Fixes from phan/phpstan tests

- edit base used useless regex for getting filename and dir from folder
  list. Changed to pathinfo() call to fix this
- edit_base.php and DB\Extended\ArrayIO fixes
On page order in edit we got errors because pk_name in ArrayIO class was
not init as empty string as it should be (is defined as string only)
- ACL\Login updates
Move all public functions to the public block.
Add public functions for base check Page/Base level to min level name
get acl array as is for now (will be extended with other calls for more
detail query)
Also clean ups in PHPdoc layout, long lines, etc

4dev/tests/CoreLibsACLLoginTest.php

@@ -95,6 +95,8 @@ final class CoreLibsACLLoginTest extends TestCase
 		$this->markTestIncomplete(
 			'ACL\Login Tests have not yet been implemented'
 		);
+
+		$login = new \CoreLibs\ACL\Login(self::$db, self::$log);
 	}
 }
 

phpstan-baseline.neon

@@ -1,7 +1,72 @@
 parameters:
 	ignoreErrors:
 		-
-			message: "#^Parameter \\#1 \\$result of function pg_result_error expects resource, object\\|resource\\|true given\\.$#"
+			message: "#^Parameter \\#1 \\$connection of function pg_connection_busy expects PgSql\\\\Connection, object\\|resource given\\.$#"
+			count: 3
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$connection of function pg_connection_status expects PgSql\\\\Connection, object\\|resource given\\.$#"
+			count: 1
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$connection of function pg_get_result expects PgSql\\\\Connection, object\\|resource given\\.$#"
+			count: 2
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$connection of function pg_meta_data expects PgSql\\\\Connection, object\\|resource given\\.$#"
+			count: 1
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$connection of function pg_send_query expects PgSql\\\\Connection, object\\|resource given\\.$#"
+			count: 2
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$connection of function pg_socket expects PgSql\\\\Connection, object\\|resource given\\.$#"
+			count: 1
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$connection of function pg_version expects PgSql\\\\Connection\\|null, object\\|resource given\\.$#"
+			count: 2
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$result of function pg_affected_rows expects PgSql\\\\Result, object\\|resource given\\.$#"
+			count: 1
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$result of function pg_fetch_all expects PgSql\\\\Result, object\\|resource given\\.$#"
+			count: 1
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$result of function pg_fetch_array expects PgSql\\\\Result, object\\|resource given\\.$#"
+			count: 1
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$result of function pg_field_name expects PgSql\\\\Result, object\\|resource given\\.$#"
+			count: 1
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$result of function pg_num_fields expects PgSql\\\\Result, object\\|resource given\\.$#"
+			count: 1
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$result of function pg_num_rows expects PgSql\\\\Result, object\\|resource given\\.$#"
+			count: 1
+			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
+
+		-
+			message: "#^Parameter \\#1 \\$result of function pg_result_error expects PgSql\\\\Result, object\\|resource given\\.$#"
 			count: 1
 			path: www/lib/CoreLibs/DB/SQL/PgSQL.php
 

phpstan.neon

@@ -24,7 +24,9 @@ parameters:
 		# do not check old qq file uploader tests
 		- www/admin/qq_file_upload_*.php
 		# ignore all test files
-		- www/admin/class_test*php
+		- www/admin/class_test*.php
+		# extra in sub folder
+		- www/admin/subfolder/class_test*.php
 		- www/admin/error_test.php
 		# admin synlink files
 		- www/admin/edit_*.php
@@ -47,9 +49,12 @@ parameters:
 		- www/vendor
 	# ignore errores with
 	ignoreErrors:
-		- # this error is ignore because of the PHP 8.0 to 8.1 change for pg_*
+		- # this error is ignore because of the PHP 8.0 to 8.1 change for pg_*, only for 8.0 or lower
 			message: "#^Parameter \\#1 \\$(result|connection) of function pg_\\w+ expects resource(\\|null)?, object\\|resource(\\|bool)? given\\.$#"
 			path: %currentWorkingDirectory%/www/lib/CoreLibs/DB/SQL/PgSQL.php
+		- # this is for 8.1 or newer
+			message: "#^Parameter \\#1 \\$(result|connection) of function pg_\\w+ expects PgSql\\\\(Result|Connection(\\|null)?), object\\|resource given\\.$#"
+			path: %currentWorkingDirectory%/www/lib/CoreLibs/DB/SQL/PgSQL.php
 		# this is ignored for now
 		# - '#Expression in empty\(\) is always falsy.#'
 		# -

www/admin/class_test.login.php

@@ -0,0 +1,61 @@
+<?php // phpcs:ignore warning
+
+/**
+ * @phan-file-suppress PhanTypeSuspiciousStringExpression
+ */
+
+declare(strict_types=1);
+
+$DEBUG_ALL_OVERRIDE = 0; // set to 1 to debug on live/remote server locations
+$DEBUG_ALL = 1;
+$PRINT_ALL = 1;
+$DB_DEBUG = 1;
+
+if ($DEBUG_ALL) {
+	error_reporting(E_ALL | E_STRICT | E_ERROR | E_WARNING | E_PARSE | E_COMPILE_ERROR);
+}
+
+ob_start();
+
+// basic class test file
+define('USE_DATABASE', false);
+// sample config
+require 'config.php';
+// set session name
+if (!defined('SET_SESSION_NAME')) {
+	define('SET_SESSION_NAME', EDIT_SESSION_NAME);
+}
+// define log file id
+$LOG_FILE_ID = 'classTest-login';
+// init login & backend class
+$log = new CoreLibs\Debug\Logging([
+	'log_folder' => BASE . LOG,
+	'file_id' => $LOG_FILE_ID,
+	// add file date
+	'print_file_date' => true,
+	// set debug and print flags
+	'debug_all' => $DEBUG_ALL ?? false,
+	'echo_all' => $ECHO_ALL ?? false,
+	'print_all' => $PRINT_ALL ?? false,
+]);
+$db = new CoreLibs\DB\IO(DB_CONFIG, $log);
+$login = new CoreLibs\ACL\Login($db, $log);
+ob_end_flush();
+
+print "<!DOCTYPE html>";
+print "<html><head><title>TEST CLASS: LOGIN</title><head>";
+print "<body>";
+print '<div><a href="class_test.php">Class Test Master</a></div>';
+
+echo "CHECK PERMISSION: " . ($login->loginCheckPermissions() ? 'OK' : 'BAD') . "<br>";
+echo "IS ADMIN: " . ($login->loginIsAdmin() ? 'OK' : 'BAD') . "<br>";
+echo "MIN ACCESS BASE: " . ($login->loginCheckAccessBase('admin') ? 'OK' : 'BAD') . "<br>";
+echo "MIN ACCESS PAGE: " . ($login->loginCheckAccessPage('admin') ? 'OK' : 'BAD') . "<br>";
+
+echo "ACL: " . \CoreLibs\Debug\Support::printAr($login->loginGetAcl()) . "<br>";
+echo "ACL (MIN): " . \CoreLibs\Debug\Support::printAr($login->loginGetAcl()['min']) . "<br>";
+
+// error message
+print $log->printErrorMsg();
+
+print "</body></html>";

www/admin/class_test.php

@@ -82,6 +82,7 @@ print '<div><a href="class_test.output.form.php">Class Test: OUTPUT FORM</a></di
 print '<div><a href="class_test.admin.backend.php">Class Test: BACKEND ADMIN CLASS</a></div>';
 print '<div><a href="class_test.lang.php">Class Test: LANG/L10n</a></div>';
 print '<div><a href="class_test.smarty.php">Class Test: SMARTY</a></div>';
+print '<div><a href="class_test.login.php">Class Test: LOGIN</a></div>';
 print '<div><a href="class_test.autoloader.php">Class Test: AUTOLOADER</a></div>';
 print '<div><a href="class_test.config.link.php">Class Test: CONFIG LINK</a></div>';
 print '<div><a href="class_test.config.direct.php">Class Test: CONFIG DIRECT</a></div>';

www/admin/class_test.system.php

@@ -42,7 +42,6 @@ $log = new CoreLibs\Debug\Logging([
 	'echo_all' => $ECHO_ALL ?? false,
 	'print_all' => $PRINT_ALL ?? false,
 ]);
-$basic = new CoreLibs\Basic($log);
 
 print "<!DOCTYPE html>";
 print "<html><head><title>TEST CLASS: SYSTEM</title><head>";

www/includes/edit_base.php

@@ -446,16 +446,15 @@ if ($form->my_page_name == 'edit_order') {
 					$t_q = '';
 					foreach ($output as $output_file) {
 						// split the ouput into folder and file
-						// eg ../admin/test.php is ../admin/ and test.php
+						$pathinfo = pathinfo($output_file);
-						preg_match("/([\.\/\w]+\/)+(\w+\.\w{1,})$/", $output_file, $matches);
+						if (!empty($pathinfo['dirname'])) {
-						// if named config.php, skip
+							$pathinfo['dirname'] .= DIRECTORY_SEPARATOR;
-						if ($matches[2] != 'config.php') {
-							if ($t_q) {
-								$t_q .= ', ';
-							}
-							$t_q .= "('" . $form->dbEscapeString($matches[1]) . "', '"
-								. $form->dbEscapeString($matches[2]) . "')";
 						}
+						if ($t_q) {
+							$t_q .= ', ';
+						}
+						$t_q .= "('" . $form->dbEscapeString($pathinfo['dirname']) . "', '"
+							. $form->dbEscapeString($pathinfo['basename']) . "')";
 					}
 					$form->dbExec($q . $t_q, 'NULL');
 					$elements[] = $form->formCreateElement('filename');

www/lib/CoreLibs/ACL/Login.php

@@ -164,7 +164,9 @@ class Login
 	public $l;
 
 	/**
-	 * constructor, does ALL, opens db, works through connection checks, closes itself
+	 * constructor, does ALL, opens db, works through connection checks,
+	 * finishes itself
+	 *
 	 * @param \CoreLibs\DB\IO              $db   Database connection class
 	 * @param \CoreLibs\Debug\Logging      $log  Logging class
 	 */
@@ -191,6 +193,7 @@ class Login
 		// check if session exists and could be created
 		// TODO: move session creation and check to outside?
 		if (Session::startSession() === false) {
+			$this->login_error = 1;
 			echo '<b>Session not started or could not be started!</b><br>'
 				. 'Use \'\CoreLibs\Create\Session::startSession();\'.<br>'
 				. 'For less problems with other session, you can set a '
@@ -200,12 +203,10 @@ class Login
 
 		// pre-check that password min/max lengths are inbetween 1 and 255;
 		if ($this->password_max_length > 255) {
-			echo '<b>Settings problem</b> PMaL<br>';
+			$this->password_max_length = 255;
-			exit;
 		}
 		if ($this->password_min_length < 1) {
-			echo '<b>Settings problem</b> PMiL<br>';
+			$this->password_min_length = 1;
-			exit;
 		}
 
 		// set global is ajax page for if we show the data directly,
@@ -267,7 +268,8 @@ class Login
 		// init default ACL list array
 		$_SESSION['DEFAULT_ACL_LIST'] = [];
 		// read the current edit_access_right list into an array
-		$q = "SELECT level, type, name FROM edit_access_right WHERE level >= 0 ORDER BY level";
+		$q = "SELECT level, type, name FROM edit_access_right "
+			. "WHERE level >= 0 ORDER BY level";
 		while (is_array($res = $this->db->dbReturn($q))) {
 			// level to description format (numeric)
 			$this->default_acl_list[$res['level']] = [
@@ -286,7 +288,10 @@ class Login
 		$this->loginLogoutUser();
 		// ** LANGUAGE SET AFTER LOGIN **
 		// set the locale
-		if (Session::getSessionId() !== false && !empty($_SESSION['DEFAULT_LANG'])) {
+		if (
+			Session::getSessionId() !== false &&
+			!empty($_SESSION['DEFAULT_LANG'])
+		) {
 			$locale = $_SESSION['DEFAULT_LOCALE'] ?? '';
 		} else {
 			$locale = defined('SITE_LOCALE') && !empty(SITE_LOCALE) ?
@@ -314,7 +319,8 @@ class Login
 		$this->login_html = $this->loginPrintLogin();
 		// closing all connections, depending on error status, exit
 		if (!$this->loginCloseClass()) {
-			// if variable AJAX flag is not set, show output, else pass through for ajax work
+			// if variable AJAX flag is not set, show output
+			// else pass through for ajax work
 			if ($this->login_is_ajax_page !== true) {
 				// the login screen if we hav no login permission & login screen html data
 				if ($this->login_html !== null) {
@@ -360,8 +366,13 @@ class Login
 		// NO OP
 	}
 
+	// *************************************************************************
+	// **** PRIVATE INTERNAL
+	// *************************************************************************
+
 	/**
 	 * checks if password is valid, sets internal error login variable
+	 *
 	 * @param  string $hash     password hash
 	 * @param  string $password submitted password
 	 * @return bool             true or false on password ok or not
@@ -418,7 +429,9 @@ class Login
 	}
 
 	/**
-	 * if user pressed login button this script is called, but only if there is no preview euid set]
+	 * if user pressed login button this script is called,
+	 * but only if there is no preview euid set
+	 *
 	 * @return void has not return
 	 */
 	private function loginLoginUser(): void
@@ -702,88 +715,6 @@ class Login
 		}
 	}
 
-	/**
-	 * for every page the user access this script checks if he is allowed to do so
-	 * @return bool permission okay as true/false
-	 */
-	public function loginCheckPermissions(): bool
-	{
-		if ($this->euid && $this->login_error != 103) {
-			$q = "SELECT filename "
-				. "FROM edit_page ep, edit_page_access epa, edit_group eg, edit_user eu "
-				. "WHERE ep.edit_page_id = epa.edit_page_id "
-				. "AND eg.edit_group_id = epa.edit_group_id "
-				. "AND eg.edit_group_id = eu.edit_group_id "
-				. "AND eu.edit_user_id = " . $this->euid . " "
-				. "AND filename = '" . $this->page_name . "' "
-				. "AND eg.enabled = 1 AND epa.enabled = 1";
-			$res = $this->db->dbReturnRow($q);
-			if (!is_array($res)) {
-				$this->login_error = 109;
-				$this->permission_okay = false;
-				return $this->permission_okay;
-			}
-			if (isset($res['filename']) && $res['filename'] == $this->page_name) {
-				$this->permission_okay = true;
-			} else {
-				$this->login_error = 103;
-				$this->permission_okay = false;
-			}
-		}
-		// if called from public, so we can check if the permissions are ok
-		return $this->permission_okay;
-	}
-
-	/**
-	 * if a user pressed on logout, destroyes session and unsets all global vars
-	 * @return void has no return
-	 */
-	public function loginLogoutUser(): void
-	{
-		// must be either logout or error
-		if (!$this->logout && !$this->login_error) {
-			return;
-		}
-		// unregister and destroy session vars
-		foreach (
-			// TODO move this into some global array for easier update
-			[
-				'ADMIN',
-				'BASE_ACL_LEVEL',
-				'DB_DEBUG',
-				'DEBUG_ALL',
-				'DEFAULT_ACL_LIST',
-				'DEFAULT_CHARSET',
-				'DEFAULT_LANG',
-				'DEFAULT_LOCALE',
-				'EAID',
-				'EUID',
-				'GROUP_ACL_LEVEL',
-				'GROUP_ACL_TYPE',
-				'GROUP_NAME',
-				'HEADER_COLOR',
-				'LANG',
-				'PAGES_ACL_LEVEL',
-				'PAGES',
-				'TEMPLATE',
-				'UNIT_ACL_LEVEL',
-				'UNIT_DEFAULT',
-				'UNIT',
-				'USER_ACL_LEVEL',
-				'USER_ACL_TYPE',
-				'USER_NAME',
-			] as $session_var
-		) {
-			unset($_SESSION[$session_var]);
-		}
-		// final unset all
-		session_unset();
-		// final destroy session
-		session_destroy();
-		// then prints the login screen again
-		$this->permission_okay = false;
-	}
-
 	/**
 	 * sets all the basic ACLs
 	 * init set the basic acl the user has, based on the following rules
@@ -799,6 +730,7 @@ class Login
 	 * - if an account ACL is set, set this parallel, account ACL overrides user ACL if it applies
 	 * - if edit access ACL level is set, use this, else use page
 	 * set all base ACL levels as a list keyword -> ACL number
+	 *
 	 * @return void has no return
 	 */
 	private function loginSetAcl(): void
@@ -837,10 +769,10 @@ class Login
 		$_SESSION['BASE_ACL_LEVEL'] = $this->acl['base'];
 
 		// set the current page acl
-		// start with default acl
+		// start with base acl
 		// set group if not -1, overrides default
 		// set page if not -1, overrides group set
-		$this->acl['page'] = DEFAULT_ACL_LEVEL;
+		$this->acl['page'] = $this->acl['base'];
 		if ($_SESSION['GROUP_ACL_LEVEL'] != -1) {
 			$this->acl['page'] = $_SESSION['GROUP_ACL_LEVEL'];
 		}
@@ -886,6 +818,7 @@ class Login
 		}
 		// set the default edit access
 		$this->acl['default_edit_access'] = $_SESSION['UNIT_DEFAULT'] ?? null;
+		$this->acl['min'] = [];
 		// integrate the type acl list, but only for the keyword -> level
 		foreach ($this->default_acl_list as $level => $data) {
 			$this->acl['min'][$data['type']] = $level;
@@ -897,25 +830,34 @@ class Login
 	}
 
 	/**
-	 * checks if this edit access id is valid
+	 * Check if source (page, base) is matching to the given min access string
-	 * @param  int|null $edit_access_id access id pk to check
+	 * min access string must be valid access level string (eg read, mod, write)
-	 * @return bool                     true/false: if the edit access is not
+	 * This does not take in account admin flag set
-	 *                                  in the valid list: false
+	 *
+	 * @param  string $source     a valid base level string eg base, page
+	 * @param  string $min_access a valid min level string, eg read, mod, siteadmin
+	 * @return bool               True for valid access, False for invalid
 	 */
-	public function loginCheckEditAccess($edit_access_id): bool
+	public function loginCheckAccess(string $source, string $min_access): bool
 	{
-		if ($edit_access_id === null) {
+		$source = 'base';
+		if (
+			empty($this->acl['min'][$min_access]) ||
+			empty($this->acl[$source])
+		) {
 			return false;
 		}
-		if (array_key_exists($edit_access_id, $this->acl['unit'])) {
+		// phan claims $this->acl['min'] can be null, but above should skip
+		/** @phan-suppress-next-line PhanTypeArraySuspiciousNullable */
+		if ($this->acl[$source] >= $this->acl['min'][$min_access]) {
 			return true;
-		} else {
-			return false;
 		}
+		return false;
 	}
 
 	/**
 	 * checks if the password is in a valid format
+	 *
 	 * @param  string $password the new password
 	 * @return bool             true or false if valid password or not
 	 */
@@ -939,6 +881,7 @@ class Login
 
 	/**
 	 * dummy declare for password forget
+	 *
 	 * @return void has no return
 	 */
 	private function loginPasswordForgot(): void
@@ -946,25 +889,9 @@ class Login
 		// will do some password recovert, eg send email
 	}
 
-	/**
-	 * sets the minium length and checks on valid
-	 * @param  int  $length set the minimum length
-	 * @return bool         true/false on success
-	 */
-	public function loginSetPasswordMinLength(int $length): bool
-	{
-		// check that numeric, positive numeric, not longer than max input string lenght
-		// and not short than min password length
-		if (is_numeric($length) && $length >= PASSWORD_MIN_LENGTH && $length <= $this->password_max_length) {
-			$this->password_min_length = $length;
-			return true;
-		} else {
-			return false;
-		}
-	}
-
 	/**
 	 * changes a user password
+	 *
 	 * @return void has no return
 	 */
 	private function loginPasswordChange(): void
@@ -1065,6 +992,7 @@ class Login
 
 	/**
 	 * prints out login html part if no permission (error) is set
+	 *
 	 * @return string|null html data for login page, or null for nothing
 	 */
 	private function loginPrintLogin()
@@ -1170,6 +1098,7 @@ class Login
 	/**
 	 * last function called, writes log and prints out error msg and
 	 * exists script if permission 0
+	 *
 	 * @return bool true on permission ok, false on permission wrong
 	 */
 	private function loginCloseClass(): bool
@@ -1208,6 +1137,7 @@ class Login
 
 	/**
 	 * checks if there are external templates, if not uses internal fallback ones
+	 *
 	 * @return void has no return
 	 */
 	private function loginSetTemplates(): void
@@ -1389,6 +1319,7 @@ EOM;
 
 	/**
 	 * writes detailed data into the edit user log table (keep log what user does)
+	 *
 	 * @param  string     $event    string of what has been done
 	 * @param  string     $data     data information (id, etc)
 	 * @param  string|int $error    error id (mostly an int)
@@ -1449,8 +1380,186 @@ EOM;
 		$this->db->dbExec($q, 'NULL');
 	}
 
+	// *************************************************************************
+	// **** PUBLIC INTERNAL
+	// *************************************************************************
+
+	/**
+	 * sets the minium length and checks on valid
+	 *
+	 * @param  int  $length set the minimum length
+	 * @return bool         true/false on success
+	 */
+	public function loginSetPasswordMinLength(int $length): bool
+	{
+		// check that numeric, positive numeric, not longer than max input string lenght
+		// and not short than min password length
+		if (is_numeric($length) && $length >= PASSWORD_MIN_LENGTH && $length <= $this->password_max_length) {
+			$this->password_min_length = $length;
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * if a user pressed on logout, destroyes session and unsets all global vars
+	 *
+	 * @return void has no return
+	 */
+	public function loginLogoutUser(): void
+	{
+		// must be either logout or error
+		if (!$this->logout && !$this->login_error) {
+			return;
+		}
+		// unregister and destroy session vars
+		foreach (
+			// TODO move this into some global array for easier update
+			[
+				'ADMIN',
+				'BASE_ACL_LEVEL',
+				'DB_DEBUG',
+				'DEBUG_ALL',
+				'DEFAULT_ACL_LIST',
+				'DEFAULT_CHARSET',
+				'DEFAULT_LANG',
+				'DEFAULT_LOCALE',
+				'EAID',
+				'EUID',
+				'GROUP_ACL_LEVEL',
+				'GROUP_ACL_TYPE',
+				'GROUP_NAME',
+				'HEADER_COLOR',
+				'LANG',
+				'PAGES_ACL_LEVEL',
+				'PAGES',
+				'TEMPLATE',
+				'UNIT_ACL_LEVEL',
+				'UNIT_DEFAULT',
+				'UNIT',
+				'USER_ACL_LEVEL',
+				'USER_ACL_TYPE',
+				'USER_NAME',
+			] as $session_var
+		) {
+			unset($_SESSION[$session_var]);
+		}
+		// final unset all
+		session_unset();
+		// final destroy session
+		session_destroy();
+		// then prints the login screen again
+		$this->permission_okay = false;
+	}
+
+	/**
+	 * for every page the user access this script checks if he is allowed to do so
+	 *
+	 * @return bool permission okay as true/false
+	 */
+	public function loginCheckPermissions(): bool
+	{
+		// start with not allowed
+		$this->permission_okay = false;
+		// bail for no euid (no login)
+		if (!$this->euid) {
+			return $this->permission_okay;
+		}
+		// bail for previous wrong page match, eg if method is called twice
+		if ($this->login_error == 103) {
+			return $this->permission_okay;
+		}
+		// if ($this->euid && $this->login_error != 103) {
+		$q = "SELECT filename "
+			. "FROM edit_page ep, edit_page_access epa, edit_group eg, edit_user eu "
+			. "WHERE ep.edit_page_id = epa.edit_page_id "
+			. "AND eg.edit_group_id = epa.edit_group_id "
+			. "AND eg.edit_group_id = eu.edit_group_id "
+			. "AND eu.edit_user_id = " . $this->euid . " "
+			. "AND filename = '" . $this->page_name . "' "
+			. "AND eg.enabled = 1 AND epa.enabled = 1";
+		$res = $this->db->dbReturnRow($q);
+		if (!is_array($res)) {
+			$this->login_error = 109;
+			return $this->permission_okay;
+		}
+		if (isset($res['filename']) && $res['filename'] == $this->page_name) {
+			$this->permission_okay = true;
+		} else {
+			$this->login_error = 103;
+		}
+		// if called from public, so we can check if the permissions are ok
+		return $this->permission_okay;
+	}
+
+	/**
+	 * Return ACL array as is
+	 *
+	 * @return array<mixed>
+	 */
+	public function loginGetAcl(): array
+	{
+		return $this->acl;
+	}
+
+	/**
+	 * checks if this edit access id is valid
+	 *
+	 * @param  int|null $edit_access_id access id pk to check
+	 * @return bool                     true/false: if the edit access is not
+	 *                                  in the valid list: false
+	 */
+	public function loginCheckEditAccess($edit_access_id): bool
+	{
+		if ($edit_access_id === null) {
+			return false;
+		}
+		if (array_key_exists($edit_access_id, $this->acl['unit'])) {
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Check if admin flag is set
+	 *
+	 * @return bool True if admin flag set
+	 */
+	public function loginIsAdmin(): bool
+	{
+		if (!empty($this->acl['admin'])) {
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * check if min accesss string (eg, read, mod, etc) is matchable
+	 * EQUAL to BASE set right
+	 *
+	 * @param  string $min_access
+	 * @return bool
+	 */
+	public function loginCheckAccessBase(string $min_access): bool
+	{
+		return $this->loginCheckAccess('base', $min_access);
+	}
+
+	/**
+	 * check if min accesss string (eg, read, mod, etc) is matchable
+	 * EQUAL to PAGE set right
+	 *
+	 * @param  string $min_access
+	 * @return bool
+	 */
+	public function loginCheckAccessPage(string $min_access): bool
+	{
+		return $this->loginCheckAccess('page', $min_access);
+	}
+
 	/**
 	 * checks that the given edit access id is valid for this user
+	 *
 	 * @param  int|null $edit_access_id edit access id to check
 	 * @return int|null                 same edit access id if ok
 	 *                                  or the default edit access id
@@ -1465,14 +1574,14 @@ EOM;
 			!array_key_exists($edit_access_id, $_SESSION['UNIT'])
 		) {
 			return $_SESSION['UNIT_DEFAULT'] ?? null;
-		} else {
-			return $edit_access_id;
 		}
+		return $edit_access_id;
 	}
 
 	/**
 	 * retunrn a set entry from the UNIT session for an edit access_id
 	 * if not found return false
+	 *
 	 * @param  int        $edit_access_id edit access id
 	 * @param  string|int $data_key       key value to search for
 	 * @return bool|string                false for not found or string for found data
@@ -1481,9 +1590,8 @@ EOM;
 	{
 		if (!isset($_SESSION['UNIT'][$edit_access_id]['data'][$data_key])) {
 			return false;
-		} else {
-			return $_SESSION['UNIT'][$edit_access_id]['data'][$data_key];
 		}
+		return $_SESSION['UNIT'][$edit_access_id]['data'][$data_key];
 	}
 	// close class
 }

www/lib/CoreLibs/DB/Extended/ArrayIO.php

@@ -43,7 +43,7 @@ class ArrayIO extends \CoreLibs\DB\IO
 	/** @var string */
 	public $table_name; // the table_name
 	/** @var string */
-	public $pk_name; // the primary key from this table
+	public $pk_name = ''; // the primary key from this table
 	/** @var int|string|null */
 	public $pk_id; // the PK id
 

www/lib/CoreLibs/DB/SQL/PgSQL.php

@@ -604,7 +604,7 @@ class PgSQL implements \CoreLibs\DB\SQL\SqlInterface\SqlFunctions
 			return '';
 		}
 		// extract element
-		$return_string = pg_version($this->dbh)[$parameter] ?? '';
+		$return_string = (string)(pg_version($this->dbh)[$parameter] ?? '');
 		// for version, strip if requested
 		if (
 			in_array($parameter, ['server']) &&