Fix smarty extended variable access check

It ultimate failed for the following reason.

If base class is passed on to some other class as object parameter
then accessing protected/private variables will be possible because the
__get method will interfer.
Also __set of protected/private variables is possible.

I rather run check for setting variables without defining them than
haveing open protected/private var access

.phan/config.php

@@ -56,6 +56,7 @@ return [
 		"./www/configs/config.db.php",
 		"./www/configs/config.host.php",
 		"./www/configs/config.path.php",
+		"./www/configs/config.other.php",
 		"./www/configs/config.master.php",
 		"./www/includes/admin_header.php",
 	],
@@ -83,7 +84,7 @@ return [
 	// to parse, but not analyze
 	"exclude_analysis_directory_list" => [
 		'www/vendor',
-		'www/lib/FileUpload',
+		// 'www/lib/FileUpload',
 		'www/lib/pChart',
 		'www/lib/pChart2.1.4',
 		'www/lib/Smarty',
@@ -108,6 +109,9 @@ return [
 		// ignore the old qq tests
 		'www/admin/qq_file_upload_front.php',
 		'www/admin/qq_file_upload_ajax.php',
+		// symlink ignore
+		'www/lib/smarty-3.1.30/SmartyBC.class.php',
+		'www/lib/htmlMimeMail-2.5.1/HtmlMimeMailCreate.php',
 	],
 
 	// what not to show as problem

4dev/database/ORDER

@@ -1,7 +1,10 @@
 # functions
-function/update_function.sql
+function/set_uid.sql
+function/set_generic.sql
 function/random_string.sql
+function/set_edit_generic.sql
 function/edit_set_access_uid.sql
+function/edit_log_partition_insert.sql
 # generic tables
 table/edit_temp_files.sql
 table/edit_generic.sql
@@ -19,6 +22,7 @@ table/edit_page_access.sql
 table/edit_page_content.sql
 table/edit_user.sql
 table/edit_log.sql
+table/edit_log_overflow.sql
 table/edit_access.sql
 table/edit_access_user.sql
 table/edit_access_data.sql
@@ -27,9 +31,9 @@ trigger/trg_edit_access_right.sql
 trigger/trg_edit_access.sql
 trigger/trg_edit_access_data.sql
 trigger/trg_edit_access_user.sql
-trigger/trg_edit_generic.sql
 trigger/trg_edit_group.sql
 trigger/trg_edit_language.sql
+trigger/trg_edit_log_overflow.sql
 trigger/trg_edit_log.sql
 trigger/trg_edit_page_access.sql
 trigger/trg_edit_page_content.sql
@@ -39,6 +43,5 @@ trigger/trg_edit_scheme.sql
 trigger/trg_edit_user.sql
 trigger/trg_edit_visible_group.sql
 trigger/trg_edit_menu_group.sql
-trigger/trg_set_edit_access_uid.sql
 # insert data
 data/edit_tables.sql

4dev/database/bin/create_default_trigger.sh

@@ -15,22 +15,20 @@ function_name="set_generic";
 #sql_path_prep=`echo $sql_path | sed -e "s/\///g"`;
 
 # goes for each file and strips headers and endings, and creates trigger name
-for name in $sql_path*;
-do
+for name in $sql_path*; do
 	echo "Wokring on $name";
 	# strip ending
 #	t_name=`echo $name | sed -e 's/.sql$//g' | sed -e "s/^$sql_path_prep//g" | sed -e 's/\///g'`;
 	t_name=`echo $name | sed -e 's/^.*\///g' | sed -e 's/.sql$//g'`;
 	# clean all beginnings
-	for prefix in $file_prefix;
-	do
+	for prefix in $file_prefix; do
 		prefix=$prefix"_";
 		t_name=`echo $t_name | sed -e "s/\$prefix//g"`;
 	done;
 
-# those tables don't need a trigger
-# edit_generic
-# generic
+	# those tables don't need a trigger
+	# edit_generic
+	# generic
 
 	# copy the trigger template to the target
 	trg_filename=$trigger_path$trigger_prefix"_"$t_name".sql";

4dev/database/bin/drop_data.sh

@@ -14,17 +14,14 @@ file_prefix="trg";
 trigger_prefix="trg";
 index_prefix="idx";
 
-for file in `cat ORDER`;
-do
-	if [ -f $file ];
-	then
+for file in `cat ORDER`; do
+	if [ -f $file ]; then
 		# write them into a var, so we can re order them in the other way
 		new_order=$file" "$new_order;
 	fi;
 done;
 
-for file in $new_order;
-do
+for file in $new_order; do
 	sqltype=`echo $file | egrep "table/"`;
 	trgtype=`echo $file | egrep "trigger/"`;
 	idxtype=`echo $file | egrep "index/"`;
@@ -32,43 +29,34 @@ do
 	datatype=`echo $file | egrep "data/"`;
 	# remove all around to get table name
 	t_file=`echo $file | sed -e 's/^.*\///g' | sed -e 's/.sql$//g'`;
-	for prefix in $file_prefix;
-	do
+	for prefix in $file_prefix; do
 		prefix=$prefix"_";
 		t_file=`echo $t_file | sed -e "s/\$prefix//g"`;
 	done;
 	# copy the trigger template to the target
 
-	for path in $schema;
-	do
-		if [ $sqltype ];
-		then
+	for path in $schemas; do
+		if [ $sqltype ]; then
 			echo "SQL "$path"."$t_file;
 			echo "DROP TABLE "$path"."$t_file" CASCADE;" | psql -U $user -h $host $db
 		fi;
-		if [ $trgtype ];
-		then
+		if [ $trgtype ]; then
 			trigger=$trigger_prefix"_"$t_file;
 			echo "TRG $trigger TBL "$path".$t_file";
 			echo "DROP TRIGGER "$path".$trigger ON "$t_file" CASCADE;" | psql -U $user -h $host $db
 		fi;
-		if [ $fcttype ];
-		then
+		if [ $fcttype ]; then
 			echo "FCT "$path"."$t_file;
 			echo "DROP FUNCTION "$path"."$t_file"();" | psql -U $user -h $host $db
 		fi;
-		if [ $idxtype ];
-		then
+		if [ $idxtype ]; then
 			index=$index_prefix"_"$t_file;
-	#		echo "IDX "$t_file;
-	#		echo "DROP INDEX $index ON $t_file;" | psql -U $user -h $host $db
+			# echo "IDX "$t_file;
+			# echo "DROP INDEX $index ON $t_file;" | psql -U $user -h $host $db
 		fi;
-		if [ $datatype ];
-		then
+		if [ $datatype ]; then
 			echo "DATA "$t_file;
-	#		echo "DROP FUNCTION "$t_file"();" | psql -U $user -h $host $db
+			# echo "DROP FUNCTION "$t_file"();" | psql -U $user -h $host $db
 		fi;
-
-	#	psql -U cms_user -h 192.168.12.14 -f $file CMSv2
 	done;
 done;

4dev/database/function/edit_log_partition_insert.sql

@@ -1,3 +1,10 @@
+-- AUTHOR: Clemens Schwaighofer
+-- DATE: 2018-07-17
+-- DESCRIPTION:
+-- partition the edit_log table by year
+-- auto creates table if missing, if failure writes to overflow table
+-- HISTORY:
+
 CREATE OR REPLACE FUNCTION edit_log_insert_trigger ()
 RETURNS TRIGGER AS
 $$
@@ -6,18 +13,23 @@ DECLARE
 	end_date DATE;
 	timeformat TEXT := 'YYYY';
 	selector TEXT := 'year';
-	_interval INTERVAL;
+	base_table TEXT := 'edit_log';
+	_interval INTERVAL := '1 ' || selector;
+	_interval_next INTERVAL := '2 ' || selector;
 	table_name TEXT;
+	-- compare date column
+	compare_date DATE := NEW.event_date;
+	compare_date_name TEXT := 'event_date';
+	-- the create commands
+	command_create_table TEXT := 'CREATE TABLE IF NOT EXISTS {TABLE_NAME} (CHECK({COMPARE_DATE_NAME} >= {START_DATE} AND {COMPARE_DATE_NAME} < {END_DATE})) INHERITS ({BASE_NAME})';
+	command_create_primary_key TEXT := 'ALTER TABLE {TABLE_NAME} ADD PRIMARY KEY ({BASE_TABLE}_id)';
+	command_create_foreign_key_1 TEXT := 'ALTER TABLE {TABLE_NAME} ADD CONSTRAINT {TABLE_NAME}_euid_fkey FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL';
+	command_create_trigger_1 TEXT = 'CREATE TRIGGER trg_{TABLE_NAME} BEFORE INSERT OR UPDATE ON {TABLE_NAME} FOR EACH ROW EXECUTE PROCEDURE set_edit_generic()';
 BEGIN
-	-- get year and month from edit_log date so we can build the target edit_log table
-
-	-- move interval
-	_interval := '1 ' || selector;
-	-- current table name
-	table_name := 'edit_log_' || to_char(NEW.event_date, timeformat);
-
 	-- we are in valid start time area
 	IF (NEW.event_date >= start_date) THEN
+		-- current table name
+		table_name := base_table || '_' || to_char(NEW.event_date, timeformat);
 		BEGIN
 			EXECUTE 'INSERT INTO ' || quote_ident(table_name) || ' SELECT ($1).*' USING NEW;
 		-- if insert failed because of missing table, create new below
@@ -25,17 +37,45 @@ BEGIN
 		WHEN undefined_table THEN
 			-- another block, so in case the creation fails here too
 			BEGIN
-				-- create new talbe here + all indexes
+				-- create new table here + all indexes
 				start_date := date_trunc(selector, NEW.event_date);
 				end_date := date_trunc(selector, NEW.event_date + _interval);
 				-- creat table
-				EXECUTE 'CREATE TABLE IF NOT EXISTS ' || quote_ident(table_name) || ' ( CHECK ( event_date >= ' || quote_literal(start_date) || ' AND event_date < ' || quote_literal(end_date) || ' ) ) INHERITS (edit_log)';
+				EXECUTE format(REPLACE( -- end date
+					REPLACE( -- start date
+						REPLACE( -- compare date name
+							REPLACE( -- base name (inherit)
+								REPLACE( -- table name
+									command_create_table,
+									'{TABLE_NAME}',
+									table_name
+								),
+								'{BASE_NAME}',
+								base_table
+							),
+							'{COMPARE_DATE_NAME}',
+							compare_date_name
+						),
+						'{START_DATE}',
+						quote_literal(start_date)
+					),
+					'{END_DATE}',
+					quote_literal(end_date)
+				));
 				-- create all indexes and triggers
-				EXECUTE 'ALTER TABLE ' || quote_ident(table_name) || ' ADD PRIMARY KEY (edit_log_id)';
+				EXECUTE format(REPLACE(
+					REPLACE(
+						command_create_primary_key,
+						'{TABLE_NAME}',
+						table_name
+					),
+					'{BASE_TABLE}',
+					base_table
+				));
 				-- FK constraints
-				EXECUTE 'ALTER TABLE ' || quote_ident(table_name) || ' ADD CONSTRAINT fk_' || quote_ident(table_name) || '_euid_fkey FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE CASCADE';
+				EXECUTE format(REPLACE(command_create_foreign_key_1, '{TABLE_NAME}', table_name));
 				-- generic trigger
-				EXECUTE 'CREATE TRIGGER trg_' || quote_ident(table_name) || ' BEFORE INSERT OR UPDATE ON ' || quote_ident(table_name) || ' FOR EACH ROW EXECUTE PROCEDURE set_edit_generic()';
+				EXECUTE format(REPLACE(command_create_trigger_1, '{TABLE_NAME}', table_name));
 
 				-- insert try again
 				EXECUTE 'INSERT INTO ' || quote_ident(table_name) || ' SELECT ($1).*' USING NEW;
@@ -49,6 +89,57 @@ BEGIN
 			-- if this faled, throw it into the overflow table (so we don't loose anything)
 			INSERT INTO edit_log_overflow VALUES (NEW.*);
 		END;
+		-- main insert run done, check if we have to create next months table
+		BEGIN
+			-- check if next month table exists
+			table_name := base_table || '_' || to_char((SELECT NEW.event_date + _interval)::DATE, timeformat);
+			-- RAISE NOTICE 'SEARCH NEXT: %', table_name;
+			IF  (SELECT to_regclass(table_name)) IS NULL THEN
+				-- move inner interval same
+				start_date := date_trunc(selector, NEW.event_date + _interval);
+				end_date := date_trunc(selector, NEW.event_date + _interval_next);
+				-- RAISE NOTICE 'CREATE NEXT: %', table_name;
+				-- create table
+				EXECUTE format(REPLACE( -- end date
+					REPLACE( -- start date
+						REPLACE( -- compare date name
+							REPLACE( -- base name (inherit)
+								REPLACE( -- table name
+									command_create_table,
+									'{TABLE_NAME}',
+									table_name
+								),
+								'{BASE_NAME}',
+								base_table
+							),
+							'{COMPARE_DATE_NAME}',
+							compare_date_name
+						),
+						'{START_DATE}',
+						quote_literal(start_date)
+					),
+					'{END_DATE}',
+					quote_literal(end_date)
+				));
+				-- create all indexes and triggers
+				EXECUTE format(REPLACE(
+					REPLACE(
+						command_create_primary_key,
+						'{TABLE_NAME}',
+						table_name
+					),
+					'{BASE_TABLE}',
+					base_table
+				));
+				-- FK constraints
+				EXECUTE format(REPLACE(command_create_foreign_key_1, '{TABLE_NAME}', table_name));
+				-- generic trigger
+				EXECUTE format(REPLACE(command_create_trigger_1, '{TABLE_NAME}', table_name));
+			END IF;
+		EXCEPTION
+		WHEN OTHERS THEN
+			RAISE NOTICE 'Failed to create next table: %', table_name;
+		END;
 	ELSE
 		-- if outside valid date, insert into overflow
 		INSERT INTO edit_log_overflow VALUES (NEW.*);

4dev/database/function/edit_set_group_uid.sql

@@ -0,0 +1,28 @@
+-- add uid add for edit_group table
+
+CREATE OR REPLACE FUNCTION set_edit_group_uid() RETURNS TRIGGER AS
+$$
+	DECLARE
+		myrec RECORD;
+		v_uid VARCHAR;
+	BEGIN
+		-- skip if NEW.name is not set
+		IF NEW.name IS NOT NULL AND NEW.name <> '' THEN
+			-- use NEW.name as base, remove all spaces
+			-- name data is already unique, so we do not need to worry about this here
+			v_uid := REPLACE(NEW.name, ' ', '');
+			IF TG_OP = 'INSERT' THEN
+				-- always set
+				NEW.uid := v_uid;
+			ELSIF TG_OP = 'UPDATE' THEN
+				-- check if not set, then set
+				SELECT INTO myrec t.* FROM edit_group t WHERE edit_group_id = NEW.edit_group_id;
+				IF FOUND THEN
+					NEW.uid := v_uid;
+				END IF;
+			END IF;
+		END IF;
+		RETURN NEW;
+	END;
+$$
+	LANGUAGE 'plpgsql';

4dev/database/function/set_uid.sql

@@ -2,7 +2,7 @@
 
 CREATE OR REPLACE FUNCTION set_uid() RETURNS TRIGGER AS '
 	DECLARE
-		random_length INT = 12; -- that should be long enough
+		random_length INT = 32; -- that should be long enough
 	BEGIN
 		IF TG_OP = ''INSERT'' THEN
 			NEW.uid := random_string(random_length);

4dev/database/function/update_function.sql

@@ -1,14 +1,16 @@
 -- adds the created or updated date tags
 
-CREATE OR REPLACE FUNCTION set_generic() RETURNS TRIGGER AS '
-	BEGIN
-		IF TG_OP = ''INSERT'' THEN
-			NEW.date_created := clock_timestamp();
-			NEW.user_created := current_user;
-		ELSIF TG_OP = ''UPDATE'' THEN
-			NEW.date_updated := clock_timestamp();
-			NEW.user_updated := current_user;
-		END IF;
-		RETURN NEW;
-	END;
-' LANGUAGE 'plpgsql';
+-- OLD, DEPRECATED, use set_generic.sql
+
+-- CREATE OR REPLACE FUNCTION set_generic() RETURNS TRIGGER AS '
+-- 	BEGIN
+-- 		IF TG_OP = ''INSERT'' THEN
+-- 			NEW.date_created := clock_timestamp();
+-- 			NEW.user_created := current_user;
+-- 		ELSIF TG_OP = ''UPDATE'' THEN
+-- 			NEW.date_updated := clock_timestamp();
+-- 			NEW.user_updated := current_user;
+-- 		END IF;
+-- 		RETURN NEW;
+-- 	END;
+-- ' LANGUAGE 'plpgsql';

4dev/database/log/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

4dev/database/table/edit_access.sql

@@ -8,12 +8,12 @@
 -- DROP TABLE edit_access;
 CREATE TABLE edit_access (
 	edit_access_id	SERIAL PRIMARY KEY,
+	enabled	SMALLINT NOT NULL DEFAULT 0,
+	protected SMALLINT DEFAULT 0,
+	deleted	SMALLINT DEFAULT 0,
+	uid	VARCHAR,
 	name	VARCHAR UNIQUE,
 	description	VARCHAR,
 	color	VARCHAR,
-	uid	VARCHAR,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
-	protected INT,
-	deleted	SMALLINT DEFAULT 0,
 	additional_acl	JSONB
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_access_data.sql

@@ -9,8 +9,8 @@
 CREATE TABLE edit_access_data (
 	edit_access_data_id	SERIAL PRIMARY KEY,
 	edit_access_id INT NOT NULL,
-	name	VARCHAR,
-	value	VARCHAR,
+	FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
-	FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	name	VARCHAR,
+	value	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_access_user.sql

@@ -8,12 +8,12 @@
 -- DROP TABLE edit_access_user;
 CREATE TABLE edit_access_user (
 	edit_access_user_id	SERIAL PRIMARY KEY,
-	edit_default	SMALLINT DEFAULT 0,
 	edit_access_id	INT NOT NULL,
-	edit_user_id	INT NOT NULL,
-	edit_access_right_id	INT NOT NULL,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
 	FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_user_id	INT NOT NULL,
 	FOREIGN KEY (edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	edit_access_right_id	INT NOT NULL,
+	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_default	SMALLINT DEFAULT 0,
+	enabled	SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_group.sql

@@ -8,12 +8,13 @@
 -- DROP TABLE edit_group;
 CREATE TABLE edit_group (
 	edit_group_id	SERIAL PRIMARY KEY,
-	name	VARCHAR,
+	edit_scheme_id INT,
+	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_access_right_id INT NOT NULL,
+	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	deleted	SMALLINT DEFAULT 0,
-	edit_scheme_id INT,
-	edit_access_right_id INT NOT NULL,
-	additional_acl	JSONB,
-	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	uid	VARCHAR,
+	name	VARCHAR,
+	additional_acl	JSONB
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_language.sql

@@ -9,10 +9,10 @@
 -- DROP TABLE edit_language;
 CREATE TABLE edit_language (
 	edit_language_id SERIAL PRIMARY KEY,
-	short_name VARCHAR,
-	long_name VARCHAR,
-	iso_name VARCHAR,
-	order_number INT,
 	enabled SMALLINT NOT NULL DEFAULT 0,
-	lang_default SMALLINT NOT NULL DEFAULT 0
+	lang_default SMALLINT NOT NULL DEFAULT 0,
+	long_name VARCHAR,
+	short_name VARCHAR,
+	iso_name VARCHAR,
+	order_number INT
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_log.sql

@@ -8,6 +8,8 @@
 -- DROP TABLE edit_log;
 CREATE TABLE edit_log (
 	edit_log_id	SERIAL PRIMARY KEY,
+	euid	INT, -- this is a foreign key, but I don't nedd to reference to it
+	FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL,
 	username	VARCHAR,
 	password	VARCHAR,
 	event_date	TIMESTAMP WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP,
@@ -26,7 +28,6 @@ CREATE TABLE edit_log (
 	action_value	VARCHAR,
 	action_type	VARCHAR,
 	action_error	VARCHAR,
-	euid	INT, -- this is a foreign key, but I don't nedd to reference to it
 	user_agent	VARCHAR,
 	referer	VARCHAR,
 	script_name	VARCHAR,
@@ -36,6 +37,5 @@ CREATE TABLE edit_log (
 	http_accept	VARCHAR,
 	http_accept_charset	VARCHAR,
 	http_accept_encoding	VARCHAR,
-	session_id	VARCHAR,
-	FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE
+	session_id	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_log_overflow.sql

@@ -0,0 +1,12 @@
+-- AUTHOR: Clemens Schwaighofer
+-- DATE: 2020/1/28
+-- DESCRIPTION:
+-- edit log overflow table
+-- this is the overflow table for partition
+-- TABLE: edit_log_overflow
+-- HISTORY:
+
+-- DROP TABLE edit_log_overflow;
+CREATE TABLE IF NOT EXISTS edit_log_overflow () INHERITS (edit_log);
+ALTER TABLE edit_log_overflow ADD PRIMARY KEY (edit_log_id);
+ALTER TABLE edit_log_overflow ADD CONSTRAINT edit_log_overflow_euid_fkey FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL;

4dev/database/table/edit_page.sql

@@ -9,6 +9,7 @@
 CREATE TABLE edit_page (
 	edit_page_id	SERIAL PRIMARY KEY,
 	content_alias_edit_page_id	INT, -- alias for page content, if the page content is defined on a different page, ege for ajax backend pages
+	FOREIGN KEY (content_alias_edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE RESTRICT ON UPDATE CASCADE,
 	filename	VARCHAR,
 	name	VARCHAR UNIQUE,
 	order_number INT NOT NULL,
@@ -17,5 +18,5 @@ CREATE TABLE edit_page (
 	popup	SMALLINT NOT NULL DEFAULT 0,
 	popup_x	SMALLINT,
 	popup_y SMALLINT,
-	FOREIGN KEY (content_alias_edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE RESTRICT ON UPDATE CASCADE,
+	hostname	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_page_access.sql

@@ -8,13 +8,13 @@
 -- DROP TABLE edit_page_access;
 CREATE TABLE edit_page_access (
 	edit_page_access_id	SERIAL PRIMARY KEY,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
 	edit_group_id	INT NOT NULL,
-	edit_page_id	INT NOT NULL,
-	edit_access_right_id	INT NOT NULL,
 	FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_page_id	INT NOT NULL,
 	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	edit_access_right_id	INT NOT NULL,
+	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	enabled	SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
 

4dev/database/table/edit_page_content.sql

@@ -10,11 +10,11 @@
 CREATE TABLE edit_page_content (
 	edit_page_content_id	SERIAL PRIMARY KEY,
 	edit_page_id	INT NOT NULL,
+	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	edit_access_right_id	INT NOT NULL,
-	name	VARCHAR,
-	uid	VARCHAR UNIQUE,
-	order_number INT NOT NULL,
-	online	SMALLINT NOT NULL DEFAULT 0,
 	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	uid	VARCHAR UNIQUE,
+	name	VARCHAR,
+	order_number INT NOT NULL,
+	online	SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_page_menu_group.sql

@@ -8,7 +8,7 @@
 -- DROP TABLE edit_page_menu_group;
 CREATE TABLE edit_page_menu_group (
 	edit_page_id INT NOT NULL,
-	edit_menu_group_id INT NOT NULL,
 	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_menu_group_id INT NOT NULL,
 	FOREIGN KEY (edit_menu_group_id) REFERENCES edit_menu_group (edit_menu_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 );

4dev/database/table/edit_page_visible_group.sql

@@ -8,7 +8,7 @@
 -- DROP TABLE edit_page_visible_group;
 CREATE TABLE edit_page_visible_group (
 	edit_page_id INT NOT NULL,
-	edit_visible_group_id INT NOT NULL,
 	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_visible_group_id INT NOT NULL,
 	FOREIGN KEY (edit_visible_group_id) REFERENCES edit_visible_group (edit_visible_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 );

4dev/database/table/edit_query_string.sql

@@ -8,10 +8,10 @@
 -- DROP TABLE edit_query_string;
 CREATE TABLE edit_query_string (
 	edit_query_string_id	SERIAL PRIMARY KEY,
+	edit_page_id	INT NOT NULL,
+	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	enabled	SMALLINT NOT NULL DEFAULT 0,
 	name	VARCHAR,
 	value	VARCHAR,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
-	dynamic	SMALLINT NOT NULL DEFAULT 0,
-	edit_page_id	INT NOT NULL,
-	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	dynamic	SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_temp_files.sql

@@ -7,5 +7,6 @@
 
 -- DROP TABLE temp_files;
 CREATE TABLE temp_files (
-	filename	VARCHAR
+	filename	VARCHAR,
+	folder	VARCHAR
 );

4dev/database/table/edit_user.sql

@@ -9,34 +9,39 @@
 CREATE TABLE edit_user (
 	edit_user_id	SERIAL PRIMARY KEY,
 	connect_edit_user_id	INT, -- possible reference to other user
+	FOREIGN KEY (connect_edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_language_id INT NOT NULL,
+	FOREIGN KEY (edit_language_id) REFERENCES edit_language (edit_language_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_group_id INT NOT NULL,
+	FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_scheme_id INT,
+	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_access_right_id INT NOT NULL,
+	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	enabled	SMALLINT NOT NULL DEFAULT 0,
+	deleted	SMALLINT NOT NULL DEFAULT 0,
 	username	VARCHAR UNIQUE,
 	password	VARCHAR,
 	first_name	VARCHAR,
 	last_name	VARCHAR,
 	first_name_furigana	VARCHAR,
 	last_name_furigana	VARCHAR,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
-	deleted	SMALLINT NOT NULL DEFAULT 0,
 	debug	SMALLINT NOT NULL DEFAULT 0,
 	db_debug	SMALLINT NOT NULL DEFAULT 0,
 	email	VARCHAR,
 	protected SMALLINT NOT NULL DEFAULT 0,
 	admin	SMALLINT NOT NULL DEFAULT 0,
-	edit_language_id INT NOT NULL,
-	edit_group_id INT NOT NULL,
-	edit_scheme_id INT,
-	edit_access_right_id INT NOT NULL,
-	login_error_count	INT,
+	login_error_count	INT DEFAULT 0,
 	login_error_date_last	TIMESTAMP WITHOUT TIME ZONE,
 	login_error_date_first	TIMESTAMP WITHOUT TIME ZONE,
 	strict	SMALLINT DEFAULT 0,
 	locked	SMALLINT DEFAULT 0,
 	password_change_date	TIMESTAMP WITHOUT TIME ZONE, -- only when password is first set or changed
 	password_change_interval	INTERVAL, -- null if no change is needed, or d/m/y time interval
-	additional_acl	JSONB, -- additional ACL as JSON string (can be set by other pages)
-	FOREIGN KEY (connect_edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_language_id) REFERENCES edit_language (edit_language_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	password_reset_time	TIMESTAMP WITHOUT TIME ZONE, -- when the password reset was requested
+	password_reset_uid	VARCHAR, -- the uid to access the password reset page
+	additional_acl	JSONB -- additional ACL as JSON string (can be set by other pages)
 ) INHERITS (edit_generic) WITHOUT OIDS;
+
+COMMENT ON COLUMN edit_user.password_reset_time IS 'When the password reset was requested. For reset page uid valid check';
+COMMENT ON COLUMN edit_user.password_reset_uid IS 'Password reset page uid';

4dev/database/table/edit_visible_group.sql

@@ -11,7 +11,3 @@ CREATE TABLE edit_visible_group (
 	name	VARCHAR,
 	flag	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;
-
-DELETE FROM edit_visible_group;
-INSERT INTO edit_visible_group (name, flag) VALUES ('Main Menu', 'main');
-INSERT INTO edit_visible_group (name, flag) VALUES ('Data popup Menu', 'datapopup');

4dev/database/trigger/trg_edit_access.sql

@@ -1,9 +1,9 @@
-DROP TRIGGER trg_edit_access ON edit_access;
+DROP TRIGGER IF EXISTS trg_edit_access ON edit_access;
 CREATE TRIGGER trg_edit_access
 BEFORE INSERT OR UPDATE ON edit_access
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();
 
-DROP TRIGGER trg_set_edit_access_uid ON edit_access;
+DROP TRIGGER IF EXISTS trg_set_edit_access_uid ON edit_access;
 CREATE TRIGGER trg_set_edit_access_uid
 BEFORE INSERT OR UPDATE ON edit_access
 FOR EACH ROW EXECUTE PROCEDURE set_edit_access_uid();

4dev/database/trigger/trg_edit_access_data.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_access_data ON edit_access_data;
+DROP TRIGGER IF EXISTS trg_edit_access_data ON edit_access_data;
 CREATE TRIGGER trg_edit_access_data
 BEFORE INSERT OR UPDATE ON edit_access_data
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_access_right.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_access_right ON edit_access_right;
+DROP TRIGGER IF EXISTS trg_edit_access_right ON edit_access_right;
 CREATE TRIGGER trg_edit_access_right
 BEFORE INSERT OR UPDATE ON edit_access_right
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_access_user.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_access_user ON edit_access_user;
+DROP TRIGGER IF EXISTS trg_edit_access_user ON edit_access_user;
 CREATE TRIGGER trg_edit_access_user
 BEFORE INSERT OR UPDATE ON edit_access_user
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_group.sql

@@ -1,4 +1,9 @@
-DROP TRIGGER trg_edit_group ON edit_group;
+DROP TRIGGER IF EXISTS trg_edit_group ON edit_group;
 CREATE TRIGGER trg_edit_group
 BEFORE INSERT OR UPDATE ON edit_group
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();
+
+DROP TRIGGER IF EXISTS trg_set_edit_group_uid ON edit_group;
+CREATE TRIGGER trg_set_edit_group_uid
+BEFORE INSERT OR UPDATE ON edit_group
+FOR EACH ROW EXECUTE PROCEDURE set_edit_group_uid();

4dev/database/trigger/trg_edit_language.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_language ON edit_language;
+DROP TRIGGER IF EXISTS trg_edit_language ON edit_language;
 CREATE TRIGGER trg_edit_language
 BEFORE INSERT OR UPDATE ON edit_language
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_log.sql

@@ -1,9 +1,9 @@
-DROP TRIGGER trg_edit_log ON edit_log;
+DROP TRIGGER IF EXISTS trg_edit_log ON edit_log;
 CREATE TRIGGER trg_edit_log
 BEFORE INSERT OR UPDATE ON edit_log
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();
 
-DROP TRIGGER trg_edit_log_insert_partition ON edit_log;
+DROP TRIGGER IF EXISTS trg_edit_log_insert_partition ON edit_log;
 CREATE TRIGGER trg_edit_log_insert_partition
 BEFORE INSERT OR UPDATE ON edit_log
 FOR EACH ROW EXECUTE PROCEDURE edit_log_insert_trigger();

4dev/database/trigger/trg_edit_log_overflow.sql

@@ -0,0 +1,4 @@
+DROP TRIGGER IF EXISTS trg_edit_log_overflow ON edit_log_overflow;
+CREATE TRIGGER trg_edit_log_overflow
+BEFORE INSERT OR UPDATE ON edit_log_overflow
+FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_menu_group.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_menu_group ON edit_menu_group;
+DROP TRIGGER IF EXISTS trg_edit_menu_group ON edit_menu_group;
 CREATE TRIGGER trg_edit_menu_group
 BEFORE INSERT OR UPDATE ON edit_menu_group
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_page.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_page ON edit_page;
+DROP TRIGGER IF EXISTS trg_edit_page ON edit_page;
 CREATE TRIGGER trg_edit_page
 BEFORE INSERT OR UPDATE ON edit_page
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_page_access.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_page_access ON edit_page_access;
+DROP TRIGGER IF EXISTS trg_edit_page_access ON edit_page_access;
 CREATE TRIGGER trg_edit_page_access
 BEFORE INSERT OR UPDATE ON edit_page_access
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_page_content.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_page_content ON edit_page_content;
+DROP TRIGGER IF EXISTS trg_edit_page_content ON edit_page_content;
 CREATE TRIGGER trg_edit_page_content
 BEFORE INSERT OR UPDATE ON edit_page_content
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_query_string.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_query_string ON edit_query_string;
+DROP TRIGGER IF EXISTS trg_edit_query_string ON edit_query_string;
 CREATE TRIGGER trg_edit_query_string
 BEFORE INSERT OR UPDATE ON edit_query_string
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_scheme.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_scheme ON edit_scheme;
+DROP TRIGGER IF EXISTS trg_edit_scheme ON edit_scheme;
 CREATE TRIGGER trg_edit_scheme
 BEFORE INSERT OR UPDATE ON edit_scheme
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_user.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_user ON edit_user;
+DROP TRIGGER IF EXISTS trg_edit_user ON edit_user;
 CREATE TRIGGER trg_edit_user
 BEFORE INSERT OR UPDATE ON edit_user
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/trigger/trg_edit_visible_group.sql

@@ -1,4 +1,4 @@
-DROP TRIGGER trg_edit_visible_group ON edit_visible_group;
+DROP TRIGGER IF EXISTS trg_edit_visible_group ON edit_visible_group;
 CREATE TRIGGER trg_edit_visible_group
 BEFORE INSERT OR UPDATE ON edit_visible_group
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();

4dev/database/update/edit_tables_missing_columns.sql

@@ -8,7 +8,7 @@ ALTER TABLE edit_access ADD protected SMALLINT DEFAULT 0;
 ALTER TABLE edit_group ADD uid VARCHAR;
 ALTER TABLE edit_group ADD deleted SMALLINT DEFAULT 0;
 
-ALTER TABLE temp_files ADD folder varchar;
-ALTER TABLE edit_page ADD hostname varchar;
+ALTER TABLE temp_files ADD folder VARCHAR;
+ALTER TABLE edit_page ADD hostname VARCHAR;
 
 ALTER TABLE edit_user ADD deleted SMALLINT DEFAULT 0;

phpstan.neon

@@ -5,14 +5,17 @@ parameters:
 	level: 1
 	paths:
 		- %currentWorkingDirectory%/www
-	#bootstrap: %currentWorkingDirectory%/phpstan-bootstrap.php
-	#bootstrap: phpstan-bootstrap.php
-	autoload_directories:
-	autoload_files:
+	bootstrapFiles:
 		- %currentWorkingDirectory%/phpstan-bootstrap.php
+	scanDirectories:
+		- www/lib/Smarty
+	scanFiles:
+		- www/configs/config.php
 		- www/configs/config.master.php
 		- www/lib/autoloader.php
 		- www/vendor/autoload.php
+		- www/lib/Smarty/Autoloader.php
+		- www/lib/CoreLibs/Template/SmartyExtend.php
 	excludes_analyse:
 		# no check admin
 		- www/admin/qq_file_upload_front.php
@@ -40,10 +43,12 @@ parameters:
 		- www/tmp
 		- www/lib/pChart
 		- www/lib/pChart2.1.4
-		- www/lib/Smarty/
-		- www/lib/smarty-3.1.30/
+		- www/lib/Smarty
+		- www/lib/smarty-3.1.30
 		# ignore composer
 		- www/vendor
+		# ignore the smartyextend
+		- www/lib/CoreLibs/Template/SmartyExtend.php
 	# ignore errores with
 	# ignoreErrors:
 		#- 'error regex'

www/admin/class_test.php

@@ -213,6 +213,16 @@ print "RETURN DATA FOR search_path: ".$data."<br>";
 $status = $basic->dbExec("INSERT INTO test.schema_test (contents, id) VALUES ('TIME: ".time()."', ".rand(1, 10).")");
 print "OTHER SCHEMA INSERT STATUS: ".$status." | PK NAME: ".$basic->pk_name.", PRIMARY KEY: ".$basic->insert_id."<br>";
 
+print "<b>NULL TEST DB READ</b><br>";
+$q = "SELECT uid, null_varchar, null_int FROM test_null_data WHERE uid = 'A'";
+$res = $basic->dbReturnRow($q);
+var_dump($res);
+print "RES: ".$basic->printAr($res)."<br>";
+print "ISSET: ".isset($res['null_varchar'])."<br>";
+print "EMPTY: ".empty($res['null_varchar'])."<br>";
+
+// data read test
+
 // time string thest
 $timestamp = 5887998.33445;
 $time_string = $basic->timeStringFormat($timestamp);

www/admin/phan_test.php

@@ -0,0 +1,9 @@
+<?php declare(strict_types=1);
+
+require 'config.php';
+require BASE.INCLUDES.'admin_header.php';
+
+// $DATA['foo'] = 'bar';
+// $messages['foo'] = 'bar';
+
+// __END__

www/admin/smarty_test.php

@@ -10,26 +10,28 @@ define('USE_DATABASE', true);
 define('USE_HEADER', true);
 require 'config.php';
 require BASE.INCLUDES.'admin_header.php';
-$smarty->MASTER_TEMPLATE_NAME = 'main_body.tpl';
-$smarty->TEMPLATE_NAME = 'smarty_test.tpl';
-$smarty->CSS_SPECIAL_TEMPLATE_NAME = 'smart_test.css';
-$smarty->USE_PROTOTYPE = false;
-$smarty->USE_JQUERY = true;
-$smarty->JS_DATEPICKR = false;
-if ($smarty->USE_PROTOTYPE) {
-	$smarty->ADMIN_JAVASCRIPT = 'edit.pt.js';
-	$smarty->JS_SPECIAL_TEMPLATE_NAME = 'prototype.test.js';
-} elseif ($smarty->USE_JQUERY) {
-	$smarty->ADMIN_JAVASCRIPT = 'edit.jq.js';
-	$smarty->JS_SPECIAL_TEMPLATE_NAME = 'jquery.test.js';
-}
-$smarty->PAGE_WIDTH = "100%";
-// require BASE.INCLUDES.'admin_set_paths.php';
-$smarty->setSmartyPaths();
+if (is_object($smarty)) {
+	$smarty->MASTER_TEMPLATE_NAME = 'main_body.tpl';
+	$smarty->TEMPLATE_NAME = 'smarty_test.tpl';
+	$smarty->CSS_SPECIAL_TEMPLATE_NAME = 'smart_test.css';
+	$smarty->USE_PROTOTYPE = false;
+	$smarty->USE_JQUERY = true;
+	$smarty->JS_DATEPICKR = false;
+	if ($smarty->USE_PROTOTYPE) {
+		$smarty->ADMIN_JAVASCRIPT = 'edit.pt.js';
+		$smarty->JS_SPECIAL_TEMPLATE_NAME = 'prototype.test.js';
+	} elseif ($smarty->USE_JQUERY) {
+		$smarty->ADMIN_JAVASCRIPT = 'edit.jq.js';
+		$smarty->JS_SPECIAL_TEMPLATE_NAME = 'jquery.test.js';
+	}
+	$smarty->PAGE_WIDTH = '100%';
+	// require BASE.INCLUDES.'admin_set_paths.php';
+	$smarty->setSmartyPaths();
 
-// smarty test
-$smarty->DATA['SMARTY_TEST'] = 'Test Data';
-$smarty->DATA['TRANSLATE_TEST'] = $cms->l->__('Are we translated?');
+	// smarty test
+	$smarty->DATA['SMARTY_TEST'] = 'Test Data';
+	$smarty->DATA['TRANSLATE_TEST'] = $cms->l->__('Are we translated?');
+}
 
 // drop down test with optgroups
 $options = array (
@@ -48,8 +50,10 @@ $options = array (
 	)
 );
 
-$smarty->DATA['drop_down_test'] = $options;
-
-// require BASE.INCLUDES.'admin_smarty.php';
-$smarty->setSmartyVarsAdmin();
+if (is_object($smarty)) {
+	$smarty->DATA['drop_down_test'] = $options;
+	$smarty->DATA['loop_start'] = 2;
+	// require BASE.INCLUDES.'admin_smarty.php';
+	$smarty->setSmartyVarsAdmin();
+}
 require BASE.INCLUDES.'admin_footer.php';

www/configs/config.master.php

@@ -88,7 +88,7 @@ define('DEFAULT_ACL_LEVEL', 80);
 // 3: if default template is not found, show error template, do not fall back to default tree
 // 4: very strict, even on normal fixable errors through error
 // define('ERROR_STRICT', 3);
-// allow page caching in general, set to 'FALSE' if you do debugging or development!
+// allow page caching in general, set to 'false' if you do debugging or development!
 // define('ALLOW_SMARTY_CACHE', false);
 // cache life time, in second', default here is 2 days (172800s)
 // -1 is never expire cache
@@ -101,8 +101,23 @@ define('LOGOUT_TARGET', '');
 define('PASSWORD_CHANGE', false);
 define('PASSWORD_FORGOT', false);
 // min/max password length
-define('PASSWORD_MIN_LENGTH', 8);
+define('PASSWORD_MIN_LENGTH', 9);
 define('PASSWORD_MAX_LENGTH', 255);
+// defines allowed special characters
+DEFINE('PASSWORD_SPECIAL_RANGE', '@$!%*?&');
+// password must have upper case, lower case, number, special
+// comment out for not mandatory
+DEFINE('PASSWORD_LOWER', '(?=.*[a-z])');
+DEFINE('PASSWORD_UPPER', '(?=.*[A-Z])');
+DEFINE('PASSWORD_NUMBER', '(?=.*\d)');
+DEFINE('PASSWORD_SPECIAL', "(?=.*[".PASSWORD_SPECIAL_RANGE."])");
+// define full regex
+DEFINE('PASSWORD_REGEX', "/^".
+	(defined('PASSWORD_LOWER') ? PASSWORD_LOWER : '').
+	(defined('PASSWORD_UPPER') ? PASSWORD_UPPER : '').
+	(defined('PASSWORD_NUMBER') ? PASSWORD_NUMBER : '').
+	(defined('PASSWORD_SPECIAL') ? PASSWORD_SPECIAL : '').
+	"[A-Za-z\d".PASSWORD_SPECIAL_RANGE."]{".PASSWORD_MIN_LENGTH.",".PASSWORD_MAX_LENGTH."}$/");
 
 /************* AJAX / ACCESS *************/
 // ajax request type
@@ -169,6 +184,8 @@ define('PUBLIC_SCHEMA', 'public');
 define('DEV_SCHEMA', 'public');
 define('TEST_SCHEMA', 'public');
 define('LIVE_SCHEMA', 'public');
+define('GLOBAL_DB_SCHEMA', '');
+define('LOGIN_DB_SCHEMA', '');
 
 /************* CORE HOST SETTINGS *****************/
 if (file_exists(BASE.CONFIGS.'config.host.php')) {

www/configs/config.other.php

@@ -20,7 +20,7 @@ $paths = array(
 foreach ($paths as $path) {
 	if (file_exists($path.DS.'convert') && is_file($path.DS.'convert')) {
 		// image magick convert location
-		DEFINE('CONVERT', $path.DS.'convert');
+		define('CONVERT', $path.DS.'convert');
 	}
 }
 unset($paths);

www/includes/admin_header.php

@@ -14,8 +14,6 @@ if ($DEBUG_ALL && $ENABLE_ERROR_HANDLING) {
 }
 // predefine vars
 $messages = array();
-// import all POST vars
-// extract($_POST, EXTR_SKIP);
 //------------------------------ variable init end
 
 //------------------------------ library include start

www/includes/edit_base.php

@@ -85,12 +85,12 @@ $table_width = '100%';
 // define all needed smarty stuff for the general HTML/page building
 $HEADER['CSS'] = CSS;
 $HEADER['DEFAULT_ENCODING'] = DEFAULT_ENCODING;
-$HEADER['STYLESHEET'] = isset($ADMIN_STYLESHEET) ? $ADMIN_STYLESHEET : ADMIN_STYLESHEET;
+$HEADER['STYLESHEET'] = $ADMIN_STYLESHEET ?? ADMIN_STYLESHEET;
 
 if ($form->my_page_name == 'edit_order') {
 	// get is for "table_name" and "where" only
-	$table_name = isset($_GET['table_name']) ? $_GET['table_name'] : '';
-	// $where = isset($_GET['where']) ? $_GET['where'] : '';
+	$table_name = $_GET['table_name'] ?? '';
+	// $where = $_GET['where'] ?? '';
 	// order name is _always_ order_number for the edit interface
 
 	// follwing arrays do exist here:
@@ -102,7 +102,7 @@ if ($form->my_page_name == 'edit_order') {
 	if (!isset($position)) {
 		$position = array();
 	}
-	$row_data_id = $_POST['row_data_id'];
+	$row_data_id = $_POST['row_data_id'] ?? [];
 	$original_id = $row_data_id;
 	if (count($position)) {
 		$row_data_order = $_POST['row_data_order'];
@@ -116,8 +116,8 @@ if ($form->my_page_name == 'edit_order') {
 				// this gets the old before (moves one "up")
 				// is done for every element in row
 				// echo "A: ".$row_data_id[$position[$i]]." (".$row_data_order[$position[$i]].") -- ".$row_data_id[$position[$i]-1]." (".$row_data_order[$position[$i]-1].")<br>";
-				$temp_id = $row_data_id[$position[$i]];
-				$row_data_id[$position[$i]] = $row_data_id[$position[$i] - 1];
+				$temp_id = $row_data_id[$position[$i]] ?? null;
+				$row_data_id[$position[$i]] = $row_data_id[$position[$i] - 1] ?? null;
 				$row_data_id[$position[$i] - 1] = $temp_id;
 				// echo "A: ".$row_data_id[$position[$i]]." (".$row_data_order[$position[$i]].") -- ".$row_data_id[$position[$i]-1]." (".$row_data_order[$position[$i]-1].")<br>";
 			} // for
@@ -129,8 +129,8 @@ if ($form->my_page_name == 'edit_order') {
 				// same as up, just up in other way, starts from bottom (last element) and moves "up"
 				// element before actuel gets temp, this element, becomes element after this,
 				// element after this, gets this
-				$temp_id = $row_data_id[$position[$i] + 1];
-				$row_data_id[$position[$i] + 1] = $row_data_id[$position[$i]];
+				$temp_id = $row_data_id[$position[$i] + 1] ?? null;
+				$row_data_id[$position[$i] + 1] = $row_data_id[$position[$i]] ?? null;
 				$row_data_id[$position[$i]] = $temp_id;
 			} // for
 		} // if down
@@ -140,8 +140,10 @@ if ($form->my_page_name == 'edit_order') {
 			(isset($down) && ($position[count($position) - 1] != (count($row_data_id) - 1)))
 		) {
 			for ($i = 0; $i < count($row_data_id); $i ++) {
-				$q = "UPDATE ".$table_name." SET order_number = ".$row_data_order[$i]." WHERE ".$table_name."_id = ".$row_data_id[$i];
-				$q = $form->dbExec($q);
+				if (isset($row_data_order[$i]) && isset($row_data_id[$i])) {
+					$q = "UPDATE ".$table_name." SET order_number = ".$row_data_order[$i]." WHERE ".$table_name."_id = ".$row_data_id[$i];
+					$q = $form->dbExec($q);
+				}
 			} // for all article ids ...
 		} // if write
 	} // if there is something to move
@@ -187,7 +189,9 @@ if ($form->my_page_name == 'edit_order') {
 		// list of points to order
 		for ($j = 0; $j < count($position); $j++) {
 			// if matches, put into select array
-			if ($original_id[$position[$j]] == $row_data[$i]['id']) {
+			if (isset($original_id[$position[$j]]) && isset($row_data[$i]['id']) &&
+				$original_id[$position[$j]] == $row_data[$i]['id']
+			) {
 				$options_selected[] = $i;
 			}
 		}
@@ -208,7 +212,7 @@ if ($form->my_page_name == 'edit_order') {
 
 	// hidden names for the table & where string
 	$DATA['table_name'] = $table_name;
-	$DATA['where_string'] = isset($where_string) ? $where_string : '';
+	$DATA['where_string'] = $where_string ?? '';
 
 	$EDIT_TEMPLATE = 'edit_order.tpl';
 } else {
@@ -282,7 +286,7 @@ if ($form->my_page_name == 'edit_order') {
 				''
 			).
 			// filename
-			$data['filename'].
+			($data['filename'] ?? '').
 			// query string
 			(isset($data['query_string']) && $data['query_string'] ?
 				$data['query_string'] :
@@ -294,13 +298,14 @@ if ($form->my_page_name == 'edit_order') {
 			$menu_data[$i]['splitfactor_in'] = 0;
 		}
 		// on matching, we also need to check if we are in the same folder
-		if ($data['filename'] == $form->getPageName() &&
+		if (isset($data['filename']) &&
+			$data['filename'] == $form->getPageName() &&
 			(!isset($data['hostname']) || (
 				isset($data['hostname']) &&
 					(!$data['hostname'] || strstr($data['hostname'], CONTENT_PATH) !== false)
 			))
 		) {
-			$position = $j;
+			$position = $i;
 			$menu_data[$i]['position'] = 1;
 			$menu_data[$i]['popup'] = 0;
 		} else {
@@ -325,7 +330,7 @@ if ($form->my_page_name == 'edit_order') {
 	} // for
 	// $form->debug('MENU ARRAY', $form->printAr($menu_data));
 	$DATA['menu_data'] = $menu_data;
-	$DATA['page_name'] = $menuarray[$position]['page_name'];
+	$DATA['page_name'] = $menuarray[$position]['page_name'] ?? '-Undefined ['.$position.'] -';
 	$L_TITLE = $DATA['page_name'];
 	// html title
 	$HEADER['HTML_TITLE'] = $form->l->__($L_TITLE);
@@ -476,7 +481,7 @@ if ($form->my_page_name == 'edit_order') {
 }
 
 // debug data, if DEBUG flag is on, this data is print out
-$DEBUG_DATA['DEBUG'] = isset($DEBUG_TMPL) ? $DEBUG_TMPL : '';
+$DEBUG_DATA['DEBUG'] = $DEBUG_TMPL ?? '';
 
 // create main data array
 $CONTENT_DATA = array_merge($HEADER, $DATA, $DEBUG_DATA);

www/includes/templates/admin/smarty_test.tpl

@@ -12,13 +12,19 @@
 <div class="jq-container">
 	<div id="jq-test" class="jp-test">
 		<div id="test-div" class="test-div">
-			Some content ehre or asdfasdfasf
+			Some content here or asdfasdfasf
 		</div>
 		<div id="translate-div">
 			TRANSLATION SMARTY: {t}I should be translated{/t}
 		</div>
 	</div>
 </div>
+<div class="loop-test">
+	<div>LOOP TEST</div>
+{section name=page_list start=1 loop=$loop_start+1}
+	<div>LOOP OUTPUT: {$smarty.section.page_list.index}</div>
+{/section}
+</div>
 {* progresss indicator *}
 <div id="indicator"></div>
 {* the action confirm box *}

www/layout/admin/css/edit.css

@@ -382,7 +382,7 @@ input[type="text"]:focus, textarea:focus, select:focus {
 	left: 0;
 	top: 0;
 	position: absolute;
-	z-index: 100;
+	z-index: 1000;
 }
 /* Animation for above progress */
 @keyframes rotate {

www/layout/admin/javascript/edit.jq.js

@@ -12,6 +12,10 @@ if (!DEBUG) {
 	});
 }*/
 
+// open overlay boxes counter
+var GL_OB_S = 10;
+var GL_OB_BASE = 10;
+
 /**
  * opens a popup window with winName and given features (string)
  * @param {String} theURL   the url
@@ -86,9 +90,10 @@ function getScrollOffset()
 function setCenter(id, left, top)
 {
 	// get size of id
-	var dimensions = {};
-	dimensions.height = $('#' + id).height();
-	dimensions.width = $('#' + id).width();
+	var dimensions = {
+		height: $('#' + id).height(),
+		width: $('#' + id).width()
+	};
 	var type = $('#' + id).css('position');
 	var viewport = getWindowSize();
 	var offset = getScrollOffset();
@@ -120,8 +125,7 @@ function setCenter(id, left, top)
 function goToPos(element, offset = 0)
 {
 	try {
-		if ($('#' + element).length)
-		{
+		if ($('#' + element).length) {
 			$('body,html').animate({
 				scrollTop: $('#' + element).offset().top - offset
 			}, 500);
@@ -278,12 +282,48 @@ function randomIdF()
 	return Math.random().toString(36).substring(2);
 }
 
+/**
+ * check if name is a function
+ * @param  {string}  name Name of function to check if exists
+ * @return {Boolean}      true/false
+ */
+function isFunction(name)
+{
+	if (typeof window[name] !== 'undefined' &&
+		typeof window[name] === 'function') {
+		return true;
+	} else {
+		return false;
+	}
+}
+
+/**
+ * call a function by its string name
+ * https://stackoverflow.com/a/359910
+ * example: executeFunctionByName("My.Namespace.functionName", window, arguments);
+ * @param  {string} functionName The function name or namespace + function
+ * @param  {mixed}  context      context (window or first namespace)
+ *                               hidden next are all the arguments
+ * @return {mixed}               Return values from functon
+ */
+function executeFunctionByName(functionName, context /*, args */)
+{
+	var args = Array.prototype.slice.call(arguments, 2);
+	var namespaces = functionName.split('.');
+	var func = namespaces.pop();
+	for (var i = 0; i < namespaces.length; i++) {
+		context = context[namespaces[i]];
+	}
+	return context[func].apply(context, args);
+}
+
 /**
  * checks if a variable is an object
  * @param  {Mixed}   val possible object
  * @return {Boolean}     true/false if it is an object or not
  */
-function isObject(val) {
+function isObject(val)
+{
 	if (val === null) {
 		return false;
 	}
@@ -295,7 +335,8 @@ function isObject(val) {
  * @param  {Object} object object to check
  * @return {Number} number of entry
  */
-function getObjectCount(object) {
+function getObjectCount(object)
+{
 	return Object.keys(object).length;
 }
 
@@ -338,6 +379,31 @@ function valueInObject(object, value)
 	// }) ? true : false;
 }
 
+/**
+ * true deep copy for Javascript objects
+ * if Object.assign({}, obj) is not working (shallow)
+ * or if JSON.parse(JSON.stringify(obj)) is failing
+ * @param  {Object} inObject Object to copy
+ * @return {Object}          Copied Object
+ */
+function deepCopyFunction(inObject)
+{
+	var outObject, value, key;
+	if (typeof inObject !== "object" || inObject === null) {
+		return inObject; // Return the value if inObject is not an object
+	}
+	// Create an array or object to hold the values
+	outObject = Array.isArray(inObject) ? [] : {};
+	// loop over ech entry in object
+	for (key in inObject) {
+		value = inObject[key];
+		// Recursively (deep) copy for nested objects, including arrays
+		outObject[key] = deepCopyFunction(value);
+	}
+
+	return outObject;
+}
+
 /**
  * checks if a DOM element actually exists
  * @param  {String}  id Element id to check for
@@ -393,6 +459,20 @@ function errorCatch(err)
 	}
 }
 
+/*************************************************************
+ * OLD action indicator and overlay boxes calls
+ * DO NOT USE
+ * actionIndicator -> showActionIndicator
+ * actionIndicator -> hideActionIndicator
+ * actionIndicatorShow -> showActionIndicator
+ * actionIndicatorHide -> hideActionIndicator
+ * overlayBoxShow -> showOverlayBoxLayers
+ * overlayBoxHide -> hideOverlayBoxLayers
+ * setOverlayBox -> showOverlayBoxLayers
+ * hideOverlayBox -> hideOverlayBoxLayers
+ * ClearCall -> ClearCallActionBox
+ * ***********************************************************/
+
 /**
  * show or hide the "do" overlay
  * @param {String}  loc            location name for action indicator
@@ -401,10 +481,10 @@ function errorCatch(err)
  */
 function actionIndicator(loc, overlay = true)
 {
-	if ($('#overlayBox').is(':visible')) {
+	if ($('#indicator').is(':visible')) {
 		actionIndicatorHide(loc, overlay);
 	} else {
-		 actionIndicatorShow(loc, overlay);
+		actionIndicatorShow(loc, overlay);
 	}
 }
 
@@ -417,10 +497,14 @@ function actionIndicator(loc, overlay = true)
  */
 function actionIndicatorShow(loc, overlay = true)
 {
-	console.log('Indicator: SHOW [%s]', loc);
-	$('#indicator').addClass('progress');
-	setCenter('indicator', true, true);
-	$('#indicator').show();
+	// console.log('Indicator: SHOW [%s]', loc);
+	if (!$('#indicator').is(':visible')) {
+		if (!$('#indicator').hasClass('progress')) {
+			$('#indicator').addClass('progress');
+		}
+		setCenter('indicator', true, true);
+		$('#indicator').show();
+	}
 	if (overlay === true) {
 		overlayBoxShow();
 	}
@@ -435,16 +519,15 @@ function actionIndicatorShow(loc, overlay = true)
  */
 function actionIndicatorHide(loc, overlay = true)
 {
-	console.log('Indicator: HIDE [%s]', loc);
+	// console.log('Indicator: HIDE [%s]', loc);
 	$('#indicator').hide();
-	$('#indicator').removeClass('progress');
 	if (overlay === true) {
 		overlayBoxHide();
 	}
 }
 
 /**
- * shows the overlay box
+ * shows the overlay box or if already visible, bumps the zIndex to 100
  */
 function overlayBoxShow()
 {
@@ -453,16 +536,17 @@ function overlayBoxShow()
 		$('#overlayBox').css('zIndex', '100');
 	} else {
 		$('#overlayBox').show();
+		$('#overlayBox').css('zIndex', '98');
 	}
 }
 
 /**
- * hides the overlay box
+ * hides the overlay box or if zIndex is 100 bumps it down to previous level
  */
 function overlayBoxHide()
 {
 	// if the overlay box z-index is 100, do no hide, but set to 98
-	if ($('#overlayBox').css('zIndex') == 100) {
+	if ($('#overlayBox').css('zIndex') >= 100) {
 		$('#overlayBox').css('zIndex', '98');
 	} else {
 		$('#overlayBox').hide();
@@ -474,12 +558,19 @@ function overlayBoxHide()
  */
 function setOverlayBox()
 {
-	var viewport = document.viewport.getDimensions();
-	$('#overlayBox').setStyle ({
-		width: '100%',
-		height: '100%'
-	});
-	$('#overlayBox').show();
+	if (!$('#overlayBox').is(':visible')) {
+		$('#overlayBox').show();
+	}
+}
+
+/**
+ * opposite of set, always hides overlay box
+ */
+function hideOverlayBox()
+{
+	if ($('#overlayBox').is(':visible')) {
+		$('#overlayBox').hide();
+	}
 }
 
 /**
@@ -487,11 +578,167 @@ function setOverlayBox()
  */
 function ClearCall()
 {
-	$('#actionBox').innerHTML = '';
+	$('#actionBox').html('');
 	$('#actionBox').hide();
 	$('#overlayBox').hide();
 }
 
+/*************************************************************
+ * NEW action indicator and overlay box calls
+ * USE THIS
+ * ***********************************************************/
+
+/**
+ * show action indicator
+ * - checks if not existing and add
+ * - only shows if not visible (else ignore)
+ * - overlaybox check is called and shown on a fixzed
+ *   zIndex of 1000
+ * - indicator is page centered
+ * @param {String} loc ID string, only used for console log
+ */
+function showActionIndicator(loc)
+{
+	// console.log('Indicator: SHOW [%s]', loc);
+	// check if indicator element exists
+	if ($('#indicator').length == 0) {
+		var el = document.createElement('div');
+		el.className = 'progress hide';
+		el.id = 'indicator';
+		$('body').append(el);
+	} else if (!$('#indicator').hasClass('progress')) {
+		// if I add a class it will not be hidden anymore
+		// hide it
+		$('#indicator').addClass('progress').hide();
+	}
+	// indicator not visible
+	if (!$('#indicator').is(':visible')) {
+		// check if overlay box element exits
+		checkOverlayExists();
+		// if not visible show
+		if (!$('#overlayBox').is(':visible')) {
+			$('#overlayBox').show();
+		}
+		// always set to 1000 zIndex to be top
+		$('#overlayBox').css('zIndex', 1000);
+		// show indicator
+		$('#indicator').show();
+		// center it
+		setCenter('indicator', true, true);
+	}
+}
+
+/**
+ * hide action indicator, if it is visiable
+ * If the global variable GL_OB_S is > 10 then
+ * the overlayBox is not hidden but the zIndex
+ * is set to this value
+ * @param {String} loc ID string, only used for console log
+ */
+function hideActionIndicator(loc)
+{
+	// console.log('Indicator: HIDE [%s]', loc);
+	// check if indicator is visible
+	if ($('#indicator').is(':visible')) {
+		// hide indicator
+		$('#indicator').hide();
+		// if global overlay box count is > 0
+		// then set it to this level and keep
+		if (GL_OB_S > GL_OB_BASE) {
+			$('#overlayBox').css('zIndex', GL_OB_S);
+		} else {
+			// else hide overlay box and set zIndex to 0
+			$('#overlayBox').hide();
+			$('#overlayBox').css('zIndex', GL_OB_BASE);
+		}
+	}
+}
+
+/**
+ * checks if overlayBox exists, if not it is
+ * added as hidden item at the body end
+ */
+function checkOverlayExists()
+{
+	// check if overlay box exists, if not create it
+	if ($('#overlayBox').length == 0) {
+		var el = document.createElement('div');
+		el.className = 'overlayBoxElement hide';
+		el.id = 'overlayBox';
+		$('body').append(el);
+	}
+}
+
+/**
+ * show overlay box
+ * if not visible show and set zIndex to 10 (GL_OB_BASE)
+ * if visible, add +1 to the GL_OB_S variable and
+ * up zIndex by this value
+ */
+function showOverlayBoxLayers(el_id)
+{
+	// console.log('SHOW overlaybox: %s', GL_OB_S);
+	// if overlay box is not visible show and set zIndex to 0
+	if (!$('#overlayBox').is(':visible')) {
+		$('#overlayBox').show();
+		$('#overlayBox').css('zIndex', GL_OB_BASE);
+		// also set start variable to 0
+		GL_OB_S = GL_OB_BASE;
+	}
+	// up the overlay box counter by 1
+	GL_OB_S ++;
+	// set zIndex
+	$('#overlayBox').css('zIndex', GL_OB_S);
+	// if element given raise zIndex and show
+	if (el_id) {
+		if ($('#' + el_id).length > 0) {
+			$('#' + el_id).css('zIndex', GL_OB_S + 1);
+			$('#' + el_id).show();
+		}
+	}
+	// console.log('SHOW overlaybox NEW zIndex: %s', $('#overlayBox').css('zIndex'));
+}
+
+/**
+ * hide overlay box
+ * lower GL_OB_S value by -1
+ * if we are 10 (GL_OB_BASE) or below hide the overlayIndex
+ * and set zIndex and GL_OB_S to 0
+ * else just set zIndex to the new GL_OB_S value
+ * @param {String} el_id Target to hide layer
+ */
+function hideOverlayBoxLayers(el_id)
+{
+	// console.log('HIDE overlaybox: %s', GL_OB_S);
+	// remove on layer
+	GL_OB_S --;
+	// if 0 or lower (overflow) hide it and
+	// set zIndex to 0
+	if (GL_OB_S <= GL_OB_BASE) {
+		GL_OB_S = GL_OB_BASE;
+		$('#overlayBox').hide();
+		$('#overlayBox').css('zIndex', GL_OB_BASE);
+	} else {
+		// if OB_S > 0 then set new zIndex
+		$('#overlayBox').css('zIndex', GL_OB_S);
+	}
+	if (el_id) {
+		$('#' + el_id).hide();
+		$('#' + el_id).css('zIndex', 0);
+	}
+	// console.log('HIDE overlaybox NEW zIndex: %s', $('#overlayBox').css('zIndex'));
+}
+
+/**
+ * only for single action box
+ */
+function clearCallActionBox()
+{
+	$('#actionBox').html('');
+	$('#actionBox').hide();
+	hideOverlayBoxLayers();
+}
+
 // *** DOM MANAGEMENT FUNCTIONS
 /**
  * reates object for DOM element creation flow
@@ -527,7 +774,8 @@ function ael(base, attach, id = '')
 	if (id) {
 		// base id match already
 		if (base.id == id) {
-			base.sub.push(Object.assign({}, attach));
+			// base.sub.push(Object.assign({}, attach));
+			base.sub.push(deepCopyFunction(attach));
 		} else {
 			// sub check
 			if (isObject(base.sub) && base.sub.length > 0) {
@@ -538,7 +786,8 @@ function ael(base, attach, id = '')
 			}
 		}
 	} else {
-		base.sub.push(Object.assign({}, attach));
+		// base.sub.push(Object.assign({}, attach));
+		base.sub.push(deepCopyFunction(attach));
 	}
 	return base;
 }
@@ -553,7 +802,24 @@ function ael(base, attach, id = '')
 function aelx(base, ...attach)
 {
 	for (var i = 0; i < attach.length; i ++) {
-		base.sub.push(Object.assign({}, attach[i]));
+		// base.sub.push(Object.assign({}, attach[i]));
+		base.sub.push(deepCopyFunction(attach[i]));
+	}
+	return base;
+}
+
+/**
+ * same as aelx, but instead of using objects as parameters
+ * get an array of objects to attach
+ * @param  {Object} base   object to where we attach the elements
+ * @param  {Array}  attach array of objects to attach
+ * @return {Object}        "none", technically there is no return needed, global attach
+ */
+function aelxar(base, attach)
+{
+	for (var i = 0; i < attach.length; i ++) {
+		// base.sub.push(Object.assign({}, attach[i]));
+		base.sub.push(deepCopyFunction(attach[i]));
 	}
 	return base;
 }
@@ -677,6 +943,22 @@ function phfo(tree)
 	// combine to string
 	return content.join('');
 }
+
+/**
+ * Create HTML elements from array list
+ * as a flat element without master object file
+ * Is like tree.sub call
+ * @param  {Array}  list Array of cel created objects
+ * @return {String}      HTML String
+ */
+function phfa(list)
+{
+	var content = [];
+	for (i = 0; i < list.length; i ++) {
+		content.push(phfo(list[i]));
+	}
+	return content.join('');
+}
 // *** DOM MANAGEMENT FUNCTIONS
 
 // BLOCK: html wrappers for quickly creating html data blocks
@@ -767,6 +1049,35 @@ function html_options_block(name, data, selected = '', multiple = 0, options_onl
 		element_option = cel('option', '', value, '', options);
 		// attach it to the select element
 		ael(element_select, element_option);
+		/*
+		// get the original data for this key
+		var opt_value = r_value[opt_key];
+		// if it is an object, we assume a sub group [original data]
+		if (isObject(opt_value)) {
+			element_group = document.createElement('optgroup');
+			element_group.label = opt_key;
+			// loop through attached sub key elements in order (key is orignal)
+			$.each(data.form_reference_order[key][opt_key], function(opt_group_pos, opt_group_key) {
+				var opt_group_value = r_value[opt_key][opt_group_key];
+				element_sub = document.createElement('option');
+				// check if w is object, if yes, the element is a subset drop down
+				element_sub.label = opt_group_value;
+				element_sub.value = opt_group_key;
+				element_sub.innerHTML = opt_group_value;
+				element_group.appendChild(element_sub);
+			});
+			element.appendChild(element_group);
+		} else if (!isObject(opt_key)) {
+			// if this is a plain element, attach as is
+			// we also skip any objects in the reference order group as they are handled different
+			element_sub = document.createElement('option');
+			element_sub.label = opt_value;
+			element_sub.value = opt_key;
+			element_sub.innerHTML = opt_value;
+			element.appendChild(element_sub);
+		}
+
+		 */
 	}
 	// if with select part, convert to text
 	if (!options_only) {

www/layout/admin/javascript/edit.js

@@ -1 +1 @@
-edit.pt.js
+edit.jq.js

www/layout/admin/javascript/edit.pt.js

@@ -176,7 +176,7 @@ function setCenter(id, left, top)
 	var viewport = getWindowSize();
 	var offset = getScrollOffset();
 
-	console.log('Id %s, type: %s, dimensions %s x %s, viewport %s x %s', id, type, dimensions.width, dimensions.height, viewport.width, viewport.height);
+	// console.log('Id %s, type: %s, dimensions %s x %s, viewport %s x %s', id, type, dimensions.width, dimensions.height, viewport.width, viewport.height);
 	// console.log('Scrolloffset left: %s, top: %s', offset.left, offset.top);
 	// console.log('Left: %s, Top: %s (%s)', parseInt((viewport.width / 2) - (dimensions.width / 2) + offset.left), parseInt((viewport.height / 2) - (dimensions.height / 2) + offset.top), parseInt((viewport.height / 2) - (dimensions.height / 2)));
 	if (left) {
@@ -201,8 +201,7 @@ function setCenter(id, left, top)
 function goToPos(element, offset = 0)
 {
 	try {
-		if ($(element))
-		{
+		if ($(element)) {
 			// get the element pos
 			var pos = $(element).cumulativeOffset();
 			// if not top element and no offset given, set auto offset for top element
@@ -485,7 +484,7 @@ function actionIndicator(loc = '')
  */
 function actionIndicatorShow(loc = '')
 {
-	console.log('Indicator: SHOW [%s]', loc);
+	// console.log('Indicator: SHOW [%s]', loc);
 	$('indicator').addClassName('progress');
 	setCenter('indicator', true, true);
 	$('indicator').show();
@@ -499,14 +498,14 @@ function actionIndicatorShow(loc = '')
  */
 function actionIndicatorHide(loc = '')
 {
-	console.log('Indicator: HIDE [%s]', loc);
+	// console.log('Indicator: HIDE [%s]', loc);
 	$('indicator').hide();
 	$('indicator').removeClassName('progress');
 	overlayBoxHide();
 }
 
 /**
- * shows the overlay box
+ * shows the overlay box or if already visible, bumps the zIndex to 100
  */
 function overlayBoxShow()
 {
@@ -519,7 +518,7 @@ function overlayBoxShow()
 }
 
 /**
- * hides the overlay box
+ * hides the overlay box or if zIndex is 100 bumps it down to previous level
  */
 function overlayBoxHide()
 {
@@ -544,6 +543,16 @@ function setOverlayBox()
 	$('overlayBox').show();
 }
 
+/**
+ * opposite of set, always hides overlay box
+ */
+function hideOverlayBox()
+{
+	if ($('overlayBox').visible()) {
+		$('overlayBox').hide();
+	}
+}
+
 /**
  * the abort call, clears the action box and hides it and the overlay box
  */
@@ -618,6 +627,21 @@ function aelx(base, ...attach)
 	return base;
 }
 
+/**
+ * same as aelx, but instead of using objects as parameters
+ * get an array of objects to attach
+ * @param  {Object} base   object to where we attach the elements
+ * @param  {Array}  attach array of objects to attach
+ * @return {Object}        "none", technically there is no return needed, global attach
+ */
+function aelxar(base, attach)
+{
+	attach.each(function(t) {
+		base.sub.push(Object.assign({}, t));
+	});
+	return base;
+}
+
 /**
  * resets the sub elements of the base element given
  * @param  {Object} base cel created element

www/layout/admin/javascript/flatpickr/flatpickr.ja.js

@@ -53,7 +53,8 @@
           ]
       },
       time_24hr: true,
-      rangeSeparator: ' から '
+      rangeSeparator: " から ",
+      firstDayOfWeek: 1
   };
   fp.l10ns.ja = Japanese;
   var ja = fp.l10ns;

www/lib/CoreLibs/ACL/Login.php

@@ -114,16 +114,15 @@ class Login extends \CoreLibs\DB\IO
 
 	/**
 	 * constructor, does ALL, opens db, works through connection checks, closes itself
-	 * @param array  $db_config        db config array
-	 * @param int    $set_control_flag class variable check flags
+	 * @param array $db_config db config array
 	 */
-	public function __construct(array $db_config, int $set_control_flag = 0)
+	public function __construct(array $db_config)
 	{
 		// log login data for this class only
 		$this->log_per_class = 1;
 
 		// create db connection and init base class
-		parent::__construct($db_config, $set_control_flag);
+		parent::__construct($db_config);
 		if ($this->db_init_error === true) {
 			echo 'Could not connect to DB<br>';
 			// if I can't connect to the DB to auth exit hard. No access allowed
@@ -161,8 +160,7 @@ class Login extends \CoreLibs\DB\IO
 
 		// if we have a search path we need to set it, to use the correct DB to login
 		// check what schema to use. if there is a login schema use this, else check if there is a schema set in the config, or fall back to DB_SCHEMA if this exists, if this also does not exists use public schema
-		if (defined('LOGIN_DB_SCHEMA')) {
-			/** @phan-suppress-next-line PhanUndeclaredConstant */
+		if (defined('LOGIN_DB_SCHEMA') && LOGIN_DB_SCHEMA) {
 			$SCHEMA = LOGIN_DB_SCHEMA;
 		} elseif (isset($db_config['db_schema']) && $db_config['db_schema']) {
 			$SCHEMA = $db_config['db_schema'];
@@ -179,16 +177,16 @@ class Login extends \CoreLibs\DB\IO
 		// get login vars, are so, can't be changed
 		// prepare
 		// pass on vars to Object vars
-		$this->login = isset($_POST['login_login']) ? $_POST['login_login'] : '';
-		$this->username = isset($_POST['login_username']) ? $_POST['login_username'] : '';
-		$this->password = isset($_POST['login_password']) ? $_POST['login_password'] : '';
-		$this->logout = isset($_POST['login_logout']) ? $_POST['login_logout'] : '';
+		$this->login = $_POST['login_login'] ?? '';
+		$this->username = $_POST['login_username'] ?? '';
+		$this->password = $_POST['login_password'] ?? '';
+		$this->logout = $_POST['login_logout'] ?? '';
 		// password change vars
-		$this->change_password = isset($_POST['change_password']) ? $_POST['change_password'] : '';
-		$this->pw_username = isset($_POST['pw_username']) ? $_POST['pw_username'] : '';
-		$this->pw_old_password = isset($_POST['pw_old_password']) ? $_POST['pw_old_password'] : '';
-		$this->pw_new_password = isset($_POST['pw_new_password']) ? $_POST['pw_new_password'] : '';
-		$this->pw_new_password_confirm = isset($_POST['pw_new_password_confirm']) ? $_POST['pw_new_password_confirm'] : '';
+		$this->change_password = $_POST['change_password'] ?? '';
+		$this->pw_username = $_POST['pw_username'] ?? '';
+		$this->pw_old_password = $_POST['pw_old_password'] ?? '';
+		$this->pw_new_password = $_POST['pw_new_password'] ?? '';
+		$this->pw_new_password_confirm = $_POST['pw_new_password_confirm'] ?? '';
 		// logout target (from config)
 		$this->logout_target = LOGOUT_TARGET;
 		// disallow user list for password change
@@ -418,8 +416,8 @@ class Login extends \CoreLibs\DB\IO
 							$_SESSION['GROUP_ACL_LEVEL'] = $res['group_level'];
 							$_SESSION['GROUP_ACL_TYPE'] = $res['group_type'];
 							// deprecated TEMPLATE setting
-							$_SESSION['TEMPLATE'] = ($res['template']) ? $res['template'] : '';
-							$_SESSION['HEADER_COLOR'] = ($res['second_header_color']) ? $res['second_header_color'] : $res['first_header_color'];
+							$_SESSION['TEMPLATE'] = $res['template'] ? $res['template'] : '';
+							$_SESSION['HEADER_COLOR'] = $res['second_header_color'] ? $res['second_header_color'] : $res['first_header_color'];
 							$_SESSION['LANG'] = $res['lang_short'];
 							$_SESSION['DEFAULT_CHARSET'] = $res['lang_iso'];
 							$_SESSION['DEFAULT_LANG'] = $res['lang_short'].'_'.strtolower(str_replace('-', '', $res['lang_iso']));
@@ -598,7 +596,7 @@ class Login extends \CoreLibs\DB\IO
 			// unset mem limit if debug is set to 1
 			// if (($GLOBALS["DEBUG_ALL"] || $GLOBALS["DB_DEBUG"] || $_SESSION["DEBUG_ALL"] || $_SESSION["DB_DEBUG"]) && ini_get('memory_limit') != -1)
 			// 	ini_set('memory_limit', -1);
-			if ($res['filename'] == $this->page_name) {
+			if (isset($res['filename']) && $res['filename'] == $this->page_name) {
 				$this->permission_okay = true;
 			} else {
 				$this->login_error = 103;
@@ -1194,7 +1192,7 @@ EOM;
 		$q .= "(username, password, euid, event_date, event, error, data, data_binary, page, ";
 		$q .= "ip, user_agent, referer, script_name, query_string, server_name, http_host, http_accept, http_accept_charset, http_accept_encoding, session_id, ";
 		$q .= "action, action_id, action_yes, action_flag, action_menu, action_loaded, action_value, action_error) ";
-		$q .= "VALUES ('".$this->dbEscapeString($username)."', 'PASSWORD', ".(($this->euid) ? $this->euid : 'NULL').", ";
+		$q .= "VALUES ('".$this->dbEscapeString($username)."', 'PASSWORD', ".($this->euid ? $this->euid : 'NULL').", ";
 		$q .= "NOW(), '".$this->dbEscapeString($event)."', '".$this->dbEscapeString((string)$error)."', '".$this->dbEscapeString($data)."', '".$data_binary."', '".$this->page_name."', ";
 		foreach (array(
 			'REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING'
@@ -1228,7 +1226,7 @@ EOM;
 			is_array($_SESSION['UNIT']) &&
 			!array_key_exists($edit_access_id, $_SESSION['UNIT'])
 		) {
-			return $_SESSION['UNIT_DEFAULT'];
+			return (int)$_SESSION['UNIT_DEFAULT'];
 		} else {
 			return $edit_access_id;
 		}

www/lib/CoreLibs/Admin/Backend.php

@@ -68,21 +68,20 @@ class Backend extends \CoreLibs\DB\IO
 	// CONSTRUCTOR / DECONSTRUCTOR |====================================>
 	/**
 	 * main class constructor
-	 * @param array       $db_config        db config array
-	 * @param int|integer $set_control_flag class variable check flag
+	 * @param array $db_config db config array
 	 */
-	public function __construct(array $db_config, int $set_control_flag = 0)
+	public function __construct(array $db_config)
 	{
 		$this->setLangEncoding();
 		// get the language sub class & init it
 		$this->l = new \CoreLibs\Language\L10n($this->lang);
 
 		// init the database class
-		parent::__construct($db_config, $set_control_flag);
+		parent::__construct($db_config);
 
 		// set the action ids
 		foreach ($this->action_list as $_action) {
-			$this->$_action = (isset($_POST[$_action])) ? $_POST[$_action] : '';
+			$this->$_action = $_POST[$_action] ?? '';
 		}
 
 		$this->default_acl = DEFAULT_ACL_LEVEL;
@@ -169,8 +168,7 @@ class Backend extends \CoreLibs\DB\IO
 		}
 
 		// check schema
-		if (defined('LOGIN_DB_SCHEMA')) {
-			/** @phan-suppress-next-line PhanUndeclaredConstant */
+		if (defined('LOGIN_DB_SCHEMA') && LOGIN_DB_SCHEMA) {
 			$SCHEMA = LOGIN_DB_SCHEMA;
 		} elseif ($this->dbGetSchema()) {
 			$SCHEMA = $this->dbGetSchema();
@@ -189,14 +187,14 @@ class Backend extends \CoreLibs\DB\IO
 		$q .= "NOW(), ";
 		$q .= "'".$this->dbEscapeString((string)$event)."', '".$data."', '".$data_binary."', '".$this->dbEscapeString((string)$this->page_name)."', ";
 		$q .= "'".@$_SERVER["REMOTE_ADDR"]."', '".$this->dbEscapeString(@$_SERVER['HTTP_USER_AGENT'])."', ";
-		$q .= "'".$this->dbEscapeString(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '')."', ";
-		$q .= "'".$this->dbEscapeString(isset($_SERVER['SCRIPT_FILENAME']) ? $_SERVER['SCRIPT_FILENAME'] : '')."', ";
-		$q .= "'".$this->dbEscapeString(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '')."', ";
-		$q .= "'".$this->dbEscapeString(isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : '')."', ";
-		$q .= "'".$this->dbEscapeString(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '')."', ";
-		$q .= "'".$this->dbEscapeString(isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : '')."', ";
-		$q .= "'".$this->dbEscapeString(isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '')."', ";
-		$q .= "'".$this->dbEscapeString(isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '')."', ";
+		$q .= "'".$this->dbEscapeString($_SERVER['HTTP_REFERER'] ?? '')."', ";
+		$q .= "'".$this->dbEscapeString($_SERVER['SCRIPT_FILENAME'] ?? '')."', ";
+		$q .= "'".$this->dbEscapeString($_SERVER['QUERY_STRING'] ?? '')."', ";
+		$q .= "'".$this->dbEscapeString($_SERVER['SERVER_NAME'] ?? '')."', ";
+		$q .= "'".$this->dbEscapeString($_SERVER['HTTP_HOST'] ?? '')."', ";
+		$q .= "'".$this->dbEscapeString($_SERVER['HTTP_ACCEPT'] ?? '')."', ";
+		$q .= "'".$this->dbEscapeString($_SERVER['HTTP_ACCEPT_CHARSET'] ?? '')."', ";
+		$q .= "'".$this->dbEscapeString($_SERVER['HTTP_ACCEPT_ENCODING'] ?? '')."', ";
 		$q .= "'".session_id()."', ";
 		$q .= "'".$this->dbEscapeString($this->action)."', ";
 		$q .= "'".$this->dbEscapeString($this->action_id)."', ";
@@ -221,7 +219,7 @@ class Backend extends \CoreLibs\DB\IO
 		}
 
 		// get the session pages array
-		$PAGES = isset($_SESSION['PAGES']) ? $_SESSION['PAGES'] : null;
+		$PAGES = $_SESSION['PAGES'] ?? null;
 		if (!isset($PAGES) || !is_array($PAGES)) {
 			$PAGES = array();
 		}
@@ -291,11 +289,11 @@ class Backend extends \CoreLibs\DB\IO
 					if (isset($data['hostname']) && $data['hostname']) {
 						$url .= $data['hostname'];
 					}
-					$url .= isset($data['filename']) ? $data['filename'] : '';
+					$url .= $data['filename'] ?? '';
 					if (strlen($query_string)) {
 						$url .= '?'.$query_string;
 					}
-					$name = isset($data['page_name']) ? $data['page_name'] : '';
+					$name = $data['page_name'] ?? '';
 					// if page name matchs -> set selected flag
 					$selected = 0;
 					if (isset($data['filename']) &&
@@ -341,6 +339,7 @@ class Backend extends \CoreLibs\DB\IO
 		if ($filename === null) {
 			return $enabled;
 		}
+		/** @phan-suppress-next-line PhanNoopSwitchCases */
 		switch ($filename) {
 			default:
 				$enabled = true;
@@ -442,8 +441,7 @@ class Backend extends \CoreLibs\DB\IO
 		string $associate = null,
 		string $file = null
 	): void {
-		if (defined('GLOBAL_DB_SCHEMA')) {
-			/** @phan-suppress-next-line PhanUndeclaredConstant */
+		if (defined('GLOBAL_DB_SCHEMA') && GLOBAL_DB_SCHEMA) {
 			$SCHEMA = GLOBAL_DB_SCHEMA;
 		} elseif ($this->dbGetSchema()) {
 			$SCHEMA = $this->dbGetSchema();

www/lib/CoreLibs/Basic.php

@@ -188,19 +188,11 @@ class Basic
 	// ajax flag
 	protected $ajax_page_flag = false;
 
-	// METHOD: __construct
-	// PARAMS: set_control_flag [current sets set/get var errors]
-	// RETURN: none
-	// DESC  : class constructor
 	/**
 	 * main Basic constructor to init and check base settings
-	 * @param int $set_control_flag 0/1/2/3 to set internal class parameter check
 	 */
-	public function __construct(int $set_control_flag = 0)
+	public function __construct()
 	{
-		// init flags
-		$this->__setControlFlag($set_control_flag);
-
 		// set per run UID for logging
 		$this->running_uid = hash($this->hash_algo, uniqid((string)rand(), true));
 		// running time start for script
@@ -425,81 +417,6 @@ class Basic
 		// $this->fdebugFP('c');
 	}
 
-	// *************************************************************
-	// INTERAL VARIABLE ERROR HANDLER
-	// *************************************************************
-
-	/**
-	 * sets internal control flags for class variable check
-	 * 0 -> turn of all, works like default php class
-	 * CLASS_STRICT_MODE: 1 -> if set throws error on unset class variable
-	 * CLASS_OFF_COMPATIBLE_MODE: 2 -> if set turns of auto set for unset variables
-	 * 3 -> sets error on unset and does not set variable (strict)
-	 * @param  int    $set_control_flag control flag as 0/1/2/3
-	 * @return void
-	 */
-	private function __setControlFlag(int $set_control_flag): void
-	{
-		// is there either a constant or global set to override the control flag
-		if (defined('CLASS_VARIABLE_ERROR_MODE')) {
-			$set_control_flag = CLASS_VARIABLE_ERROR_MODE;
-		}
-		if (isset($GLOBALS['CLASS_VARIABLE_ERROR_MODE'])) {
-			$set_control_flag = $GLOBALS['CLASS_VARIABLE_ERROR_MODE'];
-		}
-		// bit wise check of int and set
-		if ($set_control_flag & self::CLASS_OFF_COMPATIBLE_MODE) {
-			$this->set_compatible = false;
-		} else {
-			$this->set_compatible = true;
-		}
-		if ($set_control_flag & self::CLASS_STRICT_MODE) {
-			$this->set_strict_mode = true;
-		} else {
-			$this->set_strict_mode = false;
-		}
-	}
-
-	/**
-	 * if strict mode is set, throws an error if the class variable is not set
-	 * if compatible mode is set, also auto sets variable even if not declared
-	 * default is strict mode false and compatible mode on
-	 * @param  mixed $name  class variable name
-	 * @return void
-	 */
-	public function __set($name, $value): void
-	{
-		if ($this->set_strict_mode === true && !property_exists($this, $name)) {
-			trigger_error('Undefined property via __set(): '.$name, E_USER_NOTICE);
-		}
-		// use this for fallback as to work like before to set unset
-		if ($this->set_compatible === true) {
-			$this->{$name} = $value;
-		}
-	}
-
-	/**
-	 * if strict mode is set, throws an error if the class variable is not set
-	 * default is strict mode false
-	 * @param  mixed $name class variable name
-	 * @return mixed       return set variable content
-	 */
-	public function &__get($name)
-	{
-		if ($this->set_strict_mode === true && !property_exists($this, $name)) {
-			trigger_error('Undefined property via __get(): '.$name, E_USER_NOTICE);
-		}
-		// on set return
-		if (property_exists($this, $name)) {
-			return $this->$name;
-		} elseif ($this->set_compatible === true && !property_exists($this, $name)) {
-			// if it is not set, and we are in compatible mode we need to init.
-			// This is so that $class->array['key'] = 'bar'; works
-			$this->{$name} = null;
-			return $this->$name;
-		}
-	}
-
 	// *************************************************************
 	// GENERAL METHODS
 	// *************************************************************
@@ -686,6 +603,63 @@ class Basic
 		}
 	}
 
+	/**
+	 * checks if we have a need to work on certain debug output
+	 * Needs debug/echo/print ad target for which of the debug flag groups we check
+	 * also needs level string to check in the per level output flag check.
+	 * In case we have invalid target it will return false
+	 * @param  string $target target group to check debug/echo/print
+	 * @param  string $level  level to check in detailed level flag
+	 * @return bool           true on access allowed or false on no access
+	 */
+	private function doDebugTrigger(string $target, string $level): bool
+	{
+		$access = false;
+		// check if we do debug, echo or print
+		switch ($target) {
+			case 'debug':
+				if ((
+						(isset($this->debug_output[$level]) && $this->debug_output[$level]) ||
+						$this->debug_output_all
+					) &&
+					(!isset($this->debug_output_not[$level]) ||
+						(isset($this->debug_output_not[$level]) && !$this->debug_output_not[$level])
+					)
+				) {
+					$access = true;
+				}
+				break;
+			case 'echo':
+				if ((
+						(isset($this->echo_output[$level]) && $this->echo_output[$level]) ||
+						$this->echo_output_all
+					) &&
+					(!isset($this->echo_output_not[$level]) ||
+						(isset($this->echo_output_not[$level]) && !$this->echo_output_not[$level])
+					)
+				) {
+					$access = true;
+				}
+				break;
+			case 'print':
+				if ((
+						(isset($this->print_output[$level]) && $this->print_output[$level]) ||
+						$this->print_output_all
+					) &&
+					(!isset($this->print_output_not[$level]) ||
+						(isset($this->print_output_not[$level]) && !$this->print_output_not[$level])
+					)
+				) {
+					$access = true;
+				}
+				break;
+			default:
+				// fall through with access false
+				break;
+		}
+		return $access;
+	}
+
 	/**
 	 * write debug data to error_msg array
 	 * @param  string       $level  id for error message, groups messages together
@@ -697,7 +671,7 @@ class Basic
 	 */
 	public function debug(string $level, string $string, bool $strip = false): void
 	{
-		if (($this->debug_output[$level] || $this->debug_output_all) && !$this->debug_output_not[$level]) {
+		if ($this->doDebugTrigger('debug', $level)) {
 			if (!isset($this->error_msg[$level])) {
 				$this->error_msg[$level] = '';
 			}
@@ -721,7 +695,7 @@ class Basic
 			// write to file if set
 			$this->writeErrorMsg($level, $error_string_print);
 			// write to error level
-			if (($this->echo_output[$level] || $this->echo_output_all) && !$this->echo_output_not[$level]) {
+			if ($this->doDebugTrigger('echo', $level)) {
 				$this->error_msg[$level] .= $error_string;
 			}
 		}
@@ -782,9 +756,9 @@ class Basic
 			}
 			$script_end = microtime(true) - $this->script_starttime;
 			foreach ($this->error_msg as $level => $temp_debug_output) {
-				if (($this->debug_output[$level] || $this->debug_output_all) && !$this->debug_output_not[$level]) {
-					if (($this->echo_output[$level] || $this->echo_output_all) && !$this->echo_output_not[$level]) {
-						$string_output .= '<div style="font-size: 12px;">[<span style="font-style: italic; color: #c56c00;">'.$level.'</span>] '.(($string) ? "<b>**** ".$this->htmlent($string)." ****</b>\n" : "").'</div>';
+				if ($this->doDebugTrigger('debug', $level)) {
+					if ($this->doDebugTrigger('echo', $level)) {
+						$string_output .= '<div style="font-size: 12px;">[<span style="font-style: italic; color: #c56c00;">'.$level.'</span>] '.($string ? "<b>**** ".$this->htmlent($string)." ****</b>\n" : "").'</div>';
 						$string_output .= $temp_debug_output;
 					} // echo it out
 				} // do printout
@@ -809,64 +783,64 @@ class Basic
 	 */
 	private function writeErrorMsg(string $level, string $error_string): void
 	{
-		if (($this->debug_output[$level] || $this->debug_output_all) && !$this->debug_output_not[$level]) {
-			// only write if write is requested
-			if (($this->print_output[$level] || $this->print_output_all) && !$this->print_output_not[$level]) {
-				// replace all html tags
-				// $error_string = preg_replace("/(<\/?)(\w+)([^>]*>)/", "##\\2##", $error_string);
-				// $error_string = preg_replace("/(<\/?)(\w+)([^>]*>)/", "", $error_string);
-				// replace special line break tag
-				// $error_string = str_replace('<!--#BR#-->', "\n", $error_string);
+		// only write if write is requested
+		if ($this->doDebugTrigger('debug', $level) &&
+			$this->doDebugTrigger('print', $level)
+		) {
+			// replace all html tags
+			// $error_string = preg_replace("/(<\/?)(\w+)([^>]*>)/", "##\\2##", $error_string);
+			// $error_string = preg_replace("/(<\/?)(\w+)([^>]*>)/", "", $error_string);
+			// replace special line break tag
+			// $error_string = str_replace('<!--#BR#-->', "\n", $error_string);
 
-				// init output variable
-				$output = $error_string; // output formated error string to output file
-				// init base file path
-				$fn = BASE.LOG.$this->log_print_file.'.'.$this->log_file_name_ext;
-				// log ID prefix settings, if not valid, replace with empty
-				if (preg_match("/^[A-Za-z0-9]+$/", $this->log_file_id)) {
-					$rpl_string = '_'.$this->log_file_id;
-				} else {
-					$rpl_string = '';
+			// init output variable
+			$output = $error_string; // output formated error string to output file
+			// init base file path
+			$fn = BASE.LOG.$this->log_print_file.'.'.$this->log_file_name_ext;
+			// log ID prefix settings, if not valid, replace with empty
+			if (preg_match("/^[A-Za-z0-9]+$/", $this->log_file_id)) {
+				$rpl_string = '_'.$this->log_file_id;
+			} else {
+				$rpl_string = '';
+			}
+			$fn = str_replace('##LOGID##', $rpl_string, $fn); // log id (like a log file prefix)
+
+			if ($this->log_per_run) {
+				if (isset($GLOBALS['LOG_FILE_UNIQUE_ID'])) {
+					$this->log_file_unique_id = $GLOBALS['LOG_FILE_UNIQUE_ID'];
 				}
-				$fn = str_replace('##LOGID##', $rpl_string, $fn); // log id (like a log file prefix)
-
-				if ($this->log_per_run) {
-					if (isset($GLOBALS['LOG_FILE_UNIQUE_ID'])) {
-						$this->log_file_unique_id = $GLOBALS['LOG_FILE_UNIQUE_ID'];
-					}
-					if (!$this->log_file_unique_id) {
-						$GLOBALS['LOG_FILE_UNIQUE_ID'] = $this->log_file_unique_id = date('Y-m-d_His').'_U_'.substr(hash('sha1', uniqid((string)mt_rand(), true)), 0, 8);
-					}
-					$rpl_string = '_'.$this->log_file_unique_id; // add 8 char unique string
-				} else {
-					$rpl_string = !$this->log_print_file_date ? '' : '_'.date('Y-m-d'); // add date to file
+				if (!$this->log_file_unique_id) {
+					$GLOBALS['LOG_FILE_UNIQUE_ID'] = $this->log_file_unique_id = date('Y-m-d_His').'_U_'.substr(hash('sha1', uniqid((string)mt_rand(), true)), 0, 8);
 				}
-				$fn = str_replace('##DATE##', $rpl_string, $fn); // create output filename
+				$rpl_string = '_'.$this->log_file_unique_id; // add 8 char unique string
+			} else {
+				$rpl_string = !$this->log_print_file_date ? '' : '_'.date('Y-m-d'); // add date to file
+			}
+			$fn = str_replace('##DATE##', $rpl_string, $fn); // create output filename
 
-				$rpl_string = !$this->log_per_level ? '' : '_'.$level; // if request to write to one file
-				$fn = str_replace('##LEVEL##', $rpl_string, $fn); // create output filename
+			$rpl_string = !$this->log_per_level ? '' : '_'.$level; // if request to write to one file
+			$fn = str_replace('##LEVEL##', $rpl_string, $fn); // create output filename
 
-				$rpl_string = !$this->log_per_class ? '' : '_'.str_replace('\\', '-', get_class($this)); // set sub class settings
-				$fn = str_replace('##CLASS##', $rpl_string, $fn); // create output filename
+			$rpl_string = !$this->log_per_class ? '' : '_'.str_replace('\\', '-', get_class($this)); // set sub class settings
+			$fn = str_replace('##CLASS##', $rpl_string, $fn); // create output filename
 
-				$rpl_string = !$this->log_per_page ? '' : '_'.$this->getPageName(1); // if request to write to one file
-				$fn = str_replace('##PAGENAME##', $rpl_string, $fn); // create output filename
+			$rpl_string = !$this->log_per_page ? '' : '_'.$this->getPageName(1); // if request to write to one file
+			$fn = str_replace('##PAGENAME##', $rpl_string, $fn); // create output filename
 
-				// write to file
-				// first check if max file size is is set and file is bigger
-				if ($this->log_max_filesize > 0 && ((filesize($fn) / 1024) > $this->log_max_filesize)) {
-					// for easy purpose, rename file only to attach timestamp, nur sequence numbering
-					rename($fn, $fn.'.'.date("YmdHis"));
-				}
-				$fp = fopen($fn, 'a');
-				if ($fp !== false) {
-					fwrite($fp, $output);
-					fclose($fp);
-				} else {
-					echo "<!-- could not open file: $fn //-->";
-				}
-			} // do write to file
-		}
+			// write to file
+			// first check if max file size is is set and file is bigger
+			if ($this->log_max_filesize > 0 && ((filesize($fn) / 1024) > $this->log_max_filesize)) {
+				// for easy purpose, rename file only to attach timestamp, nur sequence numbering
+				rename($fn, $fn.'.'.date("YmdHis"));
+			}
+			$fp = fopen($fn, 'a');
+			if ($fp !== false) {
+				fwrite($fp, $output);
+				fclose($fp);
+			} else {
+				echo "<!-- could not open file: $fn //-->";
+			}
+		} // do write to file
 	}
 
 	/**
@@ -1030,11 +1004,11 @@ class Basic
 	{
 		if (is_array($haystack)) {
 			if (in_array((string)$needle, $haystack)) {
-				return (($type) ? "checked" : "selected");
+				return $type ? 'checked' : 'selected';
 			}
 		} else {
 			if ($haystack == $needle) {
-				return (($type) ? "checked" : "selected");
+				return $type ? 'checked' : 'selected';
 			}
 		}
 		return null;
@@ -1135,7 +1109,7 @@ class Basic
 		}
 		// if it is a link already just return the original link do not touch anything
 		if (!$href && !$atag) {
-			return "##LT##a href=##QUOT##".$_1.$_2.$_3."##QUOT##".(($class) ? ' class=##QUOT##'.$class.'##QUOT##' : '').(($target) ? " target=##QUOT##".$target."##QUOT##" : '')."##GT##".(($name) ? $name : $_2.$_3)."##LT##/a##GT##";
+			return "##LT##a href=##QUOT##".$_1.$_2.$_3."##QUOT##".($class ? ' class=##QUOT##'.$class.'##QUOT##' : '').($target ? " target=##QUOT##".$target."##QUOT##" : '')."##GT##".($name ? $name : $_2.$_3)."##LT##/a##GT##";
 		} elseif ($href && !$atag) {
 			return "href=##QUOT##$_1$_2$_3##QUOT##";
 		} elseif ($atag) {
@@ -1160,7 +1134,7 @@ class Basic
 	{
 		$email = $_1."@".$_2.".".$_3;
 		if (!$mailto && !$atag) {
-			return "##LT##a href=##QUOT##mailto:".$email."##QUOT##".(($class) ? ' class=##QUOT##'.$class.'##QUOT##' : '')."##GT##".(($title) ? $title : $email)."##LT##/a##GT##";
+			return "##LT##a href=##QUOT##mailto:".$email."##QUOT##".($class ? ' class=##QUOT##'.$class.'##QUOT##' : '')."##GT##".($title ? $title : $email)."##LT##/a##GT##";
 		} elseif ($mailto && !$atag) {
 			return "mailto:".$email;
 		} elseif ($atag) {
@@ -1198,7 +1172,7 @@ class Basic
 	public static function getPageName(int $strip_ext = 0): string
 	{
 		// get the file info
-		$page_temp = pathinfo($_SERVER["PHP_SELF"]);
+		$page_temp = pathinfo($_SERVER['PHP_SELF']);
 		if ($strip_ext == 1) {
 			return $page_temp['filename'];
 		} elseif ($strip_ext == 2) {
@@ -1216,7 +1190,7 @@ class Basic
 	public static function getFilenameEnding(string $filename): string
 	{
 		$page_temp = pathinfo($filename);
-		return isset($page_temp['extension']) ? $page_temp['extension'] : '';
+		return $page_temp['extension'] ?? '';
 	}
 
 	/**
@@ -1256,7 +1230,12 @@ class Basic
 					$path[] = $key;
 					break;
 				} elseif (is_array($val) &&
-					$path = Basic::arraySearchRecursive($needle, $val, $key_lookin)
+					$path = Basic::arraySearchRecursive(
+						$needle,
+						(array)$val,
+						// to avoid PhanTypeMismatchArgumentNullable
+						($key_lookin === null ? $key_lookin : (string)$key_lookin)
+					)
 				) {
 					array_unshift($path, $key);
 					break;
@@ -1271,10 +1250,10 @@ class Basic
 	 * @param  string|int $needle   needle (search for)
 	 * @param  array      $haystack haystack (search in)
 	 * @param  string|int $key      the key to look for in
-	 * @param  array      $path     recursive call for previous path
+	 * @param  array|null $path     recursive call for previous path
 	 * @return ?array               all array elements paths where the element was found
 	 */
-	public static function arraySearchRecursiveAll($needle, array $haystack, $key, $path = null): ?array
+	public static function arraySearchRecursiveAll($needle, array $haystack, $key, ?array $path = null): ?array
 	{
 		// init if not set on null
 		if ($path === null) {
@@ -1723,7 +1702,7 @@ class Basic
 				$exp ++;
 			}
 			// label name, including leading space if flagged
-			$pre = ($space ? ' ' : '').(isset($labels[$exp]) ? $labels[$exp] : '>E').($si ? 'i' : '').'B';
+			$pre = ($space ? ' ' : '').($labels[$exp] ?? '>E').($si ? 'i' : '').'B';
 			$bytes_calc = $abs_bytes / pow($unit, $exp);
 			if ($adjust) {
 				return sprintf("%.2f%sB", $bytes_calc, $pre);
@@ -1746,6 +1725,7 @@ class Basic
 	 */
 	public static function stringByteFormat($number, bool $dot_thousand = false)
 	{
+		$matches = [];
 		// detects up to exo bytes
 		preg_match("/([\d.,]*)\s?(eb|pb|tb|gb|mb|kb|e|p|t|g|m|k|b)$/", strtolower($number), $matches);
 		if (isset($matches[1]) && isset($matches[2])) {
@@ -1893,7 +1873,7 @@ class Basic
 		if (!$date) {
 			return false;
 		}
-		list ($year, $month, $day) = preg_split("/[\/-]/", $date);
+		list ($year, $month, $day) = array_pad(preg_split("/[\/-]/", $date), 3, null);
 		if (!$year || !$month || !$day) {
 			return false;
 		}
@@ -1951,13 +1931,13 @@ class Basic
 		}
 
 		// splits the data up with / or -
-		list ($start_year, $start_month, $start_day) = preg_split('/[\/-]/', $start_date);
-		list ($end_year, $end_month, $end_day) = preg_split('/[\/-]/', $end_date);
+		list ($start_year, $start_month, $start_day) = array_pad(preg_split('/[\/-]/', $start_date), 3, null);
+		list ($end_year, $end_month, $end_day) = array_pad(preg_split('/[\/-]/', $end_date), 3, null);
 		// check that month & day are two digits and then combine
 		foreach (array('start', 'end') as $prefix) {
 			foreach (array('month', 'day') as $date_part) {
 				$_date = $prefix.'_'.$date_part;
-				if ($$_date < 10 && !preg_match("/^0/", $$_date)) {
+				if (isset($$_date) && $$_date < 10 && !preg_match("/^0/", $$_date)) {
 					$$_date = '0'.$$_date;
 				}
 			}
@@ -1983,7 +1963,7 @@ class Basic
 	 * returns int/bool in:
 	 *     -1 if the first date is smaller the last
 	 *     0 if both are equal
-	 *     1 if the end date is bigger than the last
+	 *     1 if the first date is bigger than the last
 	 *     false if no valid date/times chould be found
 	 * @param  string $start_datetime start date/time in YYYY-MM-DD HH:mm:ss
 	 * @param  string $end_datetime   end date/time in YYYY-MM-DD HH:mm:ss
@@ -2119,6 +2099,8 @@ class Basic
 			}
 			// if type is not in the list, but returns as PDF, we need to convert to JPEG before
 			if (!$type)	{
+				$output = [];
+				$return = null;
 				// is this a PDF, if no, return from here with nothing
 				$convert_prefix = 'png:';
 				# TEMP convert to PNG, we then override the file name
@@ -2500,17 +2482,33 @@ class Basic
 	}
 
 	/**
-	 * detects the source encoding of the string and if doesn't match to the given target encoding it convert is
+	 * detects the source encoding of the string and if doesn't match
+	 * to the given target encoding it convert is
+	 * if source encoding is set and auto check is true (default) a second
+	 * check is done so that the source string encoding actually matches
+	 * will be skipped if source encoding detection is ascii
 	 * @param  string $string          string to convert
 	 * @param  string $to_encoding     target encoding
 	 * @param  string $source_encoding optional source encoding, will try to auto detect
+	 * @param  bool   $auto_check      default true, if source encoding is set
+	 *                                 check that the source is actually matching
+	 *                                 to what we sav the source is
 	 * @return string                  encoding converted string
 	 */
-	public static function convertEncoding(string $string, string $to_encoding, string $source_encoding = ''): string
+	public static function convertEncoding(string $string, string $to_encoding, string $source_encoding = '', bool $auto_check = true): string
 	{
 		// set if not given
 		if (!$source_encoding) {
 			$source_encoding = mb_detect_encoding($string);
+		} else {
+			$_source_encoding = mb_detect_encoding($string);
+		}
+		if ($auto_check === true &&
+			isset($_source_encoding) &&
+			$_source_encoding == $source_encoding
+		) {
+			// trigger check if we have override source encoding.
+			// if different (_source is all but not ascii) then trigger skip if matching
 		}
 		if ($source_encoding != $to_encoding) {
 			if ($source_encoding) {
@@ -2648,6 +2646,35 @@ class Basic
 		);
 	}
 
+	/**
+	 * TODO: make this a proper uniq ID creation
+	 *       add uuidv4 subcall to the uuid function too
+	 * creates a uniq id
+	 * @param  string $type uniq id type, currently md5 or sha256 allowed
+	 *                      if not set will use DEFAULT_HASH if set
+	 * @return string       uniq id
+	 */
+	public function uniqId(string $type = ''): string
+	{
+		$uniq_id = '';
+		switch ($type) {
+			case 'md5':
+				$uniq_id = md5(uniqid((string)rand(), true));
+				break;
+			case 'sha256':
+				$uniq_id = hash('sha256', uniqid((string)rand(), true));
+				break;
+			default:
+				$hash = 'sha256';
+				if (defined(DEFAULT_HASH)) {
+					$hash = DEFAULT_HASH;
+				}
+				$uniq_id = hash($hash, uniqid((string)rand(), true));
+				break;
+		}
+		return $uniq_id;
+	}
+
 	// [!!! DEPRECATED !!!]
 	// ALL crypt* methids are DEPRECATED and SHALL NOT BE USED
 	// use the new password* instead
@@ -2909,7 +2936,7 @@ class Basic
 			// convert to HEX value
 			$$color = dechex($$color);
 			// prefix with 0 if only one char
-			$$color = ((strlen($$color) < 2) ? '0' : '').$$color;
+			$$color = (strlen($$color) < 2 ? '0' : '').$$color;
 		}
 		// prefix hex parts with 0 if they are just one char long and return the html color string
 		return '#'.$red.$green.$blue;
@@ -3081,7 +3108,7 @@ class Basic
 			// S= L <= 0.5 ? C/2L : C/2 - 2L
 			return array(
 				(int)round($HUE),
-				(int)round((($MAX - $MIN) / (($L <= 0.5) ? ($MAX + $MIN) : (2 - $MAX - $MIN))) * 100),
+				(int)round((($MAX - $MIN) / ($L <= 0.5 ? ($MAX + $MIN) : (2 - $MAX - $MIN))) * 100),
 				(int)$L
 			);
 		}
@@ -3101,11 +3128,11 @@ class Basic
 		if ($s == 0) {
 			return array($l * 255, $l * 255, $l * 255);
 		} else {
-			$m2 = ($l < 0.5) ? $l * ($s + 1) : ($l + $s) - ($l * $s);
+			$m2 = $l < 0.5 ? $l * ($s + 1) : ($l + $s) - ($l * $s);
 			$m1 = $l * 2 - $m2;
 			$hue = function ($base) use ($m1, $m2) {
 				// base = hue, hue > 360 (1) - 360 (1), else < 0 + 360 (1)
-				$base = ($base < 0) ? $base + 1 : (($base > 1) ? $base - 1 : $base);
+				$base = $base < 0 ? $base + 1 : ($base > 1 ? $base - 1 : $base);
 				// 6: 60, 2: 180, 3: 240
 				// 2/3 = 240
 				// 1/3 = 120 (all from 360)
@@ -3209,13 +3236,13 @@ class Basic
 		$max_year = (int)date("Y", $timestamp) + 1;
 
 		// preset year, month, ...
-		$year = (!$year) ? date("Y", $timestamp) : $year;
-		$month = (!$month) ? date("m", $timestamp) : $month;
-		$day = (!$day) ? date("d", $timestamp) : $day;
-		$hour = (!$hour) ? date("H", $timestamp) : $hour;
-		$min = (!$min) ? date("i", $timestamp) : $min; // add to five min?
+		$year = !$year ? date('Y', $timestamp) : $year;
+		$month = !$month ? date('m', $timestamp) : $month;
+		$day = !$day ? date('d', $timestamp) : $day;
+		$hour = !$hour ? date('H', $timestamp) : $hour;
+		$min = !$min ? date('i', $timestamp) : $min; // add to five min?
 		// max days in selected month
-		$days_in_month = date("t", strtotime($year."-".$month."-".$day." ".$hour.":".$min.":0"));
+		$days_in_month = date('t', strtotime($year.'-'.$month.'-'.$day.' '.$hour.':'.$min.':0'));
 		$string = '';
 		// from now to ?
 		if ($name_pos_back === false) {
@@ -3223,7 +3250,7 @@ class Basic
 		}
 		$string .= '<select id="year'.$suffix.'" name="year'.$suffix.'" onChange="'.$on_change_call.'">';
 		for ($i = date("Y"); $i <= $max_year; $i ++) {
-			$string .= '<option value="'.$i.'" '.(($year == $i) ? 'selected' : '').'>'.$i.'</option>';
+			$string .= '<option value="'.$i.'" '.($year == $i ? 'selected' : '').'>'.$i.'</option>';
 		}
 		$string .= '</select> ';
 		if ($name_pos_back === true) {
@@ -3234,7 +3261,7 @@ class Basic
 		}
 		$string .= '<select id="month'.$suffix.'" name="month'.$suffix.'" onChange="'.$on_change_call.'">';
 		for ($i = 1; $i <= 12; $i ++) {
-			$string .= '<option value="'.(($i < 10) ? '0'.$i : $i).'" '.(($month == $i) ? 'selected' : '').'>'.$i.'</option>';
+			$string .= '<option value="'.($i < 10 ? '0'.$i : $i).'" '.($month == $i ? 'selected' : '').'>'.$i.'</option>';
 		}
 		$string .= '</select> ';
 		if ($name_pos_back === true) {
@@ -3246,7 +3273,7 @@ class Basic
 		$string .= '<select id="day'.$suffix.'" name="day'.$suffix.'" onChange="'.$on_change_call.'">';
 		for ($i = 1; $i <= $days_in_month; $i ++) {
 			// set weekday text based on current month ($month) and year ($year)
-			$string .= '<option value="'.(($i < 10) ? '0'.$i : $i).'" '.(($day == $i) ? 'selected' : '').'>'.$i.' ('.date('D', mktime(0, 0, 0, $month, $i, $year)).')</option>';
+			$string .= '<option value="'.($i < 10 ? '0'.$i : $i).'" '.($day == $i ? 'selected' : '').'>'.$i.' ('.date('D', mktime(0, 0, 0, $month, $i, $year)).')</option>';
 		}
 		$string .= '</select> ';
 		if ($name_pos_back === true) {
@@ -3257,7 +3284,7 @@ class Basic
 		}
 		$string .= '<select id="hour'.$suffix.'" name="hour'.$suffix.'" onChange="'.$on_change_call.'">';
 		for ($i = 0; $i <= 23; $i += $min_steps) {
-			$string .= '<option value="'.(($i < 10) ? '0'.$i : $i).'" '.(($hour == $i) ? 'selected' : '').'>'.$i.'</option>';
+			$string .= '<option value="'.($i < 10 ? '0'.$i : $i).'" '.($hour == $i ? 'selected' : '').'>'.$i.'</option>';
 		}
 		$string .= '</select> ';
 		if ($name_pos_back === true) {
@@ -3268,7 +3295,7 @@ class Basic
 		}
 		$string .= '<select id="min'.$suffix.'" name="min'.$suffix.'" onChange="'.$on_change_call.'">';
 		for ($i = 0; $i <= 59; $i ++) {
-			$string .= '<option value="'.(( $i < 10) ? '0'.$i : $i).'" '.(($min == $i) ? 'selected' : '').'>'.$i.'</option>';
+			$string .= '<option value="'.($i < 10 ? '0'.$i : $i).'" '.($min == $i ? 'selected' : '').'>'.$i.'</option>';
 		}
 		$string .= '</select>';
 		if ($name_pos_back === true) {

www/lib/CoreLibs/DB/Extended/ArrayIO.php

@@ -51,15 +51,14 @@ class ArrayIO extends \CoreLibs\DB\IO
 	/**
 	 * constructor for the array io class, set the
 	 * primary key name automatically (from array)
-	 * @param array       $db_config        db connection config
-	 * @param array       $table_array      table array config
-	 * @param string      $table_name       table name string
-	 * @param int|integer $set_control_flag set basic class set/get variable error flags
+	 * @param array  $db_config   db connection config
+	 * @param array  $table_array table array config
+	 * @param string $table_name  table name string
 	 */
-	public function __construct(array $db_config, array $table_array, string $table_name, int $set_control_flag = 0)
+	public function __construct(array $db_config, array $table_array, string $table_name)
 	{
 		// instance db_io class
-		parent::__construct($db_config, $set_control_flag);
+		parent::__construct($db_config);
 		// more error vars for this class
 		$this->error_string['91'] = 'No Primary Key given';
 		$this->error_string['92'] = 'Could not run Array Query';

www/lib/CoreLibs/DB/IO.php

@@ -128,13 +128,13 @@
 *	  - returns an hashed array of table column data
 *	function db_prepare($stm_name, $query)
 *     - prepares a query with the given stm name, returns false on error
-*   function db_execute($stm_name, $data = array())
+*   function db_execute($stm_name, $data = [])
 *     - execute a query that was previously prepared
 *   $string db_escape_string($string)
 *     - correctly escapes string for db insert
 *   $string db_boolean(string)
 *     - if the string value is 't' or 'f' it returns correct TRUE/FALSE for php
-*   $primary_key db_write_data($write_array, $not_write_array, $primary_key, $table, $data = array())
+*   $primary_key db_write_data($write_array, $not_write_array, $primary_key, $table, $data = [])
 *     - writes into one table based on arrays of columns to write and not write, reads data from global vars or optional array
 *   $boolean db_set_schema(schema)
 *     - sets search path to a schema
@@ -270,7 +270,7 @@ class IO extends \CoreLibs\Basic
 	public $cursor; // actual cursor (DBH)
 	public $num_rows; // how many rows have been found
 	public $num_fields; // how many fields has the query
-	public $field_names = array(); // array with the field names of the current query
+	public $field_names = []; // array with the field names of the current query
 	public $insert_id; // last inserted ID
 	public $insert_id_ext; // extended insert ID (for data outside only primary key)
 	private $temp_sql;
@@ -288,14 +288,15 @@ class IO extends \CoreLibs\Basic
 
 	// endless loop protection
 	private $MAX_QUERY_CALL;
-	private $query_called = array();
+	private $DEFAULT_MAX_QUERY_CALL = 20; // default
+	private $query_called = [];
 	// error string
-	protected $error_string = array();
+	protected $error_string = [];
 	// prepared list
-	public $prepare_cursor = array();
+	public $prepare_cursor = [];
 	// primary key per table list
 	// format is 'table' => 'pk_name'
-	public $pk_name_table = array();
+	public $pk_name_table = [];
 	// internal primary key name, for cross calls in async
 	public $pk_name;
 	// if we use RETURNING in the INSERT call
@@ -306,15 +307,14 @@ class IO extends \CoreLibs\Basic
 	/**
 	 * main DB concstructor with auto connection to DB and failure set on failed connection
 	 * @param array $db_config        DB configuration array
-	 * @param int   $set_control_flag 0/1/2/3 to set internal class parameter check
 	 */
-	public function __construct(array $db_config, int $set_control_flag = 0)
+	public function __construct(array $db_config)
 	{
 		// start basic class
-		parent::__construct($set_control_flag);
+		parent::__construct();
 		// dummy init array for db config if not array
 		if (!is_array($db_config)) {
-			$db_config = array();
+			$db_config = [];
 		}
 		// sets the names (for connect/reconnect)
 		$this->db_name = $db_config['db_name'] ?? '';
@@ -357,6 +357,8 @@ class IO extends \CoreLibs\Basic
 		$this->error_string['40'] = 'Query async call failed.';
 		$this->error_string['41'] = 'Connection is busy with a different query. Cannot execute.';
 		$this->error_string['42'] = 'Cannot check for async query, none has been started yet.';
+		$this->error_string['50'] = 'Setting max query call to -1 will disable loop protection for all subsequent runs';
+		$this->error_string['51'] = 'Max query call needs to be set to at least 1';
 
 		// set debug, either via global var, or debug var during call
 		$this->db_debug = false;
@@ -508,7 +510,7 @@ class IO extends \CoreLibs\Basic
 	{
 		$string = '';
 		if (!is_array($array)) {
-			$array = array();
+			$array = [];
 		}
 		foreach ($array as $key => $value) {
 			$string .= $this->nbsp.'<b>'.$key.'</b> => ';
@@ -614,7 +616,7 @@ class IO extends \CoreLibs\Basic
 	 * @param  array  $data     the data array
 	 * @return string           string of query with data inside
 	 */
-	private function __dbDebugPrepare(string $stm_name, array $data = array()): string
+	private function __dbDebugPrepare(string $stm_name, array $data = []): string
 	{
 		// get the keys from data array
 		$keys = array_keys($data);
@@ -633,6 +635,7 @@ class IO extends \CoreLibs\Basic
 	 */
 	private function __dbReturnTable(string $query): array
 	{
+		$matches = [];
 		if (preg_match("/^SELECT /i", $query)) {
 			preg_match("/ (FROM) (([\w_]+)\.)?([\w_]+) /i", $query, $matches);
 		} else {
@@ -655,6 +658,7 @@ class IO extends \CoreLibs\Basic
 	 */
 	private function __dbPrepareExec(string $query, string $pk_name)
 	{
+		$matches= [];
 		// to either use the returning method or the guess method for getting primary keys
 		$this->returning_id = false;
 		// set the query
@@ -729,7 +733,10 @@ class IO extends \CoreLibs\Basic
 			$this->query_called[$md5] = 0;
 		}
 		// count up the run, if this is run more than the max_run then exit with error
-		if ($this->query_called[$md5] > $this->MAX_QUERY_CALL) {
+		// if set to -1, then ignore it
+		if ($this->MAX_QUERY_CALL != -1 &&
+			$this->query_called[$md5] > $this->MAX_QUERY_CALL
+		) {
 				$this->error_id = 30;
 				$this->__dbError();
 				$this->__dbDebug('db', $this->query, 'dbExec', 'Q[nc]');
@@ -765,7 +772,7 @@ class IO extends \CoreLibs\Basic
 				// count the fields
 				$this->num_fields = $this->db_functions->__dbNumFields($this->cursor);
 				// set field names
-				$this->field_names = array();
+				$this->field_names = [];
 				for ($i = 0; $i < $this->num_fields; $i ++) {
 					$this->field_names[] = $this->db_functions->__dbFieldName($this->cursor, $i);
 				}
@@ -781,8 +788,8 @@ class IO extends \CoreLibs\Basic
 					if (!$this->returning_id) {
 						$this->insert_id = $this->db_functions->__dbInsertId($this->query, $this->pk_name);
 					} else {
-						$this->insert_id = array();
-						$this->insert_id_ext = array();
+						$this->insert_id = [];
+						$this->insert_id_ext = [];
 						// echo "** PREPARE RETURNING FOR CURSOR: ".$this->cursor."<br>";
 						// we have returning, now we need to check if we get one or many returned
 						// we'll need to loop this, if we have multiple insert_id returns
@@ -855,6 +862,52 @@ class IO extends \CoreLibs\Basic
 		return $this->db_debug;
 	}
 
+	/**
+	 * set max query calls, set to --1 to disable loop
+	 * protection. this will generate a warning
+	 * empty call (null) will reset to default
+	 * @param  int|null $max_calls Set the max loops allowed
+	 * @return bool                True for succesfull set
+	 */
+	public function dbSetMaxQueryCall(?int $max_calls = null): bool
+	{
+		$success = false;
+		// if null then reset to default
+		if ($max_calls === null) {
+			$max_calls = $this->DEFAULT_MAX_QUERY_CALL;
+		}
+		// if -1 then disable loop check
+		// DANGEROUS, WARN USER
+		if ($max_calls == -1) {
+			$this->warning_id = 50;
+			$this->__dbError();
+		}
+		// negative or 0
+		if ($max_calls < -1 || $max_calls == 0) {
+			$this->error_id = 51;
+			$this->__dbError();
+			// early abort
+			return false;
+		}
+		// ok entry, set
+		if ($max_calls == -1 ||
+			$max_calls > 0
+		) {
+			$this->MAX_QUERY_CALL = $max_calls;
+			$succes = true;
+		}
+		return $success;
+	}
+
+	/**
+	 * returns current set max query calls for loop avoidance
+	 * @return int Integer number, if -1 the loop check is disabled
+	 */
+	public function dbGetMaxQueryCall(): int
+	{
+		return $this->MAX_QUERY_CALL;
+	}
+
 	/**
 	 * resets the call times for the max query called to 0
 	 * USE CAREFULLY: rather make the query prepare -> execute
@@ -994,7 +1047,7 @@ class IO extends \CoreLibs\Basic
 		$string .= 'at host <b>\''.$this->db_host.'\'</b> ';
 		$string .= 'on port <b>\''.$this->db_port.'\'</b> ';
 		$string .= 'with ssl mode <b>\''.$this->db_ssl.'\'</b><br>';
-		$string .= '<b>-DB-info-></b> DB IO Class debug output: <b>'.(($this->db_debug) ? 'Yes' : 'No').'</b>';
+		$string .= '<b>-DB-info-></b> DB IO Class debug output: <b>'.($this->db_debug ? 'Yes' : 'No').'</b>';
 		if ($show === true) {
 			$this->__dbDebug('db', $string, 'dbInfo');
 		} else {
@@ -1157,7 +1210,7 @@ class IO extends \CoreLibs\Basic
 					$return = false;
 				} else {
 					// unset return value ...
-					$return = array();
+					$return = [];
 					for ($i = 0; $i < $this->cursor_ext[$md5]['num_fields']; $i ++) {
 						// create mixed return array
 						if ($assoc_only === false && isset($this->cursor_ext[$md5]['data'][$this->cursor_ext[$md5]['pos']][$i])) {
@@ -1193,7 +1246,7 @@ class IO extends \CoreLibs\Basic
 					$this->cursor_ext[$md5]['read_rows'] ++;
 					// if reset is <3 caching is done, else no
 					if ($reset < 3) {
-						$temp = array();
+						$temp = [];
 						foreach ($return as $field_name => $data) {
 							$temp[$field_name] = $data;
 						}
@@ -1383,9 +1436,9 @@ class IO extends \CoreLibs\Basic
 			return false;
 		}
 		$cursor = $this->dbExec($query);
-		$rows = array();
+		$rows = [];
 		while ($res = $this->dbFetchArray($cursor, $assoc_only)) {
-			$data = array();
+			$data = [];
 			for ($i = 0; $i < $this->num_fields; $i ++) {
 				$data[$this->field_names[$i]] = $res[$this->field_names[$i]];
 			}
@@ -1407,7 +1460,7 @@ class IO extends \CoreLibs\Basic
 			return false;
 		}
 		$md5 = md5($query);
-		return $this->cursor_ext[$md5]['pos'];
+		return (int)$this->cursor_ext[$md5]['pos'];
 	}
 
 	/**
@@ -1423,7 +1476,7 @@ class IO extends \CoreLibs\Basic
 			return false;
 		}
 		$md5 = md5($query);
-		return $this->cursor_ext[$md5]['num_rows'];
+		return (int)$this->cursor_ext[$md5]['num_rows'];
 	}
 
 	/**
@@ -1454,6 +1507,7 @@ class IO extends \CoreLibs\Basic
 	 */
 	public function dbPrepare(string $stm_name, string $query, string $pk_name = '')
 	{
+		$matches = [];
 		if (!$query) {
 			$this->error_id = 11;
 			$this->__dbError();
@@ -1507,6 +1561,7 @@ class IO extends \CoreLibs\Basic
 					$this->prepare_cursor[$stm_name]['pk_name'] = $pk_name;
 				}
 			}
+			$match = [];
 			// search for $1, $2, in the query and push it into the control array
 			preg_match_all('/(\$[0-9]{1,})/', $query, $match);
 			$this->prepare_cursor[$stm_name]['count'] = count($match[1]);
@@ -1534,7 +1589,7 @@ class IO extends \CoreLibs\Basic
 	 * @param  array         $data     data to run for this query, empty array for none
 	 * @return ?mixed                  false on error, or result on OK
 	 */
-	public function dbExecute(string $stm_name, array $data = array())
+	public function dbExecute(string $stm_name, array $data = [])
 	{
 		// if we do not have no prepare cursor array entry for this statement name, abort
 		if (!is_array($this->prepare_cursor[$stm_name])) {
@@ -1569,8 +1624,8 @@ class IO extends \CoreLibs\Basic
 				if (!$this->prepare_cursor[$stm_name]['returning_id']) {
 					$this->insert_id = $this->db_functions->__dbInsertId($this->prepare_cursor[$stm_name]['query'], $this->prepare_cursor[$stm_name]['pk_name']);
 				} elseif ($result) {
-					$this->insert_id = array();
-					$this->insert_id_ext = array();
+					$this->insert_id = [];
+					$this->insert_id_ext = [];
 					// we have returning, now we need to check if we get one or many returned
 					// we'll need to loop this, if we have multiple insert_id returns
 					while ($_insert_id = $this->db_functions->__dbFetchArray(
@@ -1665,6 +1720,7 @@ class IO extends \CoreLibs\Basic
 	 */
 	public function dbCompareVersion(string $compare): bool
 	{
+		$matches = [];
 		// compare has =, >, < prefix, and gets stripped, if the rest is not X.Y format then error
 		preg_match("/^([<>=]{1,})(\d{1,})\.(\d{1,})/", $compare, $matches);
 		$compare = $matches[1];
@@ -1760,18 +1816,18 @@ class IO extends \CoreLibs\Basic
 	 * @param  array    $data            data array to override _POST data
 	 * @return int|bool                  primary key
 	 */
-	public function dbWriteData(array $write_array, array $not_write_array, $primary_key, string $table, $data = array())
+	public function dbWriteData(array $write_array, array $not_write_array, $primary_key, string $table, $data = [])
 	{
 		if (!is_array($write_array)) {
-			$write_array = array();
+			$write_array = [];
 		}
 		if (!is_array($not_write_array)) {
-			$not_write_array = array();
+			$not_write_array = [];
 		}
 		if (is_array($table)) {
 			return false;
 		}
-		$not_write_update_array = array();
+		$not_write_update_array = [];
 		return $this->dbWriteDataExt($write_array, $primary_key, $table, $not_write_array, $not_write_update_array, $data);
 	}
 
@@ -1792,9 +1848,9 @@ class IO extends \CoreLibs\Basic
 		array $write_array,
 		$primary_key,
 		string $table,
-		array $not_write_array = array(),
-		array $not_write_update_array = array(),
-		array $data = array()
+		array $not_write_array = [],
+		array $not_write_update_array = [],
+		array $data = []
 	) {
 		if (!is_array($primary_key)) {
 			$primary_key = array(
@@ -1868,7 +1924,7 @@ class IO extends \CoreLibs\Basic
 					}
 					// write data into sql string
 					if (strstr($table_data[$field]['type'], 'int')) {
-						$q_sub_data .= (is_numeric($_data)) ? $_data : 'NULL';
+						$q_sub_data .= is_numeric($_data) ? $_data : 'NULL';
 					} else {
 						// if bool -> set bool, else write data
 						$q_sub_data .= isset($_data) ? "'".($is_bool ? $this->dbBoolean($_data, true) : $this->dbEscapeString($_data))."'" : 'NULL';
@@ -1898,7 +1954,7 @@ class IO extends \CoreLibs\Basic
 			$primary_key['value'] = $this->insert_id;
 		}
 		// if there is not priamry key value field return false
-		return isset($primary_key['value']) ? $primary_key['value'] : false;
+		return $primary_key['value'] ?? false;
 	}
 
 	/**
@@ -1909,10 +1965,10 @@ class IO extends \CoreLibs\Basic
 	 */
 	public function dbTimeFormat(string $age, bool $show_micro = false): string
 	{
+		$matches = [];
 		// in string (datetime diff): 1786 days 22:11:52.87418
 		// or (age): 4 years 10 mons 21 days 12:31:11.87418
 		// also -09:43:54.781021 or without - prefix
-
 		preg_match("/(.*)?(\d{2}):(\d{2}):(\d{2})(\.(\d+))/", $age, $matches);
 
 		$prefix = $matches[1] != '-' ? $matches[1] : '';
@@ -1931,16 +1987,10 @@ class IO extends \CoreLibs\Basic
 	 */
 	public function dbArrayParse(string $text): array
 	{
-		$output = array();
+		$output = [];
 		return $this->db_functions->__dbArrayParse($text, $output);
 	}
 
-	// METHOD: dbSqlEscape
-	// WAS   : db_sql_escape
-	// PARAMS: value -> to escape data
-	//          kbn -> escape trigger type
-	// RETURN: escaped value
-	// DESC  : clear up any data for valid DB insert
 	/**
 	 * clear up any data for valid DB insert
 	 * @param  int|float|string $value to escape data
@@ -1951,23 +2001,77 @@ class IO extends \CoreLibs\Basic
 	{
 		switch ($kbn) {
 			case 'i':
-				$value = ($value === '') ? "NULL" : intval($value);
+				$value = $value === '' ? "NULL" : intval($value);
 				break;
 			case 'f':
-				$value = ($value === '') ? "NULL" : floatval($value);
+				$value = $value === '' ? "NULL" : floatval($value);
 				break;
 			case 't':
-				$value = ($value === '') ? "NULL" : "'".$this->dbEscapeString($value)."'";
+				$value = $value === '' ? "NULL" : "'".$this->dbEscapeString($value)."'";
 				break;
 			case 'd':
-				$value = ($value === '') ? "NULL" : "'".$this->dbEscapeString($value)."'";
+				$value = $value === '' ? "NULL" : "'".$this->dbEscapeString($value)."'";
 				break;
 			case 'i2':
-				$value = ($value === '') ? 0 : intval($value);
+				$value = $value === '' ? 0 : intval($value);
 				break;
 		}
 		return $value;
 	}
+
+	/**
+	 * return current set insert_id as is
+	 * @return string|int|null Primary key value, most likely int
+	 *                         Empty string for unset
+	 *                         Null for error
+	 */
+	public function getInsertPK()
+	{
+		return $this->insert_id;
+	}
+
+	/**
+	 * return the extended insert return string set
+	 * Most likely Array
+	 * @param  string|null       $key Optional key for insert_id_ext array
+	 *                                if found will return only this element,
+	 *                                else will return null
+	 * @return array|string|null      RETURNING values as array
+	 *                                Empty string for unset
+	 *                                Null for error
+	 */
+	public function getInsertReturn($key = null)
+	{
+		if ($key !== null) {
+			if (isset($this->insert_id_ext[$key])) {
+				return $this->insert_id_ext[$key];
+			} else {
+				return null;
+			}
+		}
+		return $this->insert_id_ext;
+	}
+
+	/**
+	 * returns the full array for cursor ext
+	 * @param  string|null $q Query string, if not null convert to md5
+	 *                        and return set cursor ext for only this
+	 *                        if not found or null return null
+	 * @return array|nul      Cursor Extended array
+	 *                        Key is md5 string from query run
+	 */
+	public function getCursorExt($q = null)
+	{
+		if ($q !== null) {
+			$q_md5 = md5($q);
+			if (isset($this->cursor_ext[$q_md5])) {
+				return $this->cursor_ext[$q_md5];
+			} else {
+				return null;
+			}
+		}
+		return $this->cursor_ext;
+	}
 } // end if db class
 
 // __END__

www/lib/CoreLibs/DB/SQL/PgSQL.php

@@ -260,7 +260,7 @@ class PgSQL
 				// set pk_name to "id"
 				$pk_name = $table."_id";
 			}
-			$seq = (($schema) ? $schema.'.' : '').$table."_".$pk_name."_seq";
+			$seq = ($schema ? $schema.'.' : '').$table."_".$pk_name."_seq";
 			$q = "SELECT CURRVAL('$seq') AS insert_id";
 			// I have to do manually or I overwrite the original insert internal vars ...
 			if ($q = $this->__dbQuery($q)) {
@@ -311,7 +311,7 @@ class PgSQL
 			$q .= "AND indisprimary";
 			$cursor = $this->__dbQuery($q);
 			if ($cursor) {
-				return $this->__dbFetchArray($cursor)['column_name'];
+				return $this->__dbFetchArray($cursor)['column_name'] ?? false;
 			} else {
 				return false;
 			}

www/lib/CoreLibs/Language/L10n.php

@@ -37,13 +37,13 @@ class L10n extends \CoreLibs\Basic
 
 	/**
 	 * class constructor call for language getstring
-	 * @param string      $lang             language name (optional), fallback is en
-	 * @param string      $path             path, if empty fallback on default internal path
-	 * @param int|integer $set_control_flag control flags for Basic class set/get checks
+	 * @param string $lang language name (optional), fallback is en
+	 * @param string $path path, if empty fallback on default internal path
 	 */
-	public function __construct(string $lang = '', string $path = '', int $set_control_flag = 0)
+	public function __construct(string $lang = '', string $path = ''
+)
 	{
-		parent::__construct($set_control_flag);
+		parent::__construct();
 		if (!$lang) {
 			$this->lang = 'en';
 		} else {

www/lib/CoreLibs/Output/Form/Generate.php

@@ -255,11 +255,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 
 	/**
 	 * construct form generator
-	 * @param array       $db_config        db config array
-	 * @param int|integer $table_width      table/div width (default 750)
-	 * @param int|integer $set_control_flag basic class set/get variable error flags
+	 * @param array       $db_config   db config array
+	 * @param int|integer $table_width table/div width (default 750)
 	 */
-	public function __construct(array $db_config, int $table_width = 750, int $set_control_flag = 0)
+	public function __construct(array $db_config, int $table_width = 750)
 	{
 		$this->my_page_name = $this->getPageName(1);
 		$this->setLangEncoding();
@@ -289,7 +288,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		}
 
 		// start the array_io class which will start db_io ...
-		parent::__construct($db_config, $config_array['table_array'], $config_array['table_name'], $set_control_flag);
+		parent::__construct($db_config, $config_array['table_array'], $config_array['table_name']);
 		// here should be a check if the config_array is correct ...
 		if (isset($config_array['show_fields']) && is_array($config_array['show_fields'])) {
 			$this->field_array = $config_array['show_fields'];
@@ -316,16 +315,16 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		$this->table_width = $table_width;
 
 		// set button vars
-		$this->archive = isset($_POST['archive']) ? $_POST['archive'] : '';
-		$this->new = isset($_POST['new']) ? $_POST['new'] : '';
-		$this->really_new = isset($_POST['really_new']) ? $_POST['really_new'] : '';
-		$this->delete = isset($_POST['delete']) ? $_POST['delete'] : '';
-		$this->really_delete = isset($_POST['really_delete']) ? $_POST['really_delete'] : '';
-		$this->save = isset($_POST['save']) ? $_POST['save'] : '';
-		$this->remove_button = isset($_POST['remove_button']) ? $_POST['remove_button'] : '';
+		$this->archive = $_POST['archive'] ?? '';
+		$this->new = $_POST['new'] ?? '';
+		$this->really_new = $_POST['really_new'] ?? '';
+		$this->delete = $_POST['delete'] ?? '';
+		$this->really_delete = $_POST['really_delete'] ?? '';
+		$this->save = $_POST['save'] ?? '';
+		$this->remove_button = $_POST['remove_button'] ?? '';
 
 		// security settings
-		$this->base_acl_level = isset($_SESSION['BASE_ACL_LEVEL']) ? $_SESSION['BASE_ACL_LEVEL'] : 0;
+		$this->base_acl_level = $_SESSION['BASE_ACL_LEVEL'] ?? 0;
 		// security levels for buttons/actions
 		// if array does not exists create basic
 		if (!isset($config_array['security_level']) ||
@@ -689,7 +688,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 						$t_string .= $field_array['before_value'];
 					}
 					// must have res element set
-					if (isset($res[$field_array['name']])) {
+					if (isset($field_array['name']) &&
+						isset($res[$field_array['name']])
+					) {
 						if (isset($field_array['binary'])) {
 							if (isset($field_array['binary'][0])) {
 								$t_string .= $field_array['binary'][0];
@@ -827,7 +828,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$data['checked'] = 0;
 			for ($i = (count($this->table_array[$element_name]['element_list']) - 1); $i >= 0; $i --) {
 				$data['value'][] = $i;
-				$data['output'][] = $this->table_array[$element_name]['element_list'][$i];
+				$data['output'][] = $this->table_array[$element_name]['element_list'][$i] ?? null;
 				$data['name'] = $element_name;
 				if (isset($this->table_array[$element_name]['value']) &&
 					(($i && $this->table_array[$element_name]['value']) ||
@@ -850,16 +851,16 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		// normal text element
 		if ($this->table_array[$element_name]['type'] == 'text') {
 			$data['name'] = $element_name;
-			$data['value'] = isset($this->table_array[$element_name]['value']) ? $this->table_array[$element_name]['value'] : '';
-			$data['size'] = isset($this->table_array[$element_name]['size']) ? $this->table_array[$element_name]['size'] : '';
-			$data['length'] = isset($this->table_array[$element_name]['length']) ? $this->table_array[$element_name]['length'] : '';
+			$data['value'] = $this->table_array[$element_name]['value'] ?? '';
+			$data['size'] = $this->table_array[$element_name]['size'] ?? '';
+			$data['length'] = $this->table_array[$element_name]['length'] ?? '';
 		}
 		// password element, does not write back the value
 		if ($this->table_array[$element_name]['type'] == 'password') {
 			$data['name'] = $element_name;
 			$data['HIDDEN_value'] = $this->table_array[$element_name]['HIDDEN_value'];
-			$data['size'] = isset($this->table_array[$element_name]['size']) ? $this->table_array[$element_name]['size'] : '';
-			$data['length'] = isset($this->table_array[$element_name]['length']) ? $this->table_array[$element_name]['length'] : '';
+			$data['size'] = $this->table_array[$element_name]['size'] ?? '';
+			$data['length'] = $this->table_array[$element_name]['length'] ?? '';
 		}
 		// date (YYYY-MM-DD)
 		if ($this->table_array[$element_name]['type'] == 'date') {
@@ -872,9 +873,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		// textarea
 		if ($this->table_array[$element_name]['type'] == 'textarea') {
 			$data['name'] = $element_name;
-			$data['value'] = isset($this->table_array[$element_name]['value']) ? $this->table_array[$element_name]['value'] : '';
-			$data['rows'] = isset($this->table_array[$element_name]['rows']) ? $this->table_array[$element_name]['rows'] : '';
-			$data['cols'] = isset($this->table_array[$element_name]['cols']) ? $this->table_array[$element_name]['cols'] : '';
+			$data['value'] = $this->table_array[$element_name]['value'] ?? '';
+			$data['rows'] = $this->table_array[$element_name]['rows'] ?? '';
+			$data['cols'] = $this->table_array[$element_name]['cols'] ?? '';
 		}
 		// for drop_down_*
 		if (preg_match("/^drop_down_/", $this->table_array[$element_name]['type'])) {
@@ -980,7 +981,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		if ($this->table_array[$element_name]['type'] == 'order') {
 			$data['output_name'] = $this->table_array[$element_name]['output_name'];
 			$data['name'] = $element_name;
-			$data['value'] = isset($this->table_array[$element_name]['value']) ? $this->table_array[$element_name]['value'] : 0;
+			$data['value'] = $this->table_array[$element_name]['value'] ?? 0;
 			$data['col_name'] = $this->col_name;
 			$data['table_name'] = $this->table_name;
 			$data['query'] = $query !== null ? urlencode($query) : '';
@@ -1183,7 +1184,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				// get the leasy of keys from the elements array
 				$keys = array_keys($reference_array['elements']);
 				// prefix
-				$prfx = ($reference_array['prefix']) ? $reference_array['prefix'].'_' : '';
+				$prfx = $reference_array['prefix'] ? $reference_array['prefix'].'_' : '';
 				// get max elements
 				$max = 0;
 				foreach ($keys as $key) {
@@ -1232,9 +1233,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 						} elseif ($data_array['type'] == 'radio_group' && !isset($_POST[$prfx.$el_name])) {
 							// radio group and set where one not active
 							// $this->debug('edit_error_chk', 'RADIO GROUP');
-							$row_okay[$_POST[$prfx.$el_name][$i]] = 0;
-							$default_wrong[$_POST[$prfx.$el_name][$i]] = 1;
-							$error[$_POST[$prfx.$el_name][$i]] = 1;
+							$row_okay[$_POST[$prfx.$el_name][$i] ?? 0] = 0;
+							$default_wrong[$_POST[$prfx.$el_name][$i] ?? 0] = 1;
+							$error[$_POST[$prfx.$el_name][$i] ?? 0] = 1;
 						} elseif (isset($_POST[$prfx.$el_name][$i]) && !isset($error[$i])) {
 							// $this->debug('edit_error_chk', '[$i]');
 							$element_set[$i] = 1;
@@ -1545,7 +1546,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				// get the number of keys from the elements array
 				$keys = array_keys($reference_array['elements']);
 				// element prefix name
-				$prfx = ($reference_array['prefix']) ? $reference_array['prefix'].'_' : '';
+				$prfx = $reference_array['prefix'] ? $reference_array['prefix'].'_' : '';
 				// get max elements
 				$max = 0;
 				foreach ($keys as $key) {
@@ -1644,13 +1645,13 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 							// data part, read from where [POST]
 							// radio group selections (only one can be active)
 							if ($data_array['type'] == 'radio_group') {
-								if ($i == $_POST[$prfx.$el_name]) {
+								if (isset($_POST[$prfx.$el_name]) && $i == $_POST[$prfx.$el_name]) {
 									$_value = $i + 1;
 								} else {
 									$_value = 'NULL';
 								}
 							} else {
-								$_value = isset($_POST[$prfx.$el_name][$i]) ? $_POST[$prfx.$el_name][$i] : '';
+								$_value = $_POST[$prfx.$el_name][$i] ?? '';
 							}
 							// pre write data set. if int value, unset flagged need to be set null or 0 depending on settings
 							if (isset($data_array['int']) || isset($data_array['int_null'])) {
@@ -1683,15 +1684,15 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 						// if tpye is update
 						if (isset($type[$i]) && $type[$i] == 'update') {
 							$q = $q_begin[$i].
-								(isset($q_data[$i]) ? $q_data[$i] : '').
+								($q_data[$i] ?? '').
 								$q_end[$i];
 						// or if we have block write, then it is insert (new)
 						} elseif (isset($block_write[$i]) && $block_write[$i]) {
 							$q = $q_begin[$i].
-								(isset($q_names[$i]) ? $q_names[$i] : '').', '.
+								($q_names[$i] ?? '').', '.
 								$this->int_pk_name.
-								(isset($q_middle[$i]) ? $q_middle[$i] : '').
-								(isset($q_values[$i]) ? $q_values[$i] : '').', '.
+								($q_middle[$i] ?? '').
+								($q_values[$i] ?? '').', '.
 								$this->table_array[$this->int_pk_name]['value'].
 								$q_end[$i];
 						}
@@ -1770,7 +1771,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$this->table_array[$key]['type'] == 'hidden'
 			) {
 				if (array_key_exists($key, $this->table_array)) {
-					$hidden_array[$key] = isset($this->table_array[$key]['value']) ? $this->table_array[$key]['value'] : '';
+					$hidden_array[$key] = $this->table_array[$key]['value'] ?? '';
 				} else {
 					$hidden_array[$key] = '';
 				}
@@ -1805,7 +1806,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$data['value'][] = $res[0];
 			$data['output'][] = $res[1];
 			$data['selected'][] = ($this->checked(
-				isset($this->reference_array[$table_name]['selected']) ? $this->reference_array[$table_name]['selected'] : '',
+				$this->reference_array[$table_name]['selected'] ?? '',
 				$res[0]
 			)) ? $res[0] : '';
 		}
@@ -1880,9 +1881,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			// prefix the name for any further data parts
 			$el_name = $data['prefix'].$el_name;
 			// this are the output names (if given)
-			$data['output_name'][$el_name] = isset($data_array['output_name']) ? $data_array['output_name'] : '';
+			$data['output_name'][$el_name] = $data_array['output_name'] ?? '';
 			// this is the type of the field
-			$data['type'][$el_name] = isset($data_array['type']) ? $data_array['type'] : '';
+			$data['type'][$el_name] = $data_array['type'] ?? '';
 			// set the primary key name
 			if (isset($data_array['pk_id'])) {
 				$data['pk_name'] = $el_name;
@@ -1896,7 +1897,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$md_q = md5($data_array['query']);
 				while ($res = $this->dbReturn($data_array['query'])) {
 					/** @phan-suppress-next-line PhanTypeInvalidDimOffset */
-					$this->debug('edit', 'Q['.$md_q.'] pos: '.$this->cursor_ext[$md_q]['pos'].' | want: '.(isset($data_array['preset']) ? $data_array['preset'] : '-').' | set: '.(isset($data['preset'][$el_name]) ? $data['preset'][$el_name] : '-'));
+					$this->debug('edit', 'Q['.$md_q.'] pos: '.$this->cursor_ext[$md_q]['pos'].' | want: '.($data_array['preset'] ?? '-').' | set: '.($data['preset'][$el_name] ?? '-'));
 					// first is default for this element
 					if (isset($data_array['preset']) &&
 						(!isset($data['preset'][$el_name]) || empty($data['preset'][$el_name])) &&
@@ -1918,7 +1919,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			if ($this->error) {
 				if (isset($_POST[$el_name]) && is_array($_POST[$el_name])) {
 					// this is for the new line
-					$proto[$el_name] = isset($_POST[$el_name][(count($_POST[$el_name]) - 1)]) ? $_POST[$el_name][(count($_POST[$el_name]) - 1)] : 0;
+					$proto[$el_name] = $_POST[$el_name][(count($_POST[$el_name]) - 1)] ?? 0;
 				} else {
 					$proto[$el_name] = 0;
 				}

www/lib/CoreLibs/Output/Progressbar.php

@@ -78,6 +78,9 @@ class ProgressBar
 		)
 	*/
 
+	// output strings
+	public $prefix_message = '';
+
 	/**
 	 * progress bar constructor
 	 * @param integer $width  progress bar width, default 0

www/lib/CoreLibs/Template/SmartyExtend.php

@@ -34,10 +34,10 @@ class SmartyExtend extends SmartyBC
 	public $page_name;
 
 	// array for data parsing
-	public $HEADER = array();
-	public $DATA = array();
-	public $DEBUG_DATA = array();
-	private $CONTENT_DATA = array();
+	public $HEADER = [];
+	public $DATA = [];
+	public $DEBUG_DATA = [];
+	private $CONTENT_DATA = [];
 	// control vars
 	public $USE_PROTOTYPE = USE_PROTOTYPE;
 	public $USE_JQUERY = USE_JQUERY;
@@ -345,7 +345,7 @@ class SmartyExtend extends SmartyBC
 		// special for admin
 		if ($admin_call === true) {
 			// set ACL extra show
-			$this->DATA['show_ea_extra'] = isset($cms->acl['show_ea_extra']) ? $cms->acl['show_ea_extra'] : false;
+			$this->DATA['show_ea_extra'] = $cms->acl['show_ea_extra'] ?? false;
 			$this->DATA['ADMIN'] = !empty($cms->acl['admin']) ? $cms->acl['admin'] : 0;
 			// set style sheets
 			$this->HEADER['STYLESHEET'] = $this->ADMIN_STYLESHEET ? $this->ADMIN_STYLESHEET : ADMIN_STYLESHEET;
@@ -354,10 +354,10 @@ class SmartyExtend extends SmartyBC
 			$this->DATA['nav_menu'] = $cms->adbTopMenu();
 			$this->DATA['nav_menu_count'] = is_array($this->DATA['nav_menu']) ? count($this->DATA['nav_menu']) : 0;
 			// messages = array('msg' =>, 'class' => 'error/warning/...')
-			$this->DATA['messages'] = isset($cms->messages) ? $cms->messages : $cms->messages;
+			$this->DATA['messages'] = $cms->messages ?? [];
 			// the page name
 			$this->DATA['page_name'] = $this->page_name;
-			$this->DATA['table_width'] = isset($this->PAGE_WIDTH) ? $this->PAGE_WIDTH : PAGE_WIDTH;
+			$this->DATA['table_width'] = $this->PAGE_WIDTH ?? PAGE_WIDTH;
 			// for tinymce special
 			$this->DATA['TINYMCE_LANG'] = $this->lang_short;
 			// include flags
@@ -390,7 +390,7 @@ class SmartyExtend extends SmartyBC
 		// the template part to include into the body
 		$this->DATA['TEMPLATE_NAME'] = $this->TEMPLATE_NAME;
 		$this->DATA['CONTENT_INCLUDE'] = $this->CONTENT_INCLUDE;
-		$this->DATA['TEMPLATE_TRANSLATE'] = isset($this->TEMPLATE_TRANSLATE) ? $this->TEMPLATE_TRANSLATE : null;
+		$this->DATA['TEMPLATE_TRANSLATE'] = $this->TEMPLATE_TRANSLATE ?? null;
 		$this->DATA['PAGE_FILE_NAME'] = str_replace('.php', '', $this->page_name).'.tpl';
 		// render page
 		$this->renderSmarty();
@@ -405,7 +405,9 @@ class SmartyExtend extends SmartyBC
 	{
 		// array merge HEADER, DATA, DEBUG DATA
 		foreach (array('HEADER', 'DATA', 'DEBUG_DATA') as $ext_smarty) {
-			if (is_array($cms->{$ext_smarty})) {
+			if (isset($cms->{$ext_smarty}) &&
+				is_array($cms->{$ext_smarty})
+			) {
 				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $cms->{$ext_smarty});
 			}
 		}

www/lib/FileUpload/qqFileUploader.php

@@ -2,7 +2,7 @@
 
 namespace FileUpload;
 
-use \FileUpload\Core;
+// use \FileUpload\Core;
 
 class qqFileUploader
 {
@@ -84,7 +84,7 @@ class qqFileUploader
 		$pathinfo = pathinfo($this->file->getName());
 		$filename = $pathinfo['filename'];
 		//$filename = md5(uniqid());
-		$ext = $pathinfo['extension'];
+		$ext = $pathinfo['extension'] ?? '';
 
 		if ($this->allowedExtensions && !in_array(strtolower($ext), $this->allowedExtensions)) {
 			$these = implode(', ', $this->allowedExtensions);

www/lib/autoloader.php

@@ -44,7 +44,7 @@ if (class_exists('Autoload', false) === false) {
 			// print "(2) Class clean: $path<br>";
 			// if path is set and a valid file
 			if ($path !== false && is_file($path)) {
-				// echo "<b>(3)</b> Load Path: $path<br>";
+				// print "<b>(3)</b> Load Path: $path<br>";
 				// we should sub that
 				// self::loadFile($path);
 				include $path;

www/psalm.xml

@@ -6,6 +6,7 @@
     xmlns="https://getpsalm.org/schema/config"
     xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
     autoloader="lib/autoloader.php"
+    errorLevel="8"
 >
     <projectFiles>
 		<file name="admin/class_test.php" />
@@ -28,7 +29,8 @@
             <directory name="tmp" />
             <directory name="log" />
             <directory name="media" />
-			<directory name="lib/pChart" />
+			<directory name="lib/FileUpload" />
+            <directory name="lib/pChart" />
 			<directory name="lib/pChart2.1.4" />
 			<directory name="lib/Smarty" />
 			<directory name="lib/smarty-3.1.30" />