New Secruity namespace added

Move Passwords from Check to Security and deprecate old

Add new SymmetricEncryption and CreateKey

CreateKey class just creates keys for the SymmetricEncryption
SymmetricEncryption uses the hex2bin calls to convert the hex key to the
internal binary key

Example:
$key = CreateKey::generateRandomKey();
$encrypted = SymmetricEncryption::encrypt($string, $key);
$decrypted = SymmetricEncryption::decrypt($encrypted, $key);

Above $key must be stored in some secure location (.env file)

4dev/tests/Combined/CoreLibsCombinedArrayHandlerTest.php

@@ -31,6 +31,7 @@ final class CoreLibsCombinedArrayHandlerTest extends TestCase
 		4,
 		'b',
 		'c' => 'test',
+		'single' => 'single',
 		'same' => 'same',
 		'deep' => [
 			'sub' => [
@@ -288,6 +289,188 @@ final class CoreLibsCombinedArrayHandlerTest extends TestCase
 		];
 	}
 
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function arraySearchKeyProvider(): array
+	{
+		/*
+		0: search in array
+		1: search keys
+		2: flat flag
+		3: prefix flag
+		4: expected array
+		*/
+		return [
+			// single
+			'find single, standard' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => null,
+				3 => null,
+				4 => [
+					0 => [
+						'value' => 'single',
+						'path' => ['single'],
+					],
+				],
+			],
+			'find single, prefix' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => null,
+				3 => true,
+				4 => [
+					'single' => [
+						0 => [
+							'value' => 'single',
+							'path' => ['single'],
+						],
+					],
+				],
+			],
+			'find single, flat' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => true,
+				3 => null,
+				4 => [
+					'single',
+				],
+			],
+			'find single, flat, prefix' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => true,
+				3 => true,
+				4 => [
+					'single' => [
+						'single',
+					],
+				],
+			],
+			// not found
+			'not found, standard' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => null,
+				3 => null,
+				4 => [],
+			],
+			'not found, standard, prefix' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => null,
+				3 => true,
+				4 => [
+					'NOT FOUND' => [],
+				],
+			],
+			'not found, flat' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => true,
+				3 => null,
+				4 => [],
+			],
+			'not found, flat, prefix' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => true,
+				3 => true,
+				4 => [
+					'NOT FOUND' => [],
+				],
+			],
+			// multi
+			'multiple found, standard' => [
+				0 => self::$array,
+				1 => ['same'],
+				2 => null,
+				3 => null,
+				4 => [
+					[
+						'value' => 'same',
+						'path' => ['a', 'same', ],
+					],
+					[
+						'value' => 'same',
+						'path' => ['same', ],
+					],
+					[
+						'value' => 'same',
+						'path' => ['deep', 'sub', 'same', ],
+					],
+				]
+			],
+			'multiple found, flat' => [
+				0 => self::$array,
+				1 => ['same'],
+				2 => true,
+				3 => null,
+				4 => ['same', 'same', 'same', ],
+			],
+			// search with multiple
+			'search multiple, standard' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => null,
+				3 => null,
+				4 => [
+					[
+						'value' => 'single',
+						'path' => ['single'],
+					],
+					[
+						'value' => 'bar',
+						'path' => ['deep', 'sub', 'nested', ],
+					],
+				],
+			],
+			'search multiple, prefix' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => null,
+				3 => true,
+				4 => [
+					'single' => [
+						[
+							'value' => 'single',
+							'path' => ['single'],
+						],
+					],
+					'nested' => [
+						[
+							'value' => 'bar',
+							'path' => ['deep', 'sub', 'nested', ],
+						],
+					],
+				],
+			],
+			'search multiple, flat' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => true,
+				3 => null,
+				4 => [
+					'single', 'bar',
+				],
+			],
+			'search multiple, flat, prefix' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => true,
+				3 => true,
+				4 => [
+					'single' => ['single', ],
+					'nested' => ['bar', ],
+				],
+			],
+		];
+	}
+
 	/**
 	 * provides array listing for the merge test
 	 *
@@ -691,6 +874,44 @@ final class CoreLibsCombinedArrayHandlerTest extends TestCase
 		);
 	}
 
+	/**
+	 * Undocumented function
+	 *
+	 * @covers::arraySearchKey
+	 * @dataProvider arraySearchKeyProvider
+	 * @testdox arraySearchKey Search array with keys and flat: $flat, prefix: $prefix [$_dataName]
+	 *
+	 * @param  array $input
+	 * @param  array $needles
+	 * @param  bool|null $flat
+	 * @param  bool|null $prefix
+	 * @param  array $expected
+	 * @return void
+	 */
+	public function testArraySearchKey(
+		array $input,
+		array $needles,
+		?bool $flat,
+		?bool $prefix,
+		array $expected
+	): void {
+		if ($flat === null && $prefix === null) {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles);
+		} elseif ($flat === null) {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles, prefix: $prefix);
+		} elseif ($prefix === null) {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles, flat: $flat);
+		} else {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles, $flat, $prefix);
+		}
+		// print "E: " . print_r($expected, true) . "\n";
+		// print "R: " . print_r($result, true) . "\n";
+		$this->assertEquals(
+			$expected,
+			$result
+		);
+	}
+
 	/**
 	 * Undocumented function
 	 *

4dev/tests/DB/CoreLibsDBIOTest.php

@@ -156,7 +156,7 @@ final class CoreLibsDBIOTest extends TestCase
 			$db->dbExec("DROP TABLE test_meta");
 		}
 		// uid is for internal reference tests
-		$base_table = <<<EOM
+		$base_table = <<<SQL
 			uid VARCHAR,
 			row_int INT,
 			row_numeric NUMERIC,
@@ -172,36 +172,36 @@ final class CoreLibsDBIOTest extends TestCase
 			row_array_varchar VARCHAR ARRAY
 		)
 		WITHOUT OIDS
-		EOM;
+		SQL;
 		// create the tables
 		$db->dbExec(
 			// primary key name is table + '_id'
-			<<<EOM
+			<<<SQL
 			CREATE TABLE table_with_primary_key (
 				table_with_primary_key_id SERIAL PRIMARY KEY,
 				$base_table
-			EOM
+			SQL
 			/* "CREATE TABLE table_with_primary_key ("
 			// primary key name is table + '_id'
 			. "table_with_primary_key_id SERIAL PRIMARY KEY, "
 			. $base_table */
 		);
 		$db->dbExec(
-			<<<EOM
+			<<<SQL
 			CREATE TABLE table_without_primary_key (
 				$base_table
-			EOM
+			SQL
 			/* "CREATE TABLE table_without_primary_key ("
 			. $base_table */
 		);
 		// create simple table for meta test
 		$db->dbExec(
-			<<<EOM
+			<<<SQL
 			CREATE TABLE test_meta (
 				row_1 VARCHAR,
 				row_2 INT
 			) WITHOUT OIDS
-			EOM
+			SQL
 			/* "CREATE TABLE test_meta ("
 			. "row_1 VARCHAR, "
 			. "row_2 INT"
@@ -1342,10 +1342,10 @@ final class CoreLibsDBIOTest extends TestCase
 						'has default' => false,
 						'array dims' => 0,
 						'is enum' => false,
-						'is base' => 1,
+						'is base' => true,
 						'is composite' => false,
-						'is pesudo' => false,
 						'description' => '',
+						'is pseudo' => false
 					],
 					'row_2' => [
 						'num' => 2,
@@ -1355,10 +1355,10 @@ final class CoreLibsDBIOTest extends TestCase
 						'has default' => false,
 						'array dims' => 0,
 						'is enum' => false,
-						'is base' => 1,
+						'is base' => true,
 						'is composite' => false,
-						'is pesudo' => false,
 						'description' => '',
+						'is pseudo' => false
 					]
 				]
 			],
@@ -1374,10 +1374,10 @@ final class CoreLibsDBIOTest extends TestCase
 						'has default' => false,
 						'array dims' => 0,
 						'is enum' => false,
-						'is base' => 1,
+						'is base' => true,
 						'is composite' => false,
-						'is pesudo' => false,
 						'description' => '',
+						'is pseudo' => false
 					],
 					'row_2' => [
 						'num' => 2,
@@ -1387,10 +1387,10 @@ final class CoreLibsDBIOTest extends TestCase
 						'has default' => false,
 						'array dims' => 0,
 						'is enum' => false,
-						'is base' => 1,
+						'is base' => true,
 						'is composite' => false,
-						'is pesudo' => false,
 						'description' => '',
+						'is pseudo' => false
 					]
 				]
 			],
@@ -4425,16 +4425,16 @@ final class CoreLibsDBIOTest extends TestCase
 					]
 				]
 			],
-			// same but as EOM
-			'single insert (PK), EOM string' => [
-				<<<EOM
+			// same but as heredoc
+			'single insert (PK), heredoc string' => [
+				<<<SQL
 				INSERT INTO table_with_primary_key (
 					row_varchar, row_varchar_literal, row_int, row_date
 				) VALUES (
 					'Text', 'Other', 123, '2022-03-01'
 				)
 				RETURNING row_varchar, row_varchar_literal, row_int, row_date
-				EOM,
+				SQL,
 				null,
 				null,
 				null,
@@ -4529,16 +4529,16 @@ final class CoreLibsDBIOTest extends TestCase
 					]
 				]
 			],
-			// same as above but as EOM string
-			'single insert (No PK), EOM string' => [
-				<<<EOM
+			// same as above but as heredoc string
+			'single insert (No PK), heredoc string' => [
+				<<<SQL
 				INSERT INTO table_without_primary_key (
 					row_varchar, row_varchar_literal, row_int, row_date
 				) VALUES (
 					'Text', 'Other', 123, '2022-03-01'
 				)
 				RETURNING row_varchar, row_varchar_literal, row_int, row_date
-				EOM,
+				SQL,
 				null,
 				null,
 				null,

4dev/tests/Security/CoreLibsSecurityPasswordTest.php

@@ -7,9 +7,9 @@ namespace tests;
 use PHPUnit\Framework\TestCase;
 
 /**
- * Test class for Check\Password
- * @coversDefaultClass \CoreLibs\Check\Password
- * @testdox \CoreLibs\Check\Password method tests
+ * Test class for Security\Password
+ * @coversDefaultClass \CoreLibs\Security\Password
+ * @testdox \CoreLibs\Security\Password method tests
  */
 final class CoreLibsCheckPasswordTest extends TestCase
 {
@@ -46,7 +46,7 @@ final class CoreLibsCheckPasswordTest extends TestCase
 	{
 		$this->assertEquals(
 			$expected,
-			\CoreLibs\Check\Password::passwordVerify($input, \CoreLibs\Check\Password::passwordSet($input_hash))
+			\CoreLibs\Security\Password::passwordVerify($input, \CoreLibs\Security\Password::passwordSet($input_hash))
 		);
 	}
 
@@ -65,7 +65,7 @@ final class CoreLibsCheckPasswordTest extends TestCase
 	{
 		$this->assertEquals(
 			$expected,
-			\CoreLibs\Check\Password::passwordRehashCheck($input)
+			\CoreLibs\Security\Password::passwordRehashCheck($input)
 		);
 	}
 }

4dev/tests/Security/CoreLibsSecuritySymmetricEncryption.php

@@ -0,0 +1,172 @@
+<?php
+
+declare(strict_types=1);
+
+namespace tests;
+
+use PHPUnit\Framework\TestCase;
+use CoreLibs\Security\CreateKey;
+use CoreLibs\Security\SymmetricEncryption;
+
+/**
+ * Test class for Security\SymmetricEncryption and Security\CreateKey
+ * @coversDefaultClass \CoreLibs\Security\SymmetricEncryption
+ * @testdox \CoreLibs\Security\SymmetricEncryption method tests
+ */
+final class CoreLibsSecuritySymmetricEncryption extends TestCase
+{
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerEncryptDecryptSuccess(): array
+	{
+		return [
+			'valid string' => [
+				'input' => 'I am a secret',
+				'expected' => 'I am a secret',
+			],
+		];
+	}
+
+	/**
+	 * test encrypt/decrypt produce correct output
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptDecryptSuccess
+	 * @testdox encrypt/decrypt $input must be $expected [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $expected
+	 * @return void
+	 */
+	public function testEncryptDecryptSuccess(string $input, string $expected): void
+	{
+		$key = CreateKey::generateRandomKey();
+		$encrypted = SymmetricEncryption::encrypt($input, $key);
+		$decrypted = SymmetricEncryption::decrypt($encrypted, $key);
+
+		$this->assertEquals(
+			$expected,
+			$decrypted
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerEncryptFailed(): array
+	{
+		return [
+			'wrong decryption key' => [
+				'input' => 'I am a secret',
+				'excpetion_message' => 'Invalid Key'
+			],
+		];
+	}
+
+	/**
+	 * Test decryption with wrong key
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptFailed
+	 * @testdox decrypt with wrong key $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testEncryptFailed(string $input, string $exception_message): void
+	{
+		$key = CreateKey::generateRandomKey();
+		$encrypted = SymmetricEncryption::encrypt($input, $key);
+		$wrong_key = CreateKey::generateRandomKey();
+		$this->expectExceptionMessage($exception_message);
+		SymmetricEncryption::decrypt($encrypted, $wrong_key);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerWrongKey(): array
+	{
+		return [
+			'not hex key' => [
+				'key' => 'not_a_hex_key',
+				'exception_message' => 'Invalid hex key'
+			],
+			'too short hex key' => [
+				'key' => '1cabd5cba9e042f12522f4ff2de5c31d233b',
+				'excpetion_message' => 'Key is not the correct size (must be '
+					. 'SODIUM_CRYPTO_SECRETBOX_KEYBYTES bytes long).'
+			],
+		];
+	}
+
+	/**
+	 * test invalid key provided to decrypt or encrypt
+	 *
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongKey
+	 * @testdox wrong key $key throws $exception_message [$_dataName]
+	 *
+	 * @param  string $key
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongKey(string $key, string $exception_message): void
+	{
+		$this->expectExceptionMessage($exception_message);
+		SymmetricEncryption::encrypt('test', $key);
+		// we must encrypt valid thing first so we can fail with the wrong kjey
+		$enc_key = CreateKey::generateRandomKey();
+		$encrypted = SymmetricEncryption::encrypt('test', $enc_key);
+		$this->expectExceptionMessage($exception_message);
+		SymmetricEncryption::decrypt($encrypted, $key);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerWrongCiphertext(): array
+	{
+		return [
+			'too short ciphertext' => [
+				'input' => 'short',
+				'exception_message' => 'Invalid ciphertext (too short)'
+			],
+		];
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongCiphertext
+	 * @testdox too short ciphertext $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongCiphertext(string $input, string $exception_message): void
+	{
+		$key = CreateKey::generateRandomKey();
+		$this->expectExceptionMessage($exception_message);
+		SymmetricEncryption::decrypt($input, $key);
+	}
+}
+
+// __END__

phpstan.neon

@@ -39,9 +39,9 @@ parameters:
 		- www/vendor
 	# ignore errores with
 	ignoreErrors:
-		- # in the class_test tree we allow deprecated calls
-			message: "#^Call to deprecated method #"
-			path: %currentWorkingDirectory%/www/admin/class_test.*.php
+		# - # in the class_test tree we allow deprecated calls
+		# 	message: "#^Call to deprecated method #"
+		# 	path: %currentWorkingDirectory%/www/admin/class_test.*.php
 		# - '#Expression in empty\(\) is always falsy.#'
 		# -
 		# 	message: '#Reflection error: [a-zA-Z0-9\\_]+ not found.#'

www/admin/class_test.array.php

@@ -149,6 +149,38 @@ function rec(string $pre, string $cur, array $node = [])
 	return $node;
 }
 
+$data = [
+	'image' => 'foo',
+	'element' => 'w-1',
+	'rotate' => 360,
+	'html' => [
+		'image' => 'bar',
+		'result_image' => 'baz',
+		'rule' => 'wrong'
+	],
+	[
+		'image' => 'large'
+	],
+	[
+		'nothing' => 'wrong'
+	],
+	'nest' => [
+		'nust' => [
+			'nist' =>  [
+				'foo' => 'bar',
+				'image' => 'long, long'
+			]
+		]
+	],
+	's' => [
+		'image' => 'path?'
+	],
+];
+
+$search = ['image', 'result_image', 'nothing', 'EMPTY'];
+$result = ArrayHandler::arraySearchKey($data, $search);
+print "ARRAYSEARCHKEY: Search: " . DgS::printAr($search) . ", Found: " . DgS::printAr($result) . "<br>";
+
 // $test = [
 // 	'A' => [
 // 		'B' => [],

www/admin/class_test.db.php

@@ -141,14 +141,14 @@ var_dump($db->dbGetReturningExt());
 
 // same as above but use an EOM string
 $some_time = time();
-$query = <<<EOM
+$query = <<<SQL
 INSERT INTO test_foo (
 	test, number_a
 ) VALUES (
 	'EOM FOO TEST $some_time', 1
 )
 RETURNING test, number_a
-EOM;
+SQL;
 $status = $db->dbExec($query);
 print "EOM STRING DIRECT INSERT STATUS: " . Support::printToString($status) . " |<br>"
 	. "QUERY: " . $db->dbGetQuery() . " |<br>"
@@ -167,21 +167,21 @@ print "DIRECT INSERT PREVIOUS INSERTED: "
 	. print_r($db->dbReturnRow("SELECT test_foo_id, test FROM test_foo "
 		. "WHERE test_foo_id = " . (int)$last_insert_pk), true) . "<br>";
 $__last_insert_pk = (int)$last_insert_pk;
-$query = <<<EOM
+$query = <<<SQL
 SELECT
 	test_foo_id, test
 FROM test_foo
 WHERE test_foo_id = $__last_insert_pk;
-EOM;
+SQL;
 print "EOM READ OF PREVIOUS INSERTED: " . print_r($db->dbReturnRow($query), true) . "<br>";
 print "LAST ERROR: " . $db->dbGetLastError() . "<br>";
 print "<br>";
-$query = <<<EOM
+$query = <<<SQL
 	SELECT
 		test_foo_id, test
 	FROM test_foo
 	WHERE test_foo_id = $1;
-EOM;
+SQL;
 print "RETURN ROW PARAMS: " . print_r(
 	$db->dbReturnRowParams(
 		$query,
@@ -208,7 +208,7 @@ foreach (['pk_name', 'count', 'query', 'returning_id'] as $key) {
 	print "KEY: " . $key . ': ' . $db->dbGetPrepareCursorValue('ins_test_foo', $key) . "<br>";
 }
 
-$query = <<<EOM
+$query = <<<SQL
 INSERT INTO
 	test_foo
 (
@@ -217,7 +217,7 @@ INSERT INTO
 	$1, '$2'
 )
 RETURNING test, string_a
-EOM;
+SQL;
 $db->dbPrepare("ins_test_foo_eom", $query);
 $status = $db->dbExecute("ins_test_foo_eom", ['EOM BAR TEST ' . time()]);
 print "EOM STRING PREPARE INSERT[ins_test_foo_eom] STATUS: " . Support::printToString($status) . " |<br>"
@@ -235,7 +235,7 @@ print "EOM STRING EXEC PARAMS INSERT STATUS: " . Support::printToString($status)
 	. "RETURNING RETURN: " . print_r($db->dbGetReturningArray(), true) . "<br>";
 
 // I/S Query
-$query_insert = <<<EOM
+$query_insert = <<<SQL
 INSERT INTO
 	test_foo
 (
@@ -246,8 +246,8 @@ INSERT INTO
 	$6, $7, $8
 )
 RETURNING test
-EOM;
-$query_select = <<<EOM
+SQL;
+$query_select = <<<SQL
 SELECT
 	test, some_bool, string_a, number_a, number_a_numeric,
 	some_time, some_time, some_timestamp, json_string
@@ -255,7 +255,7 @@ FROM
 	test_foo
 WHERE
 	test_foo_id = $1
-EOM;
+SQL;
 // A
 $status = $db->dbExecParams(
 	$query_insert,
@@ -313,18 +313,51 @@ print "EOM STRING EXEC RETURN TEST: " . print_r(
 		[$__last_insert_id]
 	)
 ) . "<br>";
+// params > 10 for debug
+// error catcher
+$query_insert = <<<SQL
+INSERT INTO many_columns (
+	col_01_int,
+	col_01, col_02, col_03, col_04, col_05, col_06, col_07, col_08, col_09,
+    col_10, col_11, col_12, col_02_int
+) VALUES (
+	1,
+	$1, $2, $3, $4, $5, $6, $7, $8, $9,
+	$10, $11, $12, $13
+)
+RETURNING
+	many_columns_id,
+	col_01_int,
+	col_01, col_02, col_03, col_04, col_05, col_06, col_07, col_08, col_09,
+    col_10, col_11, col_12, col_02_int
+SQL;
+// will fail with "NULL" string on int
+$query_params = [
+	'col 1', 'col 2', 'col 3', 'col 4', 'col 5', 'col 6', 'col 7', 'col 8',
+	'col 9',
+	'col 10', 'col 11', 'col 12', "NULL"
+];
+$status = $db->dbExecParams($query_insert, $query_params);
+echo "<b>*</b><br>";
+echo "EOM STRING WITH MORE THAN 10 PARAMETERS: "
+	. Support::printToString($query_params) . " |<br>"
+	. " |<br>"
+	. "PRIMARY KEY: " . Support::printToString($db->dbGetInsertPK()) . " | "
+	. "RETURNING EXT: " . print_r($db->dbGetReturningExt(), true) . " | "
+	. "RETURNING RETURN: " . print_r($db->dbGetReturningArray(), true)
+	. "ERROR: " . $db->dbGetLastError(true) . "<br>";
 echo "<hr>";
 // binary insert tests
 $filename = $db->dbEscapeLiteral('class_test.db.php');
 $rand_bin_uid = $db->dbEscapeLiteral(\CoreLibs\Create\Uids::uniqIdShort());
 $binary_data = $db->dbEscapeBytea(file_get_contents('class_test.db.php') ?:  '');
-$query = <<<EOM
+$query = <<<SQL
 INSERT INTO binary_test (
 	filename, uid, binary_data
 ) VALUES (
 	$filename, $rand_bin_uid, '$binary_data'
 )
-EOM;
+SQL;
 $status = $db->dbExec($query);
 $__last_insert_id = $db->dbGetInsertPK();
 print "BINARY DATA INSERT: "
@@ -336,13 +369,13 @@ print "BINARY DATA INSERT: "
 	. "ERROR: " . $db->dbGetLastError(true) . "<br>";
 
 echo "<b>*</b><br>";
-$query = <<<EOM
+$query = <<<SQL
 INSERT INTO binary_test (
 	filename, uid, binary_data
 ) VALUES (
 	$1, $2, $3
 )
-EOM;
+SQL;
 $status = $db->dbExecParams($query, [$filename, $rand_bin_uid, $binary_data]);
 $__last_insert_id = $db->dbGetInsertPK();
 print "BINARY DATA INSERT PARAMS: "
@@ -380,7 +413,7 @@ print "DIRECT MULTIPLE INSERT WITH RETURN STATUS: " . Support::printToString($st
 $t_1 = time();
 $t_2 = time();
 $t_3 = time();
-$query = <<<EOM
+$query = <<<SQL
 INSERT INTO test_foo (
 	test
 ) VALUES
@@ -388,7 +421,7 @@ INSERT INTO test_foo (
 ('EOM BAR 2 $t_2'),
 ('EOM BAR 3 $t_3')
 RETURNING test_foo_id, test
-EOM;
+SQL;
 $status = $db->dbExec($query);
 print "EOM STRING DIRECT MULTIPLE INSERT WITH RETURN STATUS: " . Support::printToString($status) . " |<br>"
 	. "QUERY: " . $db->dbGetQuery() . " |<br>"
@@ -422,7 +455,7 @@ print "UPDATE WITH PK " . Support::printToString($last_insert_pk)
 	. "RETURNING ARRAY: " . print_r($db->dbGetReturningArray(), true) . "<br>";
 // UPDATE BUT EOM STYLE
 $status = $db->dbExecParams(
-	<<<EOM
+	<<<SQL
 	UPDATE
 		test_foo
 	SET
@@ -432,7 +465,7 @@ $status = $db->dbExecParams(
 		tset_foo_id = ?
 	RETURNING
 		test_foo.test, string_a
-	EOM,
+	SQL,
 	['SOMETHING DIFFERENT EOM', (string)rand(1, 100)]
 );
 print "UPDATE EOM WITH PK " . Support::printToString($last_insert_pk)
@@ -524,27 +557,27 @@ echo "<hr>";
 print "EOM STYLE STRINGS<br>";
 $test_bar = $db->dbEscapeLiteral('SOMETHING DIFFERENT');
 // Test EOM block
-$q = <<<EOM
+$q = <<<SQL
 SELECT test_foo_id, test, some_bool, string_a, number_a,
 -- comment
 number_a_numeric, some_time
 FROM test_foo
 WHERE test = $test_bar
 ORDER BY test_foo_id DESC LIMIT 5
-EOM;
+SQL;
 while (is_array($res = $db->dbReturn($q))) {
 	print "ROW: <pre>" . print_r($res, true) . "</pre><br>";
 }
 echo "<hr>";
 print "DB RETURN PARAMS<br>";
-$q = <<<EOM
+$q = <<<SQL
 SELECT test_foo_id, test, some_bool, string_a, number_a,
 -- comment
 number_a_numeric, some_time
 FROM test_foo
 WHERE test = $1
 ORDER BY test_foo_id DESC LIMIT 5
-EOM;
+SQL;
 while (
 	is_array($res = $db->dbReturnParams($q, ['SOMETHING DIFFERENT']))
 ) {
@@ -632,14 +665,14 @@ print "Wrote to DB tabel $table with data " . print_r($data, true) . " and got p
 $query = "SELECT type, sdate, integer FROM foobar";
 $data = $db->dbReturnArray($query, true);
 print "RETURN ARRAY: " . $db->dbGetNumRows() . ", Full foobar list: <br><pre>" . print_r($data, true) . "</pre><br>";
-$query = <<<EOM
+$query = <<<SQL
 SELECT
 	type, sdate
 FROM
 	foobar
 WHERE
 	type = $1
-EOM;
+SQL;
 $data = $db->dbReturnArrayParams($query, ['schmalz'], true);
 print "RETURN ARRAY PARAMS: " . $db->dbGetNumRows() . ", Full foobar list: <br><pre>"
 	. print_r($data, true) . "</pre><br>";

www/admin/class_test.db.single.php

@@ -0,0 +1,102 @@
+<?php // phpcs:ignore warning
+
+/**
+ * @phan-file-suppress PhanTypeSuspiciousStringExpression
+ */
+
+declare(strict_types=1);
+
+// turn on all error reporting
+error_reporting(E_ALL | E_STRICT | E_ERROR | E_WARNING | E_PARSE | E_COMPILE_ERROR);
+
+ob_start();
+
+// basic class test file
+define('USE_DATABASE', true);
+// sample config
+require 'config.php';
+// override ECHO ALL FALSE
+$ECHO_ALL = true;
+// define log file id
+$LOG_FILE_ID = 'classTest-db-single';
+ob_end_flush();
+
+use CoreLibs\Debug\Support;
+
+$log = new CoreLibs\Debug\Logging([
+	'log_folder' => BASE . LOG,
+	'file_id' => $LOG_FILE_ID,
+	// add file date
+	'print_file_date' => true,
+	// set debug and print flags
+	'debug_all' => $DEBUG_ALL ?? true,
+	'echo_all' => $ECHO_ALL,
+	'print_all' => $PRINT_ALL ?? true,
+]);
+// db connection and attach logger
+$db = new CoreLibs\DB\IO(DB_CONFIG, $log);
+$db->log->debug('START', '=============================>');
+
+$PAGE_NAME = 'TEST CLASS: DB SINGLE';
+print "<!DOCTYPE html>";
+print "<html><head><title>" . $PAGE_NAME . "</title><head>";
+print "<body>";
+print '<div><a href="class_test.php">Class Test Master</a></div>';
+print '<div><a href="class_test.db.dbReturn.php">Class Test DB dbReturn</a></div>';
+print '<div><h1>' . $PAGE_NAME . '</h1></div>';
+
+print "LOGFILE NAME: " . $db->log->getSetting('log_file_name') . "<br>";
+print "LOGFILE ID: " . $db->log->getSetting('log_file_id') . "<br>";
+print "DBINFO: " . $db->dbInfo() . "<br>";
+// DB client encoding
+print "DB client encoding: " . $db->dbGetEncoding() . "<br>";
+print "DB search path: " . $db->dbGetSchema() . "<br>";
+
+$to_db_version = '15.2';
+print "VERSION DB: " . $db->dbVersion() . "<br>";
+print "SERVER ENCODING: " . $db->dbVersionInfo('server_encoding') . "<br>";
+if (($dbh = $db->dbGetDbh()) instanceof \PgSql\Connection) {
+	print "ALL OUTPUT [TEST]: <pre>" . print_r(pg_version($dbh), true) . "</pre><br>";
+} else {
+	print "NO DB HANDLER<br>";
+}
+
+// params > 10 for debug
+// error catcher
+$query_insert = <<<SQL
+INSERT INTO many_columns (
+	col_01_int,
+	col_01, col_02, col_03, col_04, col_05, col_06, col_07, col_08, col_09,
+    col_10, col_11, col_12, col_02_int
+) VALUES (
+	1,
+	$1, $2, $3, $4, $5, $6, $7, $8, $9,
+	$10, $11, $12, $13
+)
+RETURNING
+	many_columns_id,
+	col_01_int,
+	col_01, col_02, col_03, col_04, col_05, col_06, col_07, col_08, col_09,
+    col_10, col_11, col_12, col_02_int
+SQL;
+$query_params = [
+	'col 1', 'col 2', 'col 3', 'col 4', 'col 5', 'col 6', 'col 7', 'col 8',
+	'col 9', 'col 10', 'col 11', 'col 12', null
+];
+$status = $db->dbExecParams($query_insert, $query_params);
+echo "<b>*</b><br>";
+echo "EOM STRING WITH MORE THAN 10 PARAMETERS: "
+	. Support::printToString($query_params) . " |<br>"
+	. " |<br>"
+	. "PRIMARY KEY: " . Support::printToString($db->dbGetInsertPK()) . " | "
+	// . "RETURNING EXT: " . Support::printToString($db->dbGetReturningExt()) . " | "
+	. "RETURNING RETURN: " . Support::printToString($db->dbGetReturningArray())
+	. "ERROR: " . $db->dbGetLastError(true) . "<br>";
+echo "<hr>";
+
+// error message
+print $log->printErrorMsg();
+
+print "</body></html>";
+
+// __END__

www/admin/class_test.encryption.php

@@ -0,0 +1,111 @@
+<?php // phpcs:ignore warning
+
+/**
+ * @phan-file-suppress PhanTypeSuspiciousStringExpression
+ */
+
+declare(strict_types=1);
+
+$DEBUG_ALL_OVERRIDE = false; // set to 1 to debug on live/remote server locations
+$DEBUG_ALL = true;
+$PRINT_ALL = true;
+$DB_DEBUG = true;
+
+error_reporting(E_ALL | E_STRICT | E_ERROR | E_WARNING | E_PARSE | E_COMPILE_ERROR);
+
+ob_start();
+
+// basic class test file
+define('USE_DATABASE', false);
+// sample config
+require 'config.php';
+// define log file id
+$LOG_FILE_ID = 'classTest-encryption';
+ob_end_flush();
+
+use CoreLibs\Security\SymmetricEncryption;
+use CoreLibs\Security\CreateKey;
+
+$log = new CoreLibs\Debug\Logging([
+	'log_folder' => BASE . LOG,
+	'file_id' => $LOG_FILE_ID,
+	// add file date
+	'print_file_date' => true,
+	// set debug and print flags
+	'debug_all' => $DEBUG_ALL,
+	'echo_all' => $ECHO_ALL ?? false,
+	'print_all' => $PRINT_ALL,
+]);
+
+
+// define a list of from to color sets for conversion test
+
+$PAGE_NAME = 'TEST CLASS: ENCRYPTION';
+print "<!DOCTYPE html>";
+print "<html><head><title>" . $PAGE_NAME . "</title><head>";
+print "<body>";
+print '<div><a href="class_test.php">Class Test Master</a></div>';
+print '<div><h1>' . $PAGE_NAME . '</h1></div>';
+
+$key = CreateKey::generateRandomKey();
+print "Secret Key: " . $key . "<br>";
+
+$string = "I a some deep secret";
+$encrypted = SymmetricEncryption::encrypt($string, $key);
+$decrypted = SymmetricEncryption::decrypt($encrypted, $key);
+
+print "Original: " . $string . "<br>";
+print "Encrypted: " . $encrypted . "<br>";
+print "Decrytped: " . $decrypted . "<br>";
+
+print "<br>WRONG CIPHERTEXT<br>";
+try {
+	$decrypted = SymmetricEncryption::decrypt('flupper', $key);
+} catch (Exception $e) {
+	print "Error: " . $e->getMessage() . "<br>";
+}
+
+print "<br>SHORT and WRONG KEY<br>";
+$key = 'wrong_key';
+try {
+	$encrypted = SymmetricEncryption::encrypt($string, $key);
+} catch (Exception $e) {
+	print "Error: " . $e->getMessage() . "<br>";
+}
+
+print "<br>INVALID HEX KEY<br>";
+$key = '1cabd5cba9e042f12522f4ff2de5c31d233b';
+try {
+	$encrypted = SymmetricEncryption::encrypt($string, $key);
+} catch (Exception $e) {
+	print "Error: " . $e->getMessage() . "<br>";
+}
+
+print "<br>WRONG KEY TO DECRYPT<br>";
+$key = CreateKey::generateRandomKey();
+$string = "I a some deep secret";
+$encrypted = SymmetricEncryption::encrypt($string, $key);
+$key = CreateKey::generateRandomKey();
+try {
+	$decrypted = SymmetricEncryption::decrypt($encrypted, $key);
+} catch (Exception $e) {
+	print "Error: " . $e->getMessage() . "<br>";
+}
+
+print "<br>WRONG KEY TO DECRYPT<br>";
+$key = CreateKey::generateRandomKey();
+$string = "I a some deep secret";
+$encrypted = SymmetricEncryption::encrypt($string, $key);
+$key = 'wrong_key';
+try {
+	$decrypted = SymmetricEncryption::decrypt($encrypted, $key);
+} catch (Exception $e) {
+	print "Error: " . $e->getMessage() . "<br>";
+}
+
+// error message
+print $log->printErrorMsg();
+
+print "</body></html>";
+
+// __END__

www/admin/class_test.password.php

@@ -20,10 +20,10 @@ define('USE_DATABASE', false);
 // sample config
 require 'config.php';
 // define log file id
-$LOG_FILE_ID = 'classTest-pass';
+$LOG_FILE_ID = 'classTest-password';
 ob_end_flush();
 
-use CoreLibs\Check\Password as PwdChk;
+use CoreLibs\Security\Password as PwdChk;
 
 $log = new CoreLibs\Debug\Logging([
 	'log_folder' => BASE . LOG,
@@ -35,8 +35,8 @@ $log = new CoreLibs\Debug\Logging([
 	'echo_all' => $ECHO_ALL ?? false,
 	'print_all' => $PRINT_ALL,
 ]);
-$_password = new CoreLibs\Check\Password();
-$password_class = 'CoreLibs\Check\Password';
+$_password = new CoreLibs\Security\Password();
+$password_class = 'CoreLibs\Security\Password';
 
 // define a list of from to color sets for conversion test
 

www/admin/class_test.php

@@ -73,6 +73,7 @@ print "<html><head><title>TEST CLASS</title><head>";
 print "<body>";
 
 print '<div><a href="class_test.db.php">Class Test: DB</a></div>';
+print '<div><a href="class_test.db.single.php">Class Test: DB SINGLE</a></div>';
 print '<div><a href="class_test.db.dbReturn.php">Class Test: DB dbReturn</a></div>';
 print '<div><a href="class_test.convert.colors.php">Class Test: CONVERT COLORS</a></div>';
 print '<div><a href="class_test.check.colors.php">Class Test: CHECK COLORS</a></div>';
@@ -80,6 +81,7 @@ print '<div><a href="class_test.mime.php">Class Test: MIME</a></div>';
 print '<div><a href="class_test.json.php">Class Test: JSON</a></div>';
 print '<div><a href="class_test.token.php">Class Test: FORM TOKEN</a></div>';
 print '<div><a href="class_test.password.php">Class Test: PASSWORD</a></div>';
+print '<div><a href="class_test.encryption.php">Class Test: ENCRYPTION</a></div>';
 print '<div><a href="class_test.math.php">Class Test: MATH</a></div>';
 print '<div><a href="class_test.html.php">Class Test: HTML/ELEMENTS</a></div>';
 print '<div><a href="class_test.email.php">Class Test: EMAIL</a></div>';

www/configs/config.master.php

@@ -185,7 +185,7 @@ if (file_exists(BASE . CONFIGS . 'config.path.php')) {
 // live frontend pages
 // ** missing live domains **
 // get the name without the port
-list($HOST_NAME) = array_pad(explode(':', $_SERVER['HTTP_HOST'], 2), 2, null);
+[$HOST_NAME] = array_pad(explode(':', $_SERVER['HTTP_HOST'], 2), 2, null);
 // set HOST name
 define('HOST_NAME', $HOST_NAME);
 // BAIL ON MISSING MASTER SITE CONFIG

www/layout/admin/javascript/edit.jq.js

@@ -32,7 +32,7 @@ function pop(theURL, winName, features) // eslint-disable-line no-unused-vars
 
 /**
  * automatically resize a text area based on the amount of lines in it
- * @param {[string} ta_id element id
+ * @param {string} ta_id element id
  */
 function expandTA(ta_id) // eslint-disable-line no-unused-vars
 {

www/lib/CoreLibs/ACL/Login.php

@@ -68,7 +68,7 @@ declare(strict_types=1);
 
 namespace CoreLibs\ACL;
 
-use CoreLibs\Check\Password;
+use CoreLibs\Security\Password;
 use CoreLibs\Convert\Json;
 
 class Login
@@ -1608,7 +1608,7 @@ class Login
 			// TODO: submit or JS to set target page as ajax call
 			// NOTE: for the HTML block I ignore line lengths
 			// phpcs:disable
-			$this->login_template['password_change'] = <<<EOM
+			$this->login_template['password_change'] = <<<HTML
 <div id="pw_change_div" class="hidden" style="position: absolute; top: 30px; left: 50px; width: 400px; height: 220px; background-color: white; border: 1px solid black; padding: 25px;">
 <table>
 <tr><td class="norm" align="center" colspan="2"><h3>{TITLE_PASSWORD_CHANGE}</h3></td></tr>
@@ -1626,7 +1626,7 @@ class Login
 </table>
 </div>
 {PASSWORD_CHANGE_SHOW}
-EOM;
+HTML;
 			// phpcs:enable
 		}
 		if ($this->password_forgot) {
@@ -1650,7 +1650,7 @@ EOM;
 		// now check templates
 		// TODO: submit or JS to set target page as ajax call
 		if (!$this->login_template['template']) {
-			$this->login_template['template'] = <<<EOM
+			$this->login_template['template'] = <<<HTML
 <!DOCTYPE html>
 <html lang="{LANGUAGE}">
 <head>
@@ -1712,7 +1712,7 @@ h3 { font-size: 18px; }
 </form>
 </body>
 </html>
-EOM;
+HTML;
 		}
 	}
 

www/lib/CoreLibs/Basic.php

@@ -1164,7 +1164,7 @@ class Basic
 	public function passwordSet(string $password): string
 	{
 		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Check\Password::passwordSet()', E_USER_DEPRECATED);
-		return \CoreLibs\Check\Password::passwordSet($password);
+		return \CoreLibs\Security\Password::passwordSet($password);
 	}
 
 	/**
@@ -1177,7 +1177,7 @@ class Basic
 	public function passwordVerify(string $password, string $hash): bool
 	{
 		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Check\Password::passwordVerify()', E_USER_DEPRECATED);
-		return \CoreLibs\Check\Password::passwordVerify($password, $hash);
+		return \CoreLibs\Security\Password::passwordVerify($password, $hash);
 	}
 
 	/**
@@ -1189,7 +1189,7 @@ class Basic
 	public function passwordRehashCheck(string $hash): bool
 	{
 		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Check\Password::passwordRehashCheck()', E_USER_DEPRECATED);
-		return \CoreLibs\Check\Password::passwordRehashCheck($hash);
+		return \CoreLibs\Security\Password::passwordRehashCheck($hash);
 	}
 
 	// *** BETTER PASSWORD OPTIONS END ***

www/lib/CoreLibs/Check/Password.php

@@ -1,6 +1,8 @@
 <?php
 
 /*
+ * NOTE: this is deprecated and all moved \CoreLibs\Security\Password
+ *
  * core password set, check and rehash check wrapper functions
  */
 
@@ -8,6 +10,8 @@ declare(strict_types=1);
 
 namespace CoreLibs\Check;
 
+use CoreLibs\Security\Password as PasswordNew;
+
 class Password
 {
 	/**
@@ -15,13 +19,16 @@ class Password
 	 *
 	 * @param  string $password password
 	 * @return string           hashed password
+	 * @deprecated v9.0 Moved to \CoreLibs\Security\Password::passwordSet
 	 */
 	public static function passwordSet(string $password): string
 	{
-		// always use the PHP default for the password
-		// password options ca be set in the password init,
-		// but should be kept as default
-		return password_hash($password, PASSWORD_DEFAULT);
+		trigger_error(
+			'Method ' . __METHOD__ . ' is deprecated, use '
+				. '\CoreLibs\Security\Password::passwordSet',
+			E_USER_DEPRECATED
+		);
+		return PasswordNew::passwordSet($password);
 	}
 
 	/**
@@ -30,14 +37,16 @@ class Password
 	 * @param  string $password password
 	 * @param  string $hash     password hash
 	 * @return bool             true or false
+	 * @deprecated v9.0 Moved to \CoreLibs\Security\Password::passwordVerify
 	 */
 	public static function passwordVerify(string $password, string $hash): bool
 	{
-		if (password_verify($password, $hash)) {
-			return true;
-		} else {
-			return false;
-		}
+		trigger_error(
+			'Method ' . __METHOD__ . ' is deprecated, use '
+				. '\CoreLibs\Security\Password::passwordVerify',
+			E_USER_DEPRECATED
+		);
+		return PasswordNew::passwordVerify($password, $hash);
 	}
 
 	/**
@@ -45,14 +54,16 @@ class Password
 	 *
 	 * @param  string $hash password hash
 	 * @return bool         true or false
+	 * @deprecated v9.0 Moved to \CoreLibs\Security\Password::passwordRehashCheck
 	 */
 	public static function passwordRehashCheck(string $hash): bool
 	{
-		if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {
-			return true;
-		} else {
-			return false;
-		}
+		trigger_error(
+			'Method ' . __METHOD__ . ' is deprecated, use '
+				. '\CoreLibs\Security\Password::passwordRehashCheck',
+			E_USER_DEPRECATED
+		);
+		return PasswordNew::passwordRehashCheck($hash);
 	}
 }
 

www/lib/CoreLibs/Combined/ArrayHandler.php

@@ -177,6 +177,65 @@ class ArrayHandler
 		return false;
 	}
 
+	/**
+	 * search for one or many keys in array and return matching values
+	 * If flat is set to true, return flat array with found values only
+	 * If prefix is turned on each found group will be prefixed with the
+	 * search key
+	 *
+	 * @param  array<mixed> $array   array to search in
+	 * @param  array<mixed> $needles keys to find in array
+	 * @param  bool         $flat    [false] Turn on flat output
+	 * @param  bool         $prefix  [false] Prefix found with needle key
+	 * @return array<mixed>          Found values
+	 */
+	public static function arraySearchKey(
+		array $array,
+		array $needles,
+		bool $flat = false,
+		bool $prefix = false
+	): array {
+		$iterator  = new \RecursiveArrayIterator($array);
+		$recursive = new \RecursiveIteratorIterator(
+			$iterator,
+			\RecursiveIteratorIterator::SELF_FIRST
+		);
+		$hit_list = [];
+		if ($prefix === true) {
+			$hit_list = array_fill_keys($needles, []);
+		}
+		$key_path = [];
+		$prev_depth = 0;
+		foreach ($recursive as $key => $value) {
+			if ($prev_depth > $recursive->getDepth()) {
+				// remove all trailing to ne depth
+				$diff = $prev_depth - $recursive->getDepth();
+				array_splice($key_path, -$diff, $diff);
+			}
+			$prev_depth = $recursive->getDepth();
+			if ($flat === false) {
+				$key_path[$recursive->getDepth()] = $key;
+			}
+			if (in_array($key, $needles, true)) {
+				ksort($key_path);
+				if ($flat === true) {
+					$hit = $value;
+				} else {
+					$hit = [
+						'value' => $value,
+						'path' => $key_path
+					];
+				}
+				if ($prefix === true) {
+					$hit_list[$key][] = $hit;
+				} else {
+					$hit_list[] = $hit;
+				}
+			}
+		}
+		return $hit_list;
+	}
+
 	/**
 	 * correctly recursive merges as an array as array_merge_recursive
 	 * just glues things together

www/lib/CoreLibs/DB/IO.php

@@ -735,7 +735,10 @@ class IO
 	 */
 	private function __dbErrorPreprocessor(\PgSql\Result|false $cursor = false): array
 	{
-		$pg_error_string = '';
+		$db_prefix = '';
+		$db_error_string = '';
+		$db_prefix_last = '';
+		$db_error_string_last = '';
 		// 1 = self/__dbErrorPreprocessor, 2 = __dbError, __dbWarning,
 		// 3+ == actual source
 		// loop until we get a null, build where called chain
@@ -749,16 +752,31 @@ class IO
 		if ($where_called === null) {
 			$where_called = '[Unknown Method]';
 		}
+		[$db_prefix_last, $db_error_string_last] = $this->db_functions->__dbPrintLastError();
 		if ($cursor !== false) {
-			$pg_error_string = $this->db_functions->__dbPrintError($cursor);
+			[$db_prefix, $db_error_string] = $this->db_functions->__dbPrintError($cursor);
 		}
 		if ($cursor === false && method_exists($this->db_functions, '__dbPrintError')) {
-			$pg_error_string = $this->db_functions->__dbPrintError();
+			[$db_prefix, $db_error_string] = $this->db_functions->__dbPrintError();
 		}
-		if ($pg_error_string) {
-			$this->__dbDebug('db', $pg_error_string, 'DB_ERROR', $where_called);
+		// prefix the master if not the same
+		if (
+			!empty($db_error_string_last) &&
+			trim($db_error_string) != trim($db_error_string_last)
+		) {
+			$db_error_string =
+				$db_prefix_last . ' ' . $db_error_string_last . ';'
+				. $db_prefix . ' ' . $db_error_string;
+		} elseif (!empty($db_error_string)) {
+			$db_error_string = $db_prefix . ' ' . $db_error_string;
 		}
-		return [$where_called, $pg_error_string];
+		if ($db_error_string) {
+			$this->__dbDebug('db', $db_error_string, 'DB_ERROR', $where_called);
+		}
+		return [
+			$where_called,
+			$db_error_string
+		];
 	}
 
 	/**
@@ -902,11 +920,14 @@ class IO
 		// because the placeholders start with $ and at 1,
 		// we need to increase each key and prefix it with a $ char
 		for ($i = 0, $iMax = count($keys); $i < $iMax; $i++) {
-			$keys[$i] = '$' . ($keys[$i] + 1);
+			// note: if I use $ here, the str_replace will
+			//       replace it again. eg $11 '$1'1would be replaced with $1 again
 			// prefix data set with parameter pos
-			$data[$i] = $keys[$i] . ':' . ($data[$i] === null ?
+			$data[$i] = '#' . ($keys[$i] + 1) . ':' . ($data[$i] === null ?
 				'"NULL"' : (string)$data[$i]
 			);
+			// search part
+			$keys[$i] = '$' . ($keys[$i] + 1);
 		}
 		// simply replace the $1, $2, ... with the actual data and return it
 		return str_replace(
@@ -1146,7 +1167,7 @@ class IO
 					$this->params
 				),
 				'__dbPrepareExec',
-				($this->params === [] ? 'Q' : 'Qp'),
+				($this->params === [] ? 'Q' : 'Qp')
 			);
 		}
 		// import protection, hash needed
@@ -1166,7 +1187,15 @@ class IO
 			$this->query_called[$query_hash] > $this->MAX_QUERY_CALL
 		) {
 				$this->__dbError(30, false, $this->query);
-				$this->__dbDebug('db', $this->query, 'dbExec', 'Q[nc]');
+				$this->__dbDebug(
+					'db',
+					$this->__dbDebugPrepare(
+						$this->query,
+						$this->params
+					),
+					'dbExec',
+					($this->params === [] ? 'Q[nc]' : 'Qp[nc]')
+				);
 				return false;
 		}
 		$this->query_called[$query_hash] ++;
@@ -1945,6 +1974,18 @@ class IO
 		// check if params count matches
 		// checks if the params count given matches the expected count
 		if ($this->__dbCheckQueryParams($query, count($params)) === false) {
+			// in case we got an error print out query
+			if ($this->db_debug) {
+				$this->__dbDebug(
+					'db',
+					$this->__dbDebugPrepare(
+						$this->query,
+						$this->params
+					),
+					'dbReturn',
+					($this->params === [] ? 'Q[e]' : 'Qp[e]')
+				);
+			}
 			return false;
 		}
 		// set first call to false
@@ -1968,7 +2009,15 @@ class IO
 			$this->cursor_ext[$query_hash]['log'][] = 'No cursor';
 			// for DEBUG, print out each query executed
 			if ($this->db_debug) {
-				$this->__dbDebug('db', $this->cursor_ext[$query_hash]['query'], 'dbReturn', 'Q');
+				$this->__dbDebug(
+					'db',
+					$this->__dbDebugPrepare(
+						$this->cursor_ext[$query_hash]['query'],
+						$this->cursor_ext[$query_hash]['params']
+					),
+					'dbReturn',
+					($this->cursor_ext[$query_hash]['params'] === [] ? 'Q' : 'Qp'),
+				);
 			}
 			// if no DB Handler try to reconnect
 			if (!$this->dbh) {
@@ -1997,7 +2046,15 @@ class IO
 			// if still no cursor ...
 			if (!$this->cursor_ext[$query_hash]['cursor']) {
 				if ($this->db_debug) {
-					$this->__dbDebug('db', $this->cursor_ext[$query_hash]['query'], 'dbReturn', 'Q');
+					$this->__dbDebug(
+						'db',
+						$this->__dbDebugPrepare(
+							$this->cursor_ext[$query_hash]['query'],
+							$this->cursor_ext[$query_hash]['params']
+						),
+						'dbReturn',
+						($this->cursor_ext[$query_hash]['params'] === [] ? 'Q[e]' : 'Qp[e]'),
+					);
 				}
 				// internal error handling
 				$this->__dbError(13, $this->cursor_ext[$query_hash]['cursor']);
@@ -2300,10 +2357,6 @@ class IO
 			$this->__dbError(17, false, $query);
 			return false;
 		}
-		// checks if the params count given matches the expected count
-		if ($this->__dbCheckQueryParams($query, count($params)) === false) {
-			return false;
-		}
 		$cursor = $this->dbExecParams($query, $params);
 		if ($cursor === false) {
 			return false;
@@ -2348,10 +2401,6 @@ class IO
 			$this->__dbError(17, false, $query);
 			return false;
 		}
-		// checks if the params count given matches the expected count
-		if ($this->__dbCheckQueryParams($query, count($params)) === false) {
-			return false;
-		}
 		$cursor = $this->dbExecParams($query, $params);
 		if ($cursor === false) {
 			return false;
@@ -2661,6 +2710,17 @@ class IO
 			);
 			return false;
 		}
+		if ($this->db_debug) {
+			$this->__dbDebug(
+				'db',
+				$this->__dbDebugPrepare(
+					$this->prepare_cursor[$stm_name]['query'],
+					$data
+				),
+				'dbExecPrep',
+				'Qpe'
+			);
+		}
 		// if the count does not match
 		if ($this->prepare_cursor[$stm_name]['count'] != count($data)) {
 			$this->__dbError(
@@ -2673,17 +2733,6 @@ class IO
 			);
 			return false;
 		}
-		if ($this->db_debug) {
-			$this->__dbDebug(
-				'db',
-				$this->__dbDebugPrepare(
-					$this->prepare_cursor[$stm_name]['query'],
-					$data
-				),
-				'dbExecPrep',
-				'Qp'
-			);
-		}
 		$result = $this->db_functions->__dbExecute($stm_name, $data);
 		if ($result === false) {
 			$this->log->debug('ExecuteData', 'ERROR in STM[' . $stm_name . '|'

www/lib/CoreLibs/DB/SQL/Interface/SqlFunctions.php

@@ -209,10 +209,17 @@ interface SqlFunctions
 	/**
 	 * Undocumented function
 	 *
-	 * @param \PgSql\Result|false $cursor
-	 * @return string
+	 * @return array{0:string,1:string}
 	 */
-	public function __dbPrintError(\PgSql\Result|false $cursor = false): string;
+	public function __dbPrintLastError(): array;
+
+	/**
+	 * Undocumented function
+	 *
+	 * @param \PgSql\Result|false $cursor
+	 * @return array{0:string,1:string}
+	 */
+	public function __dbPrintError(\PgSql\Result|false $cursor = false): array;
 
 	/**
 	 * Undocumented function

www/lib/CoreLibs/DB/SQL/PgSQL.php

@@ -61,7 +61,7 @@ class PgSQL implements Interface\SqlFunctions
 	/** @var string */
 	private $last_error_query;
 	/** @var \PgSql\Connection|false */
-	private $dbh;
+	private $dbh = false;
 
 	/**
 	 * queries last error query and returns true or false if error was set
@@ -532,18 +532,37 @@ class PgSQL implements Interface\SqlFunctions
 		return $this->dbh;
 	}
 
+	/**
+	 * Returns last error for active cursor
+	 *
+	 * @return array{0:string,1:string} prefix, error string
+	 */
+	public function __dbPrintLastError(): array
+	{
+		if (is_bool($this->dbh)) {
+			return ['', ''];
+		}
+		if (!empty($error_message = pg_last_error($this->dbh))) {
+			return [
+				'-PostgreSQL-Error-Last-',
+				$error_message
+			];
+		}
+		return ['', ''];
+	}
+
 	/**
 	 * reads the last error for this cursor and returns
 	 * html formatted string with error name
 	 *
 	 * @param  \PgSql\Result|false $cursor cursor
-	 *                              or null
-	 * @return string               error string
+	 *                                     or null
+	 * @return array{0:string,1:string} prefix, error string
 	 */
-	public function __dbPrintError(\PgSql\Result|false $cursor = false): string
+	public function __dbPrintError(\PgSql\Result|false $cursor = false): array
 	{
 		if (is_bool($this->dbh)) {
-			return '';
+			return ['', ''];
 		}
 		// run the query again for the error result here
 		if ((is_bool($cursor)) && $this->last_error_query) {
@@ -552,10 +571,12 @@ class PgSQL implements Interface\SqlFunctions
 			$cursor = pg_get_result($this->dbh);
 		}
 		if ($cursor && $error_str = pg_result_error($cursor)) {
-			return '-PostgreSQL-Error- '
-				. $error_str;
+			return [
+				'-PostgreSQL-Error-',
+				$error_str
+			];
 		} else {
-			return '';
+			return ['', ''];
 		}
 	}
 

www/lib/CoreLibs/Output/Form/Generate.php

@@ -1954,7 +1954,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				if ($this->table_array[$key]['value']) {
 					// use the better new passwordSet instead of crypt based
 					$this->table_array[$key]['value'] =
-						\CoreLibs\Check\Password::passwordSet($this->table_array[$key]['value']);
+						\CoreLibs\Security\Password::passwordSet($this->table_array[$key]['value']);
 					$this->table_array[$key]['HIDDEN_value'] = $this->table_array[$key]['value'];
 				} else {
 					// $this->table_array[$key]['HIDDEN_value'] =

www/lib/CoreLibs/Security/CreateKey.php

@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * very simple symmetric encryption
+ * better use: https://paragonie.com/project/halite
+ *
+ * this is for creating secret keys for
+ * Security\SymmetricEncryption
+ */
+
+declare(strict_types=1);
+
+namespace CoreLibs\Security;
+
+class CreateKey
+{
+	/**
+	 * Create a random key that is a hex string
+	 *
+	 * @return string Hex string key for encrypting
+	 */
+	public static function generateRandomKey(): string
+	{
+		return self::bin2hex(self::randomKey());
+	}
+
+	/**
+	 * create a random string as binary to encrypt data
+	 * to store it in clear text in some .env file use bin2hex
+	 *
+	 * @return string Binary string for encryption
+	 */
+	public static function randomKey(): string
+	{
+		return random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
+	}
+
+	/**
+	 * convert binary key to hex string
+	 *
+	 * @param  string $hex_key Convert binary key string to hex
+	 * @return string
+	 */
+	public static function bin2hex(string $hex_key): string
+	{
+		return sodium_bin2hex($hex_key);
+	}
+
+	/**
+	 * convert hex string to binary key
+	 *
+	 * @param  string $string_key Convery hex key string to binary
+	 * @return string
+	 */
+	public static function hex2bin(string $string_key): string
+	{
+		return sodium_hex2bin($string_key);
+	}
+}
+
+// __END__

www/lib/CoreLibs/Security/Password.php

@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * core password set, check and rehash check wrapper functions
+ */
+
+declare(strict_types=1);
+
+namespace CoreLibs\Security;
+
+class Password
+{
+	/**
+	 * creates the password hash
+	 *
+	 * @param  string $password password
+	 * @return string           hashed password
+	 */
+	public static function passwordSet(string $password): string
+	{
+		// always use the PHP default for the password
+		// password options ca be set in the password init,
+		// but should be kept as default
+		return password_hash($password, PASSWORD_DEFAULT);
+	}
+
+	/**
+	 * checks if the entered password matches the hash
+	 *
+	 * @param  string $password password
+	 * @param  string $hash     password hash
+	 * @return bool             true or false
+	 */
+	public static function passwordVerify(string $password, string $hash): bool
+	{
+		if (password_verify($password, $hash)) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	/**
+	 * checks if the password needs to be rehashed
+	 *
+	 * @param  string $hash password hash
+	 * @return bool         true or false
+	 */
+	public static function passwordRehashCheck(string $hash): bool
+	{
+		if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+}
+
+// __END__

www/lib/CoreLibs/Security/SymmetricEncryption.php

@@ -0,0 +1,96 @@
+<?php
+
+/**
+ * very simple symmetric encryption
+ * Better use: https://paragonie.com/project/halite
+ *
+ * current code is just to encrypt and decrypt
+ *
+ * must use a valid encryption key created with
+ * Secruty\CreateKey class
+ */
+
+declare(strict_types=1);
+
+namespace CoreLibs\Security;
+
+use CoreLibs\Security\CreateKey;
+use SodiumException;
+
+class SymmetricEncryption
+{
+	/**
+	 * Encrypt a message
+	 *
+	 * @param  string $message Message to encrypt
+	 * @param  string $key     Encryption key (as hex string)
+	 * @return string
+	 * @throws \RangeException
+	 */
+	public static function encrypt(string $message, string $key): string
+	{
+		try {
+			$key = CreateKey::hex2bin($key);
+		} catch (SodiumException $e) {
+			throw new \Exception('Invalid hex key');
+		}
+		if (mb_strlen($key, '8bit') !== SODIUM_CRYPTO_SECRETBOX_KEYBYTES) {
+			throw new \RangeException(
+				'Key is not the correct size (must be '
+					. 'SODIUM_CRYPTO_SECRETBOX_KEYBYTES bytes long).'
+			);
+		}
+		$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
+
+		$cipher = base64_encode(
+			$nonce
+			. sodium_crypto_secretbox(
+				$message,
+				$nonce,
+				$key
+			)
+		);
+		sodium_memzero($message);
+		sodium_memzero($key);
+		return $cipher;
+	}
+
+	/**
+	 * Decrypt a message
+	 *
+	 * @param  string $encrypted Message encrypted with safeEncrypt()
+	 * @param  string $key       Encryption key (as hex string)
+	 * @return string
+	 * @throws \Exception
+	 */
+	public static function decrypt(string $encrypted, string $key): string
+	{
+		try {
+			$key = CreateKey::hex2bin($key);
+		} catch (SodiumException $e) {
+			throw new \Exception('Invalid hex key');
+		}
+		$decoded = base64_decode($encrypted);
+		$nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
+		$ciphertext = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
+
+		$plain = false;
+		try {
+			$plain = sodium_crypto_secretbox_open(
+				$ciphertext,
+				$nonce,
+				$key
+			);
+		} catch (SodiumException $e) {
+			throw new \Exception('Invalid ciphertext (too short)');
+		}
+		if (!is_string($plain)) {
+			throw new \Exception('Invalid Key');
+		}
+		sodium_memzero($ciphertext);
+		sodium_memzero($key);
+		return $plain;
+	}
+}
+
+// __END__

www/vendor/composer/autoload_classmap.php

@@ -69,6 +69,9 @@ return array(
     'CoreLibs\\Output\\Form\\Token' => $baseDir . '/lib/CoreLibs/Output/Form/Token.php',
     'CoreLibs\\Output\\Image' => $baseDir . '/lib/CoreLibs/Output/Image.php',
     'CoreLibs\\Output\\ProgressBar' => $baseDir . '/lib/CoreLibs/Output/ProgressBar.php',
+    'CoreLibs\\Security\\CreateKey' => $baseDir . '/lib/CoreLibs/Security/CreateKey.php',
+    'CoreLibs\\Security\\Password' => $baseDir . '/lib/CoreLibs/Security/Password.php',
+    'CoreLibs\\Security\\SymmetricEncryption' => $baseDir . '/lib/CoreLibs/Security/SymmetricEncryption.php',
     'CoreLibs\\Template\\SmartyExtend' => $baseDir . '/lib/CoreLibs/Template/SmartyExtend.php',
     'FileUpload\\Core\\qqUploadedFile' => $baseDir . '/lib/FileUpload/Core/qqUploadedFile.php',
     'FileUpload\\Core\\qqUploadedFileForm' => $baseDir . '/lib/FileUpload/Core/qqUploadedFileForm.php',

www/vendor/composer/autoload_static.php

@@ -115,6 +115,9 @@ class ComposerStaticInit10fe8fe2ec4017b8644d2b64bcf398b9
         'CoreLibs\\Output\\Form\\Token' => __DIR__ . '/../..' . '/lib/CoreLibs/Output/Form/Token.php',
         'CoreLibs\\Output\\Image' => __DIR__ . '/../..' . '/lib/CoreLibs/Output/Image.php',
         'CoreLibs\\Output\\ProgressBar' => __DIR__ . '/../..' . '/lib/CoreLibs/Output/ProgressBar.php',
+        'CoreLibs\\Security\\CreateKey' => __DIR__ . '/../..' . '/lib/CoreLibs/Security/CreateKey.php',
+        'CoreLibs\\Security\\Password' => __DIR__ . '/../..' . '/lib/CoreLibs/Security/Password.php',
+        'CoreLibs\\Security\\SymmetricEncryption' => __DIR__ . '/../..' . '/lib/CoreLibs/Security/SymmetricEncryption.php',
         'CoreLibs\\Template\\SmartyExtend' => __DIR__ . '/../..' . '/lib/CoreLibs/Template/SmartyExtend.php',
         'FileUpload\\Core\\qqUploadedFile' => __DIR__ . '/../..' . '/lib/FileUpload/Core/qqUploadedFile.php',
         'FileUpload\\Core\\qqUploadedFileForm' => __DIR__ . '/../..' . '/lib/FileUpload/Core/qqUploadedFileForm.php',