Phan fixes with smarty class and file uploader class

Remove .htaccess file with php variable settings as this will not work
on FPM calls.
Various minor fixes in core libs

Basic lib debug output check is now a sub class so we can use this
everywhere without writing the whole if statement again

Basic lib has a dummy uniq id method added. Not yet finished

.phan/config.php

@@ -56,6 +56,7 @@ return [
 		"./www/configs/config.db.php",
 		"./www/configs/config.host.php",
 		"./www/configs/config.path.php",
+		"./www/configs/config.other.php",
 		"./www/configs/config.master.php",
 		"./www/includes/admin_header.php",
 	],

www/admin/class_test.php

@@ -224,6 +224,13 @@ if (round($timestamp, 4) == $basic->stringToTime($time_string)) {
 } else {
 	print "REVERSE TRIME STRING DO NOT MATCH<br>";
 }
+print "ZERO TIME STRING: ".$basic->timeStringFormat(0, true)."<br>";
+print "ZERO TIME STRING: ".$basic->timeStringFormat(0.0, true)."<br>";
+print "ZERO TIME STRING: ".$basic->timeStringFormat(1.005, true)."<br>";
+
+echo "HTML ENT INT: ".$basic->htmlent(5)."<br>";
+echo "HTML ENT STRING: ".$basic->htmlent('5<<>')."<br>";
+echo "HTML ENT NULL: ".$basic->htmlent(null)."<br>";
 
 // magic links test
 print $basic->magicLinks('user@bubu.at').'<br>';

www/admin/smarty_test.php

@@ -10,26 +10,28 @@ define('USE_DATABASE', true);
 define('USE_HEADER', true);
 require 'config.php';
 require BASE.INCLUDES.'admin_header.php';
-$smarty->MASTER_TEMPLATE_NAME = 'main_body.tpl';
+if (is_object($smarty)) {
-$smarty->TEMPLATE_NAME = 'smarty_test.tpl';
+	$smarty->MASTER_TEMPLATE_NAME = 'main_body.tpl';
-$smarty->CSS_SPECIAL_TEMPLATE_NAME = 'smart_test.css';
+	$smarty->TEMPLATE_NAME = 'smarty_test.tpl';
-$smarty->USE_PROTOTYPE = false;
+	$smarty->CSS_SPECIAL_TEMPLATE_NAME = 'smart_test.css';
-$smarty->USE_JQUERY = true;
+	$smarty->USE_PROTOTYPE = false;
-$smarty->JS_DATEPICKR = false;
+	$smarty->USE_JQUERY = true;
-if ($smarty->USE_PROTOTYPE) {
+	$smarty->JS_DATEPICKR = false;
-	$smarty->ADMIN_JAVASCRIPT = 'edit.pt.js';
+	if ($smarty->USE_PROTOTYPE) {
-	$smarty->JS_SPECIAL_TEMPLATE_NAME = 'prototype.test.js';
+		$smarty->ADMIN_JAVASCRIPT = 'edit.pt.js';
-} elseif ($smarty->USE_JQUERY) {
+		$smarty->JS_SPECIAL_TEMPLATE_NAME = 'prototype.test.js';
-	$smarty->ADMIN_JAVASCRIPT = 'edit.jq.js';
+	} elseif ($smarty->USE_JQUERY) {
-	$smarty->JS_SPECIAL_TEMPLATE_NAME = 'jquery.test.js';
+		$smarty->ADMIN_JAVASCRIPT = 'edit.jq.js';
-}
+		$smarty->JS_SPECIAL_TEMPLATE_NAME = 'jquery.test.js';
-$smarty->PAGE_WIDTH = "100%";
+	}
-// require BASE.INCLUDES.'admin_set_paths.php';
+	$smarty->PAGE_WIDTH = '100%';
-$smarty->setSmartyPaths();
+	// require BASE.INCLUDES.'admin_set_paths.php';
+	$smarty->setSmartyPaths();
 
-// smarty test
+	// smarty test
-$smarty->DATA['SMARTY_TEST'] = 'Test Data';
+	$smarty->DATA['SMARTY_TEST'] = 'Test Data';
-$smarty->DATA['TRANSLATE_TEST'] = $cms->l->__('Are we translated?');
+	$smarty->DATA['TRANSLATE_TEST'] = $cms->l->__('Are we translated?');
+}
 
 // drop down test with optgroups
 $options = array (
@@ -48,8 +50,9 @@ $options = array (
 	)
 );
 
-$smarty->DATA['drop_down_test'] = $options;
+if (is_object($smarty)) {
-
+	$smarty->DATA['drop_down_test'] = $options;
-// require BASE.INCLUDES.'admin_smarty.php';
+	// require BASE.INCLUDES.'admin_smarty.php';
-$smarty->setSmartyVarsAdmin();
+	$smarty->setSmartyVarsAdmin();
+}
 require BASE.INCLUDES.'admin_footer.php';

www/configs/config.master.php

@@ -9,146 +9,146 @@
 
 /************* PATHS *********************/
 // directory seperator
-DEFINE('DS', DIRECTORY_SEPARATOR);
+define('DS', DIRECTORY_SEPARATOR);
 // ** NEW/BETTER DIR DECLARATIONS **
 // path to original file (if symlink)
-DEFINE('DIR', __DIR__.DS);
+define('DIR', __DIR__.DS);
 // base dir root folder level
-DEFINE('BASE', str_replace('/configs', '', __DIR__).DS);
+define('BASE', str_replace('/configs', '', __DIR__).DS);
 
 // ** OLD DIR DECLARATIONS **
 // path to document root of file called
-DEFINE('ROOT', getcwd().DS);
+define('ROOT', getcwd().DS);
 // libs path
-DEFINE('LIB', 'lib'.DS);
+define('LIB', 'lib'.DS);
-DEFINE('LIBS', 'lib'.DS);
+define('LIBS', 'lib'.DS);
 // configs folder
-DEFINE('CONFIGS', 'configs'.DS);
+define('CONFIGS', 'configs'.DS);
 // includes (strings, arrays for static, etc)
-DEFINE('INCLUDES', 'includes'.DS);
+define('INCLUDES', 'includes'.DS);
 // data folder (mostly in includes)
-DEFINE('DATA', 'data'.DS);
+define('DATA', 'data'.DS);
 // layout base path
-DEFINE('LAYOUT', 'layout'.DS);
+define('LAYOUT', 'layout'.DS);
 // pic-root (compatible to CMS)
-DEFINE('PICTURES', 'images'.DS);
+define('PICTURES', 'images'.DS);
 // images
-DEFINE('IMAGES', 'images'.DS);
+define('IMAGES', 'images'.DS);
 // icons (below the images/ folder)
-DEFINE('ICONS', 'icons'.DS);
+define('ICONS', 'icons'.DS);
 // media
-DEFINE('MEDIA', 'media'.DS);
+define('MEDIA', 'media'.DS);
 // flash-root (below media)
-DEFINE('FLASH', 'flash'.DS);
+define('FLASH', 'flash'.DS);
 // uploads (anything to keep)
-DEFINE('UPLOADS', 'uploads'.DS);
+define('UPLOADS', 'uploads'.DS);
 // files (binaries) (below media)
-DEFINE('BINARIES', 'binaries'.DS);
+define('BINARIES', 'binaries'.DS);
 // files (videos) (below media)
-DEFINE('VIDEOS', 'videos'.DS);
+define('VIDEOS', 'videos'.DS);
 // files (documents) (below media)
-DEFINE('DOCUMENTS', 'documents'.DS);
+define('DOCUMENTS', 'documents'.DS);
 // files (pdfs) (below media)
-DEFINE('PDFS', 'documents'.DS);
+define('PDFS', 'documents'.DS);
 // CSV
-DEFINE('CSV', 'csv'.DS);
+define('CSV', 'csv'.DS);
 // css
-DEFINE('CSS', 'css'.DS);
+define('CSS', 'css'.DS);
 // font (web)
-DEFINE('FONT', 'font'.DS);
+define('FONT', 'font'.DS);
 // js
-DEFINE('JS', 'javascript'.DS);
+define('JS', 'javascript'.DS);
 // table arrays
-DEFINE('TABLE_ARRAYS', 'table_arrays'.DS);
+define('TABLE_ARRAYS', 'table_arrays'.DS);
 // smarty libs path
-DEFINE('SMARTY', 'Smarty'.DS);
+define('SMARTY', 'Smarty'.DS);
 // po langs
-DEFINE('LANG', 'lang'.DS);
+define('LANG', 'lang'.DS);
 // cache path
-DEFINE('CACHE', 'cache'.DS);
+define('CACHE', 'cache'.DS);
 // temp path
-DEFINE('TMP', 'tmp'.DS);
+define('TMP', 'tmp'.DS);
 // log files
-DEFINE('LOG', 'log'.DS);
+define('LOG', 'log'.DS);
 // compiled template folder
-DEFINE('TEMPLATES_C', 'templates_c'.DS);
+define('TEMPLATES_C', 'templates_c'.DS);
 // template base
-DEFINE('TEMPLATES', 'templates'.DS);
+define('TEMPLATES', 'templates'.DS);
 
 /************* HASH / ACL DEFAULT / ERROR SETTINGS / SMARTY *************/
 // default hash type
-DEFINE('DEFAULT_HASH', 'sha256');
+define('DEFAULT_HASH', 'sha256');
 // default acl level
-DEFINE('DEFAULT_ACL_LEVEL', 80);
+define('DEFAULT_ACL_LEVEL', 80);
 // SSL host name
-// DEFINE('SSL_HOST', 'ssl.host.name');
+// define('SSL_HOST', 'ssl.host.name');
 // error page strictness, Default is 3
 // 1: only show error page as the last mesure if really no mid & aid can be loaded and found at all
 // 2: if template not found, do not search, show error template
 // 3: if default template is not found, show error template, do not fall back to default tree
 // 4: very strict, even on normal fixable errors through error
-// DEFINE('ERROR_STRICT', 3);
+// define('ERROR_STRICT', 3);
 // allow page caching in general, set to 'FALSE' if you do debugging or development!
-// DEFINE('ALLOW_SMARTY_CACHE', false);
+// define('ALLOW_SMARTY_CACHE', false);
 // cache life time, in second', default here is 2 days (172800s)
 // -1 is never expire cache
-// DEFINE('SMARTY_CACHE_LIFETIME', -1);
+// define('SMARTY_CACHE_LIFETIME', -1);
 
 /************* LOGOUT ********************/
 // logout target
-DEFINE('LOGOUT_TARGET', '');
+define('LOGOUT_TARGET', '');
 // password change allowed
-DEFINE('PASSWORD_CHANGE', false);
+define('PASSWORD_CHANGE', false);
-DEFINE('PASSWORD_FORGOT', false);
+define('PASSWORD_FORGOT', false);
 // min/max password length
-DEFINE('PASSWORD_MIN_LENGTH', 8);
+define('PASSWORD_MIN_LENGTH', 8);
-DEFINE('PASSWORD_MAX_LENGTH', 255);
+define('PASSWORD_MAX_LENGTH', 255);
 
 /************* AJAX / ACCESS *************/
 // ajax request type
-DEFINE('AJAX_REQUEST_TYPE', 'POST');
+define('AJAX_REQUEST_TYPE', 'POST');
 // what AJAX type to use
-DEFINE('USE_PROTOTYPE', false);
+define('USE_PROTOTYPE', false);
-DEFINE('USE_SCRIPTACULOUS', false);
+define('USE_SCRIPTACULOUS', false);
-DEFINE('USE_JQUERY', true);
+define('USE_JQUERY', true);
 
 /************* LAYOUT WIDTHS *************/
-DEFINE('PAGE_WIDTH', 800);
+define('PAGE_WIDTH', 800);
-DEFINE('CONTENT_WIDTH', 800);
+define('CONTENT_WIDTH', 800);
 // the default template name
-DEFINE('MASTER_TEMPLATE_NAME', 'main_body.tpl');
+define('MASTER_TEMPLATE_NAME', 'main_body.tpl');
 
 /************* OVERALL CONTROL NAMES *************/
 // BELOW has HAS to be changed
 // base name for all session and log names
-DEFINE('BASE_NAME', 'CoreLibs');
+define('BASE_NAME', 'CoreLibs');
 
 /************* SESSION NAMES *************/
 // server name HASH
-DEFINE('SERVER_NAME_HASH', hash('crc32b', $_SERVER['HTTP_HOST']));
+define('SERVER_NAME_HASH', hash('crc32b', $_SERVER['HTTP_HOST']));
-DEFINE('SERVER_PATH_HASH', hash('crc32b', BASE));
+define('SERVER_PATH_HASH', hash('crc32b', BASE));
 // backend
-DEFINE('EDIT_SESSION_NAME', BASE_NAME.'Admin'.SERVER_NAME_HASH.SERVER_PATH_HASH);
+define('EDIT_SESSION_NAME', BASE_NAME.'Admin'.SERVER_NAME_HASH.SERVER_PATH_HASH);
 // frontend
-DEFINE('SESSION_NAME', BASE_NAME.SERVER_NAME_HASH.SERVER_PATH_HASH);
+define('SESSION_NAME', BASE_NAME.SERVER_NAME_HASH.SERVER_PATH_HASH);
 // SET_SESSION_NAME should be set in the header if a special session name is needed
-DEFINE('SET_SESSION_NAME', SESSION_NAME);
+define('SET_SESSION_NAME', SESSION_NAME);
 
 /************* CACHE/COMPILE IDS *************/
-DEFINE('CACHE_ID', 'CACHE_'.BASE_NAME.'_'.SERVER_NAME_HASH);
+define('CACHE_ID', 'CACHE_'.BASE_NAME.'_'.SERVER_NAME_HASH);
-DEFINE('COMPILE_ID', 'COMPILE_'.BASE_NAME.'_'.SERVER_NAME_HASH);
+define('COMPILE_ID', 'COMPILE_'.BASE_NAME.'_'.SERVER_NAME_HASH);
 
 /************* LANGUAGE / ENCODING *******/
-DEFINE('DEFAULT_LANG', 'en_utf8');
+define('DEFAULT_LANG', 'en_utf8');
 // default web page encoding setting
-DEFINE('DEFAULT_ENCODING', 'UTF-8');
+define('DEFAULT_ENCODING', 'UTF-8');
 
 /************* LOGGING *******************/
 // below two can be defined here, but they should be
 // defined in either the header file or the file itself
 // as $LOG_FILE_ID which takes presence over LOG_FILE_ID
 // see Basic class constructor
-DEFINE('LOG_FILE_ID', BASE_NAME);
+define('LOG_FILE_ID', BASE_NAME);
 
 /************* CLASS ERRORS *******************/
 // 0 = default all OFF
@@ -161,14 +161,14 @@ define('CLASS_VARIABLE_ERROR_MODE', 3);
 // if we have a dev/live system
 // set_live is a per page/per item
 // live_queue is a global queue system
-// DEFINE('QUEUE', 'live_queue');
+// define('QUEUE', 'live_queue');
 
 /************* DB PATHS (PostgreSQL) *****************/
 // schema names, can also be defined per <DB INFO>
-DEFINE('PUBLIC_SCHEMA', 'public');
+define('PUBLIC_SCHEMA', 'public');
-DEFINE('DEV_SCHEMA', 'public');
+define('DEV_SCHEMA', 'public');
-DEFINE('TEST_SCHEMA', 'public');
+define('TEST_SCHEMA', 'public');
-DEFINE('LIVE_SCHEMA', 'public');
+define('LIVE_SCHEMA', 'public');
 
 /************* CORE HOST SETTINGS *****************/
 if (file_exists(BASE.CONFIGS.'config.host.php')) {
@@ -195,7 +195,7 @@ if (file_exists(BASE.CONFIGS.'config.path.php')) {
 // get the name without the port
 list($HOST_NAME) = array_pad(explode(':', $_SERVER['HTTP_HOST'], 2), 2, null);
 // set HOST name
-DEFINE('HOST_NAME', $HOST_NAME);
+define('HOST_NAME', $HOST_NAME);
 // BAIL ON MISSING MASTER SITE CONFIG
 if (!isset($SITE_CONFIG[HOST_NAME]['location'])) {
 	echo 'Missing SITE_CONFIG entry for: "'.HOST_NAME.'". Contact Administrator';
@@ -220,41 +220,41 @@ if ((!isset($SITE_CONFIG[HOST_NAME]['db_host']) && count($DB_CONFIG)) ||
 // set SSL on
 if ((array_key_exists('HTTPS', $_SERVER) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ||
 	$_SERVER['SERVER_PORT'] == 443) {
-	DEFINE('HOST_SSL', true);
+	define('HOST_SSL', true);
-	DEFINE('HOST_PROTOCOL', 'https://');
+	define('HOST_PROTOCOL', 'https://');
 } else {
-	DEFINE('HOST_SSL', false);
+	define('HOST_SSL', false);
-	DEFINE('HOST_PROTOCOL', 'http://');
+	define('HOST_PROTOCOL', 'http://');
 }
 // define the db config set name, the db config and the db schema
-DEFINE('DB_CONFIG_NAME', $SITE_CONFIG[HOST_NAME]['db_host']);
+define('DB_CONFIG_NAME', $SITE_CONFIG[HOST_NAME]['db_host']);
-DEFINE('DB_CONFIG', isset($DB_CONFIG[DB_CONFIG_NAME]) ? $DB_CONFIG[DB_CONFIG_NAME] : array());
+define('DB_CONFIG', isset($DB_CONFIG[DB_CONFIG_NAME]) ? $DB_CONFIG[DB_CONFIG_NAME] : array());
-// DEFINE('DB_CONFIG_TARGET', SITE_CONFIG[$HOST_NAME]['db_host_target']);
+// define('DB_CONFIG_TARGET', SITE_CONFIG[$HOST_NAME]['db_host_target']);
-// DEFINE('DB_CONFIG_OTHER', SITE_CONFIG[$HOST_NAME]['db_host_other']);
+// define('DB_CONFIG_OTHER', SITE_CONFIG[$HOST_NAME]['db_host_other']);
 // override for login and global schemas
-// DEFINE('LOGIN_DB_SCHEMA', PUBLIC_SCHEMA); // where the edit* tables are
+// define('LOGIN_DB_SCHEMA', PUBLIC_SCHEMA); // where the edit* tables are
-// DEFINE('GLOBAL_DB_SCHEMA', PUBLIC_SCHEMA); // where global tables are that are used by all schemas (eg queue tables for online, etc)
+// define('GLOBAL_DB_SCHEMA', PUBLIC_SCHEMA); // where global tables are that are used by all schemas (eg queue tables for online, etc)
 // debug settings, site lang, etc
-DEFINE('TARGET', $SITE_CONFIG[HOST_NAME]['location']);
+define('TARGET', $SITE_CONFIG[HOST_NAME]['location']);
-DEFINE('DEBUG', $SITE_CONFIG[HOST_NAME]['debug_flag']);
+define('DEBUG', $SITE_CONFIG[HOST_NAME]['debug_flag']);
-DEFINE('SITE_LANG', $SITE_CONFIG[HOST_NAME]['site_lang']);
+define('SITE_LANG', $SITE_CONFIG[HOST_NAME]['site_lang']);
-DEFINE('LOGIN_ENABLED', $SITE_CONFIG[HOST_NAME]['login_enabled']);
+define('LOGIN_ENABLED', $SITE_CONFIG[HOST_NAME]['login_enabled']);
 // paths
-// DEFINE('CSV_PATH', $PATHS[TARGET]['csv_path']);
+// define('CSV_PATH', $PATHS[TARGET]['csv_path']);
-// DEFINE('EXPORT_SCRIPT', $PATHS[TARGET]['perl_bin']);
+// define('EXPORT_SCRIPT', $PATHS[TARGET]['perl_bin']);
-// DEFINE('REDIRECT_URL', $PATHS[TARGET]['redirect_url']);
+// define('REDIRECT_URL', $PATHS[TARGET]['redirect_url']);
 
 // show all errors if debug_all & show_error_handling are enabled
-DEFINE('SHOW_ALL_ERRORS', true);
+define('SHOW_ALL_ERRORS', true);
 
 /************* GENERAL PAGE TITLE ********/
-DEFINE('G_TITLE', '<OVERALL FALLBACK PAGE TITLE>');
+define('G_TITLE', '<OVERALL FALLBACK PAGE TITLE>');
 
 /************ STYLE SHEETS / JS **********/
-DEFINE('ADMIN_STYLESHEET', 'edit.css');
+define('ADMIN_STYLESHEET', 'edit.css');
-DEFINE('ADMIN_JAVASCRIPT', 'edit.js');
+define('ADMIN_JAVASCRIPT', 'edit.js');
-DEFINE('STYLESHEET', 'frontend.css');
+define('STYLESHEET', 'frontend.css');
-DEFINE('JAVASCRIPT', 'frontend.js');
+define('JAVASCRIPT', 'frontend.js');
 
 // anything optional
 /************* INTERNAL ******************/

www/includes/edit_base.php

@@ -282,7 +282,7 @@ if ($form->my_page_name == 'edit_order') {
 				''
 			).
 			// filename
-			$data['filename'].
+			(isset($data['filename']) ? $data['filename'] : '').
 			// query string
 			(isset($data['query_string']) && $data['query_string'] ?
 				$data['query_string'] :
@@ -294,7 +294,8 @@ if ($form->my_page_name == 'edit_order') {
 			$menu_data[$i]['splitfactor_in'] = 0;
 		}
 		// on matching, we also need to check if we are in the same folder
-		if ($data['filename'] == $form->getPageName() &&
+		if (isset($data['filename']) &&
+			$data['filename'] == $form->getPageName() &&
 			(!isset($data['hostname']) || (
 				isset($data['hostname']) &&
 					(!$data['hostname'] || strstr($data['hostname'], CONTENT_PATH) !== false)

www/layout/admin/javascript/edit.jq.js

@@ -86,9 +86,10 @@ function getScrollOffset()
 function setCenter(id, left, top)
 {
 	// get size of id
-	var dimensions = {};
+	var dimensions = {
-	dimensions.height = $('#' + id).height();
+		height: $('#' + id).height(),
-	dimensions.width = $('#' + id).width();
+		width: $('#' + id).width()
+	};
 	var type = $('#' + id).css('position');
 	var viewport = getWindowSize();
 	var offset = getScrollOffset();
@@ -474,11 +475,11 @@ function overlayBoxHide()
  */
 function setOverlayBox()
 {
-	var viewport = document.viewport.getDimensions();
+/*	var viewport = document.viewport.getDimensions();
-	$('#overlayBox').setStyle ({
+	$('#overlayBox').css ({
 		width: '100%',
 		height: '100%'
-	});
+	});*/
 	$('#overlayBox').show();
 }
 

www/layout/admin/javascript/firebug.js

@@ -3,8 +3,9 @@
  * firebug 1.2+ and the webkit console */
 
 var ConsoleSetup = function() {
-	if (!window.console)
+	if (!window.console) {
 		window.console = {};
+	}
 
 	var names = ['log', 'debug', 'info', 'warn', 'error', 'assert', 'dir', 'dirxml', 'group', 'groupEnd', 'time', 'timeEnd', 'count', 'trace', 'profile', 'profileEnd'];
 

www/lib/CoreLibs/ACL/Login.php

@@ -345,7 +345,7 @@ class Login extends \CoreLibs\DB\IO
 	 * if user pressed login button this script is called, but only if there is no preview euid set]
 	 * @return void has not return
 	 */
-	private function loginLoginUser()
+	private function loginLoginUser(): void
 	{
 		// have to get the global stuff here for setting it later
 		if (!$this->euid && $this->login) {
@@ -587,7 +587,7 @@ class Login extends \CoreLibs\DB\IO
 	 * for every page the user access this script checks if he is allowed to do so
 	 * @return bool permission okay as true/false
 	 */
-	public function loginCheckPermissions()
+	public function loginCheckPermissions(): bool
 	{
 		if ($this->euid && $this->login_error != 103) {
 			$q = "SELECT filename ";
@@ -613,7 +613,7 @@ class Login extends \CoreLibs\DB\IO
 	 * if a user pressed on logout, destroyes session and unsets all global vars
 	 * @return void has no return
 	 */
-	public function loginLogoutUser()
+	public function loginLogoutUser(): void
 	{
 		if ($this->logout || $this->login_error) {
 			// unregister and destroy session vars
@@ -673,7 +673,7 @@ class Login extends \CoreLibs\DB\IO
 	 * set all base ACL levels as a list keyword -> ACL number
 	 * @return void has no return
 	 */
-	private function loginSetAcl()
+	private function loginSetAcl(): void
 	{
 		// only set acl if we have permission okay
 		if ($this->permission_okay) {
@@ -766,8 +766,8 @@ class Login extends \CoreLibs\DB\IO
 
 	/**
 	 * checks if this edit access id is valid
-	 * @param  int $edit_access_id access id pk to check
+	 * @param  int|null $edit_access_id access id pk to check
-	 * @return bool                true/false: if the edit access is not in the valid list: false
+	 * @return bool                     true/false: if the edit access is not in the valid list: false
 	 */
 	public function loginCheckEditAccess($edit_access_id): bool
 	{
@@ -783,7 +783,7 @@ class Login extends \CoreLibs\DB\IO
 	 * @param  string $password the new password
 	 * @return bool             true or false if valid password or not
 	 */
-	private function loginPasswordChangeValidPassword($password)
+	private function loginPasswordChangeValidPassword($password): bool
 	{
 		$is_valid_password = true;
 		// check for valid in regex arrays in list
@@ -805,7 +805,7 @@ class Login extends \CoreLibs\DB\IO
 	 * dummy declare for password forget
 	 * @return void has no return
 	 */
-	private function loginPasswordForgot()
+	private function loginPasswordForgot(): void
 	{
 		// will do some password recovert, eg send email
 	}
@@ -831,7 +831,7 @@ class Login extends \CoreLibs\DB\IO
 	 * changes a user password
 	 * @return void has no return
 	 */
-	private function loginPasswordChange()
+	private function loginPasswordChange(): void
 	{
 		if ($this->change_password) {
 			$event = 'Password Change';
@@ -1013,7 +1013,7 @@ class Login extends \CoreLibs\DB\IO
 	 * checks if there are external templates, if not uses internal fallback ones
 	 * @return void has no return
 	 */
-	private function loginSetTemplates()
+	private function loginSetTemplates(): void
 	{
 		$strings = array(
 			'HTML_TITLE' => $this->l->__('LOGIN'),
@@ -1172,7 +1172,7 @@ EOM;
 	 * @param  string     $username login user username
 	 * @return void                 has no return
 	 */
-	private function writeLog(string $event, string $data, $error = '', string $username = '')
+	private function writeLog(string $event, string $data, $error = '', string $username = ''): void
 	{
 		if ($this->login) {
 				$this->action = 'Login';
@@ -1217,28 +1217,33 @@ EOM;
 	}
 
 	/**
-	 *checks that the given edit access id is valid for this user
+	 * checks that the given edit access id is valid for this user
-	 * @param  int $edit_access_id edit access id to check
+	 * @param  int|null $edit_access_id edit access id to check
-	 * @return int                 same edit access id if ok, or the default edit access id if given one is not valid
+	 * @return int|null                 same edit access id if ok
+	 *                                  or the default edit access id if given one is not valid
 	 */
-	public function loginCheckEditAccessId(int $edit_access_id)
+	public function loginCheckEditAccessId(?int $edit_access_id): ?int
 	{
-		if (!array_key_exists($edit_access_id, $_SESSION["UNIT"])) {
+		if (isset($_SESSION['UNIT']) &&
-			return $_SESSION["UNIT_DEFAULT"];
+			is_array($_SESSION['UNIT']) &&
+			!array_key_exists($edit_access_id, $_SESSION['UNIT'])
+		) {
+			return $_SESSION['UNIT_DEFAULT'];
 		} else {
 			return $edit_access_id;
 		}
 	}
 
 	/**
-	 * [loginSetEditAccessData description]
+	 * retunrn a set entry from the UNIT session for an edit access_id
+	 * if not found return false
 	 * @param  int        $edit_access_id edit access id
 	 * @param  string|int $data_key       key value to search for
 	 * @return bool|string                false for not found or string for found data
 	 */
 	public function loginSetEditAccessData(int $edit_access_id, $data_key)
 	{
-		if (!$_SESSION['UNIT'][$edit_access_id]['data'][$data_key]) {
+		if (!isset($_SESSION['UNIT'][$edit_access_id]['data'][$data_key])) {
 			return false;
 		} else {
 			return $_SESSION['UNIT'][$edit_access_id]['data'][$data_key];

www/lib/CoreLibs/Admin/Backend.php

@@ -256,6 +256,7 @@ class Backend extends \CoreLibs\DB\IO
 						$type = 'popup';
 					} else {
 						$type = 'normal';
+						/** @phan-suppress-next-line PhanTypeArraySuspicious */
 						$data['popup'] = 0;
 					}
 					$query_string = '';

www/lib/CoreLibs/Basic.php

@@ -686,6 +686,63 @@ class Basic
 		}
 	}
 
+	/**
+	 * checks if we have a need to work on certain debug output
+	 * Needs debug/echo/print ad target for which of the debug flag groups we check
+	 * also needs level string to check in the per level output flag check.
+	 * In case we have invalid target it will return false
+	 * @param  string $target target group to check debug/echo/print
+	 * @param  string $level  level to check in detailed level flag
+	 * @return bool           true on access allowed or false on no access
+	 */
+	private function doDebugTrigger(string $target, string $level): bool
+	{
+		$access = false;
+		// check if we do debug, echo or print
+		switch ($target) {
+			case 'debug':
+				if ((
+						(isset($this->debug_output[$level]) && $this->debug_output[$level]) ||
+						$this->debug_output_all
+					) &&
+					(!isset($this->debug_output_not[$level]) ||
+						(isset($this->debug_output_not[$level]) && !$this->debug_output_not[$level])
+					)
+				) {
+					$access = true;
+				}
+				break;
+			case 'echo':
+				if ((
+						(isset($this->echo_output[$level]) && $this->echo_output[$level]) ||
+						$this->echo_output_all
+					) &&
+					(!isset($this->echo_output_not[$level]) ||
+						(isset($this->echo_output_not[$level]) && !$this->echo_output_not[$level])
+					)
+				) {
+					$access = true;
+				}
+				break;
+			case 'print':
+				if ((
+						(isset($this->print_output[$level]) && $this->print_output[$level]) ||
+						$this->print_output_all
+					) &&
+					(!isset($this->print_output_not[$level]) ||
+						(isset($this->print_output_not[$level]) && !$this->print_output_not[$level])
+					)
+				) {
+					$access = true;
+				}
+				break;
+			default:
+				// fall through with access false
+				break;
+		}
+		return $access;
+	}
+
 	/**
 	 * write debug data to error_msg array
 	 * @param  string       $level  id for error message, groups messages together
@@ -697,7 +754,7 @@ class Basic
 	 */
 	public function debug(string $level, string $string, bool $strip = false): void
 	{
-		if (($this->debug_output[$level] || $this->debug_output_all) && !$this->debug_output_not[$level]) {
+		if ($this->doDebugTrigger('debug', $level)) {
 			if (!isset($this->error_msg[$level])) {
 				$this->error_msg[$level] = '';
 			}
@@ -721,7 +778,7 @@ class Basic
 			// write to file if set
 			$this->writeErrorMsg($level, $error_string_print);
 			// write to error level
-			if (($this->echo_output[$level] || $this->echo_output_all) && !$this->echo_output_not[$level]) {
+			if ($this->doDebugTrigger('echo', $level)) {
 				$this->error_msg[$level] .= $error_string;
 			}
 		}
@@ -782,8 +839,8 @@ class Basic
 			}
 			$script_end = microtime(true) - $this->script_starttime;
 			foreach ($this->error_msg as $level => $temp_debug_output) {
-				if (($this->debug_output[$level] || $this->debug_output_all) && !$this->debug_output_not[$level]) {
+				if ($this->doDebugTrigger('debug', $level)) {
-					if (($this->echo_output[$level] || $this->echo_output_all) && !$this->echo_output_not[$level]) {
+					if ($this->doDebugTrigger('echo', $level)) {
 						$string_output .= '<div style="font-size: 12px;">[<span style="font-style: italic; color: #c56c00;">'.$level.'</span>] '.(($string) ? "<b>**** ".$this->htmlent($string)." ****</b>\n" : "").'</div>';
 						$string_output .= $temp_debug_output;
 					} // echo it out
@@ -809,9 +866,9 @@ class Basic
 	 */
 	private function writeErrorMsg(string $level, string $error_string): void
 	{
-		if (($this->debug_output[$level] || $this->debug_output_all) && !$this->debug_output_not[$level]) {
+		if ($this->doDebugTrigger('debug', $level)) {
 			// only write if write is requested
-			if (($this->print_output[$level] || $this->print_output_all) && !$this->print_output_not[$level]) {
+			if ($this->doDebugTrigger('print', $level)) {
 				// replace all html tags
 				// $error_string = preg_replace("/(<\/?)(\w+)([^>]*>)/", "##\\2##", $error_string);
 				// $error_string = preg_replace("/(<\/?)(\w+)([^>]*>)/", "", $error_string);
@@ -1562,6 +1619,31 @@ class Basic
 		return $array;
 	}
 
+	/**
+	 * get lines in a file
+	 * @param  string $file file for line count read
+	 * @return int          number of lines or -1 for non readable file
+	 */
+	public static function getLinesFromFile(string $file): int
+	{
+		if (is_file($file) &&
+			file_exists($file) &&
+			is_readable($file)
+		) {
+			$f = fopen($file, 'rb');
+			$lines = 0;
+			while (!feof($f)) {
+				$lines += substr_count(fread($f, 8192), "\n");
+			}
+			fclose($f);
+		} else {
+			// if file does not exist or is not readable, return -1
+			$lines = -1;
+		}
+		// return lines in file
+		return $lines;
+	}
+
 	/**
 	 * wrapper function for mb mime convert, for correct conversion with long strings
 	 * @param  string $string   string to encode
@@ -1793,26 +1875,33 @@ class Basic
 	{
 		// check if the timestamp has any h/m/s/ms inside, if yes skip
 		if (!preg_match("/(h|m|s|ms)/", (string)$timestamp)) {
-			$ms = 0;
+			list ($timestamp, $ms) = array_pad(explode('.', (string)round($timestamp, 4)), 2, null);
-			list ($timestamp, $ms) = explode('.', (string)round($timestamp, 4));
 			$timegroups = array(86400, 3600, 60, 1);
 			$labels = array('d', 'h', 'm', 's');
 			$time_string = '';
-			for ($i = 0, $iMax = count($timegroups); $i < $iMax; $i ++) {
+			// if timestamp is zero, return zero string
-				$output = floor((float)$timestamp / $timegroups[$i]);
+			if ($timestamp == 0) {
-				$timestamp = (float)$timestamp % $timegroups[$i];
+				$time_string = '0s';
-				// output has days|hours|min|sec
+			} else {
-				if ($output || $time_string) {
+				for ($i = 0, $iMax = count($timegroups); $i < $iMax; $i ++) {
-					$time_string .= $output.$labels[$i].(($i + 1) != count($timegroups) ? ' ' : '');
+					$output = floor((float)$timestamp / $timegroups[$i]);
+					$timestamp = (float)$timestamp % $timegroups[$i];
+					// output has days|hours|min|sec
+					if ($output || $time_string) {
+						$time_string .= $output.$labels[$i].(($i + 1) != count($timegroups) ? ' ' : '');
+					}
 				}
 			}
-			// if we have ms and it has leading zeros, remove them
+			// only add ms if we have an ms value
-			$ms = preg_replace("/^0+/", '', $ms);
+			if ($ms !== null) {
-			// add ms if there
+				// if we have ms and it has leading zeros, remove them, but only if it is nut just 0
-			if ($show_micro) {
+				$ms = preg_replace("/^0+(\d+)$/", '${1}', $ms);
-				$time_string .= ' '.(!$ms ? 0 : $ms).'ms';
+				// add ms if there
-			} elseif (!$time_string) {
+				if ($show_micro) {
-				$time_string .= (!$ms ? 0 : $ms).'ms';
+					$time_string .= ' '.(!$ms ? 0 : $ms).'ms';
+				} elseif (!$time_string) {
+					$time_string .= (!$ms ? 0 : $ms).'ms';
+				}
 			}
 		} else {
 			$time_string = $timestamp;
@@ -1881,7 +1970,7 @@ class Basic
 		if (!$datetime) {
 			return false;
 		}
-		list ($year, $month, $day, $hour, $min, $sec) = preg_split("/[\/\- :]/", $datetime);
+		list ($year, $month, $day, $hour, $min, $sec) = array_pad(preg_split("/[\/\- :]/", $datetime), 6, null);
 		if (!$year || !$month || !$day) {
 			return false;
 		}
@@ -2616,6 +2705,35 @@ class Basic
 		);
 	}
 
+	/**
+	 * TODO: make this a proper uniq ID creation
+	 *       add uuidv4 subcall to the uuid function too
+	 * creates a uniq id
+	 * @param  string $type uniq id type, currently md5 or sha256 allowed
+	 *                      if not set will use DEFAULT_HASH if set
+	 * @return string       uniq id
+	 */
+	public function uniqId(string $type = ''): string
+	{
+		$uniq_id = '';
+		switch ($type) {
+			case 'md5':
+				$uniq_id = md5(uniqid((string)rand(), true));
+				break;
+			case 'sha256':
+				$uniq_id = hash('sha256', uniqid((string)rand(), true));
+				break;
+			default:
+				$hash = 'sha256';
+				if (defined(DEFAULT_HASH)) {
+					$hash = DEFAULT_HASH;
+				}
+				$uniq_id = hash($hash, uniqid((string)rand(), true));
+				break;
+		}
+		return $uniq_id;
+	}
+
 	// [!!! DEPRECATED !!!]
 	// ALL crypt* methids are DEPRECATED and SHALL NOT BE USED
 	// use the new password* instead
@@ -2921,7 +3039,11 @@ class Basic
 			$HUE += 360;
 		}
 
-		return array(round($HUE), round((($MAX - $MIN) / $MAX) * 100), round($MAX * 100));
+		return array(
+			(int)round($HUE),
+			(int)round((($MAX - $MIN) / $MAX) * 100),
+			(int)round($MAX * 100)
+		);
 	}
 
 	/**
@@ -2992,7 +3114,11 @@ class Basic
 				$blue = 0;
 		}
 
-		return array(round($red * 255), round($green * 255), round($blue * 255));
+		return array(
+			(int)round($red * 255),
+			(int)round($green * 255),
+			(int)round($blue * 255)
+		);
 	}
 
 	/**
@@ -3039,7 +3165,11 @@ class Basic
 
 			// H, S, L
 			// S= L <= 0.5 ? C/2L : C/2 - 2L
-			return array(round($HUE), round((($MAX - $MIN) / (($L <= 0.5) ? ($MAX + $MIN) : (2 - $MAX - $MIN))) * 100), $L);
+			return array(
+				(int)round($HUE),
+				(int)round((($MAX - $MIN) / (($L <= 0.5) ? ($MAX + $MIN) : (2 - $MAX - $MIN))) * 100),
+				(int)$L
+			);
 		}
 	}
 
@@ -3077,7 +3207,11 @@ class Basic
 				return $m1;
 			};
 
-			return array(round(255 * $hue($h + (1 / 3))), round(255 * $hue($h)), round(255 * $hue($h - (1 / 3))));
+			return array(
+				(int)round(255 * $hue($h + (1 / 3))),
+				(int)round(255 * $hue($h)),
+				(int)round(255 * $hue($h - (1 / 3)))
+			);
 		}
 	}
 
@@ -3232,10 +3366,10 @@ class Basic
 
 	/**
 	 * full wrapper for html entities
-	 * @param  string $string string to html encode
+	 * @param  mixed $string string to html encode
-	 * @return mixed  if string, encoded, else as is
+	 * @return mixed         if string, encoded, else as is (eg null)
 	 */
-	public function htmlent(string $string)
+	public function htmlent($string)
 	{
 		if (is_string($string)) {
 			return htmlentities($string, ENT_COMPAT|ENT_HTML401, 'UTF-8', false);

www/lib/CoreLibs/DB/IO.php

@@ -957,6 +957,28 @@ class IO extends \CoreLibs\Basic
 		return $this->dbReturnRow('SHOW client_encoding')['client_encoding'];
 	}
 
+	/**
+	 * get certain settings like username, db name
+	 * @param  string $name what setting to query
+	 * @return mixed        setting value, if not allowed name return false
+	 */
+	public function dbGetSetting(string $name)
+	{
+		$setting = '';
+		switch ($name) {
+			case 'name':
+				$setting = $this->db_name;
+				break;
+			case 'user':
+				$setting = $this->db_user;
+				break;
+			default:
+				$setting = false;
+				break;
+		}
+		return $setting;
+	}
+
 	/**
 	 * prints out status info from the connected DB (might be usefull for debug stuff)
 	 * @param  bool|boolean $show show db connection info, default true
@@ -1462,7 +1484,7 @@ class IO extends \CoreLibs\Basic
 					if (!$pk_name) {
 						// read the primary key from the table, if we do not have one, we get nothing in return
 						list($schema, $table) = $this->__dbReturnTable($query);
-						if (!$this->pk_name_table[$table]) {
+						if (empty($this->pk_name_table[$table])) {
 							$this->pk_name_table[$table] = $this->db_functions->__dbPrimaryKey($table, $schema);
 						}
 						$pk_name = $this->pk_name_table[$table];

www/lib/CoreLibs/Output/Form/Generate.php

@@ -689,7 +689,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 						$t_string .= $field_array['before_value'];
 					}
 					// must have res element set
-					if (isset($res[$field_array['name']])) {
+					if (isset($field_array['name']) &&
+						isset($res[$field_array['name']])
+					) {
 						if (isset($field_array['binary'])) {
 							if (isset($field_array['binary'][0])) {
 								$t_string .= $field_array['binary'][0];

www/lib/CoreLibs/Output/Progressbar.php

@@ -110,7 +110,8 @@ class ProgressBar
 			$clear_buffer_size = $this->clear_buffer_size;
 		}
 		echo str_repeat(' ', $clear_buffer_size);
-		ob_flush();
+		// a small hack to avoid warnings about no buffer to flush
+		@ob_flush();
 		flush();
 	}
 
@@ -541,6 +542,7 @@ class ProgressBar
 		$html = '';
 		$js = '';
 		$html_button = '';
+		$html_percent = '';
 
 		$this->__setStep($this->step);
 		$this->position = $this->__calculatePosition($this->step);
@@ -636,7 +638,7 @@ class ProgressBar
 					case 'percent':
 						// only one inner percent
 						// print "STYLE[$name]: ".$style_lbl."<br>";
-						if (!isset($html_percent)) {
+						if (empty($html_percent)) {
 							$html_percent = '<div id="plbl'.$name.$this->code.'" style="'.$style_lbl.'width:'.$data['width'].'px;line-height:1;text-shadow: 0 0 .2em white, 0 0 .5em white;">'.$this->__calculatePercent($this->step).'%</div>'."\n";
 						}
 						break;

www/lib/CoreLibs/Template/SmartyExtend.php

@@ -46,6 +46,7 @@ class SmartyExtend extends SmartyBC
 	public $USE_TINY_MCE = false;
 	public $JS_DATEPICKR = false;
 	public $JS_FLATPICKR = false;
+	public $JS_FILE_UPLOADER = false;
 	public $DEBUG_TMPL = false;
 	public $USE_INCLUDE_TEMPLATE = false;
 	// cache & compile
@@ -383,6 +384,7 @@ class SmartyExtend extends SmartyBC
 		// include flags
 		$this->DATA['JS_DATEPICKR'] = $this->JS_DATEPICKR;
 		$this->DATA['JS_FLATPICKR'] = $this->JS_FLATPICKR;
+		$this->DATA['JS_FILE_UPLOADER'] = $this->JS_FILE_UPLOADER;
 		// user name
 		$this->DATA['USER_NAME'] = !empty($_SESSION['USER_NAME']) ? $_SESSION['USER_NAME'] : '';
 		// the template part to include into the body

www/lib/FileUpload/Core/qqUploadedFileXhr.php

@@ -35,8 +35,8 @@ class qqUploadedFileXhr
 	}
 	public function getSize()
 	{
-		if (isset($_SERVER["CONTENT_LENGTH"])) {
+		if (isset($_SERVER['CONTENT_LENGTH'])) {
-			return (int)$_SERVER["CONTENT_LENGTH"];
+			return (int)$_SERVER['CONTENT_LENGTH'];
 		} else {
 			throw new \Exception('Getting content length is not supported.');
 		}

www/lib/FileUpload/qqFileUploader.php

@@ -2,7 +2,7 @@
 
 namespace FileUpload;
 
-use \FileUpload\Core;
+// use \FileUpload\Core;
 
 class qqFileUploader
 {
@@ -84,7 +84,7 @@ class qqFileUploader
 		$pathinfo = pathinfo($this->file->getName());
 		$filename = $pathinfo['filename'];
 		//$filename = md5(uniqid());
-		$ext = $pathinfo['extension'];
+		$ext = $pathinfo['extension'] ?? '';
 
 		if ($this->allowedExtensions && !in_array(strtolower($ext), $this->allowedExtensions)) {
 			$these = implode(', ', $this->allowedExtensions);