Fix smarty extended variable access check

It ultimate failed for the following reason.

If base class is passed on to some other class as object parameter
then accessing protected/private variables will be possible because the
__get method will interfer.
Also __set of protected/private variables is possible.

I rather run check for setting variables without defining them than
haveing open protected/private var access

4dev/database/ORDER

@@ -22,6 +22,7 @@ table/edit_page_access.sql
 table/edit_page_content.sql
 table/edit_user.sql
 table/edit_log.sql
+table/edit_log_overflow.sql
 table/edit_access.sql
 table/edit_access_user.sql
 table/edit_access_data.sql
@@ -32,6 +33,7 @@ trigger/trg_edit_access_data.sql
 trigger/trg_edit_access_user.sql
 trigger/trg_edit_group.sql
 trigger/trg_edit_language.sql
+trigger/trg_edit_log_overflow.sql
 trigger/trg_edit_log.sql
 trigger/trg_edit_page_access.sql
 trigger/trg_edit_page_content.sql
@@ -41,6 +43,5 @@ trigger/trg_edit_scheme.sql
 trigger/trg_edit_user.sql
 trigger/trg_edit_visible_group.sql
 trigger/trg_edit_menu_group.sql
-trigger/trg_set_edit_access_uid.sql
 # insert data
 data/edit_tables.sql

4dev/database/function/edit_set_group_uid.sql

@@ -0,0 +1,28 @@
+-- add uid add for edit_group table
+
+CREATE OR REPLACE FUNCTION set_edit_group_uid() RETURNS TRIGGER AS
+$$
+	DECLARE
+		myrec RECORD;
+		v_uid VARCHAR;
+	BEGIN
+		-- skip if NEW.name is not set
+		IF NEW.name IS NOT NULL AND NEW.name <> '' THEN
+			-- use NEW.name as base, remove all spaces
+			-- name data is already unique, so we do not need to worry about this here
+			v_uid := REPLACE(NEW.name, ' ', '');
+			IF TG_OP = 'INSERT' THEN
+				-- always set
+				NEW.uid := v_uid;
+			ELSIF TG_OP = 'UPDATE' THEN
+				-- check if not set, then set
+				SELECT INTO myrec t.* FROM edit_group t WHERE edit_group_id = NEW.edit_group_id;
+				IF FOUND THEN
+					NEW.uid := v_uid;
+				END IF;
+			END IF;
+		END IF;
+		RETURN NEW;
+	END;
+$$
+	LANGUAGE 'plpgsql';

4dev/database/table/edit_access_data.sql

@@ -9,8 +9,8 @@
 CREATE TABLE edit_access_data (
 	edit_access_data_id	SERIAL PRIMARY KEY,
 	edit_access_id INT NOT NULL,
+	FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	name	VARCHAR,
-	value	VARCHAR,
-	FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	value	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_access_user.sql

@@ -9,11 +9,11 @@
 CREATE TABLE edit_access_user (
 	edit_access_user_id	SERIAL PRIMARY KEY,
 	edit_access_id	INT NOT NULL,
-	edit_user_id	INT NOT NULL,
-	edit_access_right_id	INT NOT NULL,
-	edit_default	SMALLINT DEFAULT 0,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
 	FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_user_id	INT NOT NULL,
 	FOREIGN KEY (edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	edit_access_right_id	INT NOT NULL,
+	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_default	SMALLINT DEFAULT 0,
+	enabled	SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_group.sql

@@ -9,12 +9,12 @@
 CREATE TABLE edit_group (
 	edit_group_id	SERIAL PRIMARY KEY,
 	edit_scheme_id INT,
+	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	edit_access_right_id INT NOT NULL,
+	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	deleted	SMALLINT DEFAULT 0,
 	uid	VARCHAR,
 	name	VARCHAR,
-	additional_acl	JSONB,
-	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	additional_acl	JSONB
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_log.sql

@@ -8,6 +8,8 @@
 -- DROP TABLE edit_log;
 CREATE TABLE edit_log (
 	edit_log_id	SERIAL PRIMARY KEY,
+	euid	INT, -- this is a foreign key, but I don't nedd to reference to it
+	FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL,
 	username	VARCHAR,
 	password	VARCHAR,
 	event_date	TIMESTAMP WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP,
@@ -26,7 +28,6 @@ CREATE TABLE edit_log (
 	action_value	VARCHAR,
 	action_type	VARCHAR,
 	action_error	VARCHAR,
-	euid	INT, -- this is a foreign key, but I don't nedd to reference to it
 	user_agent	VARCHAR,
 	referer	VARCHAR,
 	script_name	VARCHAR,
@@ -36,6 +37,5 @@ CREATE TABLE edit_log (
 	http_accept	VARCHAR,
 	http_accept_charset	VARCHAR,
 	http_accept_encoding	VARCHAR,
-	session_id	VARCHAR,
-	FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL
+	session_id	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_page.sql

@@ -9,6 +9,7 @@
 CREATE TABLE edit_page (
 	edit_page_id	SERIAL PRIMARY KEY,
 	content_alias_edit_page_id	INT, -- alias for page content, if the page content is defined on a different page, ege for ajax backend pages
+	FOREIGN KEY (content_alias_edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE RESTRICT ON UPDATE CASCADE,
 	filename	VARCHAR,
 	name	VARCHAR UNIQUE,
 	order_number INT NOT NULL,
@@ -17,6 +18,5 @@ CREATE TABLE edit_page (
 	popup	SMALLINT NOT NULL DEFAULT 0,
 	popup_x	SMALLINT,
 	popup_y SMALLINT,
-	hostname	VARCHAR,
-	FOREIGN KEY (content_alias_edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE RESTRICT ON UPDATE CASCADE
+	hostname	VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_page_access.sql

@@ -9,12 +9,12 @@
 CREATE TABLE edit_page_access (
 	edit_page_access_id	SERIAL PRIMARY KEY,
 	edit_group_id	INT NOT NULL,
-	edit_page_id	INT NOT NULL,
-	edit_access_right_id	INT NOT NULL,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
 	FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_page_id	INT NOT NULL,
 	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	edit_access_right_id	INT NOT NULL,
+	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	enabled	SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
 

4dev/database/table/edit_page_content.sql

@@ -10,11 +10,11 @@
 CREATE TABLE edit_page_content (
 	edit_page_content_id	SERIAL PRIMARY KEY,
 	edit_page_id	INT NOT NULL,
+	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	edit_access_right_id	INT NOT NULL,
+	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	uid	VARCHAR UNIQUE,
 	name	VARCHAR,
 	order_number INT NOT NULL,
-	online	SMALLINT NOT NULL DEFAULT 0,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	online	SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_page_menu_group.sql

@@ -8,7 +8,7 @@
 -- DROP TABLE edit_page_menu_group;
 CREATE TABLE edit_page_menu_group (
 	edit_page_id INT NOT NULL,
-	edit_menu_group_id INT NOT NULL,
 	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_menu_group_id INT NOT NULL,
 	FOREIGN KEY (edit_menu_group_id) REFERENCES edit_menu_group (edit_menu_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 );

4dev/database/table/edit_page_visible_group.sql

@@ -8,7 +8,7 @@
 -- DROP TABLE edit_page_visible_group;
 CREATE TABLE edit_page_visible_group (
 	edit_page_id INT NOT NULL,
-	edit_visible_group_id INT NOT NULL,
 	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+	edit_visible_group_id INT NOT NULL,
 	FOREIGN KEY (edit_visible_group_id) REFERENCES edit_visible_group (edit_visible_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 );

4dev/database/table/edit_query_string.sql

@@ -9,9 +9,9 @@
 CREATE TABLE edit_query_string (
 	edit_query_string_id	SERIAL PRIMARY KEY,
 	edit_page_id	INT NOT NULL,
+	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	name	VARCHAR,
 	value	VARCHAR,
-	dynamic	SMALLINT NOT NULL DEFAULT 0,
-	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	dynamic	SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;

4dev/database/table/edit_user.sql

@@ -9,10 +9,15 @@
 CREATE TABLE edit_user (
 	edit_user_id	SERIAL PRIMARY KEY,
 	connect_edit_user_id	INT, -- possible reference to other user
+	FOREIGN KEY (connect_edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	edit_language_id INT NOT NULL,
+	FOREIGN KEY (edit_language_id) REFERENCES edit_language (edit_language_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	edit_group_id INT NOT NULL,
+	FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	edit_scheme_id INT,
+	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	edit_access_right_id INT NOT NULL,
+	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
 	enabled	SMALLINT NOT NULL DEFAULT 0,
 	deleted	SMALLINT NOT NULL DEFAULT 0,
 	username	VARCHAR UNIQUE,
@@ -26,17 +31,17 @@ CREATE TABLE edit_user (
 	email	VARCHAR,
 	protected SMALLINT NOT NULL DEFAULT 0,
 	admin	SMALLINT NOT NULL DEFAULT 0,
-	login_error_count	INT,
+	login_error_count	INT DEFAULT 0,
 	login_error_date_last	TIMESTAMP WITHOUT TIME ZONE,
 	login_error_date_first	TIMESTAMP WITHOUT TIME ZONE,
 	strict	SMALLINT DEFAULT 0,
 	locked	SMALLINT DEFAULT 0,
 	password_change_date	TIMESTAMP WITHOUT TIME ZONE, -- only when password is first set or changed
 	password_change_interval	INTERVAL, -- null if no change is needed, or d/m/y time interval
-	additional_acl	JSONB, -- additional ACL as JSON string (can be set by other pages)
-	FOREIGN KEY (connect_edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_language_id) REFERENCES edit_language (edit_language_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+	password_reset_time	TIMESTAMP WITHOUT TIME ZONE, -- when the password reset was requested
+	password_reset_uid	VARCHAR, -- the uid to access the password reset page
+	additional_acl	JSONB -- additional ACL as JSON string (can be set by other pages)
 ) INHERITS (edit_generic) WITHOUT OIDS;
+
+COMMENT ON COLUMN edit_user.password_reset_time IS 'When the password reset was requested. For reset page uid valid check';
+COMMENT ON COLUMN edit_user.password_reset_uid IS 'Password reset page uid';

4dev/database/trigger/trg_edit_group.sql

@@ -2,3 +2,8 @@ DROP TRIGGER IF EXISTS trg_edit_group ON edit_group;
 CREATE TRIGGER trg_edit_group
 BEFORE INSERT OR UPDATE ON edit_group
 FOR EACH ROW EXECUTE PROCEDURE set_edit_generic();
+
+DROP TRIGGER IF EXISTS trg_set_edit_group_uid ON edit_group;
+CREATE TRIGGER trg_set_edit_group_uid
+BEFORE INSERT OR UPDATE ON edit_group
+FOR EACH ROW EXECUTE PROCEDURE set_edit_group_uid();

4dev/database/trigger/trg_set_edit_access_uid.sql

@@ -1,4 +0,0 @@
--- DROP TRIGGER trg_set_edit_access_uid ON edit_access;
-CREATE TRIGGER trg_set_edit_access_uid
-BEFORE INSERT OR UPDATE ON edit_access
-FOR EACH ROW EXECUTE PROCEDURE set_edit_access_uid();

www/configs/config.master.php

@@ -101,8 +101,23 @@ define('LOGOUT_TARGET', '');
 define('PASSWORD_CHANGE', false);
 define('PASSWORD_FORGOT', false);
 // min/max password length
-define('PASSWORD_MIN_LENGTH', 8);
+define('PASSWORD_MIN_LENGTH', 9);
 define('PASSWORD_MAX_LENGTH', 255);
+// defines allowed special characters
+DEFINE('PASSWORD_SPECIAL_RANGE', '@$!%*?&');
+// password must have upper case, lower case, number, special
+// comment out for not mandatory
+DEFINE('PASSWORD_LOWER', '(?=.*[a-z])');
+DEFINE('PASSWORD_UPPER', '(?=.*[A-Z])');
+DEFINE('PASSWORD_NUMBER', '(?=.*\d)');
+DEFINE('PASSWORD_SPECIAL', "(?=.*[".PASSWORD_SPECIAL_RANGE."])");
+// define full regex
+DEFINE('PASSWORD_REGEX', "/^".
+	(defined('PASSWORD_LOWER') ? PASSWORD_LOWER : '').
+	(defined('PASSWORD_UPPER') ? PASSWORD_UPPER : '').
+	(defined('PASSWORD_NUMBER') ? PASSWORD_NUMBER : '').
+	(defined('PASSWORD_SPECIAL') ? PASSWORD_SPECIAL : '').
+	"[A-Za-z\d".PASSWORD_SPECIAL_RANGE."]{".PASSWORD_MIN_LENGTH.",".PASSWORD_MAX_LENGTH."}$/");
 
 /************* AJAX / ACCESS *************/
 // ajax request type

www/layout/admin/javascript/edit.jq.js

@@ -282,12 +282,48 @@ function randomIdF()
 	return Math.random().toString(36).substring(2);
 }
 
+/**
+ * check if name is a function
+ * @param  {string}  name Name of function to check if exists
+ * @return {Boolean}      true/false
+ */
+function isFunction(name)
+{
+	if (typeof window[name] !== 'undefined' &&
+		typeof window[name] === 'function') {
+		return true;
+	} else {
+		return false;
+	}
+}
+
+/**
+ * call a function by its string name
+ * https://stackoverflow.com/a/359910
+ * example: executeFunctionByName("My.Namespace.functionName", window, arguments);
+ * @param  {string} functionName The function name or namespace + function
+ * @param  {mixed}  context      context (window or first namespace)
+ *                               hidden next are all the arguments
+ * @return {mixed}               Return values from functon
+ */
+function executeFunctionByName(functionName, context /*, args */)
+{
+	var args = Array.prototype.slice.call(arguments, 2);
+	var namespaces = functionName.split('.');
+	var func = namespaces.pop();
+	for (var i = 0; i < namespaces.length; i++) {
+		context = context[namespaces[i]];
+	}
+	return context[func].apply(context, args);
+}
+
 /**
  * checks if a variable is an object
  * @param  {Mixed}   val possible object
  * @return {Boolean}     true/false if it is an object or not
  */
-function isObject(val) {
+function isObject(val)
+{
 	if (val === null) {
 		return false;
 	}
@@ -299,7 +335,8 @@ function isObject(val) {
  * @param  {Object} object object to check
  * @return {Number} number of entry
  */
-function getObjectCount(object) {
+function getObjectCount(object)
+{
 	return Object.keys(object).length;
 }
 
@@ -570,7 +607,9 @@ function showActionIndicator(loc)
 		el.id = 'indicator';
 		$('body').append(el);
 	} else if (!$('#indicator').hasClass('progress')) {
-		$('#indicator').addClass('progress');
+		// if I add a class it will not be hidden anymore
+		// hide it
+		$('#indicator').addClass('progress').hide();
 	}
 	// indicator not visible
 	if (!$('#indicator').is(':visible')) {
@@ -735,7 +774,8 @@ function ael(base, attach, id = '')
 	if (id) {
 		// base id match already
 		if (base.id == id) {
-			base.sub.push(Object.assign({}, attach));
+			// base.sub.push(Object.assign({}, attach));
+			base.sub.push(deepCopyFunction(attach));
 		} else {
 			// sub check
 			if (isObject(base.sub) && base.sub.length > 0) {
@@ -746,7 +786,8 @@ function ael(base, attach, id = '')
 			}
 		}
 	} else {
-		base.sub.push(Object.assign({}, attach));
+		// base.sub.push(Object.assign({}, attach));
+		base.sub.push(deepCopyFunction(attach));
 	}
 	return base;
 }
@@ -761,7 +802,8 @@ function ael(base, attach, id = '')
 function aelx(base, ...attach)
 {
 	for (var i = 0; i < attach.length; i ++) {
-		base.sub.push(Object.assign({}, attach[i]));
+		// base.sub.push(Object.assign({}, attach[i]));
+		base.sub.push(deepCopyFunction(attach[i]));
 	}
 	return base;
 }
@@ -776,7 +818,8 @@ function aelx(base, ...attach)
 function aelxar(base, attach)
 {
 	for (var i = 0; i < attach.length; i ++) {
-		base.sub.push(Object.assign({}, attach[i]));
+		// base.sub.push(Object.assign({}, attach[i]));
+		base.sub.push(deepCopyFunction(attach[i]));
 	}
 	return base;
 }
@@ -900,6 +943,22 @@ function phfo(tree)
 	// combine to string
 	return content.join('');
 }
+
+/**
+ * Create HTML elements from array list
+ * as a flat element without master object file
+ * Is like tree.sub call
+ * @param  {Array}  list Array of cel created objects
+ * @return {String}      HTML String
+ */
+function phfa(list)
+{
+	var content = [];
+	for (i = 0; i < list.length; i ++) {
+		content.push(phfo(list[i]));
+	}
+	return content.join('');
+}
 // *** DOM MANAGEMENT FUNCTIONS
 
 // BLOCK: html wrappers for quickly creating html data blocks
@@ -990,6 +1049,35 @@ function html_options_block(name, data, selected = '', multiple = 0, options_onl
 		element_option = cel('option', '', value, '', options);
 		// attach it to the select element
 		ael(element_select, element_option);
+		/*
+		// get the original data for this key
+		var opt_value = r_value[opt_key];
+		// if it is an object, we assume a sub group [original data]
+		if (isObject(opt_value)) {
+			element_group = document.createElement('optgroup');
+			element_group.label = opt_key;
+			// loop through attached sub key elements in order (key is orignal)
+			$.each(data.form_reference_order[key][opt_key], function(opt_group_pos, opt_group_key) {
+				var opt_group_value = r_value[opt_key][opt_group_key];
+				element_sub = document.createElement('option');
+				// check if w is object, if yes, the element is a subset drop down
+				element_sub.label = opt_group_value;
+				element_sub.value = opt_group_key;
+				element_sub.innerHTML = opt_group_value;
+				element_group.appendChild(element_sub);
+			});
+			element.appendChild(element_group);
+		} else if (!isObject(opt_key)) {
+			// if this is a plain element, attach as is
+			// we also skip any objects in the reference order group as they are handled different
+			element_sub = document.createElement('option');
+			element_sub.label = opt_value;
+			element_sub.value = opt_key;
+			element_sub.innerHTML = opt_value;
+			element.appendChild(element_sub);
+		}
+
+		 */
 	}
 	// if with select part, convert to text
 	if (!options_only) {

www/layout/admin/javascript/edit.js

@@ -1 +1 @@
-edit.pt.js
+edit.jq.js

www/lib/CoreLibs/ACL/Login.php

@@ -114,16 +114,15 @@ class Login extends \CoreLibs\DB\IO
 
 	/**
 	 * constructor, does ALL, opens db, works through connection checks, closes itself
-	 * @param array  $db_config        db config array
-	 * @param int    $set_control_flag class variable check flags
+	 * @param array $db_config db config array
 	 */
-	public function __construct(array $db_config, int $set_control_flag = 0)
+	public function __construct(array $db_config)
 	{
 		// log login data for this class only
 		$this->log_per_class = 1;
 
 		// create db connection and init base class
-		parent::__construct($db_config, $set_control_flag);
+		parent::__construct($db_config);
 		if ($this->db_init_error === true) {
 			echo 'Could not connect to DB<br>';
 			// if I can't connect to the DB to auth exit hard. No access allowed

www/lib/CoreLibs/Admin/Backend.php

@@ -68,17 +68,16 @@ class Backend extends \CoreLibs\DB\IO
 	// CONSTRUCTOR / DECONSTRUCTOR |====================================>
 	/**
 	 * main class constructor
-	 * @param array       $db_config        db config array
-	 * @param int|integer $set_control_flag class variable check flag
+	 * @param array $db_config db config array
 	 */
-	public function __construct(array $db_config, int $set_control_flag = 0)
+	public function __construct(array $db_config)
 	{
 		$this->setLangEncoding();
 		// get the language sub class & init it
 		$this->l = new \CoreLibs\Language\L10n($this->lang);
 
 		// init the database class
-		parent::__construct($db_config, $set_control_flag);
+		parent::__construct($db_config);
 
 		// set the action ids
 		foreach ($this->action_list as $_action) {

www/lib/CoreLibs/Basic.php

@@ -188,19 +188,11 @@ class Basic
 	// ajax flag
 	protected $ajax_page_flag = false;
 
-	// METHOD: __construct
-	// PARAMS: set_control_flag [current sets set/get var errors]
-	// RETURN: none
-	// DESC  : class constructor
 	/**
 	 * main Basic constructor to init and check base settings
-	 * @param int $set_control_flag 0/1/2/3 to set internal class parameter check
 	 */
-	public function __construct(int $set_control_flag = 0)
+	public function __construct()
 	{
-		// init flags
-		$this->__setControlFlag($set_control_flag);
-
 		// set per run UID for logging
 		$this->running_uid = hash($this->hash_algo, uniqid((string)rand(), true));
 		// running time start for script
@@ -425,81 +417,6 @@ class Basic
 		// $this->fdebugFP('c');
 	}
 
-	// *************************************************************
-	// INTERAL VARIABLE ERROR HANDLER
-	// *************************************************************
-
-	/**
-	 * sets internal control flags for class variable check
-	 * 0 -> turn of all, works like default php class
-	 * CLASS_STRICT_MODE: 1 -> if set throws error on unset class variable
-	 * CLASS_OFF_COMPATIBLE_MODE: 2 -> if set turns of auto set for unset variables
-	 * 3 -> sets error on unset and does not set variable (strict)
-	 * @param  int    $set_control_flag control flag as 0/1/2/3
-	 * @return void
-	 */
-	private function __setControlFlag(int $set_control_flag): void
-	{
-		// is there either a constant or global set to override the control flag
-		if (defined('CLASS_VARIABLE_ERROR_MODE')) {
-			$set_control_flag = CLASS_VARIABLE_ERROR_MODE;
-		}
-		if (isset($GLOBALS['CLASS_VARIABLE_ERROR_MODE'])) {
-			$set_control_flag = $GLOBALS['CLASS_VARIABLE_ERROR_MODE'];
-		}
-		// bit wise check of int and set
-		if ($set_control_flag & self::CLASS_OFF_COMPATIBLE_MODE) {
-			$this->set_compatible = false;
-		} else {
-			$this->set_compatible = true;
-		}
-		if ($set_control_flag & self::CLASS_STRICT_MODE) {
-			$this->set_strict_mode = true;
-		} else {
-			$this->set_strict_mode = false;
-		}
-	}
-
-	/**
-	 * if strict mode is set, throws an error if the class variable is not set
-	 * if compatible mode is set, also auto sets variable even if not declared
-	 * default is strict mode false and compatible mode on
-	 * @param  mixed $name  class variable name
-	 * @return void
-	 */
-	public function __set($name, $value): void
-	{
-		if ($this->set_strict_mode === true && !property_exists($this, $name)) {
-			trigger_error('Undefined property via __set(): '.$name, E_USER_NOTICE);
-		}
-		// use this for fallback as to work like before to set unset
-		if ($this->set_compatible === true) {
-			$this->{$name} = $value;
-		}
-	}
-
-	/**
-	 * if strict mode is set, throws an error if the class variable is not set
-	 * default is strict mode false
-	 * @param  mixed $name class variable name
-	 * @return mixed       return set variable content
-	 */
-	public function &__get($name)
-	{
-		if ($this->set_strict_mode === true && !property_exists($this, $name)) {
-			trigger_error('Undefined property via __get(): '.$name, E_USER_NOTICE);
-		}
-		// on set return
-		if (property_exists($this, $name)) {
-			return $this->$name;
-		} elseif ($this->set_compatible === true && !property_exists($this, $name)) {
-			// if it is not set, and we are in compatible mode we need to init.
-			// This is so that $class->array['key'] = 'bar'; works
-			$this->{$name} = null;
-			return $this->$name;
-		}
-	}
-
 	// *************************************************************
 	// GENERAL METHODS
 	// *************************************************************

www/lib/CoreLibs/DB/Extended/ArrayIO.php

@@ -51,15 +51,14 @@ class ArrayIO extends \CoreLibs\DB\IO
 	/**
 	 * constructor for the array io class, set the
 	 * primary key name automatically (from array)
-	 * @param array       $db_config        db connection config
-	 * @param array       $table_array      table array config
-	 * @param string      $table_name       table name string
-	 * @param int|integer $set_control_flag set basic class set/get variable error flags
+	 * @param array  $db_config   db connection config
+	 * @param array  $table_array table array config
+	 * @param string $table_name  table name string
 	 */
-	public function __construct(array $db_config, array $table_array, string $table_name, int $set_control_flag = 0)
+	public function __construct(array $db_config, array $table_array, string $table_name)
 	{
 		// instance db_io class
-		parent::__construct($db_config, $set_control_flag);
+		parent::__construct($db_config);
 		// more error vars for this class
 		$this->error_string['91'] = 'No Primary Key given';
 		$this->error_string['92'] = 'Could not run Array Query';

www/lib/CoreLibs/DB/IO.php

@@ -128,13 +128,13 @@
 *	  - returns an hashed array of table column data
 *	function db_prepare($stm_name, $query)
 *     - prepares a query with the given stm name, returns false on error
-*   function db_execute($stm_name, $data = array())
+*   function db_execute($stm_name, $data = [])
 *     - execute a query that was previously prepared
 *   $string db_escape_string($string)
 *     - correctly escapes string for db insert
 *   $string db_boolean(string)
 *     - if the string value is 't' or 'f' it returns correct TRUE/FALSE for php
-*   $primary_key db_write_data($write_array, $not_write_array, $primary_key, $table, $data = array())
+*   $primary_key db_write_data($write_array, $not_write_array, $primary_key, $table, $data = [])
 *     - writes into one table based on arrays of columns to write and not write, reads data from global vars or optional array
 *   $boolean db_set_schema(schema)
 *     - sets search path to a schema
@@ -270,7 +270,7 @@ class IO extends \CoreLibs\Basic
 	public $cursor; // actual cursor (DBH)
 	public $num_rows; // how many rows have been found
 	public $num_fields; // how many fields has the query
-	public $field_names = array(); // array with the field names of the current query
+	public $field_names = []; // array with the field names of the current query
 	public $insert_id; // last inserted ID
 	public $insert_id_ext; // extended insert ID (for data outside only primary key)
 	private $temp_sql;
@@ -289,14 +289,14 @@ class IO extends \CoreLibs\Basic
 	// endless loop protection
 	private $MAX_QUERY_CALL;
 	private $DEFAULT_MAX_QUERY_CALL = 20; // default
-	private $query_called = array();
+	private $query_called = [];
 	// error string
-	protected $error_string = array();
+	protected $error_string = [];
 	// prepared list
-	public $prepare_cursor = array();
+	public $prepare_cursor = [];
 	// primary key per table list
 	// format is 'table' => 'pk_name'
-	public $pk_name_table = array();
+	public $pk_name_table = [];
 	// internal primary key name, for cross calls in async
 	public $pk_name;
 	// if we use RETURNING in the INSERT call
@@ -307,15 +307,14 @@ class IO extends \CoreLibs\Basic
 	/**
 	 * main DB concstructor with auto connection to DB and failure set on failed connection
 	 * @param array $db_config        DB configuration array
-	 * @param int   $set_control_flag 0/1/2/3 to set internal class parameter check
 	 */
-	public function __construct(array $db_config, int $set_control_flag = 0)
+	public function __construct(array $db_config)
 	{
 		// start basic class
-		parent::__construct($set_control_flag);
+		parent::__construct();
 		// dummy init array for db config if not array
 		if (!is_array($db_config)) {
-			$db_config = array();
+			$db_config = [];
 		}
 		// sets the names (for connect/reconnect)
 		$this->db_name = $db_config['db_name'] ?? '';
@@ -511,7 +510,7 @@ class IO extends \CoreLibs\Basic
 	{
 		$string = '';
 		if (!is_array($array)) {
-			$array = array();
+			$array = [];
 		}
 		foreach ($array as $key => $value) {
 			$string .= $this->nbsp.'<b>'.$key.'</b> => ';
@@ -617,7 +616,7 @@ class IO extends \CoreLibs\Basic
 	 * @param  array  $data     the data array
 	 * @return string           string of query with data inside
 	 */
-	private function __dbDebugPrepare(string $stm_name, array $data = array()): string
+	private function __dbDebugPrepare(string $stm_name, array $data = []): string
 	{
 		// get the keys from data array
 		$keys = array_keys($data);
@@ -773,7 +772,7 @@ class IO extends \CoreLibs\Basic
 				// count the fields
 				$this->num_fields = $this->db_functions->__dbNumFields($this->cursor);
 				// set field names
-				$this->field_names = array();
+				$this->field_names = [];
 				for ($i = 0; $i < $this->num_fields; $i ++) {
 					$this->field_names[] = $this->db_functions->__dbFieldName($this->cursor, $i);
 				}
@@ -789,8 +788,8 @@ class IO extends \CoreLibs\Basic
 					if (!$this->returning_id) {
 						$this->insert_id = $this->db_functions->__dbInsertId($this->query, $this->pk_name);
 					} else {
-						$this->insert_id = array();
-						$this->insert_id_ext = array();
+						$this->insert_id = [];
+						$this->insert_id_ext = [];
 						// echo "** PREPARE RETURNING FOR CURSOR: ".$this->cursor."<br>";
 						// we have returning, now we need to check if we get one or many returned
 						// we'll need to loop this, if we have multiple insert_id returns
@@ -1211,7 +1210,7 @@ class IO extends \CoreLibs\Basic
 					$return = false;
 				} else {
 					// unset return value ...
-					$return = array();
+					$return = [];
 					for ($i = 0; $i < $this->cursor_ext[$md5]['num_fields']; $i ++) {
 						// create mixed return array
 						if ($assoc_only === false && isset($this->cursor_ext[$md5]['data'][$this->cursor_ext[$md5]['pos']][$i])) {
@@ -1247,7 +1246,7 @@ class IO extends \CoreLibs\Basic
 					$this->cursor_ext[$md5]['read_rows'] ++;
 					// if reset is <3 caching is done, else no
 					if ($reset < 3) {
-						$temp = array();
+						$temp = [];
 						foreach ($return as $field_name => $data) {
 							$temp[$field_name] = $data;
 						}
@@ -1437,9 +1436,9 @@ class IO extends \CoreLibs\Basic
 			return false;
 		}
 		$cursor = $this->dbExec($query);
-		$rows = array();
+		$rows = [];
 		while ($res = $this->dbFetchArray($cursor, $assoc_only)) {
-			$data = array();
+			$data = [];
 			for ($i = 0; $i < $this->num_fields; $i ++) {
 				$data[$this->field_names[$i]] = $res[$this->field_names[$i]];
 			}
@@ -1590,7 +1589,7 @@ class IO extends \CoreLibs\Basic
 	 * @param  array         $data     data to run for this query, empty array for none
 	 * @return ?mixed                  false on error, or result on OK
 	 */
-	public function dbExecute(string $stm_name, array $data = array())
+	public function dbExecute(string $stm_name, array $data = [])
 	{
 		// if we do not have no prepare cursor array entry for this statement name, abort
 		if (!is_array($this->prepare_cursor[$stm_name])) {
@@ -1625,8 +1624,8 @@ class IO extends \CoreLibs\Basic
 				if (!$this->prepare_cursor[$stm_name]['returning_id']) {
 					$this->insert_id = $this->db_functions->__dbInsertId($this->prepare_cursor[$stm_name]['query'], $this->prepare_cursor[$stm_name]['pk_name']);
 				} elseif ($result) {
-					$this->insert_id = array();
-					$this->insert_id_ext = array();
+					$this->insert_id = [];
+					$this->insert_id_ext = [];
 					// we have returning, now we need to check if we get one or many returned
 					// we'll need to loop this, if we have multiple insert_id returns
 					while ($_insert_id = $this->db_functions->__dbFetchArray(
@@ -1817,18 +1816,18 @@ class IO extends \CoreLibs\Basic
 	 * @param  array    $data            data array to override _POST data
 	 * @return int|bool                  primary key
 	 */
-	public function dbWriteData(array $write_array, array $not_write_array, $primary_key, string $table, $data = array())
+	public function dbWriteData(array $write_array, array $not_write_array, $primary_key, string $table, $data = [])
 	{
 		if (!is_array($write_array)) {
-			$write_array = array();
+			$write_array = [];
 		}
 		if (!is_array($not_write_array)) {
-			$not_write_array = array();
+			$not_write_array = [];
 		}
 		if (is_array($table)) {
 			return false;
 		}
-		$not_write_update_array = array();
+		$not_write_update_array = [];
 		return $this->dbWriteDataExt($write_array, $primary_key, $table, $not_write_array, $not_write_update_array, $data);
 	}
 
@@ -1849,9 +1848,9 @@ class IO extends \CoreLibs\Basic
 		array $write_array,
 		$primary_key,
 		string $table,
-		array $not_write_array = array(),
-		array $not_write_update_array = array(),
-		array $data = array()
+		array $not_write_array = [],
+		array $not_write_update_array = [],
+		array $data = []
 	) {
 		if (!is_array($primary_key)) {
 			$primary_key = array(
@@ -1988,16 +1987,10 @@ class IO extends \CoreLibs\Basic
 	 */
 	public function dbArrayParse(string $text): array
 	{
-		$output = array();
+		$output = [];
 		return $this->db_functions->__dbArrayParse($text, $output);
 	}
 
-	// METHOD: dbSqlEscape
-	// WAS   : db_sql_escape
-	// PARAMS: value -> to escape data
-	//          kbn -> escape trigger type
-	// RETURN: escaped value
-	// DESC  : clear up any data for valid DB insert
 	/**
 	 * clear up any data for valid DB insert
 	 * @param  int|float|string $value to escape data
@@ -2025,6 +2018,60 @@ class IO extends \CoreLibs\Basic
 		}
 		return $value;
 	}
+
+	/**
+	 * return current set insert_id as is
+	 * @return string|int|null Primary key value, most likely int
+	 *                         Empty string for unset
+	 *                         Null for error
+	 */
+	public function getInsertPK()
+	{
+		return $this->insert_id;
+	}
+
+	/**
+	 * return the extended insert return string set
+	 * Most likely Array
+	 * @param  string|null       $key Optional key for insert_id_ext array
+	 *                                if found will return only this element,
+	 *                                else will return null
+	 * @return array|string|null      RETURNING values as array
+	 *                                Empty string for unset
+	 *                                Null for error
+	 */
+	public function getInsertReturn($key = null)
+	{
+		if ($key !== null) {
+			if (isset($this->insert_id_ext[$key])) {
+				return $this->insert_id_ext[$key];
+			} else {
+				return null;
+			}
+		}
+		return $this->insert_id_ext;
+	}
+
+	/**
+	 * returns the full array for cursor ext
+	 * @param  string|null $q Query string, if not null convert to md5
+	 *                        and return set cursor ext for only this
+	 *                        if not found or null return null
+	 * @return array|nul      Cursor Extended array
+	 *                        Key is md5 string from query run
+	 */
+	public function getCursorExt($q = null)
+	{
+		if ($q !== null) {
+			$q_md5 = md5($q);
+			if (isset($this->cursor_ext[$q_md5])) {
+				return $this->cursor_ext[$q_md5];
+			} else {
+				return null;
+			}
+		}
+		return $this->cursor_ext;
+	}
 } // end if db class
 
 // __END__

www/lib/CoreLibs/Language/L10n.php

@@ -37,13 +37,13 @@ class L10n extends \CoreLibs\Basic
 
 	/**
 	 * class constructor call for language getstring
-	 * @param string      $lang             language name (optional), fallback is en
-	 * @param string      $path             path, if empty fallback on default internal path
-	 * @param int|integer $set_control_flag control flags for Basic class set/get checks
+	 * @param string $lang language name (optional), fallback is en
+	 * @param string $path path, if empty fallback on default internal path
 	 */
-	public function __construct(string $lang = '', string $path = '', int $set_control_flag = 0)
+	public function __construct(string $lang = '', string $path = ''
+)
 	{
-		parent::__construct($set_control_flag);
+		parent::__construct();
 		if (!$lang) {
 			$this->lang = 'en';
 		} else {

www/lib/CoreLibs/Output/Form/Generate.php

@@ -255,11 +255,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 
 	/**
 	 * construct form generator
-	 * @param array       $db_config        db config array
-	 * @param int|integer $table_width      table/div width (default 750)
-	 * @param int|integer $set_control_flag basic class set/get variable error flags
+	 * @param array       $db_config   db config array
+	 * @param int|integer $table_width table/div width (default 750)
 	 */
-	public function __construct(array $db_config, int $table_width = 750, int $set_control_flag = 0)
+	public function __construct(array $db_config, int $table_width = 750)
 	{
 		$this->my_page_name = $this->getPageName(1);
 		$this->setLangEncoding();
@@ -289,7 +288,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		}
 
 		// start the array_io class which will start db_io ...
-		parent::__construct($db_config, $config_array['table_array'], $config_array['table_name'], $set_control_flag);
+		parent::__construct($db_config, $config_array['table_array'], $config_array['table_name']);
 		// here should be a check if the config_array is correct ...
 		if (isset($config_array['show_fields']) && is_array($config_array['show_fields'])) {
 			$this->field_array = $config_array['show_fields'];

www/lib/CoreLibs/Template/SmartyExtend.php

@@ -34,10 +34,10 @@ class SmartyExtend extends SmartyBC
 	public $page_name;
 
 	// array for data parsing
-	public $HEADER = array();
-	public $DATA = array();
-	public $DEBUG_DATA = array();
-	private $CONTENT_DATA = array();
+	public $HEADER = [];
+	public $DATA = [];
+	public $DEBUG_DATA = [];
+	private $CONTENT_DATA = [];
 	// control vars
 	public $USE_PROTOTYPE = USE_PROTOTYPE;
 	public $USE_JQUERY = USE_JQUERY;
@@ -354,7 +354,7 @@ class SmartyExtend extends SmartyBC
 			$this->DATA['nav_menu'] = $cms->adbTopMenu();
 			$this->DATA['nav_menu_count'] = is_array($this->DATA['nav_menu']) ? count($this->DATA['nav_menu']) : 0;
 			// messages = array('msg' =>, 'class' => 'error/warning/...')
-			$this->DATA['messages'] = $cms->messages ?? array();
+			$this->DATA['messages'] = $cms->messages ?? [];
 			// the page name
 			$this->DATA['page_name'] = $this->page_name;
 			$this->DATA['table_width'] = $this->PAGE_WIDTH ?? PAGE_WIDTH;
@@ -405,7 +405,9 @@ class SmartyExtend extends SmartyBC
 	{
 		// array merge HEADER, DATA, DEBUG DATA
 		foreach (array('HEADER', 'DATA', 'DEBUG_DATA') as $ext_smarty) {
-			if (is_array($cms->{$ext_smarty})) {
+			if (isset($cms->{$ext_smarty}) &&
+				is_array($cms->{$ext_smarty})
+			) {
 				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $cms->{$ext_smarty});
 			}
 		}

www/lib/autoloader.php

@@ -44,7 +44,7 @@ if (class_exists('Autoload', false) === false) {
 			// print "(2) Class clean: $path<br>";
 			// if path is set and a valid file
 			if ($path !== false && is_file($path)) {
-				// echo "<b>(3)</b> Load Path: $path<br>";
+				// print "<b>(3)</b> Load Path: $path<br>";
 				// we should sub that
 				// self::loadFile($path);
 				include $path;