $html_string);
+				$html_string = str_replace('{ERROR_MSG}', '<br>', $html_string);
 			}
 
 			// create the replace array context
 			foreach ($this->login_template['strings'] as $string => $data) {
-				$html_string = str_replace("{".$string."}", $data, $html_string);
+				$html_string = str_replace('{'.$string.'}', $data, $html_string);
 			}
 
 			// return the created HTML here
@@ -782,10 +885,10 @@ class Login extends \CoreLibs\DB\IO
 				$q = "SELECT username, password FROM edit_user WHERE edit_user_id = ".$this->euid;
 				list($username, $password) = $this->dbReturnRow($q);
 			} // if euid is set, get username (or try)
-			$this->writeLog($event, '', $this->login_error, $username, $password);
+			$this->writeLog($event, '', $this->login_error, $username);
 		} // write log under certain settings
 		// now close DB connection
-//			$this->error_msg = $this->_login();
+		// $this->error_msg = $this->_login();
 		if (!$this->permission_okay) {
 			return false;
 		} else {
@@ -816,6 +919,7 @@ class Login extends \CoreLibs\DB\IO
 			"1010" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // user not found
 			"1011" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // blowfish password wrong
 			"1012" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // fallback md5 password wrong
+			"1013" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // new password_hash wrong
 			"102" => $this->l->__("Fatal Error: <b>Login Failed - Please enter username and password</b>"),
 			"103" => $this->l->__("Fatal Error: <b>You do not have the rights to access this Page</b>"),
 			"104" => $this->l->__("Fatal Error: <b>Login Failed - User not enabled</b>"),
@@ -826,6 +930,8 @@ class Login extends \CoreLibs\DB\IO
 			"202" => $this->l->__("Fatal Error: <b>Password change - The old password is not correct</b>"),
 			"203" => $this->l->__("Fatal Error: <b>Password change - Please fill out both new password fields</b>"),
 			"204" => $this->l->__("Fatal Error: <b>Password change - The new passwords do not match</b>"),
+			"205" => $this->l->__("Fatal Error: <b>Password change - The new password is not in a valid format</b>"), // we should also not here WHAT is valid
+			"300" => $this->l->__("Success: <b>Password change successful</b>"), // for OK password change
 			"9999" => $this->l->__("Fatal Error: <b>necessary crypt engine could not be found</b>. Login is impossible") // this is bad bad error
 		);
 
@@ -852,6 +958,7 @@ class Login extends \CoreLibs\DB\IO
 <tr><td></td><td><input type="submit" name="change_password" value="{PASSWORD_CHANGE_BUTTON_VALUE}"><input type="button" name="pw_change" value="{CLOSE}" OnClick="ShowHideDiv('pw_change_div');"></td></tr>
 </table>
 </div>
+{PASSWORD_CHANGE_SHOW}
 EOM;
 		} else {
 			$strings = array_merge($strings, array (
@@ -862,14 +969,14 @@ EOM;
 		}
 
 		// first check if all strings are set from outside, if not, set with default ones
-		while (list($string, $data) = each($strings)) {
+		foreach ($strings as $string => $data) {
 			if (!array_key_exists($string, $this->login_template['strings'])) {
 				$this->login_template['strings'][$string] = $data;
 			}
 		}
 
 		// error msgs the same
-		while (list($code, $data) = each($error_msgs)) {
+		foreach ($error_msgs as $code => $data) {
 			if (!array_key_exists($code, $this->login_error_msg)) {
 				$this->login_error_msg[$code] = $data;
 			}
@@ -949,12 +1056,14 @@ EOM;
 	//        error -> if error, write error string (not enougth data, etc)
 	// RETURN: none
 	// DESC  : writes detailed data into the edit user log table (keep log what user does)
-	private function writeLog($event, $data, $error = "", $username = "", $password = "")
+	private function writeLog($event, $data, $error = '', $username = '')
 	{
 		if ($this->login) {
 				$this->action = 'Login';
 		} elseif ($this->logout) {
 				$this->action = 'Logout';
+		} else {
+			$this->action = '';
 		}
 		$_data_binary = array (
 				'_SESSION' => $_SESSION,
@@ -969,9 +1078,11 @@ EOM;
 		$q .= "(username, password, euid, event_date, event, error, data, data_binary, page, ";
 		$q .= "ip, user_agent, referer, script_name, query_string, server_name, http_host, http_accept, http_accept_charset, http_accept_encoding, session_id, ";
 		$q .= "action, action_id, action_yes, action_flag, action_menu, action_loaded, action_value, action_error) ";
-		$q .= "VALUES ('".$this->dbEscapeString($username)."', '".$this->dbEscapeString($password)."', ".(($this->euid) ? $this->euid : 'NULL').", ";
+		$q .= "VALUES ('".$this->dbEscapeString($username)."', 'PASSWORD', ".(($this->euid) ? $this->euid : 'NULL').", ";
 		$q .= "NOW(), '".$this->dbEscapeString($event)."', '".$this->dbEscapeString($error)."', '".$this->dbEscapeString($data)."', '".$data_binary."', '".$this->page_name."', ";
-		foreach (array('REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING') as $server_code) {
+		foreach (array(
+			'REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING'
+		) as $server_code) {
 			if (array_key_exists($server_code, $_SERVER)) {
 				$q .= "'".$this->dbEscapeString($_SERVER[$server_code])."', ";
 			} else {

www/lib/CoreLibs/Basic.inc

@@ -123,7 +123,7 @@ class Basic
 	private $log_print_file = 'error_msg##LOGID####LEVEL####CLASS####PAGENAME####DATE##';
 	private $log_file_unique_id; // a unique ID set only once for call derived from this class
 	public $log_print_file_date = 1; // if set add Y-m-d and do automatic daily rotation
-	private $log_file_id = LOG_FILE_ID ? LOG_FILE_ID : ''; // a alphanumeric name that has to be set as global definition
+	private $log_file_id = ''; // a alphanumeric name that has to be set as global definition
 	public $log_per_level = 0; // set, it will split per level (first parameter in debug call)
 	public $log_per_class = 0; // set, will split log per class
 	public $log_per_page = 0; // set, will split log per called file
@@ -148,12 +148,13 @@ class Basic
 	// error char for the char conver
 	public $mbErrorChar;
 
-	// crypt saslt prefix
+	// [!!! DEPRECATED !!!] crypt saslt prefix
 	public $cryptSaltPrefix = '';
 	public $cryptSaltSuffix = '';
 	public $cryptIterationCost = 7; // this is for staying backwards compatible with the old ones
 	public $cryptSaltSize = 22; // default 22 chars for blowfish, 2 for STD DES, 8 for MD5,
-
+	// new better password management
+	protected $password_options = array ();
 	// session name
 	private $session_name = '';
 	private $session_id = '';
@@ -178,9 +179,30 @@ class Basic
 			"class_author" => 'Clemens Schwaighofer'
 		);
 
+		// before we start any work, we should check that all MUST constants are defined
+		$abort = false;
+		foreach (array(
+			'DS', 'DIR', 'BASE', 'ROOT', 'LIB', 'INCLUDES', 'LAYOUT', 'PICTURES', 'FLASH', 'VIDEOS', 'DOCUMENTS', 'PDFS', 'BINARIES', 'ICONS',
+			'UPLOADS', 'CSV', 'JS', 'CSS', 'TABLE_ARRAYS', 'SMARTY', 'LANG', 'CACHE', 'TMP', 'LOG', 'TEMPLATES', 'TEMPLATES_C',
+			'TEMPLATES_FRONTEND', 'DEFAULT_TEMPLATE', 'DEFAULT_TEMPLATE_FILE', 'DEFAULT_LANG', 'DEFAULT_ENCODING', 'DEFAULT_HASH',
+			'DEFAULT_ACL_LEVEL', 'LOGOUT_TARGET', 'PASSWORD_CHANGE', 'AJAX_REQUEST_TYPE', 'USE_PROTOTYPE', 'USE_SCRIPTACULOUS', 'USE_JQUERY',
+			'PAGE_WIDTH', 'MASTER_TEMPLATE_NAME', 'PUBLIC_SCHEMA', 'TEST_SCHEMA', 'DEV_SCHEMA', 'LIVE_SCHEMA', 'LOGIN_DB', 'MAIN_DB', 'DB_SCHEMA',
+			'LOGIN_DB_SCHEMA', 'GLOBAL_DB_SCHEMA', 'TARGET', 'DEBUG', 'SHOW_ALL_ERRORS'
+		) as $constant) {
+			if (!defined($constant)) {
+				echo "Constant $constant misssing<br>";
+				$abort = true;
+			}
+		}
+		if ($abort === true) {
+			die('Core Constant missing. Check config file.');
+		}
+
 		// set the page name
 		$this->page_name = $this->getPageName();
 		$this->host_name = $this->getHostName();
+		// init the log file id
+		$this->log_file_id = defined('LOG_FILE_ID') ? LOG_FILE_ID : '';
 
 		// set the paths matching to the valid file types
 		$this->data_path = array (
@@ -327,7 +349,7 @@ class Basic
 		// initial the session if there is no session running already
 		if (!session_id()) {
 			// check if we have an external session name given, else skip this step
-			if (SET_SESSION_NAME) {
+			if (defined('SET_SESSION_NAME')) {
 				// set the session name for possible later check
 				$this->session_name = SET_SESSION_NAME;
 			}
@@ -340,8 +362,10 @@ class Basic
 			$this->session_id = session_id();
 		}
 
-		// init crypt settings
+		// [!!! DEPRECATED !!!] init crypt settings
 		$this->cryptInit();
+		// new better password init
+		$this->passwordInit();
 
 		// start logging running time
 		$this->runningTime();
@@ -431,7 +455,7 @@ class Basic
 	// DESC  : wrapper around microtime function to print out y-m-d h:i:s.ms
 	public static function printTime($set_microtime = -1)
 	{
-		list($microtime, $timestamp) = explode(" ", microtime());
+		list($microtime, $timestamp) = explode(' ', microtime());
 		$string = date("Y-m-d H:i:s", $timestamp);
 		// if microtime flag is -1 no round, if 0, no microtime, if >= 1, round that size
 		if ($set_microtime == -1) {
@@ -1088,6 +1112,37 @@ class Basic
 		return $ret_array;
 	}
 
+	// METHOD: arrayToString
+	// WAS   : ArrayToString
+	// PARAMS: array, connect char
+	// RETRUN: string
+	// DESC  : wrapper for join, but checks if input is an array and if not returns null
+	public static function arrayToString($array, $connect_char)
+	{
+		if (is_array($array)) {
+			return join($connect_char, $array);
+		} else {
+			return false;
+		}
+	}
+
+	// METHOD: flattenArray
+	// PARAMS: array in multi dimensions
+	// RETURN: returns a flatten array
+	// DESC  : converts multi dimensional array to a flat array
+	//         does NOT preserve keys
+	public static function flattenArray(array $array)
+	{
+		$return = array();
+		array_walk_recursive(
+			$array,
+			function ($a) use (&$return) {
+				$return[] = $a;
+			}
+		);
+		return $return;
+	}
+
 	// METHOD: __mbMimeEncode
 	// WAS   : _mb_mime_encode
 	// PARAMS: string to encode, encoding to encode in
@@ -1221,17 +1276,20 @@ class Basic
 	//         xd xh xm xs xms to a timestamp.microtime format
 	public static function stringToTime($timestring)
 	{
-		$timestamp = '';
+		$timestamp = 0;
 		if (preg_match("/(d|h|m|s|ms)/", $timestring)) {
-			$timegroups = array (1 => 86400, 3 => 3600, 5 => 60, 7 => 1);
+			// pos for preg match read + multiply factor
+			$timegroups = array (2 => 86400, 4 => 3600, 6 => 60, 8 => 1);
+			// preg match: 0: full strsing
+			// 2, 4, 6, 8 are the to need values
 			preg_match("/^((\d+)d ?)?((\d+)h ?)?((\d+)m ?)?((\d+)s ?)?((\d+)ms)?$/", $timestring, $matches);
 			// multiply the returned matches and sum them up. the last one (ms) is added with .
-			for ($i = 1; $i <= 7; $i += 2) {
+			foreach ($timegroups as $i => $time_multiply) {
-				if ($matches[$i]) {
+				if (is_numeric($matches[$i])) {
-					$timestamp += ($matches[($i + 1)] * $timegroups[$i]);
+					$timestamp += $matches[$i] * $time_multiply;
 				}
 			}
-			if ($matches[10]) {
+			if (is_numeric($matches[10])) {
 				$timestamp .= '.'.$matches[10];
 			}
 			return $timestamp;
@@ -1346,20 +1404,6 @@ class Basic
 		}
 	}
 
-	// METHOD: arrayToString
-	// WAS   : ArrayToString
-	// PARAMS: array, connect char
-	// RETRUN: string
-	// DESC  : wrapper for join, but checks if input is an array and if not returns null
-	public static function arrayToString($array, $connect_char)
-	{
-		if (is_array($array)) {
-			return join($connect_char, $array);
-		} else {
-			return false;
-		}
-	}
-
 	// METHOD: createThumbnail
 	// WAS   : CreateThumbnail
 	// PARAMS: pic -> picture where from we create a thumbnail
@@ -1630,6 +1674,11 @@ class Basic
 		return false;
 	}
 
+	// [!!! DEPRECATED !!!]
+	// ALL crypt* methids are DEPRECATED and SHALL NOT BE USED
+	// use the new password* instead
+
+	// [!!! DEPRECATED !!!] -> passwordInit
 	// METHOD: cryptInit
 	// PARAMS: none
 	// RETURN: none
@@ -1676,6 +1725,7 @@ class Basic
 		}
 	}
 
+	// [!!! DEPRECATED !!!] -> not needed
 	// METHOD: cryptSaltString
 	// PARAMS: random string length, default is 22 (for blowfish crypt)
 	// RETURN: random string
@@ -1703,6 +1753,7 @@ class Basic
 		return $salt_string;
 	}
 
+	// [!!! DEPRECATED !!!] -> passwordSet
 	// METHOD: cryptString
 	// PARAMS: string to be crypted (one way)
 	// RETURN: encrypted string
@@ -1714,6 +1765,7 @@ class Basic
 		return crypt($string, $this->cryptSaltPrefix.$this->cryptSaltString($this->cryptSaltSize).$this->cryptSaltSuffix);
 	}
 
+	// [!!! DEPRECATED !!!] -> passwordVerify
 	// METHOD: verifyCryptString
 	// PARAMS: plain string (eg password)
 	//         full crypted string (from cryptString
@@ -1729,6 +1781,61 @@ class Basic
 		}
 	}
 
+	// *** BETTER PASSWORD OPTIONS, must be used ***
+	// METHOD: passwordInit
+	// PARAMS: none
+	// RETURN: none
+	// DESC  : inits the password options set
+	//         currently this is et empty, and the default options are used
+	private function passwordInit()
+	{
+		// set default password cost: use default set automatically
+		$this->password_options = array (
+			// 'cost' => PASSWORD_BCRYPT_DEFAULT_COST
+		);
+	}
+
+	// METHOD: passwordSet
+	// PARAMS: password
+	// RETURN: hashed password
+	// DESC  : creates the password hash
+	public function passwordSet($password)
+	{
+		// always use the PHP default for the password
+		// password options ca be set in the password init, but should be kept as default
+		return password_hash($password, PASSWORD_DEFAULT, $this->password_options);
+	}
+
+	// METHOD: passwordVerify
+	// PARAMS: password and hash
+	// RETURN: true or false
+	// DESC  : checks if the entered password matches the hash
+	public function passwordVerify($password, $hash)
+	{
+		if (password_verify($password, $hash)) {
+			return true;
+		} else {
+			return false;
+		}
+		// in case something strange, return false on default
+		return false;
+	}
+
+	// METHOD: passwordRehashCheck
+	// PARAMS: hash
+	// RETURN: true or false
+	// DESC  : checks if the password needs to be rehashed
+	public function passwordRehashCheck($hash)
+	{
+		if (password_needs_rehash($hash, PASSWORD_DEFAULT, $this->password_options)) {
+			return true;
+		} else {
+			return false;
+		}
+		// in case of strange, force re-hash
+		return true;
+	}
+
 	// *** COLORS ***
 
 	// METHOD: hex2rgb

www/lib/CoreLibs/DB/IO.inc

@@ -501,7 +501,7 @@ class IO extends \CoreLibs\Basic
 	// NOTE  : used in db_dump_data only
 	private function __printArray($array)
 	{
-		while (list($key, $value) = each($array)) {
+		foreach ($array as $key => $value) {
 			$string .= $this->nbsp.'<b>'.$key.'</b> => ';
 			if (is_array($value)) {
 				$this->nbsp .= '&nbsp;&nbsp;&nbsp;';
@@ -567,7 +567,7 @@ class IO extends \CoreLibs\Basic
 			// write detailed error log
 		}
 		if ($this->warning_id) {
-			$this->__dbDebug('db', '<span style="color: orange;"><b>DB-Warning</b> '.$this->warning_id.': '.$this->error_string[$this->warning_id].($msg ? ', '.$msg : '').'</span>', 'DB_ERROR', $where_called);
+			$this->__dbDebug('db', '<span style="color: orange;"><b>DB-Warning</b> '.$this->warning_id.': '.$this->error_string[$this->warning_id].($msg ? ', '.$msg : '').'</span>', 'DB_WARNING', $where_called);
 			$this->had_warning = $this->warning_id;
 		}
 		// unset the error/warning vars
@@ -1111,7 +1111,7 @@ class IO extends \CoreLibs\Basic
 					$this->cursor_ext[$md5]['read_rows'] ++;
 					// if reset is <3 caching is done, else no
 					if ($reset < 3) {
-						while (list($field_name, $data) = each($return)) {
+						foreach ($return as $field_name => $data) {
 							$temp[$field_name] = $data;
 						}
 						$this->cursor_ext[$md5][] = $temp;

www/lib/CoreLibs/Output/Form/Generate.inc

@@ -270,12 +270,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		$this->int_pk_name = $this->pk_name;
 		// check if reference_arrays are given and proceed them
 		if (is_array($config_array["reference_arrays"])) {
-			while (list($key, $value) = each($config_array["reference_arrays"])) {
+			foreach ($config_array["reference_arrays"] as $key => $value) {
 				$this->reference_array[$key] = $value;
 			}
 		}
 		if (is_array($config_array["element_list"])) {
-			while (list($key, $value) = each($config_array["element_list"])) {
+			foreach ($config_array["element_list"] as $key => $value) {
 				$this->element_list[$key] = $value;
 			}
 		}
@@ -319,7 +319,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		}
 		reset($this->table_array);
 		$string .= "<b>TABLE ARRAY DUMP:</b> ".$this->table_name."<br>";
-		while (list($key, $value) = each($this->table_array)) {
+		foreach ($this->table_array as $key => $value) {
 			$string .= "<b>$key</b>: ".$value["value"]."<br>";
 		}
 		return $string;
@@ -347,7 +347,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$this->table_array = array ();
 		}
 		reset($this->table_array);
-		while (list($key, $value) = each($this->table_array)) {
+		foreach ($this->table_array as $key => $value) {
 			if ($value[$want_key] && !$key_value) {
 				return $key;
 			} elseif ($value[$want_key] == $key_value && $key_value) {
@@ -368,7 +368,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$this->table_array = array ();
 		}
 		reset($this->table_array);
-		while (list($key, $value) = each($this->table_array)) {
+		foreach ($this->table_array as $key => $value) {
 			if ($value[$want_key] && !$key_value) {
 				array_push($key_array, $key);
 			}
@@ -474,22 +474,26 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	{
 		// only do if the user is allowed to delete
 		if ($this->group_level_user <= $this->security_level["delete"] && !$this->table_array["protected"]["value"] && !$this->error) {
-			for ($i = 0; $i < count($element_list); $i ++) {
+			if (!is_array($element_list)) {
+				$element_list = array ();
+			}
+			for ($i = 0, $i_max = count($element_list); $i < $i_max; $i ++) {
 				// $this->debug('form_error', "Array: ".is_array($this->element_list[$element_list[$i]]["read_data"])." | ".$this->element_list[$element_list[$i]]["delete"]);
 				// if prefix, set it
 				$prfx = ($this->element_list[$element_list[$i]]["prefix"]) ? $this->element_list[$element_list[$i]]["prefix"]."_" : '';
 				// get the primary key
-				while (list($el_name, $data) = each($this->element_list[$element_list[$i]]["elements"])) {
+				foreach ($this->element_list[$element_list[$i]]["elements"] as $el_name => $data) {
 					if ($data["pk_id"]) {
 						$pk_name = $el_name;
 					}
 				}
 				// which key should be deleted
 				$id = $remove_name[$i];
-				if (($this->element_list[$element_list[$i]]["delete_name"] || $this->element_list[$element_list[$i]]["delete"]) && !$this->element_list[$element_list[$i]]["enable_name"]) {
+				if (($this->element_list[$element_list[$i]]["delete_name"] || $this->element_list[$element_list[$i]]["delete"]) &&
+					!$this->element_list[$element_list[$i]]["enable_name"]
+				) {
 					// flag var name
 					$flag = $remove_name[$i]."_flag";
-
 					if ($_POST[$flag] == "true") {
 						$q = "DELETE FROM ".$element_list[$i]." WHERE ".$pk_name." = ".$_POST[$id];
 						$this->dbExec($q);
@@ -497,7 +501,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 						$this->warning = 1;
 					} // post okay true -> delete
 				} elseif (is_array($this->element_list[$element_list[$i]]["read_data"]) && !$this->element_list[$element_list[$i]]["delete"]) {
-					for ($j = 0; $j < count($_POST[$id]); $j ++) {
+					if (!is_array($_POST[$id])) {
+						$_POST[$id] = array ();
+					}
+					for ($j = 0, $j_max = count($_POST[$id]); $j < $j_max; $j ++) {
 						// if it is not activated
 						if (!$_POST[$remove_name[$i]][$j]) {
 							$q = "UPDATE ".$element_list[$i]." WHERE ".$pk_name." = ".$_POST[$prfx.$pk_name][$j];
@@ -511,7 +518,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 					// $this->debug('form_clean', "ID [$id] [$prfx.$pk_name]");
 					// $this->debug('form_clean', "ID arr: ".$this->print_ar($_POST[$id]));
 					// $this->debug('form_clean', "PK arr: ".$this->print_ar($_POST[$prfx.$pk_name]));
-					for ($j = 0; $j < count($_POST[$prfx.$pk_name]); $j ++) {
+					for ($j = 0, $j_max = count($_POST[$prfx.$pk_name]); $j < $j_max; $j ++) {
 						if (!$_POST[$remove_name[$i]][$j] && $_POST[$prfx.$pk_name][$j]) {
 							$q = "DELETE FROM ".$element_list[$i]." WHERE ".$pk_name." = ".$_POST[$prfx.$pk_name][$j];
 							// $this->debug('edit_db', "DEL: $q");
@@ -540,13 +547,13 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 
 			// lade liste
 			$this->dbExec($this->load_query);
-			while ($res = $this->db_fetch_array()) {
+			while ($res = $this->dbFetchArray()) {
 				$pk_ids[] = $res[$this->int_pk_name];
 				if ($res[$this->int_pk_name] == $this->table_array[$this->int_pk_name]["value"]) {
 					$pk_selected = $res[$this->int_pk_name];
 				}
 				unset($t_string);
-				for ($i = 0; $i < count($this->field_array); $i ++) {
+				for ($i = 0, $i_max = count($this->field_array); $i < $i_max; $i ++) {
 					if ($t_string) {
 						$t_string .= ", ";
 					}
@@ -612,7 +619,14 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$show_delete = 1;
 			}
 		} // print save/delete row at all$
-		return array('seclevel_okay' => $seclevel_okay, 'save' => $save, 'pk_name' => $pk_name, 'pk_value' => $pk_value, 'show_delete' => $show_delete, 'hide_delete_checkbox' => $hide_delete_checkbox);
+		return array(
+			'seclevel_okay' => $seclevel_okay,
+			'save' => $save,
+			'pk_name' => $pk_name,
+			'pk_value' => $pk_value,
+			'show_delete' => $show_delete,
+			'hide_delete_checkbox' => $hide_delete_checkbox
+		);
 	} // end of function
 
 	// METHOD: formCreateElement
@@ -717,7 +731,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$data['name'] = $element_name;
 			$data['value'][] = "";
 			$data['output'][] = $this->l->__("Please choose ...");
-			while ($res = $this->db_return($query)) {
+			while ($res = $this->dbReturn($query)) {
 				$data['value'][] = $res[0];
 				$data['output'][] = $res[1];
 				if ($this->table_array[$element_name]["value"] == $res[0]) {
@@ -743,7 +757,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$data['value'][] = "";
 			$data['output'][] = $this->l->__("Please choose ...");
 			// outer query overrules inner
-			while (list($key, $value) = each($query)) {
+			foreach ($query as $key => $value) {
 				$data['value'][] = $key;
 				$data['output'][] = $value;
 				if ($this->table_array[$element_name]["value"] == $key) {
@@ -757,7 +771,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$query = $this->table_array[$element_name]["query"];
 			}
 			$data['name'] = $element_name;
-			while (list($key, $value) = each($query)) {
+			foreach ($query as $key => $value) {
 				$data['value'][] = $key;
 				$data['output'][] = $value;
 				if ($this->table_array[$element_name]["value"] == $key) {
@@ -806,7 +820,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$this->table_array = array ();
 		}
 		reset($this->table_array);
-		while (list($key, $value) = each($this->table_array)) {
+		foreach ($this->table_array as $key => $value) {
 			//if ($value["mandatory"] && $value["error_check"])
 			// if error value set && somethign input, check if input okay
 			if ($value["error_check"] && $this->table_array[$key]["value"]) {
@@ -844,7 +858,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 							break;
 						// check unique, check if field in table is not yet exist
 						case "unique":
-							$q = "SELECT ".$key." FROM ".$this->table_name." WHERE ".$key." = '".$this->db_escape_string($this->table_array[$key]["value"])."'";
+							$q = "SELECT ".$key." FROM ".$this->table_name." WHERE ".$key." = '".$this->dbEscapeString($this->table_array[$key]["value"])."'";
 							if ($this->table_array[$this->int_pk_name]["value"]) {
 								$q .= " AND ".$this->int_pk_name." <> ".$this->table_array[$this->int_pk_name]["value"];
 							}
@@ -887,16 +901,16 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 					} // switch
 				} // for each error to check
 			} elseif ($value["mandatory"] &&
-						(
+				(
-							// for all "normal" fields
+					// for all "normal" fields
-							($this->table_array[$key]["type"] != "password" && $this->table_array[$key]["type"] != "drop_down_db_input" && !$this->table_array[$key]["value"]) ||
+					($this->table_array[$key]["type"] != "password" && $this->table_array[$key]["type"] != "drop_down_db_input" && !$this->table_array[$key]["value"]) ||
-							// for drop_down_db_input check if one of both fields filled
+					// for drop_down_db_input check if one of both fields filled
-							($this->table_array[$key]["type"] == "drop_down_db_input" && !$this->table_array[$key]["input_value"] && !$this->table_array[$key]["value"]) ||
+					($this->table_array[$key]["type"] == "drop_down_db_input" && !$this->table_array[$key]["input_value"] && !$this->table_array[$key]["value"]) ||
-							// for password
+					// for password
-							($this->table_array[$key]["type"] == "password" && !$this->table_array[$key]["value"] && !$this->table_array[$key]["HIDDEN_value"])
+					($this->table_array[$key]["type"] == "password" && !$this->table_array[$key]["value"] && !$this->table_array[$key]["HIDDEN_value"])
-						)
+				)
-					// main if end
+			// main if end
-					) {
+			) {
 				// if mandatory && no input
 				// $this->debug('form', "A: ".$this->table_array[$key]["type"]." -- ".$this->table_array[$key]["input_value"]." -- ".$this->table_array[$key]["value"]);
 				if (!$this->table_array[$key]["value"] && $this->table_array[$key]["type"] != "binary") {
@@ -928,7 +942,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$this->reference_array = array ();
 			}
 			reset($this->reference_array);
-			while (list($key, $value) = each($this->reference_array)) {
+			foreach ($this->reference_array as $key => $value) {
 				if ($this->reference_array[$key]["mandatory"] && !$this->reference_array[$key]["selected"][0]) {
 					$this->msg .= sprintf($this->l->__("Please select at least one Element from field <b>%s</b>!<br>"), $this->reference_array[$key]["output_name"]);
 				}
@@ -938,7 +952,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		if (is_array($this->element_list)) {
 			// check the mandatory stuff
 			// if mandatory, check that at least on pk exists or if at least the mandatory field is filled
-			while (list($table_name, $reference_array) = each($this->element_list)) {
+			foreach ($this->element_list as $table_name => $reference_array) {
 				// set pk/fk id for this
 				foreach ($reference_array['elements'] as $_name => $_data) {
 					if ($_data['pk_id']) {
@@ -955,7 +969,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				// get max elements
 				$max = 0;
 				foreach ($keys as $key) {
-					if (count($_POST[$prfx.$key]) > $max) {
+					if (is_array($_POST[$prfx.$key]) && count($_POST[$prfx.$key]) > $max) {
 						$max = count($_POST[$prfx.$key]);
 					}
 					// $this->debug('edit_error_chk', "KEY: $prfx$key | count: ".count($_POST[$prfx.$key])." | M: $max");
@@ -965,7 +979,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				# check each row
 				for ($i = 0; $i < $max; $i ++) {
 					// either one of the post pks is set, or the mandatory
-					while (list($el_name, $data_array) = each($reference_array["elements"])) {
+					foreach ($reference_array["elements"] as $el_name => $data_array) {
 						if ($data_array["mandatory"]) {
 							$mand_name = $data_array["output_name"];
 						}
@@ -999,7 +1013,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 								switch ($error_check) {
 									// check unique, check if field in table is not yet exist
 									case "unique":
-										$q = "SELECT ".$_pk_name." FROM ".$table_name." WHERE ".$el_name." = '".$this->db_escape_string($_POST[$prfx.$el_name][$i])."'";
+										$q = "SELECT ".$_pk_name." FROM ".$table_name." WHERE ".$el_name." = '".$this->dbEscapeString($_POST[$prfx.$el_name][$i])."'";
 										if ($this->table_array[$this->int_pk_name]["value"]) {
 											$q .= " AND ".$this->int_pk_name." <> ".$this->table_array[$this->int_pk_name]["value"];
 										}
@@ -1078,7 +1092,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$this->table_array = array ();
 		}
 		reset($this->table_array);
-		while (list($key, $value) = each($this->table_array)) {
+		foreach ($this->table_array as $key => $value) {
 			unset($this->table_array[$key]["value"]);
 			unset($this->table_array[$key]["input_value"]);
 			// if preset var present preset
@@ -1091,7 +1105,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$this->reference_array = array ();
 			}
 			reset($this->reference_array);
-			while (list($key, $value) = each($this->reference_array)) {
+			foreach ($this->reference_array as $key => $value) {
 				unset($this->reference_array[$key]["selected"]);
 			}
 		}
@@ -1109,14 +1123,14 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		if ($pk_id) {
 			$this->pk_id = $pk_id;
 		}
-		$this->table_array = $this->db_read(1);
+		$this->table_array = $this->dbRead(1);
 
 		// reset all temp fields
 		if (!is_array($this->table_array)) {
 			$this->table_array = array ();
 		}
 		reset($this->table_array);
-		while (list($key, $value) = each($this->table_array)) {
+		foreach ($this->table_array as $key => $value) {
 			unset($this->table_array[$key]["input_value"]);
 		}
 
@@ -1126,10 +1140,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$this->reference_array = array ();
 			}
 			reset($this->reference_array);
-			while (list($key, $value) = each($this->reference_array)) {
+			foreach ($this->reference_array as $key => $value) {
 				unset($this->reference_array[$key]["selected"]);
 				$q = "SELECT ".$this->reference_array[$key]["other_table_pk"]." FROM ".$this->reference_array[$key]["table_name"]." WHERE ".$this->int_pk_name."=".$this->table_array[$this->int_pk_name]["value"];
-				while ($res = $this->db_return($q)) {
+				while ($res = $this->dbReturn($q)) {
 					$this->reference_array[$key]["selected"][] = $res[$this->reference_array[$key]["other_table_pk"]];
 				}
 			}
@@ -1145,20 +1159,19 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	// DESC  : save a table, reference and all input fields
 	public function formSaveTableArray($addslashes = 0)
 	{
-//       global $_FILES;
 		// for drop_down_db_input check if text field is filled and if, if not yet in db ...
 		// and upload files
 		if (!is_array($this->table_array)) {
 			$this->table_array = array ();
 		}
 		reset($this->table_array);
-		while (list($key, $value) = each($this->table_array)) {
+		foreach ($this->table_array as $key => $value) {
 			// drop_down_db with input + reference table
-//$this->debug('form', "A: ".$this->table_array[$key]["type"]." --- ".$this->table_array[$key]["input_value"]);
+			// $this->debug('form', "A: ".$this->table_array[$key]["type"]." --- ".$this->table_array[$key]["input_value"]);
 			if ($this->table_array[$key]["type"] == "drop_down_db_input" && $this->table_array[$key]["input_value"]) {
-//$this->debug('form', "HERE");
+				// $this->debug('form', "HERE");
 				// check if this text name already exists (lowercase compare)
-				$q = "SELECT ".$this->table_array[$key]["pk_name"]." FROM ".$this->table_array[$key]["table_name"]." WHERE LCASE(".$this->table_array[$key]["input_name"].") = '".$this->db_escape_string(strtolower($this->table_array[$key]["input_value"]))."'";
+				$q = "SELECT ".$this->table_array[$key]["pk_name"]." FROM ".$this->table_array[$key]["table_name"]." WHERE LCASE(".$this->table_array[$key]["input_name"].") = '".$this->dbEscapeString(strtolower($this->table_array[$key]["input_value"]))."'";
 				// if a where was given, add here
 				if ($this->table_array[$key]["where"]) {
 					$q .= " AND ".$this->table_array[$key]["where"];
@@ -1169,7 +1182,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				} else {
 					// if a where was given, set this key also [dangerous!]
 					// postgreSQL compatible insert
-					$q = "INSERT INTO ".$this->table_array[$key]["table_name"]." (".$this->table_array[$key]["input_name"].") VALUES ('".$this->db_escape_string($this->table_array[$key]["input_value"])."')";
+					$q = "INSERT INTO ".$this->table_array[$key]["table_name"]." (".$this->table_array[$key]["input_name"].") VALUES ('".$this->dbEscapeString($this->table_array[$key]["input_value"])."')";
 					$this->dbExec($q);
 					if ($this->table_array[$key]["where"]) {
 						// make an update on the just inseted data with the where data als update values
@@ -1187,7 +1200,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				// if drop down & input are different
 				if ($this->table_array[$key]["input_value"] != $this->table_array[$key]["value"]) {
 					// check if "right input" is in DB
-					$q = "SELECT ".$this->table_array[$key]["input_name"]." FROM ".$this->table_array[$key]["table_name"]." WHERE LCASE(".$this->table_array[$key]["input_name"].") = '".strtolower($this->db_escape_string($this->table_array[$key]["input_value"]))."'";
+					$q = "SELECT ".$this->table_array[$key]["input_name"]." FROM ".$this->table_array[$key]["table_name"]." WHERE LCASE(".$this->table_array[$key]["input_name"].") = '".strtolower($this->dbEscapeString($this->table_array[$key]["input_value"]))."'";
 					// if a where was given, add here
 					if ($this->table_array[$key]["where"]) {
 						$q .= " AND ".$this->table_array[$key]["where"];
@@ -1208,10 +1221,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				// if smth in $$key_file -> save or overwrite
 				// if smth in $key && $$key_delete && !$$key_file-> delte
 				// if smth in $key, keep as is
-//           $_file=$key."_file";
+				// $_file=$key."_file";
-//           $_delete=$key."_delete";
+				// $_delete=$key."_delete";
-//$this->debug('form', "UF: ".$GLOBALS["_FILES"][$key."_file"]['name']);
+				// $this->debug('form', "UF: ".$GLOBALS["_FILES"][$key."_file"]['name']);
-//$this->debug('form', "delete: ".$key."_delete => ".$GLOBALS[$key.'_delete']);
+				// $this->debug('form', "delete: ".$key."_delete => ".$GLOBALS[$key.'_delete']);
 				if ($GLOBALS["_FILES"][$key."_file"]['name']) {
 					// check if dir exists
 					if (is_dir($this->table_array[$key]["save_dir"])) {
@@ -1240,11 +1253,11 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			// for password crypt it as blowfish, or if not available MD5
 			if ($this->table_array[$key]['type'] == 'password') {
 				if ($this->table_array[$key]["value"]) {
-					// password is stored in blowfish format, or in the format supported by this PHP version
+					// use the better new passwordSet instead of crypt based
-					$this->table_array[$key]["value"] = $this->cryptString($this->table_array[$key]["value"]);
+					$this->table_array[$key]['value'] = $this->passwordSet($this->table_array[$key]['value']);
 					$this->table_array[$key]["HIDDEN_value"] = $this->table_array[$key]["value"];
 				} else {
-//						$this->table_array[$key]["HIDDEN_value"] =
+					// $this->table_array[$key]["HIDDEN_value"] =
 				}
 			}
 		} // go through each field
@@ -1263,7 +1276,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$q = "DELETE FROM ".$reference_array["table_name"]." WHERE ".$this->int_pk_name."=".$this->table_array[$this->int_pk_name]["value"];
 				$this->dbExec($q);
 				$q = "INSERT INTO ".$reference_array["table_name"]." (".$reference_array["other_table_pk"].", ".$this->int_pk_name.") VALUES ";
-				for ($i = 0; $i < count($reference_array["selected"]); $i ++) {
+				for ($i = 0, $i_max = count($reference_array["selected"]); $i < $i_max; $i ++) {
 					$t_q = "(".$reference_array["selected"][$i].", ".$this->table_array[$this->int_pk_name]["value"].")";
 					$this->dbExec($q.$t_q);
 				}
@@ -1275,7 +1288,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$this->element_list = array ();
 			}
 			reset($this->element_list);
-			while (list($table_name, $reference_array) = each($this->element_list)) {
+			foreach ($this->element_list as $table_name => $reference_array) {
 				// get the number of keys from the elements array
 				$keys = array_keys($reference_array["elements"]);
 				// element prefix name
@@ -1283,18 +1296,18 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				// get max elements
 				$max = 0;
 				foreach ($keys as $key) {
-					if (count($_POST[$prfx.$key]) > $max) {
+					if (is_array($_POST[$prfx.$key]) && count($_POST[$prfx.$key]) > $max) {
 						$max = count($_POST[$prfx.$key]);
 					}
 				}
-//$this->debug('edit_error', "MAX: $max");
+				// $this->debug('edit_error', "MAX: $max");
 				// check if there is a hidden key, update, else insert
-				while (list($el_name, $data_array) = each($reference_array["elements"])) {
+				foreach ($reference_array["elements"] as $el_name => $data_array) {
 					// this is only for reference_data part, at least one of the text fields need to be set for writing
 					$blow_write = array ();
-//$this->debug('edit_error_query', "QUERY: ".$this->print_ar($_POST));
+					// $this->debug('edit_error_query', "QUERY: ".$this->print_ar($_POST));
 					// go through all submitted data
-//						for ($i = 0; $i < count($_POST[$el_name]); $i ++)
+					// for ($i = 0; $i < count($_POST[$el_name]); $i ++)
 					for ($i = 0; $i < $max; $i ++) {
 						// if we have enable name & delete set, then only insert/update those which are flagged as active
 						// check if mandatory field is set, if not set "do not write flag"
@@ -1326,7 +1339,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 						// write all data (insert/update) because I don't know until all are processed if it is insert or update
 						// don't write primary key backup for update
 						// for reference_data type, only write if at least one text type field is set
-//$this->debug('edit_error', "I: $i | EL Name: $prfx$el_name | Data: ".$_POST[$prfx.$el_name][$i]." | Type: ".$type[$i]." | PK: ".$data_array["pk_id"].", Block write: ".$block_write[$i]);
+						// $this->debug('edit_error', "I: $i | EL Name: $prfx$el_name | Data: ".$_POST[$prfx.$el_name][$i]." | Type: ".$type[$i]." | PK: ".$data_array["pk_id"].", Block write: ".$block_write[$i]);
 						// only add elements that are not PK or FK flaged
 						if (!$data_array['pk_id'] && !$data_array['fk_id']) {
 							// update data list
@@ -1365,14 +1378,14 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 								$q_values[$i] .= $_value;
 							} else {
 								// normal data gets escaped
-								$q_data[$i] .= $el_name." = '".$this->db_escape_string($_value)."'";
+								$q_data[$i] .= $el_name." = '".$this->dbEscapeString($_value)."'";
-								$q_values[$i] .= "'".$this->db_escape_string($_value)."'";
+								$q_values[$i] .= "'".$this->dbEscapeString($_value)."'";
 							}
 						}
 					}
 				} // eche table elements
 				// finalize the queries, add FK key reference for inserts and run the query
-				for ($i = 0; $i < count($type); $i ++) {
+				for ($i = 0, $i_max = count($type); $i < $i_max; $i ++) {
 					$q = '';
 					if (!$no_write[$i]) {
 						if ($type[$i] == "update") {
@@ -1417,7 +1430,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$this->element_list = array ();
 			}
 			reset($this->element_list);
-			while (list($table_name, $data_array) = each($this->element_list)) {
+			foreach ($this->element_list as $table_name => $data_array) {
 				$q = "DELETE FROM ".$table_name." WHERE ".$this->int_pk_name." = ".$this->table_array[$this->int_pk_name]["value"];
 				$this->dbExec($q);
 			}
@@ -1427,12 +1440,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$this->table_array = array ();
 		}
 		reset($this->table_array);
-		while (list($key, $value) = each($this->table_array)) {
+		foreach ($this->table_array as $key => $value) {
 			if ($this->table_array[$key]["type"] == "file") {
 				unlink($this->table_array[$key]["save_dir"].$this->table_array[$key]["value"]);
 			}
 		}
-		$this->db_delete();
+		$this->dbDelete();
 		$this->warning = 1;
 		$this->msg = $this->l->__("Dataset has been deleted!");
 	}
@@ -1442,21 +1455,25 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	// PARAMS: $hidden_array
 	// RETURN: the input fields (html)
 	// DESC  : creates HTML hidden input fields out of an hash array
-	public function formCreateHiddenFields($hidden_array = "")
+	public function formCreateHiddenFields($hidden_array = array ())
 	{
 		$hidden = array ();
 		if (!is_array($this->table_array)) {
 			$this->table_array = array ();
 		}
 		reset($this->table_array);
-		while (list($key, $value) = each($this->table_array)) {
+		foreach ($this->table_array as $key => $value) {
 			if ($this->table_array[$key]["type"] == "hidden") {
-				$hidden_array[$key] = $this->table_array[$key]["value"];
+				if (array_key_exists($key, $this->table_array)) {
+					$hidden_array[$key] = $this->table_array[$key]["value"];
+				} else {
+					$hidden_array[$key] = '';
+				}
 			}
 		}
 		if (is_array($hidden_array)) {
 			reset($hidden_array);
-			while (list($key, $value) = each($hidden_array)) {
+			foreach ($hidden_array as $key => $value) {
 				$hidden[] = array('key' => $key, 'value' => $value);
 			}
 		}
@@ -1476,7 +1493,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		}
 		$data['name'] = $this->reference_array[$table_name]["other_table_pk"];
 		$data['size'] = $this->reference_array[$table_name]["select_size"];
-		while ($res = $this->db_return($this->reference_array[$table_name]["query"])) {
+		while ($res = $this->dbReturn($this->reference_array[$table_name]["query"])) {
 			$data['value'][] = $res[0];
 			$data['output'][] = $res[1];
 			$data['selected'][] = ($this->checked($this->reference_array[$table_name]["selected"], $res[0])) ? $res[0] : '';
@@ -1524,7 +1541,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		reset($this->element_list[$table_name]["elements"]);
 		// generic data read in (counts for all rows)
 		// visible list data output
-		while (list($el_name, $data_array) = each($this->element_list[$table_name]["elements"])) {
+		foreach ($this->element_list[$table_name]["elements"] as $el_name => $data_array) {
 			$this->debug('CFG', 'El: '.$el_name.' -> '.$this->print_ar($data_array));
 			// if the element name matches the read array, then set the table as a name prefix
 			$q_select[] = $el_name; // this is for reading the data
@@ -1543,7 +1560,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			// only two elements are allowed: pos 0 is key, pso 1 is visible output name
 			if ($data_array['type'] == 'drop_down_db') {
 				$md_q = md5($data_array['query']);
-				while ($res = $this->db_return($data_array['query'])) {
+				while ($res = $this->dbReturn($data_array['query'])) {
 					$this->debug('edit', "Q[$md_q] pos: ".$this->cursor_ext[$md_q]["pos"]." | want: ".$data_array["preset"]." | set: ".$data['preset'][$el_name]);
 					// first is default for this element
 					if (!$data['preset'][$el_name] && ($this->cursor_ext[$md_q]["pos"] == $data_array['preset'])) {
@@ -1556,7 +1573,19 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			} elseif ($data_array["element_list"]) {
 				$data['element_list'][$el_name] = $data_array["element_list"]; // this is for the checkboxes
 			}
-			$proto[$el_name] = ($this->error) ? $_POST[$el_name][(count($_POST[$el_name]) - 1)] : ''; // this is for the new line
+			$this->debug('CREATE ELEMENT LIST TABLE', 'Post: '.$el_name.' => '.$_POST[$el_name].' => '.is_array($_POST[$el_name]));
+			// if error, check new line addition so we don't loose it
+			if ($this->error) {
+				if (is_array($_POST[$el_name])) {
+					// this is for the new line
+					$proto[$el_name] = $_POST[$el_name][(count($_POST[$el_name]) - 1)];
+				} else {
+					$proto[$el_name] = 0;
+				}
+			} else {
+				$proto[$el_name] = '';
+			}
+			// $proto[$el_name] = $this->error ? $_POST[$el_name][(count($_POST[$el_name]) - 1)] : '';
 		}
 		// $this->debug('CFG DATA', 'Data: '.$this->print_ar($data));
 		// $this->debug('CFG PROTO', 'Proto: '.$this->print_ar($proto));
@@ -1611,11 +1640,11 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		if ($q) {
 			$pos = 0; // position in while for overwrite if needed
 			// read out the list and add the selected data if needed
-			while ($res = $this->db_return($q)) {
+			while ($res = $this->dbReturn($q)) {
 				$_data = array ();
 				$prfx = $data["prefix"]; // short
 				// go through each res
-				for ($i = 0; $i < count($q_select); $i ++) {
+				for ($i = 0, $i_max = count($q_select); $i < $i_max; $i ++) {
 					// query select part, set to the element name
 					$el_name = $q_select[$i];
 					// $this->debug('edit_error', "[$i] ELNAME: $el_name | POS[$prfx$el_name]: ".$_POST[$prfx.$el_name][$pos]." | RES: ".$res[$el_name]);
@@ -1650,12 +1679,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$this->element_list[$table_name]['max_empty'] = 10;
 			}
 			// check if we need to fill fields
-			$element_count = count($data['content']);
+			$element_count = is_array($data['content']) ? count($data['content']) : 0;
-			$missing_empty_count = $this->element_list[$table_name]['max_empty'] - count($data['content']);
+			$missing_empty_count = $this->element_list[$table_name]['max_empty'] - $element_count;
 			$this->debug('CFG MAX', 'Max empty: '.$this->element_list[$table_name]['max_empty'].', Missing: '.$missing_empty_count.', Has: '.$element_count);
 			// set if we need more open entries or if we do not have any entries yet
 			if (($missing_empty_count < $this->element_list[$table_name]['max_empty']) || $element_count == 0) {
-				for ($pos = count($data['content']); $pos <= ($this->element_list[$table_name]['max_empty'] + $element_count); $pos ++) {
+				for ($pos = $element_count , $pos_max = $this->element_list[$table_name]['max_empty'] + $element_count; $pos <= $pos_max; $pos ++) {
 					$_data = array ();
 
 					// the fields that need to be filled are in data->type array: