ACL Login update with cuuid and cuid add/update and move write log to login class

Add a UUIDv4 column to edit_generic as cuuid, add the cuid column to all reads with
the cuuid too

The cuuid will replace the cuid and remove the EUID as the session login var

Moved the adbEditLog to login class as writeLog and renamed the current private writeLog to writeEditLog which is only for internal logging in the class

The Backend log class is deprecated and a new get all action var method has been added to get the action vars into the edit log

4dev/database/function/set_edit_generic.sql

@@ -9,6 +9,7 @@ BEGIN
     IF TG_OP = 'INSERT' THEN
         NEW.date_created := 'now';
         NEW.cuid := random_string(random_length);
+        NEW.cuuid := gen_random_uuid();
     ELSIF TG_OP = 'UPDATE' THEN
         NEW.date_updated := 'now';
     END IF;

4dev/database/table/edit_generic.sql

@@ -8,6 +8,7 @@
 -- DROP TABLE edit_generic;
 CREATE TABLE edit_generic (
     cuid VARCHAR,
+    cuuid UUID DEFAULT gen_random_uuid(),
     date_created TIMESTAMP WITHOUT TIME ZONE DEFAULT clock_timestamp(),
     date_updated TIMESTAMP WITHOUT TIME ZONE
 );

4dev/database/table/edit_log.sql

@@ -12,6 +12,8 @@ CREATE TABLE edit_log (
     FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL,
     username VARCHAR,
     password VARCHAR,
+    ecuid VARCHAR,
+    ecuuid UUID,
     event_date TIMESTAMP WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP,
     ip VARCHAR,
     error TEXT,
@@ -21,6 +23,7 @@ CREATE TABLE edit_log (
     page VARCHAR,
     action VARCHAR,
     action_id VARCHAR,
+    action_sub_id VARCHAR,
     action_yes VARCHAR,
     action_flag VARCHAR,
     action_menu VARCHAR,

4dev/tests/ACL/CoreLibsACLLoginTest.php

@@ -243,6 +243,8 @@ final class CoreLibsACLLoginTest extends TestCase
 				[],
 				[
 					'EUID' => 1,
+					'ECUID' => 'abc',
+					'ECUUID' => '1233456-1234-1234-1234-123456789012',
 				],
 				2,
 				[],
@@ -260,6 +262,8 @@ final class CoreLibsACLLoginTest extends TestCase
 				[],
 				[
 					'EUID' => 1,
+					'ECUID' => 'abc',
+					'ECUUID' => '1233456-1234-1234-1234-123456789012',
 					'USER_NAME' => '',
 					'GROUP_NAME' => '',
 					'ADMIN' => 1,

4dev/tests/ACL/database/CoreLibsACLLogin_database_create_data.sql

@@ -5,15 +5,15 @@ CREATE FUNCTION random_string(randomLength int)
 RETURNS text AS
 $$
 SELECT array_to_string(
-	ARRAY(
+    ARRAY(
-		SELECT substring(
+        SELECT substring(
-			'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',
+            'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',
-			trunc(random() * 62)::int + 1,
+            trunc(random() * 62)::int + 1,
-			1
+            1
-		)
+        )
-		FROM generate_series(1, randomLength) AS gs(x)
+        FROM generate_series(1, randomLength) AS gs(x)
-	),
+    ),
-	''
+    ''
 )
 $$
 LANGUAGE SQL
@@ -27,15 +27,16 @@ CREATE OR REPLACE FUNCTION set_edit_generic()
 RETURNS TRIGGER AS
 $$
 DECLARE
-	random_length INT = 12; -- that should be long enough
+    random_length INT = 12; -- that should be long enough
 BEGIN
-	IF TG_OP = 'INSERT' THEN
+    IF TG_OP = 'INSERT' THEN
-		NEW.date_created := 'now';
+        NEW.date_created := 'now';
-		NEW.cuid := random_string(random_length);
+        NEW.cuid := random_string(random_length);
-	ELSIF TG_OP = 'UPDATE' THEN
+        NEW.cuuid := gen_random_uuid();
-		NEW.date_updated := 'now';
+    ELSIF TG_OP = 'UPDATE' THEN
-	END IF;
+        NEW.date_updated := 'now';
-	RETURN NEW;
+    END IF;
+    RETURN NEW;
 END;
 $$
 LANGUAGE 'plpgsql';
@@ -46,29 +47,29 @@ LANGUAGE 'plpgsql';
 CREATE OR REPLACE FUNCTION set_edit_access_uid() RETURNS TRIGGER AS
 $$
 DECLARE
-	myrec RECORD;
+    myrec RECORD;
-	v_uid VARCHAR;
+    v_uid VARCHAR;
 BEGIN
-	-- skip if NEW.name is not set
+    -- skip if NEW.name is not set
-	IF NEW.name IS NOT NULL AND NEW.name <> '' THEN
+    IF NEW.name IS NOT NULL AND NEW.name <> '' THEN
-		-- use NEW.name as base, remove all spaces
+        -- use NEW.name as base, remove all spaces
-		-- name data is already unique, so we do not need to worry about this here
+        -- name data is already unique, so we do not need to worry about this here
-		v_uid := REPLACE(NEW.name, ' ', '');
+        v_uid := REPLACE(NEW.name, ' ', '');
-		IF TG_OP = 'INSERT' THEN
+        IF TG_OP = 'INSERT' THEN
-			-- always set
+            -- always set
-			NEW.uid := v_uid;
+            NEW.uid := v_uid;
-		ELSIF TG_OP = 'UPDATE' THEN
+        ELSIF TG_OP = 'UPDATE' THEN
-			-- check if not set, then set
+            -- check if not set, then set
-			SELECT INTO myrec t.* FROM edit_access t WHERE edit_access_id = NEW.edit_access_id;
+            SELECT INTO myrec t.* FROM edit_access t WHERE edit_access_id = NEW.edit_access_id;
-			IF FOUND THEN
+            IF FOUND THEN
-				NEW.uid := v_uid;
+                NEW.uid := v_uid;
-			END IF;
+            END IF;
-		END IF;
+        END IF;
-	END IF;
+    END IF;
-	RETURN NEW;
+    RETURN NEW;
 END;
 $$
-	LANGUAGE 'plpgsql';
+    LANGUAGE 'plpgsql';
 -- END: function/edit_access_set_uid.sql
 -- START: function/edit_group_set_uid.sql
 -- add uid add for edit_group table
@@ -76,29 +77,29 @@ $$
 CREATE OR REPLACE FUNCTION set_edit_group_uid() RETURNS TRIGGER AS
 $$
 DECLARE
-	myrec RECORD;
+    myrec RECORD;
-	v_uid VARCHAR;
+    v_uid VARCHAR;
 BEGIN
-	-- skip if NEW.name is not set
+    -- skip if NEW.name is not set
-	IF NEW.name IS NOT NULL AND NEW.name <> '' THEN
+    IF NEW.name IS NOT NULL AND NEW.name <> '' THEN
-		-- use NEW.name as base, remove all spaces
+        -- use NEW.name as base, remove all spaces
-		-- name data is already unique, so we do not need to worry about this here
+        -- name data is already unique, so we do not need to worry about this here
-		v_uid := REPLACE(NEW.name, ' ', '');
+        v_uid := REPLACE(NEW.name, ' ', '');
-		IF TG_OP = 'INSERT' THEN
+        IF TG_OP = 'INSERT' THEN
-			-- always set
+            -- always set
-			NEW.uid := v_uid;
+            NEW.uid := v_uid;
-		ELSIF TG_OP = 'UPDATE' THEN
+        ELSIF TG_OP = 'UPDATE' THEN
-			-- check if not set, then set
+            -- check if not set, then set
-			SELECT INTO myrec t.* FROM edit_group t WHERE edit_group_id = NEW.edit_group_id;
+            SELECT INTO myrec t.* FROM edit_group t WHERE edit_group_id = NEW.edit_group_id;
-			IF FOUND THEN
+            IF FOUND THEN
-				NEW.uid := v_uid;
+                NEW.uid := v_uid;
-			END IF;
+            END IF;
-		END IF;
+        END IF;
-	END IF;
+    END IF;
-	RETURN NEW;
+    RETURN NEW;
 END;
 $$
-	LANGUAGE 'plpgsql';
+    LANGUAGE 'plpgsql';
 -- END: function/edit_group_set_uid.sql
 -- START: function/edit_log_partition_insert.sql
 -- AUTHOR: Clemens Schwaighofer
@@ -112,142 +113,142 @@ CREATE OR REPLACE FUNCTION edit_log_insert_trigger ()
 RETURNS TRIGGER AS
 $$
 DECLARE
-	start_date DATE := '2010-01-01';
+    start_date DATE := '2010-01-01';
-	end_date DATE;
+    end_date DATE;
-	timeformat TEXT := 'YYYY';
+    timeformat TEXT := 'YYYY';
-	selector TEXT := 'year';
+    selector TEXT := 'year';
-	base_table TEXT := 'edit_log';
+    base_table TEXT := 'edit_log';
-	_interval INTERVAL := '1 ' || selector;
+    _interval INTERVAL := '1 ' || selector;
-	_interval_next INTERVAL := '2 ' || selector;
+    _interval_next INTERVAL := '2 ' || selector;
-	table_name TEXT;
+    table_name TEXT;
-	-- compare date column
+    -- compare date column
-	compare_date DATE := NEW.event_date;
+    compare_date DATE := NEW.event_date;
-	compare_date_name TEXT := 'event_date';
+    compare_date_name TEXT := 'event_date';
-	-- the create commands
+    -- the create commands
-	command_create_table TEXT := 'CREATE TABLE IF NOT EXISTS {TABLE_NAME} (CHECK({COMPARE_DATE_NAME} >= {START_DATE} AND {COMPARE_DATE_NAME} < {END_DATE})) INHERITS ({BASE_NAME})';
+    command_create_table TEXT := 'CREATE TABLE IF NOT EXISTS {TABLE_NAME} (CHECK({COMPARE_DATE_NAME} >= {START_DATE} AND {COMPARE_DATE_NAME} < {END_DATE})) INHERITS ({BASE_NAME})';
-	command_create_primary_key TEXT := 'ALTER TABLE {TABLE_NAME} ADD PRIMARY KEY ({BASE_TABLE}_id)';
+    command_create_primary_key TEXT := 'ALTER TABLE {TABLE_NAME} ADD PRIMARY KEY ({BASE_TABLE}_id)';
-	command_create_foreign_key_1 TEXT := 'ALTER TABLE {TABLE_NAME} ADD CONSTRAINT {TABLE_NAME}_euid_fkey FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL';
+    command_create_foreign_key_1 TEXT := 'ALTER TABLE {TABLE_NAME} ADD CONSTRAINT {TABLE_NAME}_euid_fkey FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL';
-	command_create_trigger_1 TEXT = 'CREATE TRIGGER trg_{TABLE_NAME} BEFORE INSERT OR UPDATE ON {TABLE_NAME} FOR EACH ROW EXECUTE PROCEDURE set_edit_generic()';
+    command_create_trigger_1 TEXT = 'CREATE TRIGGER trg_{TABLE_NAME} BEFORE INSERT OR UPDATE ON {TABLE_NAME} FOR EACH ROW EXECUTE PROCEDURE set_edit_generic()';
 BEGIN
-	-- we are in valid start time area
+    -- we are in valid start time area
-	IF (NEW.event_date >= start_date) THEN
+    IF (NEW.event_date >= start_date) THEN
-		-- current table name
+        -- current table name
-		table_name := base_table || '_' || to_char(NEW.event_date, timeformat);
+        table_name := base_table || '_' || to_char(NEW.event_date, timeformat);
-		BEGIN
+        BEGIN
-			EXECUTE 'INSERT INTO ' || quote_ident(table_name) || ' SELECT ($1).*' USING NEW;
+            EXECUTE 'INSERT INTO ' || quote_ident(table_name) || ' SELECT ($1).*' USING NEW;
-		-- if insert failed because of missing table, create new below
+        -- if insert failed because of missing table, create new below
-		EXCEPTION
+        EXCEPTION
-		WHEN undefined_table THEN
+        WHEN undefined_table THEN
-			-- another block, so in case the creation fails here too
+            -- another block, so in case the creation fails here too
-			BEGIN
+            BEGIN
-				-- create new table here + all indexes
+                -- create new table here + all indexes
-				start_date := date_trunc(selector, NEW.event_date);
+                start_date := date_trunc(selector, NEW.event_date);
-				end_date := date_trunc(selector, NEW.event_date + _interval);
+                end_date := date_trunc(selector, NEW.event_date + _interval);
-				-- creat table
+                -- creat table
-				EXECUTE format(REPLACE( -- end date
+                EXECUTE format(REPLACE( -- end date
-					REPLACE( -- start date
+                    REPLACE( -- start date
-						REPLACE( -- compare date name
+                        REPLACE( -- compare date name
-							REPLACE( -- base name (inherit)
+                            REPLACE( -- base name (inherit)
-								REPLACE( -- table name
+                                REPLACE( -- table name
-									command_create_table,
+                                    command_create_table,
-									'{TABLE_NAME}',
+                                    '{TABLE_NAME}',
-									table_name
+                                    table_name
-								),
+                                ),
-								'{BASE_NAME}',
+                                '{BASE_NAME}',
-								base_table
+                                base_table
-							),
+                            ),
-							'{COMPARE_DATE_NAME}',
+                            '{COMPARE_DATE_NAME}',
-							compare_date_name
+                            compare_date_name
-						),
+                        ),
-						'{START_DATE}',
+                        '{START_DATE}',
-						quote_literal(start_date)
+                        quote_literal(start_date)
-					),
+                    ),
-					'{END_DATE}',
+                    '{END_DATE}',
-					quote_literal(end_date)
+                    quote_literal(end_date)
-				));
+                ));
-				-- create all indexes and triggers
+                -- create all indexes and triggers
-				EXECUTE format(REPLACE(
+                EXECUTE format(REPLACE(
-					REPLACE(
+                    REPLACE(
-						command_create_primary_key,
+                        command_create_primary_key,
-						'{TABLE_NAME}',
+                        '{TABLE_NAME}',
-						table_name
+                        table_name
-					),
+                    ),
-					'{BASE_TABLE}',
+                    '{BASE_TABLE}',
-					base_table
+                    base_table
-				));
+                ));
-				-- FK constraints
+                -- FK constraints
-				EXECUTE format(REPLACE(command_create_foreign_key_1, '{TABLE_NAME}', table_name));
+                EXECUTE format(REPLACE(command_create_foreign_key_1, '{TABLE_NAME}', table_name));
-				-- generic trigger
+                -- generic trigger
-				EXECUTE format(REPLACE(command_create_trigger_1, '{TABLE_NAME}', table_name));
+                EXECUTE format(REPLACE(command_create_trigger_1, '{TABLE_NAME}', table_name));
 
-				-- insert try again
+                -- insert try again
-				EXECUTE 'INSERT INTO ' || quote_ident(table_name) || ' SELECT ($1).*' USING NEW;
+                EXECUTE 'INSERT INTO ' || quote_ident(table_name) || ' SELECT ($1).*' USING NEW;
-			EXCEPTION
+            EXCEPTION
-			WHEN OTHERS THEN
+            WHEN OTHERS THEN
-				-- if this faled, throw it into the overflow table (so we don't loose anything)
+                -- if this faled, throw it into the overflow table (so we don't loose anything)
-				INSERT INTO edit_log_overflow VALUES (NEW.*);
+                INSERT INTO edit_log_overflow VALUES (NEW.*);
-			END;
+            END;
-		-- other errors, insert into overlow
+        -- other errors, insert into overlow
-		WHEN OTHERS THEN
+        WHEN OTHERS THEN
-			-- if this faled, throw it into the overflow table (so we don't loose anything)
+            -- if this faled, throw it into the overflow table (so we don't loose anything)
-			INSERT INTO edit_log_overflow VALUES (NEW.*);
+            INSERT INTO edit_log_overflow VALUES (NEW.*);
-		END;
+        END;
-		-- main insert run done, check if we have to create next months table
+        -- main insert run done, check if we have to create next months table
-		BEGIN
+        BEGIN
-			-- check if next month table exists
+            -- check if next month table exists
-			table_name := base_table || '_' || to_char((SELECT NEW.event_date + _interval)::DATE, timeformat);
+            table_name := base_table || '_' || to_char((SELECT NEW.event_date + _interval)::DATE, timeformat);
-			-- RAISE NOTICE 'SEARCH NEXT: %', table_name;
+            -- RAISE NOTICE 'SEARCH NEXT: %', table_name;
-			IF  (SELECT to_regclass(table_name)) IS NULL THEN
+            IF  (SELECT to_regclass(table_name)) IS NULL THEN
-				-- move inner interval same
+                -- move inner interval same
-				start_date := date_trunc(selector, NEW.event_date + _interval);
+                start_date := date_trunc(selector, NEW.event_date + _interval);
-				end_date := date_trunc(selector, NEW.event_date + _interval_next);
+                end_date := date_trunc(selector, NEW.event_date + _interval_next);
-				-- RAISE NOTICE 'CREATE NEXT: %', table_name;
+                -- RAISE NOTICE 'CREATE NEXT: %', table_name;
-				-- create table
+                -- create table
-				EXECUTE format(REPLACE( -- end date
+                EXECUTE format(REPLACE( -- end date
-					REPLACE( -- start date
+                    REPLACE( -- start date
-						REPLACE( -- compare date name
+                        REPLACE( -- compare date name
-							REPLACE( -- base name (inherit)
+                            REPLACE( -- base name (inherit)
-								REPLACE( -- table name
+                                REPLACE( -- table name
-									command_create_table,
+                                    command_create_table,
-									'{TABLE_NAME}',
+                                    '{TABLE_NAME}',
-									table_name
+                                    table_name
-								),
+                                ),
-								'{BASE_NAME}',
+                                '{BASE_NAME}',
-								base_table
+                                base_table
-							),
+                            ),
-							'{COMPARE_DATE_NAME}',
+                            '{COMPARE_DATE_NAME}',
-							compare_date_name
+                            compare_date_name
-						),
+                        ),
-						'{START_DATE}',
+                        '{START_DATE}',
-						quote_literal(start_date)
+                        quote_literal(start_date)
-					),
+                    ),
-					'{END_DATE}',
+                    '{END_DATE}',
-					quote_literal(end_date)
+                    quote_literal(end_date)
-				));
+                ));
-				-- create all indexes and triggers
+                -- create all indexes and triggers
-				EXECUTE format(REPLACE(
+                EXECUTE format(REPLACE(
-					REPLACE(
+                    REPLACE(
-						command_create_primary_key,
+                        command_create_primary_key,
-						'{TABLE_NAME}',
+                        '{TABLE_NAME}',
-						table_name
+                        table_name
-					),
+                    ),
-					'{BASE_TABLE}',
+                    '{BASE_TABLE}',
-					base_table
+                    base_table
-				));
+                ));
-				-- FK constraints
+                -- FK constraints
-				EXECUTE format(REPLACE(command_create_foreign_key_1, '{TABLE_NAME}', table_name));
+                EXECUTE format(REPLACE(command_create_foreign_key_1, '{TABLE_NAME}', table_name));
-				-- generic trigger
+                -- generic trigger
-				EXECUTE format(REPLACE(command_create_trigger_1, '{TABLE_NAME}', table_name));
+                EXECUTE format(REPLACE(command_create_trigger_1, '{TABLE_NAME}', table_name));
-			END IF;
+            END IF;
-		EXCEPTION
+        EXCEPTION
-		WHEN OTHERS THEN
+        WHEN OTHERS THEN
-			RAISE NOTICE 'Failed to create next table: %', table_name;
+            RAISE NOTICE 'Failed to create next table: %', table_name;
-		END;
+        END;
-	ELSE
+    ELSE
-		-- if outside valid date, insert into overflow
+        -- if outside valid date, insert into overflow
-		INSERT INTO edit_log_overflow VALUES (NEW.*);
+        INSERT INTO edit_log_overflow VALUES (NEW.*);
-	END IF;
+    END IF;
-	RETURN NULL;
+    RETURN NULL;
 END
 $$
 LANGUAGE 'plpgsql';
@@ -260,22 +261,22 @@ CREATE OR REPLACE FUNCTION set_login_user_id_set_date()
 RETURNS TRIGGER AS
 $$
 BEGIN
-	-- if new is not null/empty
+    -- if new is not null/empty
-	-- and old one is null or old one different new one
+    -- and old one is null or old one different new one
-	-- set NOW()
+    -- set NOW()
-	-- if new one is NULL
+    -- if new one is NULL
-	-- set NULL
+    -- set NULL
-	IF
+    IF
-		NEW.login_user_id IS NOT NULL AND NEW.login_user_id <> '' AND
+        NEW.login_user_id IS NOT NULL AND NEW.login_user_id <> '' AND
-		(OLD.login_user_id IS NULL OR NEW.login_user_id <> OLD.login_user_id)
+        (OLD.login_user_id IS NULL OR NEW.login_user_id <> OLD.login_user_id)
-	THEN
+    THEN
-		NEW.login_user_id_set_date = NOW();
+        NEW.login_user_id_set_date = NOW();
-		NEW.login_user_id_last_revalidate = NOW();
+        NEW.login_user_id_last_revalidate = NOW();
-	ELSIF NEW.login_user_id IS NULL OR NEW.login_user_id = '' THEN
+    ELSIF NEW.login_user_id IS NULL OR NEW.login_user_id = '' THEN
-		NEW.login_user_id_set_date = NULL;
+        NEW.login_user_id_set_date = NULL;
-		NEW.login_user_id_last_revalidate = NULL;
+        NEW.login_user_id_last_revalidate = NULL;
-	END IF;
+    END IF;
-	RETURN NEW;
+    RETURN NEW;
 END;
 $$
 LANGUAGE 'plpgsql';
@@ -290,8 +291,8 @@ LANGUAGE 'plpgsql';
 
 -- DROP TABLE temp_files;
 CREATE TABLE temp_files (
-	filename	VARCHAR,
+    filename VARCHAR,
-	folder	VARCHAR
+    folder VARCHAR
 );
 -- END: table/edit_temp_files.sql
 -- START: table/edit_generic.sql
@@ -304,9 +305,10 @@ CREATE TABLE temp_files (
 
 -- DROP TABLE edit_generic;
 CREATE TABLE edit_generic (
-	cuid	VARCHAR,
+    cuid VARCHAR,
-	date_created	TIMESTAMP WITHOUT TIME ZONE DEFAULT clock_timestamp(),
+    cuuid UUID,
-	date_updated	TIMESTAMP WITHOUT TIME ZONE
+    date_created TIMESTAMP WITHOUT TIME ZONE DEFAULT clock_timestamp(),
+    date_updated TIMESTAMP WITHOUT TIME ZONE
 );
 -- END: table/edit_generic.sql
 -- START: table/edit_visible_group.sql
@@ -319,9 +321,9 @@ CREATE TABLE edit_generic (
 
 -- DROP TABLE edit_visible_group;
 CREATE TABLE edit_visible_group (
-	edit_visible_group_id	SERIAL PRIMARY KEY,
+    edit_visible_group_id SERIAL PRIMARY KEY,
-	name	VARCHAR,
+    name VARCHAR,
-	flag	VARCHAR
+    flag VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_visible_group.sql
 -- START: table/edit_menu_group.sql
@@ -334,10 +336,10 @@ CREATE TABLE edit_visible_group (
 
 -- DROP TABLE edit_menu_group;
 CREATE TABLE edit_menu_group (
-	edit_menu_group_id	SERIAL PRIMARY KEY,
+    edit_menu_group_id SERIAL PRIMARY KEY,
-	name	VARCHAR,
+    name VARCHAR,
-	flag	VARCHAR,
+    flag VARCHAR,
-	order_number	INT NOT NULL
+    order_number INT NOT NULL
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
 
@@ -352,18 +354,18 @@ CREATE TABLE edit_menu_group (
 
 -- DROP TABLE edit_page;
 CREATE TABLE edit_page (
-	edit_page_id	SERIAL PRIMARY KEY,
+    edit_page_id SERIAL PRIMARY KEY,
-	content_alias_edit_page_id	INT, -- alias for page content, if the page content is defined on a different page, ege for ajax backend pages
+    content_alias_edit_page_id	INT, -- alias for page content, if the page content is defined on a different page, ege for ajax backend pages
-	FOREIGN KEY (content_alias_edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE RESTRICT ON UPDATE CASCADE,
+    FOREIGN KEY (content_alias_edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE RESTRICT ON UPDATE CASCADE,
-	filename	VARCHAR,
+    filename VARCHAR,
-	name	VARCHAR UNIQUE,
+    name VARCHAR UNIQUE,
-	order_number INT NOT NULL,
+    order_number INT NOT NULL,
-	online	SMALLINT NOT NULL DEFAULT 0,
+    online SMALLINT NOT NULL DEFAULT 0,
-	menu	SMALLINT NOT NULL DEFAULT 0,
+    menu SMALLINT NOT NULL DEFAULT 0,
-	popup	SMALLINT NOT NULL DEFAULT 0,
+    popup SMALLINT NOT NULL DEFAULT 0,
-	popup_x	SMALLINT,
+    popup_x SMALLINT,
-	popup_y SMALLINT,
+    popup_y SMALLINT,
-	hostname	VARCHAR
+    hostname VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_page.sql
 -- START: table/edit_query_string.sql
@@ -376,13 +378,13 @@ CREATE TABLE edit_page (
 
 -- DROP TABLE edit_query_string;
 CREATE TABLE edit_query_string (
-	edit_query_string_id	SERIAL PRIMARY KEY,
+    edit_query_string_id SERIAL PRIMARY KEY,
-	edit_page_id	INT NOT NULL,
+    edit_page_id INT NOT NULL,
-	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
+    enabled SMALLINT NOT NULL DEFAULT 0,
-	name	VARCHAR,
+    name VARCHAR,
-	value	VARCHAR,
+    value VARCHAR,
-	dynamic	SMALLINT NOT NULL DEFAULT 0
+    dynamic SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_query_string.sql
 -- START: table/edit_page_visible_group.sql
@@ -395,10 +397,10 @@ CREATE TABLE edit_query_string (
 
 -- DROP TABLE edit_page_visible_group;
 CREATE TABLE edit_page_visible_group (
-	edit_page_id INT NOT NULL,
+    edit_page_id INT NOT NULL,
-	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_visible_group_id INT NOT NULL,
+    edit_visible_group_id INT NOT NULL,
-	FOREIGN KEY (edit_visible_group_id) REFERENCES edit_visible_group (edit_visible_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+    FOREIGN KEY (edit_visible_group_id) REFERENCES edit_visible_group (edit_visible_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 );
 -- END: table/edit_page_visible_group.sql
 -- START: table/edit_page_menu_group.sql
@@ -411,10 +413,10 @@ CREATE TABLE edit_page_visible_group (
 
 -- DROP TABLE edit_page_menu_group;
 CREATE TABLE edit_page_menu_group (
-	edit_page_id INT NOT NULL,
+    edit_page_id INT NOT NULL,
-	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_menu_group_id INT NOT NULL,
+    edit_menu_group_id INT NOT NULL,
-	FOREIGN KEY (edit_menu_group_id) REFERENCES edit_menu_group (edit_menu_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
+    FOREIGN KEY (edit_menu_group_id) REFERENCES edit_menu_group (edit_menu_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE
 );
 -- END: table/edit_page_menu_group.sql
 -- START: table/edit_access_right.sql
@@ -428,11 +430,11 @@ CREATE TABLE edit_page_menu_group (
 
 -- DROP TABLE edit_access_right;
 CREATE TABLE edit_access_right (
-	edit_access_right_id SERIAL PRIMARY KEY,
+    edit_access_right_id SERIAL PRIMARY KEY,
-	name VARCHAR,
+    name VARCHAR,
-	level SMALLINT,
+    level SMALLINT,
-	type VARCHAR,
+    type VARCHAR,
-	UNIQUE (level,type)
+    UNIQUE (level,type)
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_access_right.sql
 -- START: table/edit_scheme.sql
@@ -445,12 +447,12 @@ CREATE TABLE edit_access_right (
 
 -- DROP TABLE edit_scheme;
 CREATE TABLE edit_scheme (
-	edit_scheme_id	SERIAL PRIMARY KEY,
+    edit_scheme_id SERIAL PRIMARY KEY,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
+    enabled SMALLINT NOT NULL DEFAULT 0,
-	name	VARCHAR,
+    name VARCHAR,
-	header_color	VARCHAR,
+    header_color VARCHAR,
-	css_file	VARCHAR,
+    css_file VARCHAR,
-	template	VARCHAR
+    template VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_scheme.sql
 -- START: table/edit_language.sql
@@ -464,13 +466,13 @@ CREATE TABLE edit_scheme (
 
 -- DROP TABLE edit_language;
 CREATE TABLE edit_language (
-	edit_language_id SERIAL PRIMARY KEY,
+    edit_language_id SERIAL PRIMARY KEY,
-	enabled SMALLINT NOT NULL DEFAULT 0,
+    enabled SMALLINT NOT NULL DEFAULT 0,
-	lang_default SMALLINT NOT NULL DEFAULT 0,
+    lang_default SMALLINT NOT NULL DEFAULT 0,
-	long_name VARCHAR,
+    long_name VARCHAR,
-	short_name VARCHAR, -- en_US, en or en_US@latin without encoding
+    short_name VARCHAR, -- en_US, en or en_US@latin without encoding
-	iso_name VARCHAR, -- should actually be encoding
+    iso_name VARCHAR, -- should actually be encoding
-	order_number INT
+    order_number INT
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_language.sql
 -- START: table/edit_group.sql
@@ -483,16 +485,16 @@ CREATE TABLE edit_language (
 
 -- DROP TABLE edit_group;
 CREATE TABLE edit_group (
-	edit_group_id	SERIAL PRIMARY KEY,
+    edit_group_id SERIAL PRIMARY KEY,
-	edit_scheme_id INT,
+    edit_scheme_id INT,
-	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_access_right_id INT NOT NULL,
+    edit_access_right_id INT NOT NULL,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
+    enabled SMALLINT NOT NULL DEFAULT 0,
-	deleted	SMALLINT DEFAULT 0,
+    deleted SMALLINT DEFAULT 0,
-	uid	VARCHAR,
+    uid VARCHAR,
-	name	VARCHAR,
+    name VARCHAR,
-	additional_acl	JSONB
+    additional_acl JSONB
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_group.sql
 -- START: table/edit_page_access.sql
@@ -505,14 +507,14 @@ CREATE TABLE edit_group (
 
 -- DROP TABLE edit_page_access;
 CREATE TABLE edit_page_access (
-	edit_page_access_id	SERIAL PRIMARY KEY,
+    edit_page_access_id SERIAL PRIMARY KEY,
-	edit_group_id	INT NOT NULL,
+    edit_group_id INT NOT NULL,
-	FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_page_id	INT NOT NULL,
+    edit_page_id INT NOT NULL,
-	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_access_right_id	INT NOT NULL,
+    edit_access_right_id INT NOT NULL,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	enabled	SMALLINT NOT NULL DEFAULT 0
+    enabled SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
 
@@ -528,15 +530,15 @@ CREATE TABLE edit_page_access (
 
 -- DROP TABLE edit_page_content;
 CREATE TABLE edit_page_content (
-	edit_page_content_id	SERIAL PRIMARY KEY,
+    edit_page_content_id SERIAL PRIMARY KEY,
-	edit_page_id	INT NOT NULL,
+    edit_page_id INT NOT NULL,
-	FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_page_id) REFERENCES edit_page (edit_page_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_access_right_id	INT NOT NULL,
+    edit_access_right_id INT NOT NULL,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	uid	VARCHAR UNIQUE,
+    uid VARCHAR UNIQUE,
-	name	VARCHAR,
+    name VARCHAR,
-	order_number INT NOT NULL,
+    order_number INT NOT NULL,
-	online	SMALLINT NOT NULL DEFAULT 0
+    online SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_page_content.sql
 -- START: table/edit_user.sql
@@ -549,63 +551,63 @@ CREATE TABLE edit_page_content (
 
 -- DROP TABLE edit_user;
 CREATE TABLE edit_user (
-	edit_user_id	SERIAL PRIMARY KEY,
+    edit_user_id SERIAL PRIMARY KEY,
-	connect_edit_user_id	INT, -- possible reference to other user
+    connect_edit_user_id INT, -- possible reference to other user
-	FOREIGN KEY (connect_edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (connect_edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_language_id INT NOT NULL,
+    edit_language_id INT NOT NULL,
-	FOREIGN KEY (edit_language_id) REFERENCES edit_language (edit_language_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_language_id) REFERENCES edit_language (edit_language_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_group_id INT NOT NULL,
+    edit_group_id INT NOT NULL,
-	FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_group_id) REFERENCES edit_group (edit_group_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_scheme_id INT,
+    edit_scheme_id INT,
-	FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_scheme_id) REFERENCES edit_scheme (edit_scheme_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_access_right_id INT NOT NULL,
+    edit_access_right_id INT NOT NULL,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	-- username/password
+    -- username/password
-	username	VARCHAR UNIQUE,
+    username VARCHAR UNIQUE,
-	password	VARCHAR,
+    password VARCHAR,
-	-- name block
+    -- name block
-	first_name	VARCHAR,
+    first_name VARCHAR,
-	last_name	VARCHAR,
+    last_name VARCHAR,
-	first_name_furigana	VARCHAR,
+    first_name_furigana VARCHAR,
-	last_name_furigana	VARCHAR,
+    last_name_furigana VARCHAR,
-	-- email
+    -- email
-	email	VARCHAR,
+    email VARCHAR,
-	-- eanbled/deleted flag
+    -- eanbled/deleted flag
-	enabled	SMALLINT NOT NULL DEFAULT 0,
+    enabled SMALLINT NOT NULL DEFAULT 0,
-	deleted	SMALLINT NOT NULL DEFAULT 0,
+    deleted SMALLINT NOT NULL DEFAULT 0,
-	-- general flags
+    -- general flags
-	strict	SMALLINT DEFAULT 0,
+    strict SMALLINT DEFAULT 0,
-	locked	SMALLINT DEFAULT 0,
+    locked SMALLINT DEFAULT 0,
-	protected SMALLINT NOT NULL DEFAULT 0,
+    protected SMALLINT NOT NULL DEFAULT 0,
-	-- legacy, debug flags
+    -- legacy, debug flags
-	debug	SMALLINT NOT NULL DEFAULT 0,
+    debug SMALLINT NOT NULL DEFAULT 0,
-	db_debug	SMALLINT NOT NULL DEFAULT 0,
+    db_debug SMALLINT NOT NULL DEFAULT 0,
-	-- is admin user
+    -- is admin user
-	admin	SMALLINT NOT NULL DEFAULT 0,
+    admin SMALLINT NOT NULL DEFAULT 0,
-	-- last login log
+    -- last login log
-	last_login	TIMESTAMP WITHOUT TIME ZONE,
+    last_login TIMESTAMP WITHOUT TIME ZONE,
-	-- login error
+    -- login error
-	login_error_count	INT DEFAULT 0,
+    login_error_count INT DEFAULT 0,
-	login_error_date_last	TIMESTAMP WITHOUT TIME ZONE,
+    login_error_date_last TIMESTAMP WITHOUT TIME ZONE,
-	login_error_date_first	TIMESTAMP WITHOUT TIME ZONE,
+    login_error_date_first TIMESTAMP WITHOUT TIME ZONE,
-	-- time locked
+    -- time locked
-	lock_until	TIMESTAMP WITHOUT TIME ZONE,
+    lock_until TIMESTAMP WITHOUT TIME ZONE,
-	lock_after	TIMESTAMP WITHOUT TIME ZONE,
+    lock_after TIMESTAMP WITHOUT TIME ZONE,
-	-- password change
+    -- password change
-	password_change_date	TIMESTAMP WITHOUT TIME ZONE, -- only when password is first set or changed
+    password_change_date TIMESTAMP WITHOUT TIME ZONE, -- only when password is first set or changed
-	password_change_interval	INTERVAL, -- null if no change is needed, or d/m/y time interval
+    password_change_interval INTERVAL, -- null if no change is needed, or d/m/y time interval
-	password_reset_time	TIMESTAMP WITHOUT TIME ZONE, -- when the password reset was requested
+    password_reset_time TIMESTAMP WITHOUT TIME ZONE, -- when the password reset was requested
-	password_reset_uid	VARCHAR, -- the uid to access the password reset page
+    password_reset_uid VARCHAR, -- the uid to access the password reset page
-	-- _GET login id for direct login
+    -- _GET login id for direct login
-	login_user_id	VARCHAR UNIQUE, -- the loginUserId, at least 32 chars
+    login_user_id VARCHAR UNIQUE, -- the loginUserId, at least 32 chars
-	login_user_id_set_date	TIMESTAMP WITHOUT TIME ZONE, -- when above uid was set
+    login_user_id_set_date TIMESTAMP WITHOUT TIME ZONE, -- when above uid was set
-	login_user_id_last_revalidate	TIMESTAMP WITHOUT TIME ZONE, -- when the last login was done with user name and password
+    login_user_id_last_revalidate TIMESTAMP WITHOUT TIME ZONE, -- when the last login was done with user name and password
-	login_user_id_valid_from	TIMESTAMP WITHOUT TIME ZONE, -- if set, from when the above uid is valid
+    login_user_id_valid_from TIMESTAMP WITHOUT TIME ZONE, -- if set, from when the above uid is valid
-	login_user_id_valid_until	TIMESTAMP WITHOUT TIME ZONE, -- if set, until when the above uid is valid
+    login_user_id_valid_until TIMESTAMP WITHOUT TIME ZONE, -- if set, until when the above uid is valid
-	login_user_id_revalidate_after	INTERVAL, -- user must login to revalidated loginUserId after set days, 0 for forever
+    login_user_id_revalidate_after INTERVAL, -- user must login to revalidated loginUserId after set days, 0 for forever
-	login_user_id_locked	SMALLINT DEFAULT 0, -- lock for loginUserId, but still allow normal login
+    login_user_id_locked SMALLINT DEFAULT 0, -- lock for loginUserId, but still allow normal login
-	-- additional ACL json block
+    -- additional ACL json block
-	additional_acl	JSONB -- additional ACL as JSON string (can be set by other pages)
+    additional_acl JSONB -- additional ACL as JSON string (can be set by other pages)
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
 -- create unique index
@@ -650,37 +652,40 @@ COMMENT ON COLUMN edit_user.additional_acl IS 'Additional Access Control List st
 
 -- DROP TABLE edit_log;
 CREATE TABLE edit_log (
-	edit_log_id	SERIAL PRIMARY KEY,
+    edit_log_id SERIAL PRIMARY KEY,
-	euid	INT, -- this is a foreign key, but I don't nedd to reference to it
+    euid INT, -- this is a foreign key, but I don't nedd to reference to it
-	FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL,
+    ecuid VARCHAR,
-	username	VARCHAR,
+    ecuuid UUID,
-	password	VARCHAR,
+    FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL,
-	event_date	TIMESTAMP WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    username VARCHAR,
-	ip	VARCHAR,
+    password VARCHAR,
-	error	TEXT,
+    event_date TIMESTAMP WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP,
-	event	TEXT,
+    ip VARCHAR,
-	data_binary	BYTEA,
+    error TEXT,
-	data	TEXT,
+    event TEXT,
-	page	VARCHAR,
+    data_binary BYTEA,
-	action	VARCHAR,
+    data TEXT,
-	action_id	VARCHAR,
+    page VARCHAR,
-	action_yes	VARCHAR,
+    action VARCHAR,
-	action_flag	VARCHAR,
+    action_id VARCHAR,
-	action_menu	VARCHAR,
+    action_sub_id VARCHAR,
-	action_loaded	VARCHAR,
+    action_yes VARCHAR,
-	action_value	VARCHAR,
+    action_flag VARCHAR,
-	action_type	VARCHAR,
+    action_menu VARCHAR,
-	action_error	VARCHAR,
+    action_loaded VARCHAR,
-	user_agent	VARCHAR,
+    action_value VARCHAR,
-	referer	VARCHAR,
+    action_type VARCHAR,
-	script_name	VARCHAR,
+    action_error VARCHAR,
-	query_string	VARCHAR,
+    user_agent VARCHAR,
-	server_name	VARCHAR,
+    referer VARCHAR,
-	http_host	VARCHAR,
+    script_name VARCHAR,
-	http_accept	VARCHAR,
+    query_string VARCHAR,
-	http_accept_charset	VARCHAR,
+    server_name VARCHAR,
-	http_accept_encoding	VARCHAR,
+    http_host VARCHAR,
-	session_id	VARCHAR
+    http_accept VARCHAR,
+    http_accept_charset VARCHAR,
+    http_accept_encoding VARCHAR,
+    session_id VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_log.sql
 -- START: table/edit_log_overflow.sql
@@ -707,15 +712,15 @@ ALTER TABLE edit_log_overflow ADD CONSTRAINT edit_log_overflow_euid_fkey FOREIGN
 
 -- DROP TABLE edit_access;
 CREATE TABLE edit_access (
-	edit_access_id	SERIAL PRIMARY KEY,
+    edit_access_id SERIAL PRIMARY KEY,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
+    enabled SMALLINT NOT NULL DEFAULT 0,
-	protected SMALLINT DEFAULT 0,
+    protected SMALLINT DEFAULT 0,
-	deleted	SMALLINT DEFAULT 0,
+    deleted SMALLINT DEFAULT 0,
-	uid	VARCHAR,
+    uid VARCHAR,
-	name	VARCHAR UNIQUE,
+    name VARCHAR UNIQUE,
-	description	VARCHAR,
+    description VARCHAR,
-	color	VARCHAR,
+    color VARCHAR,
-	additional_acl	JSONB
+    additional_acl JSONB
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_access.sql
 -- START: table/edit_access_user.sql
@@ -728,15 +733,15 @@ CREATE TABLE edit_access (
 
 -- DROP TABLE edit_access_user;
 CREATE TABLE edit_access_user (
-	edit_access_user_id	SERIAL PRIMARY KEY,
+    edit_access_user_id SERIAL PRIMARY KEY,
-	edit_access_id	INT NOT NULL,
+    edit_access_id INT NOT NULL,
-	FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_user_id	INT NOT NULL,
+    edit_user_id INT NOT NULL,
-	FOREIGN KEY (edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_user_id) REFERENCES edit_user (edit_user_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_access_right_id	INT NOT NULL,
+    edit_access_right_id INT NOT NULL,
-	FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_access_right_id) REFERENCES edit_access_right (edit_access_right_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	edit_default	SMALLINT DEFAULT 0,
+    edit_default SMALLINT DEFAULT 0,
-	enabled	SMALLINT NOT NULL DEFAULT 0
+    enabled SMALLINT NOT NULL DEFAULT 0
 ) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_access_user.sql
 -- START: table/edit_access_data.sql
@@ -749,12 +754,12 @@ CREATE TABLE edit_access_user (
 
 -- DROP TABLE edit_access_data;
 CREATE TABLE edit_access_data (
-	edit_access_data_id	SERIAL PRIMARY KEY,
+    edit_access_data_id SERIAL PRIMARY KEY,
-	edit_access_id INT NOT NULL,
+    edit_access_id INT NOT NULL,
-	FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
+    FOREIGN KEY (edit_access_id) REFERENCES edit_access (edit_access_id) MATCH FULL ON DELETE CASCADE ON UPDATE CASCADE,
-	enabled	SMALLINT NOT NULL DEFAULT 0,
+    enabled SMALLINT NOT NULL DEFAULT 0,
-	name	VARCHAR,
+    name VARCHAR,
-	value	VARCHAR
+    value VARCHAR
 ) INHERITS (edit_generic) WITHOUT OIDS;
 
 -- create a unique index for each attached data block for each edit access can

4dev/update/20241203_update_edit_tables/edit_tables_cuid_cuuid_update_add.sql

@@ -0,0 +1,26 @@
+-- 20241203: update edit tables
+ALTER TABLE edit_generic ADD cuuid UUID DEFAULT gen_random_uuid();
+ALTER TABLE edit_log ADD ecuid VARCHAR;
+ALTER TABLE edit_log ADD ecuuid VARCHAR;
+ALTER TABLE edit_log ADD action_sub_id VARCHAR;
+
+-- update set_edit_gneric
+-- adds the created or updated date tags
+
+CREATE OR REPLACE FUNCTION set_edit_generic()
+RETURNS TRIGGER AS
+$$
+DECLARE
+    random_length INT = 25; -- that should be long enough
+BEGIN
+    IF TG_OP = 'INSERT' THEN
+        NEW.date_created := 'now';
+        NEW.cuid := random_string(random_length);
+        NEW.cuuid := gen_random_uuid();
+    ELSIF TG_OP = 'UPDATE' THEN
+        NEW.date_updated := 'now';
+    END IF;
+    RETURN NEW;
+END;
+$$
+LANGUAGE 'plpgsql';

www/admin/class_test.admin.backend.php

@@ -42,6 +42,20 @@ $backend = new CoreLibs\Admin\Backend(
 	$l10n,
 	DEFAULT_ACL_LEVEL
 );
+$login = new CoreLibs\ACL\Login(
+	$db,
+	$log,
+	$session,
+	[
+		'auto_login' => false,
+		'default_acl_level' => DEFAULT_ACL_LEVEL,
+		'logout_target' => '',
+		'site_locale' => SITE_LOCALE,
+		'site_domain' => SITE_DOMAIN,
+		'site_encoding' => SITE_ENCODING,
+		'locale_path' => BASE . INCLUDES . LOCALE,
+	]
+);
 use CoreLibs\Debug\Support;
 
 $PAGE_NAME = 'TEST CLASS: ADMIN BACKEND';
@@ -55,10 +69,30 @@ print '<div><h1>' . $PAGE_NAME . '</h1></div>';
 print "SETACL[]: <br>";
 $backend->setACL(['EMPTY' => 'EMPTY']);
 print "ADBEDITLOG: <br>";
-$backend->adbEditLog('CLASSTEST-ADMIN-BINARY', 'Some info string', 'BINARY');
+$login->writeLog(
-$backend->adbEditLog('CLASSTEST-ADMIN-ZLIB', 'Some info string', 'ZLIB');
+	'CLASSTEST-ADMIN-BINARY',
-$backend->adbEditLog('CLASSTEST-ADMIN-SERIAL', 'Some info string', 'SERIAL');
+	'Some info string',
-$backend->adbEditLog('CLASSTEST-ADMIN-INVALID', 'Some info string', 'INVALID');
+	$backend->adbGetActionSet(),
+	write_type:'BINARY'
+);
+$login->writeLog(
+	'CLASSTEST-ADMIN-ZLIB',
+	'Some info string',
+	$backend->adbGetActionSet(),
+	write_type:'ZLIB'
+);
+$login->writeLog(
+	'CLASSTEST-ADMIN-SERIAL',
+	'Some info string',
+	$backend->adbGetActionSet(),
+	write_type:'SERIAL'
+);
+$login->writeLog(
+	'CLASSTEST-ADMIN-INVALID',
+	'Some info string',
+	$backend->adbGetActionSet(),
+	write_type:'INVALID'
+);
 // test with various
 $backend->action = 'TEST ACTION';
 $backend->action_id = 'TEST ACTION ID';
@@ -69,10 +103,10 @@ $backend->action_loaded = 'TEST ACTION LOADED';
 $backend->action_value = 'TEST ACTION VALUE';
 $backend->action_type = 'TEST ACTION TYPE';
 $backend->action_error = 'TEST ACTION ERROR';
-$backend->adbEditLog('CLASSTEST-ADMIN-JSON', [
+$login->writeLog('CLASSTEST-ADMIN-JSON', [
 	"_GET" => $_GET,
 	"_POST" => $_POST,
-], 'JSON');
+], $backend->adbGetActionSet(), write_type:'JSON');
 
 print "ADBTOPMENU(0): " . Support::printAr($backend->adbTopMenu(CONTENT_PATH)) . "<br>";
 print "ADBMSG: <br>";

www/admin/class_test.login.php

@@ -58,4 +58,16 @@ echo "ACL: " . \CoreLibs\Debug\Support::printAr($login->loginGetAcl()) . "<br>";
 echo "ACL (MIN): " . \CoreLibs\Debug\Support::printAr($login->loginGetAcl()['min'] ?? []) . "<br>";
 echo "LOCALE: " . \CoreLibs\Debug\Support::printAr($login->loginGetLocale()) . "<br>";
 
+echo "ECUID: " . $login->loginGetEcuid() . "<br>";
+echo "ECUUID: " . $login->loginGetEcuuid() . "<br>";
+
+$login->writeLog(
+	'TEST LOG',
+	[
+		'test' => 'TEST A'
+	],
+	error:'No Error',
+	write_type:'JSON'
+);
+
 print "</body></html>";

www/admin/class_test.php

@@ -205,6 +205,9 @@ print "HOST: " . HOST_NAME . " => DB HOST: " . DB_CONFIG_NAME . " => " . Support
 print "DS is: " . DIRECTORY_SEPARATOR . "<br>";
 print "SERVER HOST: " . $_SERVER['HTTP_HOST'] . "<br>";
 
+print "ECUID: " . $_SESSION['ECUID'] . "<br>";
+print "ECUUID: " . $_SESSION['ECUUID'] . "<br>";
+
 print "</body></html>";
 
 # __END__

www/includes/admin_header.php

@@ -116,7 +116,7 @@ $data = [
 // log action
 // no log if login
 if (!$login->loginActionRun()) {
-	$cms->adbEditLog('Submit', $data, 'BINARY');
+	$login->writeLog('Submit', $data, $cms->adbGetActionSet(), 'BINARY');
 }
 //------------------------------ logging end
 

www/lib/CoreLibs/ACL/Login.php

@@ -69,12 +69,17 @@ declare(strict_types=1);
 namespace CoreLibs\ACL;
 
 use CoreLibs\Security\Password;
+use CoreLibs\Create\Uids;
 use CoreLibs\Convert\Json;
 
 class Login
 {
 	/** @var ?int the user id var*/
 	private ?int $euid;
+	/** @var ?string the user cuid (note will be super seeded with uuid v4 later) */
+	private ?string $ecuid;
+	/** @var ?string UUIDv4, will superseed the ecuid and replace euid as login id */
+	private ?string $ecuuid;
 	/** @var string _GET/_POST loginUserId parameter for non password login */
 	private string $login_user_id = '';
 	/** @var string source, either _GET or _POST or empty */
@@ -193,6 +198,12 @@ class Login
 	/** @var bool */
 	private bool $login_is_ajax_page = false;
 
+	// logging
+	/** @var array<string> list of allowed types for edit log write */
+	private const WRITE_TYPES = ['BINARY', 'BZIP2', 'LZIP', 'STRING', 'SERIAL', 'JSON'];
+	/** @var array<string> list of available write types for log */
+	private array $write_types_available = [];
+
 	// settings
 	/** @var array<string,mixed> options */
 	private array $options = [];
@@ -379,6 +390,8 @@ class Login
 		$_SESSION['DEFAULT_ACL_LIST'] = $this->default_acl_list;
 		$_SESSION['DEFAULT_ACL_LIST_TYPE'] = $this->default_acl_list_type;
 
+		$this->loginSetEditLogWriteTypeAvailable();
+
 		// this will be deprecated
 		if ($this->options['auto_login'] === true) {
 			$this->loginMainCall();
@@ -757,7 +770,7 @@ class Login
 		}
 		// have to get the global stuff here for setting it later
 		// we have to get the themes in here too
-		$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
+		$q = "SELECT eu.edit_user_id, eu.cuid, eu.cuuid, eu.username, eu.password, "
 			. "eu.edit_group_id, "
 			. "eg.name AS edit_group_name, eu.admin, "
 			// additinal acl lists
@@ -889,6 +902,8 @@ class Login
 			// normal user processing
 			// set class var and session var
 			$_SESSION['EUID'] = $this->euid = (int)$res['edit_user_id'];
+			$_SESSION['ECUID'] = $this->ecuid = (string)$res['cuid'];
+			$_SESSION['ECUUID'] = $this->ecuuid = (string)$res['cuuid'];
 			// check if user is okay
 			$this->loginCheckPermissions();
 			if ($this->login_error == 0) {
@@ -1132,6 +1147,9 @@ class Login
 		// username (login), group name
 		$this->acl['user_name'] = $_SESSION['USER_NAME'];
 		$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
+		// edit user cuid
+		$this->acl['ecuid'] = $_SESSION['ECUID'];
+		$this->acl['ecuuid'] = $_SESSION['ECUUID'];
 		// set additional acl
 		$this->acl['additional_acl'] = [
 			'user' => $_SESSION['USER_ADDITIONAL_ACL'],
@@ -1425,7 +1443,7 @@ class Login
 			$data = 'Illegal user for password change: ' . $this->pw_username;
 		}
 		// log this password change attempt
-		$this->writeLog($event, $data, $this->login_error, $this->pw_username);
+		$this->writeEditLog($event, $data, $this->login_error, $this->pw_username);
 	}
 
 	/**
@@ -1566,7 +1584,7 @@ class Login
 					$username = $res['username'];
 				}
 			} // if euid is set, get username (or try)
-			$this->writeLog($event, '', $this->login_error, $username);
+			$this->writeEditLog($event, '', $this->login_error, $username);
 		} // write log under certain settings
 		// now close DB connection
 		// $this->error_msg = $this->_login();
@@ -1722,6 +1740,8 @@ HTML;
 		}
 	}
 
+	// MARK: LOGGING
+
 	/**
 	 * writes detailed data into the edit user log table (keep log what user does)
 	 *
@@ -1731,7 +1751,7 @@ HTML;
 	 * @param  string     $username login user username
 	 * @return void                 has no return
 	 */
-	private function writeLog(
+	private function writeEditLog(
 		string $event,
 		string $data,
 		string|int $error = '',
@@ -1749,50 +1769,191 @@ HTML;
 				'_GET' => $_GET,
 				'_POST' => $_POST,
 				'_FILES' => $_FILES,
-				'error' => $this->login_error
+				'error' => $this->login_error,
+				'data' => $data,
 		];
-		$data_binary = $this->db->dbEscapeBytea((string)bzcompress(serialize($_data_binary)));
+		$_action_set = [
-		// SQL querie for log entry
+			'action' => $this->action,
-		$q = "INSERT INTO edit_log "
+			'action_id' => $this->username,
-			. "(username, password, euid, event_date, event, error, data, data_binary, page, "
+			'action_flag' => (string)$this->login_error,
-			. "ip, user_agent, referer, script_name, query_string, server_name, http_host, "
+			'action_value' => (string)$this->permission_okay,
-			. "http_accept, http_accept_charset, http_accept_encoding, session_id, "
+		];
-			. "action, action_id, action_yes, action_flag, action_menu, action_loaded, "
+
-			. "action_value, action_error) "
+		$this->writeLog($event, $_data_binary, $_action_set, $error, $username);
-			. "VALUES ('" . $this->db->dbEscapeString($username) . "', 'PASSWORD', "
+	}
-			. ($this->euid ? $this->euid : 'NULL') . ", "
+
-			. "NOW(), '" . $this->db->dbEscapeString($event) . "', "
+	/**
-			. "'" . $this->db->dbEscapeString((string)$error) . "', "
+	 * writes all action vars plus other info into edit_log table
-			. "'" . $this->db->dbEscapeString($data) . "', '" . $data_binary . "', "
+	 * this is for public class
-			. "'" . $this->page_name . "', ";
+	 *
-		foreach (
+	 * phpcs:disable Generic.Files.LineLength
-			[
+	 * @param  string              $event [default='']        any kind of event description,
-				'REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME',
+	 * @param  string|array<mixed> $data [default='']         any kind of data related to that event
-				'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT',
+	 * @param  array{action?:?string,action_id?:null|string|int,action_sub_id?:null|string|int,action_yes?:null|string|int|bool,action_flag?:?string,action_menu?:?string,action_loaded?:?string,action_value?:?string,action_type?:?string,action_error?:?string} $action_set [default=[]] action set names
-				'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING'
+	 * @param  string|int          $error    error id (mostly an int)
-			] as $server_code
+	 * @param  string              $write_type [default=JSON] write type can be
-		) {
+	 *                                                        JSON, STRING/SERIEAL, BINARY/BZIP or ZLIB
-			if (array_key_exists($server_code, $_SERVER)) {
+	 * @param  string|null         $db_schema [default=null]  override target schema
-				$q .= "'" . $this->db->dbEscapeString($_SERVER[$server_code]) . "', ";
+	 * @return void
-			} else {
+	 * phpcs:enable Generic.Files.LineLength
-				$q .= "NULL, ";
+	 */
-			}
+	public function writeLog(
+		string $event = '',
+		string|array $data = '',
+		array $action_set = [],
+		string|int $error = '',
+		string $username = '',
+		string $write_type = 'JSON',
+		?string $db_schema = null
+	): void {
+		$data_binary = '';
+		$data_write = '';
+
+		// check if write type is valid, if not fallback to JSON
+		if (!in_array(strtoupper($write_type), $this->write_types_available)) {
+			$this->log->warning('Write type not in allowed array, fallback to JSON', context:[
+				"write_type" => $write_type,
+				"write_list" => $this->write_types_available,
+			]);
+			$write_type = 'JSON';
+		}
+		switch ($write_type) {
+			case 'BINARY':
+			case 'BZIP':
+				$data_binary = $this->db->dbEscapeBytea((string)bzcompress(serialize($data)));
+				$data_write = Json::jsonConvertArrayTo([
+					'type' => 'BZIP',
+					'message' => 'see bzip compressed data_binary field'
+				]);
+				break;
+			case 'ZLIB':
+				$data_binary = $this->db->dbEscapeBytea((string)gzcompress(serialize($data)));
+				$data_write = Json::jsonConvertArrayTo([
+					'type' => 'ZLIB',
+					'message' => 'see zlib compressed data_binary field'
+				]);
+				break;
+			case 'STRING':
+			case 'SERIAL':
+				$data_binary = $this->db->dbEscapeBytea(Json::jsonConvertArrayTo([
+					'type' => 'SERIAL',
+					'message' => 'see serial string data field'
+				]));
+				$data_write = serialize($data);
+				break;
+			case 'JSON':
+				$data_binary = $this->db->dbEscapeBytea(Json::jsonConvertArrayTo([
+					'type' => 'JSON',
+					'message' => 'see json string data field'
+				]));
+				// must be converted to array
+				if (!is_array($data)) {
+					$data = ["data" => $data];
+				}
+				$data_write = Json::jsonConvertArrayTo($data);
+				break;
+			default:
+				$this->log->alert('Invalid type for data compression was set', context:[
+					"write_type" => $write_type
+				]);
+				break;
+		}
+
+		/** @var string $DB_SCHEMA check schema */
+		$DB_SCHEMA = 'public';
+		if ($db_schema !== null) {
+			$DB_SCHEMA = $db_schema;
+		} elseif (!empty($this->db->dbGetSchema())) {
+			$DB_SCHEMA = $this->db->dbGetSchema();
+		}
+		$q = <<<SQL
+		INSERT INTO {DB_SCHEMA}.edit_log (
+			username, euid, ecuid, ecuuid, event_date, event, error, data, data_binary, page,
+			ip, user_agent, referer, script_name, query_string, server_name, http_host,
+			http_accept, http_accept_charset, http_accept_encoding, session_id,
+			action, action_id, action_sub_id, action_yes, action_flag, action_menu, action_loaded,
+			action_value, action_type, action_error
+		) VALUES (
+			$1, $2, $3, $4, NOW(), $5, $6, $7, $8, $9,
+			$10, $11, $12, $13, $14, $15, $16,
+			$17, $18, $19, $20,
+			$21, $22, $23, $24, $25, $26, $27,
+			$28, $29, $30
+		)
+		SQL;
+		$this->db->dbExecParams(
+			str_replace(
+				['{DB_SCHEMA}'],
+				[$DB_SCHEMA],
+				$q
+			),
+			[
+				// row 1
+				empty($username) ? $_SESSION['USER_NAME'] ?? '' : $username,
+				!empty($_SESSION['EUID']) && is_numeric($_SESSION['EUID']) ?
+					$_SESSION['EUID'] : null,
+				!empty($_SESSION['ECUID']) && is_string($_SESSION['ECUID']) ?
+					$_SESSION['ECUID'] : null,
+				!empty($_SESSION['ECUUID']) && Uids::validateUuuidv4($_SESSION['ECUUID']) ?
+					$_SESSION['ECUUID'] : null,
+				(string)$event,
+				(string)$error,
+				$data_write,
+				$data_binary,
+				(string)$this->page_name,
+				// row 2
+				$_SERVER["REMOTE_ADDR"] ?? null,
+				$_SERVER['HTTP_USER_AGENT'] ?? null,
+				$_SERVER['HTTP_REFERER'] ?? null,
+				$_SERVER['SCRIPT_FILENAME'] ?? null,
+				$_SERVER['QUERY_STRING'] ?? null,
+				$_SERVER['SERVER_NAME'] ?? null,
+				$_SERVER['HTTP_HOST'] ?? null,
+				// row 3
+				$_SERVER['HTTP_ACCEPT'] ?? null,
+				$_SERVER['HTTP_ACCEPT_CHARSET'] ?? null,
+				$_SERVER['HTTP_ACCEPT_ENCODING'] ?? null,
+				$this->session->getSessionId() !== false ?
+					$this->session->getSessionId() : null,
+				// row 4
+				$action_set['action'] ?? null,
+				$action_set['action_id'] ?? null,
+				$action_set['action_sub_id'] ?? null,
+				$action_set['action_yes'] ?? null,
+				$action_set['action_flag'] ?? null,
+				$action_set['action_menu'] ?? null,
+				$action_set['action_loaded'] ?? null,
+				$action_set['action_value'] ?? null,
+				$action_set['action_type'] ?? null,
+				$action_set['action_error'] ?? null,
+			],
+			'NULL'
+		);
+	}
+
+	/**
+	 * set the write types that are allowed
+	 *
+	 * @return void
+	 */
+	private function loginSetEditLogWriteTypeAvailable()
+	{
+		// check what edit log data write types are allowed
+		$this->write_types_available = self::WRITE_TYPES;
+		if (!function_exists('bzcompress')) {
+			$this->write_types_available = array_diff($this->write_types_available, ['BINARY', 'BZIP']);
+		}
+		if (!function_exists('gzcompress')) {
+			$this->write_types_available = array_diff($this->write_types_available, ['LZIP']);
 		}
-		$q .= "'" . $this->session->getSessionId() . "', ";
-		$q .= "'" . $this->db->dbEscapeString($this->action) . "', ";
-		$q .= "'" . $this->db->dbEscapeString($this->username) . "', ";
-		$q .= "NULL, ";
-		$q .= "'" . $this->db->dbEscapeString((string)$this->login_error) . "', ";
-		$q .= "NULL, NULL, ";
-		$q .= "'" . $this->db->dbEscapeString((string)$this->permission_okay) . "', ";
-		$q .= "NULL)";
-		$this->db->dbExec($q, 'NULL');
 	}
 
 	// *************************************************************************
 	// **** PUBLIC INTERNAL
 	// *************************************************************************
 
+	// MARK: LOGIN CALL
+
 	/**
 	 * Main call that needs to be run to actaully check for login
 	 * If this is not called, no login checks are done, unless the class
@@ -1862,6 +2023,9 @@ HTML;
 		}
 		// if there is none, there is none, saves me POST/GET check
 		$this->euid = array_key_exists('EUID', $_SESSION) ? (int)$_SESSION['EUID'] : 0;
+		// TODO: allow load from cuid
+		// $this->ecuid = array_key_exists('ECUID', $_SESSION) ? (string)$_SESSION['ECUID'] : '';
+		// $this->ecuuid = array_key_exists('ECUUID', $_SESSION) ? (string)$_SESSION['ECUUID'] : '';
 		// get login vars, are so, can't be changed
 		// prepare
 		// pass on vars to Object vars
@@ -1942,6 +2106,8 @@ HTML;
 		$this->loginSetAcl();
 	}
 
+	// MARK: setters/getters
+
 	/**
 	 * Returns current set login_html content
 	 *
@@ -2111,6 +2277,8 @@ HTML;
 		$this->session->sessionDestroy();
 		// unset euid
 		$this->euid = null;
+		$this->ecuid = null;
+		$this->ecuuid = null;
 		// then prints the login screen again
 		$this->permission_okay = false;
 	}
@@ -2128,11 +2296,12 @@ HTML;
 		if (empty($this->euid)) {
 			return $this->permission_okay;
 		}
+		// euid must match ecuid and ecuuid
 		// bail for previous wrong page match, eg if method is called twice
 		if ($this->login_error == 103) {
 			return $this->permission_okay;
 		}
-		$q = "SELECT ep.filename, "
+		$q = "SELECT ep.filename, eu.cuid, eu.cuuid, "
 			// base lock flags
 			. "eu.deleted, eu.enabled, eu.locked, "
 			// date based lock
@@ -2198,6 +2367,9 @@ HTML;
 		} else {
 			$this->login_error = 103;
 		}
+		// set ECUID
+		$_SESSION['ECUID'] = $this->ecuid = (string)$res['cuid'];
+		$_SESSION['ECUUID'] = $this->ecuuid = (string)$res['cuuid'];
 		// if called from public, so we can check if the permissions are ok
 		return $this->permission_okay;
 	}
@@ -2503,6 +2675,26 @@ HTML;
 	{
 		return (string)$this->euid;
 	}
+
+	/**
+	 * Get the current set ECUID (edit user cuid)
+	 *
+	 * @return string ECUID as string
+	 */
+	public function loginGetEcuid(): string
+	{
+		return (string)$this->ecuid;
+	}
+
+	/**
+	 * Get the current set ECUUID (edit user cuuid)
+	 *
+	 * @return string ECUUID as string
+	 */
+	public function loginGetEcuuid(): string
+	{
+		return (string)$this->ecuuid;
+	}
 }
 
 // __END__

www/lib/CoreLibs/Admin/Backend.php

@@ -31,6 +31,7 @@ declare(strict_types=1);
 
 namespace CoreLibs\Admin;
 
+use CoreLibs\Create\Uids;
 use CoreLibs\Convert\Json;
 
 class Backend
@@ -258,6 +259,27 @@ class Backend
 		}
 	}
 
+	/**
+	 * return all the action data, if not set, sets entry to null
+	 *
+	 * @return array{action:?string,action_id:null|string|int,action_sub_id:null|string|int,action_yes:null|string|int|bool,action_flag:?string,action_menu:?string,action_loaded:?string,action_value:?string,action_type:?string,action_error:?string}
+	 */
+	public function adbGetActionSet(): array
+	{
+		return [
+			'action' => $this->action ?? null,
+			'action_id' => $this->action_id ?? null,
+			'action_sub_id' => $this->action_sub_id ?? null,
+			'action_yes' => $this->action_yes ?? null,
+			'action_flag' => $this->action_flag ?? null,
+			'action_menu' => $this->action_menu ?? null,
+			'action_loaded' => $this->action_loaded ?? null,
+			'action_value' => $this->action_value ?? null,
+			'action_type' => $this->action_type ?? null,
+			'action_error' => $this->action_error ?? null,
+		];
+	}
+
 	/**
 	 * writes all action vars plus other info into edit_log table
 	 *
@@ -267,6 +289,7 @@ class Backend
 	 *                                                        JSON, STRING/SERIEAL, BINARY/BZIP or ZLIB
 	 * @param  string|null         $db_schema [default=null]  override target schema
 	 * @return void
+	 * @deprecated Use $login->writeLog() and set action_set from ->adbGetActionSet()
 	 */
 	public function adbEditLog(
 		string $event = '',
@@ -335,17 +358,17 @@ class Backend
 		}
 		$q = <<<SQL
 		INSERT INTO {DB_SCHEMA}.edit_log (
-			euid, event_date, event, data, data_binary, page,
+			username, euid, ecuid, ecuuid, event_date, event, error, data, data_binary, page,
 			ip, user_agent, referer, script_name, query_string, server_name, http_host,
 			http_accept, http_accept_charset, http_accept_encoding, session_id,
-			action, action_id, action_yes, action_flag, action_menu, action_loaded,
+			action, action_id, action_sub_id, action_yes, action_flag, action_menu, action_loaded,
 			action_value, action_type, action_error
 		) VALUES (
-			$1, NOW(), $2, $3, $4, $5,
+			$1, $2, $3, $4, NOW(), $5, $6, $7, $8, $9,
-			$6, $7, $8, $9, $10, $11, $12,
+			$10, $11, $12, $13, $14, $15, $16,
-			$13, $14, $15, $16,
+			$17, $18, $19, $20,
-			$17, $18, $19, $20, $21, $22,
+			$21, $22, $23, $24, $25, $26, $27,
-			$23, $24, $25
+			$28, $29, $30
 		)
 		SQL;
 		$this->db->dbExecParams(
@@ -356,9 +379,15 @@ class Backend
 			),
 			[
 				// row 1
-				isset($_SESSION['EUID']) && is_numeric($_SESSION['EUID']) ?
+				'',
+				!empty($_SESSION['EUID']) && is_numeric($_SESSION['EUID']) ?
 					$_SESSION['EUID'] : null,
+				!empty($_SESSION['ECUID']) && is_string($_SESSION['ECUID']) ?
+					$_SESSION['ECUID'] : null,
+				!empty($_SESSION['ECUUID']) && Uids::validateUuuidv4($_SESSION['ECUID']) ?
+					$_SESSION['ECUID'] : null,
 				(string)$event,
+				'',
 				$data_write,
 				$data_binary,
 				(string)$this->page_name,
@@ -379,6 +408,7 @@ class Backend
 				// row 4
 				$this->action ?? '',
 				$this->action_id ?? '',
+				$this->action_sub_id ?? '',
 				$this->action_yes ?? '',
 				$this->action_flag ?? '',
 				$this->action_menu ?? '',