ACL Login set deprecated edit user id too

We need that for some old calls in old projects

.phive/phars.xml

@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phive xmlns="https://phar.io/phive">
-  <phar name="phpunit" version="^9.6" installed="9.6.21" location="./tools/phpunit" copy="false"/>
+  <phar name="phpunit" version="^10.3.5" installed="10.3.5" location="./tools/phpunit" copy="false"/>
   <phar name="phpcbf" version="^3.7.2" installed="3.10.3" location="./tools/phpcbf" copy="false"/>
-  <phar name="phpcs" version="^3.7.2" installed="3.10.3" location="./tools/phpcs" copy="false"/>
-  <phar name="phpstan" version="^1.10.37" installed="1.12.4" location="./tools/phpstan" copy="false"/>
-  <phar name="phan" version="^5.4.2" installed="5.4.3" location="./tools/phan" copy="false"/>
+  <phar name="phpcs" version="^3.10.3" installed="3.10.3" location="./tools/phpcs" copy="false"/>
+  <phar name="phpstan" version="^2.0" installed="2.0.4" location="./tools/phpstan" copy="false"/>
+  <phar name="phan" version="^5.4.3" installed="5.4.3" location="./tools/phan" copy="false"/>
   <phar name="psalm" version="^5.15.0" installed="5.24.0" location="./tools/psalm" copy="false"/>
   <phar name="phpdox" version="^0.12.0" installed="0.12.0" location="./tools/phpdox" copy="false"/>
   <phar name="phpdocumentor" version="^3.4.2" installed="3.4.3" location="./tools/phpDocumentor" copy="false"/>

4dev/checking/phan.sh

@@ -1,5 +1,5 @@
 base="/storage/var/www/html/developers/clemens/core_data/php_libraries/trunk/";
 # must be run in ${base}
-cd $base;
+cd $base || exit;
 ${base}tools/phan --progress-bar -C --analyze-twice;
-cd ~;
+cd ~ || exit;

4dev/checking/phpstan.sh

@@ -1,5 +1,5 @@
 base="/storage/var/www/html/developers/clemens/core_data/php_libraries/trunk/";
 # must be run in ${base}
-cd $base;
+cd $base || exit;
 ${base}tools/phpstan;
-cd ~;
+cd ~ || exit;

4dev/checking/phpunit.sh

@@ -1,49 +1,96 @@
 #!/bin/env bash
 
-base="/storage/var/www/html/developers/clemens/core_data/php_libraries/trunk/";
+function error() {
+	if [ -t 1 ]; then echo "[MAK] ERROR: $*" >&2; fi; exit 0;
+}
+
+usage() {
+	cat <<EOF
+Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-t] [-v] [-p VERSION]
+
+Runs all the PHP unit tests.
+
+If -p is not set, the default intalled PHP is used.
+
+Available options:
+
+-h, --help        Print this help and exit
+-t, --testdox     Enable testdox output for phpunit
+-v, --verbose     Enable verbose output for PHPunit
+-p, --php VERSION Chose PHP version in the form of "N.N", if not found will exit
+EOF
+	exit
+}
+
+# set base variables
+BASE_PATH="/storage/var/www/html/developers/clemens/core_data/php_libraries/trunk/";
+PHPUNIT_CONFIG="${BASE_PATH}phpunit.xml";
+PHP_BIN_PATH=$(which php);
+if [ -z "${PHP_BIN_PATH}" ]; then
+	echo "Cannot find php binary";
+	exit;
+fi;
+DEFAULT_PHP_VERSION=$(${PHP_BIN_PATH} -r "echo PHP_MAJOR_VERSION.'.'.PHP_MINOR_VERSION;");
+if [ -z "${DEFAULT_PHP_VERSION}" ]; then
+	echo "Cannot set default PHP version";
+	exit;
+fi;
 # -c phpunit.xml
 # --testdox
-# call with "t" to give verbose testdox output
+# call with "-tt" to give verbose testdox output
 # SUPPORTED: https://www.php.net/supported-versions.php
-# call with php version number to force a certain php version
+# call with -p <php version number> to force a certain php version
 
 opt_testdox="";
-if [ "${1}" = "t" ] || [ "${2}" = "t" ]; then
-	opt_testdox="--testdox";
-fi;
-php_bin="";
-if [ -n "${1}" ]; then
+opt_verbose="";
+php_version="";
+no_php_version=0;
+while [ -n "${1-}" ]; do
 	case "${1}" in
-		# "7.3") php_bin="/usr/bin/php7.3 "; ;;
-		# "7.4") php_bin="/usr/bin/php7.4 "; ;;
-		# "8.0") php_bin="/usr/bin/php8.0 "; ;;
-		# "8.1") php_bin="/usr/bin/php8.1 "; ;;
-		"8.2") php_bin="/usr/bin/php8.2 "; ;;
-		"8.3") php_bin="/usr/bin/php8.4 "; ;;
-		*) echo "Not support PHP: ${1}"; exit; ;;
-	esac;
+		-t | --testdox)
+			opt_testdox="--testdox";
+			;;
+		-v | --verbose)
+			opt_verbose="--verbose";
+			;;
+		-p | --php)
+			php_version="${2-}";
+			shift
+			;;
+		-h | --help)
+			usage
+			;;
+		# invalid option
+		-?*)
+			error "[!] Unknown option: '$1'."
+			;;
+	esac
+	shift;
+done;
+
+if [ -z "${php_version}" ]; then
+	php_version="${DEFAULT_PHP_VERSION}";
+	no_php_version=1;
 fi;
-if [ -n "${2}" ] && [ -z "${php_bin}" ]; then
-	case "${2}" in
-		# "7.3") php_bin="/usr/bin/php7.3 "; ;;
-		# "7.4") php_bin="/usr/bin/php7.4 "; ;;
-		# "8.0") php_bin="/usr/bin/php8.0 "; ;;
-		# "8.1") php_bin="/usr/bin/php8.1 "; ;;
-		"8.2") php_bin="/usr/bin/php8.2 "; ;;
-		"8.3") php_bin="/usr/bin/php8.3 "; ;;
-		*) echo "Not support PHP: ${1}"; exit; ;;
-	esac;
+php_bin="${PHP_BIN_PATH}${php_version}";
+echo "Use PHP Version: ${php_version}";
+
+if [ ! -f "${php_bin}" ]; then
+	echo "Set php ${php_bin} does not exist";
+	exit;
 fi;
+php_bin="${php_bin} ";
 
 # Note 4dev/tests/bootstrap.php has to be set as bootstrap file in phpunit.xml
-phpunit_call="${php_bin}${base}vendor/bin/phpunit ${opt_testdox} -c ${base}phpunit.xml ${base}4dev/tests/";
+phpunit_call="${php_bin}${BASE_PATH}vendor/bin/phpunit ${opt_testdox} ${opt_verbose} -c ${PHPUNIT_CONFIG} ${BASE_PATH}4dev/tests/";
 
 ${phpunit_call};
 
-if [ ! -z "${php_bin}" ]; then
-	echo "CALLED WITH PHP: ${php_bin}"$(${php_bin} --version);
+echo -e "\nPHPUnit Config: ${PHPUNIT_CONFIG}";
+if [ "${no_php_version}" -eq 0 ]; then
+	echo "CALLED WITH PHP: ${php_bin}$(${php_bin} --version)";
 else
-	echo "Default PHP used: "$(php --version);
+	echo "Default PHP used: $(php --version)";
 fi;
 
 # __END__

4dev/tests/ACL/CoreLibsACLLoginTest.php

@@ -1531,6 +1531,12 @@ final class CoreLibsACLLoginTest extends TestCase
 				$login_mock->loginGetEditAccessCuidFromUid($mock_settings['edit_access_uid']),
 				'Assert check access uid to cuid valid'
 			);
+			// - loginGetEditAccessCuidFromId
+			$this->assertEquals(
+				$expected['check_access_cuid'],
+				$login_mock->loginGetEditAccessCuidFromUid($mock_settings['edit_access_id']),
+				'Assert check access id to cuid valid'
+			);
 			// Deprecated
 			// - loginCheckEditAccess
 			$this->assertEquals(

4dev/tests/DB/CoreLibsDBIOTest.php

@@ -5196,6 +5196,27 @@ final class CoreLibsDBIOTest extends TestCase
 				SQL,
 				'count' => 1,
 				'convert' => false,
+			],
+			'update with case' => [
+				'query' => <<<SQL
+				UPDATE table_with_primary_key SET
+					row_int = $1::INT,
+					row_varchar = CASE WHEN row_int = 1 THEN $2 ELSE 'bar'::VARCHAR END
+				WHERE
+					row_varchar = $3
+				SQL,
+				'count' => 3,
+				'convert' => false,
+			],
+			'select with case' => [
+				'query' => <<<SQL
+				SELECT row_int
+				FROM table_with_primary_key
+				WHERE
+					row_varchar = CASE WHEN row_int = 1 THEN $1 ELSE $2 END
+				SQL,
+				'count' => 2,
+				'convert' => false,
 			]
 		];
 	}

4dev/tests/Security/CoreLibsSecurityPasswordTest.php

@@ -13,6 +13,11 @@ use PHPUnit\Framework\TestCase;
  */
 final class CoreLibsSecurityPasswordTest extends TestCase
 {
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
 	public function passwordProvider(): array
 	{
 		return [
@@ -21,6 +26,11 @@ final class CoreLibsSecurityPasswordTest extends TestCase
 		];
 	}
 
+	/**
+	 * Note: we need different hash types for PHP versions
+	 *
+	 * @return array
+	 */
 	public function passwordRehashProvider(): array
 	{
 		return [
@@ -63,6 +73,10 @@ final class CoreLibsSecurityPasswordTest extends TestCase
 	 */
 	public function testPasswordRehashCheck(string $input, bool $expected): void
 	{
+		// in PHP 8.4 the length is $12
+		if (PHP_VERSION_ID > 80400) {
+			$input = str_replace('$2y$10$', '$2y$12$', $input);
+		}
 		$this->assertEquals(
 			$expected,
 			\CoreLibs\Security\Password::passwordRehashCheck($input)

phpunit.xml

@@ -1,7 +1,7 @@
 <phpunit
 	cacheResultFile="/tmp/phpunit-corelibs.result.cache"
 	colors="true"
-	verbose="true"
+	verbose="false"
 	convertDeprecationsToExceptions="true"
 	bootstrap="4dev/tests/bootstrap.php"
 >

www/admin/class_test.db.php

@@ -273,8 +273,8 @@ $query_insert = <<<SQL
 INSERT INTO
 	test_foo
 (
-	test, some_bool, string_a, number_a, number_a_numeric,
-	some_time, some_timestamp, json_string
+	test, some_bool, string_a, number_a, numeric_a,
+	some_internval, some_timestamp, json_string
 ) VALUES (
 	$1, $2, $3, $4, $5,
 	$6, $7, $8
@@ -283,8 +283,8 @@ RETURNING test
 SQL;
 $query_select = <<<SQL
 SELECT
-	test, some_bool, string_a, number_a, number_a_numeric,
-	some_time, some_time, some_timestamp, json_string
+	test, some_bool, string_a, number_a, numeric_a,
+	some_time, some_internval, some_timestamp, json_string
 FROM
 	test_foo
 WHERE
@@ -554,7 +554,7 @@ print "<b>PREPARE QUERIES</b><br>";
 // READ PREPARE
 $q_prep = <<<SQL
 SELECT test_foo_id, test, some_bool, string_a, number_a,
-number_a_numeric, some_time
+numeric_a, some_time
 FROM test_foo
 WHERE test = $1
 ORDER BY test_foo_id DESC LIMIT 5
@@ -582,7 +582,7 @@ if ($db->dbPrepare('sel_test_foo', $q_prep) === false) {
 
 // sel test with ANY () type
 $q_prep = "SELECT test_foo_id, test, some_bool, string_a, number_a, "
-	. "number_a_numeric, some_time "
+	. "numeric_a, some_time "
 	. "FROM test_foo "
 	. "WHERE test = ANY($1) "
 	. "ORDER BY test_foo_id DESC LIMIT 5";
@@ -618,7 +618,7 @@ $test_bar = $db->dbEscapeLiteral('SOMETHING DIFFERENT');
 $q = <<<SQL
 SELECT test_foo_id, test, some_bool, string_a, number_a,
 -- comment
-number_a_numeric, some_time
+numeric_a, some_time
 FROM test_foo
 WHERE test = $test_bar
 ORDER BY test_foo_id DESC LIMIT 5
@@ -631,7 +631,7 @@ print "DB RETURN PARAMS<br>";
 $q = <<<SQL
 SELECT test_foo_id, test, some_bool, string_a, number_a,
 -- comment
-number_a_numeric, some_time
+numeric_a, some_time
 FROM test_foo
 WHERE test = $1
 ORDER BY test_foo_id DESC LIMIT 5
@@ -646,7 +646,7 @@ echo "<hr>";
 print "DB RETURN PARAMS LIKE<br>";
 $q = <<<SQL
 SELECT
-	test_foo_id, test, some_bool, string_a, number_a, number_a_numeric
+	test_foo_id, test, some_bool, string_a, number_a, numeric_a
 FROM test_foo
 WHERE string_a LIKE $1;
 SQL;
@@ -660,7 +660,7 @@ echo "<hr>";
 print "DB RETURN PARAMS ANY<br>";
 $q = <<<SQL
 SELECT
-	test_foo_id, test, some_bool, string_a, number_a, number_a_numeric
+	test_foo_id, test, some_bool, string_a, number_a, numeric_a
 FROM test_foo
 WHERE string_a = ANY($1);
 SQL;

www/admin/class_test.db.query-placeholder.php

@@ -174,6 +174,26 @@ while (is_array($res = $db->dbReturnParams($query, [$query_value]))) {
 
 echo "<hr>";
 
+echo "<b>CASE part</b><br>";
+$query = <<<SQL
+UPDATE
+test_foo
+SET
+some_timestamp = NOW(),
+	-- if not 1 set, else keep at one
+	smallint_a = (CASE
+			WHEN smallint_a <> 1 THEN $1
+			ELSE 1::INT
+	END)::INT
+WHERE
+	string_a = $2
+SQL;
+echo "QUERY: <pre>" . $query . "</pre>";
+$res = $db->dbExecParams($query, [1, 'foobar']);
+print "ERROR: " . $db->dbGetLastError(true) . "<br>";
+
+echo "<hr>";
+
 // test connectors: = , <> () for query detection
 
 // convert placeholder tests
@@ -237,7 +257,7 @@ SQL,
 		SQL,
 		'params' => [1, 2, 3, 4, 5, 6],
 		'direction' => 'pg'
-	]
+	],
 ];
 
 $db->dbSetConvertPlaceholder(true);

www/admin/class_test.db.types.php

@@ -57,6 +57,43 @@ if (($dbh = $db->dbGetDbh()) instanceof \PgSql\Connection) {
 print "<b>TRUNCATE test_foo</b><br>";
 $db->dbExec("TRUNCATE test_foo");
 
+/*
+BELOW IS THE FULL TABLE WITH ALL PostgreSQL Types
+=> \d test_foo
+												Table "public.test_foo"
+Column            |            Type             | Nullable |                     Default
+------------------+-----------------------------+----------+-----------------------------------------------
+test              | character varying           |          |
+some_bool         | boolean                     |          |
+string_a          | character varying           |          |
+number_a          | integer                     |          |
+numeric_a         | numeric                     |          |
+some_internval    | interval                    |          |
+test_foo_id       | integer                     | not null | generated always as identity
+json_string       | jsonb                       |          |
+some_timestamp    | timestamp without time zone |          |
+some_binary       | bytea                       |          |
+null_var          | character varying           |          |
+smallint_a        | smallint                    |          |
+number_real       | real                        |          |
+number_double     | double precision            |          |
+number_serial     | integer                     | not null | nextval('test_foo_number_serial_seq'::regclass)
+array_char_1      | character varying[]         |          |
+array_char_2      | character varying[]         |          |
+array_int_1       | integer[]                   |          |
+array_int_2       | integer[]                   |          |
+composite_item    | inventory_item              |          |
+array_composite   | inventory_item[]            |          |
+numeric_3         | numeric(3,0)                |          |
+identity_always   | bigint                      | not null | generated always as identity
+identitiy_default | bigint                      | not null | generated by default as identity
+uuid_var          | uuid                        |          | gen_random_uuid()
+some_date         | date                        |          |
+some_time         | time without time zone      |          |
+bigint_a          | bigint                      |          |
+default_uuid      | uuid                        |          | gen_random_uuid()
+*/
+
 /* $q = <<<SQL
 INSERT INTO test_foo (test, array_composite) VALUES ('C', '{"(a,1,1.5)","(b,2,2.5)"}')
 SQL;
@@ -90,7 +127,7 @@ $query_params = [
 
 $query_insert = <<<SQL
 INSERT INTO test_foo (
-	test, some_bool, string_a, number_a, number_a_numeric, smallint_a,
+	test, some_bool, string_a, number_a, numeric_a, smallint_a,
 	some_time, some_timestamp, json_string, null_var,
 	array_char_1, array_int_1,
 	array_composite,
@@ -106,7 +143,7 @@ INSERT INTO test_foo (
 )
 RETURNING
 	test_foo_id,
-	test, some_bool, string_a, number_a, number_a_numeric, smallint_a,
+	test, some_bool, string_a, number_a, numeric_a, smallint_a,
 	some_time, some_timestamp, json_string, null_var,
 	array_char_1, array_int_1,
 	array_composite,
@@ -127,8 +164,8 @@ echo "<hr>";
 $query_select = <<<SQL
 SELECT
 	test_foo_id,
-	test, some_bool, string_a, number_a, number_a_numeric, smallint_a,
-	number_real, number_double, number_numeric_3, number_serial,
+	test, some_bool, string_a, number_a, numeric_a, smallint_a,
+	number_real, number_double, numeric_3, number_serial,
 	some_time, some_timestamp, json_string, null_var,
 	array_char_1, array_char_2, array_int_1, array_int_2, array_composite,
 	composite_item, (composite_item).*,

www/admin/class_test.output.form.php

@@ -29,15 +29,17 @@ $table_arrays = [];
 $table_arrays[\CoreLibs\Get\System::getPageName(1)] = [
 	// form fields mtaching up with db fields
 	'table_array' => [
+		'foo',
+		'bar'
 	],
 	// laod query
-	'load_query' => '',
+	'load_query' => 'SELECT uuid_nr, foo, bar FROM test',
 	// database table to load from
-	'table_name' => '',
+	'table_name' => 'test',
 	// for load dro pdown, format output
 	'show_fields' => [
 		[
-			'name' => 'name'
+			'name' => 'foo'
 		],
 		[
 			'name' => 'enabled',

www/admin/class_test.password.php

@@ -37,6 +37,8 @@ print "<body>";
 print '<div><a href="class_test.php">Class Test Master</a></div>';
 print '<div><h1>' . $PAGE_NAME . '</h1></div>';
 
+print "PHP Version: " . PHP_VERSION . "<br>";
+
 $password = 'something1234';
 $enc_password = $_password->passwordSet($password);
 print "PASSWORD: $password: " . $enc_password . "<br>";
@@ -51,6 +53,20 @@ print "PASSWORD REHASH: " . (string)$password_class::passwordRehashCheck($enc_pa
 // direct static
 print "S::PASSWORD VERFIY: " . (string)PwdChk::passwordVerify($password, $enc_password) . "<br>";
 
+if (PHP_VERSION_ID < 80400) {
+	$rehash_test = '$2y$10$EgWJ2WE73DWi.hIyFRCdpejLXTvHbmTK3LEOclO1tAvXAXUNuUS4W';
+	$rehash_test_throw = '$2y$12$EgWJ2WE73DWi.hIyFRCdpejLXTvHbmTK3LEOclO1tAvXAXUNuUS4W';
+} else {
+	$rehash_test = '$2y$12$EgWJ2WE73DWi.hIyFRCdpejLXTvHbmTK3LEOclO1tAvXAXUNuUS4W';
+	$rehash_test_throw = '$2y$10$EgWJ2WE73DWi.hIyFRCdpejLXTvHbmTK3LEOclO1tAvXAXUNuUS4W';
+}
+if (PwdChk::passwordRehashCheck($rehash_test)) {
+	print "Bad password [BAD]<br>";
+}
+if (PwdChk::passwordRehashCheck($rehash_test_throw)) {
+	print "Bad password [OK]<br>";
+}
+
 print "</body></html>";
 
 // __END__

www/admin/class_test.smarty.php

@@ -4,6 +4,8 @@
  * @phan-file-suppress PhanTypeSuspiciousStringExpression
  */
 
+// FIXME: Smarty Class must be updated for PHP 8.4
+
 declare(strict_types=1);
 
 error_reporting(E_ALL | E_ERROR | E_WARNING | E_PARSE | E_COMPILE_ERROR);
@@ -33,6 +35,7 @@ $l10n = new \CoreLibs\Language\L10n(
 );
 $smarty = new CoreLibs\Template\SmartyExtend(
 	$l10n,
+	$log,
 	CACHE_ID,
 	COMPILE_ID,
 );
@@ -45,6 +48,7 @@ $adm = new CoreLibs\Admin\Backend(
 );
 $adm->DATA['adm_set'] = 'SET from admin class';
 
+
 $PAGE_NAME = 'TEST CLASS: SMARTY';
 print "<!DOCTYPE html>";
 print "<html><head><title>" . $PAGE_NAME . "</title></head>";

www/composer.json

@@ -21,7 +21,7 @@
         }
     },
     "require": {
-        "egrajp/smarty-extended": "^4.3",
+        "egrajp/smarty-extended": "^5.4",
         "php": ">=8.1",
         "gullevek/dotenv": "^2.0",
         "psr/log": "^2.0 || ^3.0"

www/includes/admin_header.php

@@ -91,7 +91,7 @@ $l10n = new \CoreLibs\Language\L10n(
 );
 
 // create smarty object
-$smarty = new \CoreLibs\Template\SmartyExtend($l10n, CACHE_ID, COMPILE_ID);
+$smarty = new \CoreLibs\Template\SmartyExtend($l10n, $log, CACHE_ID, COMPILE_ID);
 // create new Backend class with db and loger attached
 $cms = new \CoreLibs\Admin\Backend($db, $log, $session, $l10n, DEFAULT_ACL_LEVEL);
 // the menu show flag (what menu to show)
@@ -116,7 +116,7 @@ $data = [
 // log action
 // no log if login
 if (!$login->loginActionRun()) {
-	$login->writeLog('Submit', $data, $cms->adbGetActionSet(), 'BINARY');
+	$login->writeLog('Submit', $data, action_set:$cms->adbGetActionSet(), write_type:'BINARY');
 }
 //------------------------------ logging end
 

www/lib/CoreLibs/ACL/Login.php

@@ -1418,6 +1418,7 @@ class Login
 				'additional_acl' => Json::jsonConvertToArray($res['additional_acl']),
 				'data' => $ea_data
 			];
+			// LEGACY LOOKUP
 			$unit_access_eaid[$res['edit_access_id']] = [
 				'cuid' => $res['cuid'],
 			];
@@ -1477,6 +1478,8 @@ class Login
 		// username (login), group name
 		$this->acl['user_name'] = $_SESSION['LOGIN_USER_NAME'];
 		$this->acl['group_name'] = $_SESSION['LOGIN_GROUP_NAME'];
+		// DEPRECATED
+		$this->acl['euid'] = $_SESSION['LOGIN_EUID'];
 		// edit user cuid
 		$this->acl['eucuid'] = $_SESSION['LOGIN_EUCUID'];
 		$this->acl['eucuuid'] = $_SESSION['LOGIN_EUCUUID'];
@@ -1552,8 +1555,10 @@ class Login
 			$this->acl['unit_legacy'][$unit['id']] = $this->acl['unit'][$ea_cuid];
 			// detail name/level set
 			$this->acl['unit_detail'][$ea_cuid] = [
+				'id' =>  $unit['id'],
 				'name' => $unit['name'],
 				'uid' => $unit['uid'],
+				'cuuid' => $unit['cuuid'],
 				'level' => $this->default_acl_list[$this->acl['unit'][$ea_cuid]]['name'] ?? -1,
 				'default' => $unit['default'],
 				'data' => $unit['data'],
@@ -3277,6 +3282,20 @@ HTML;
 		return (int)$_SESSION['LOGIN_UNIT_CUID'][$uid];
 	}
 
+	/**
+	 * Legacy lookup for edit access id to cuid
+	 *
+	 * @param  int          $id edit access id PK
+	 * @return string|false     edit access cuid or false if not found
+	 */
+	public function loginGetEditAccessCuidFromId(int $id): string|false
+	{
+		if (!isset($_SESSION['LOGIN_UNIT_ACL_LEVEL'][$id])) {
+			return false;
+		}
+		return (string)$_SESSION['LOGIN_UNIT_ACL_LEVEL'][$id]['cuid'];
+	}
+
 	/**
 	 * Check if admin flag is set
 	 *

www/lib/CoreLibs/Admin/Backend.php

@@ -289,7 +289,7 @@ class Backend
 	 *                                                        JSON, STRING/SERIEAL, BINARY/BZIP or ZLIB
 	 * @param  string|null         $db_schema [default=null]  override target schema
 	 * @return void
-	 * @deprecated Use $login->writeLog() and set action_set from ->adbGetActionSet()
+	 * @deprecated Use $login->writeLog($event, $data, action_set:$cms->adbGetActionSet(), write_type:$write_type)
 	 */
 	public function adbEditLog(
 		string $event = '',

www/lib/CoreLibs/Admin/EditBase.php

@@ -14,9 +14,6 @@ declare(strict_types=1);
 
 namespace CoreLibs\Admin;
 
-use Exception;
-use SmartyException;
-
 class EditBase
 {
 	/** @var array<mixed> */
@@ -63,6 +60,7 @@ class EditBase
 		// smarty template engine (extended Translation version)
 		$this->smarty = new \CoreLibs\Template\SmartyExtend(
 			$l10n,
+			$log,
 			$options['cache_id'] ?? '',
 			$options['compile_id'] ?? '',
 		);
@@ -538,8 +536,7 @@ class EditBase
 	 * builds the smarty content and runs smarty display output
 	 *
 	 * @return void
-	 * @throws Exception
-	 * @throws SmartyException
+	 * @throws \Smarty\Exception
 	 */
 	public function editBaseRun(
 		?string $template_dir = null,

www/lib/CoreLibs/DB/Support/ConvertPlaceholder.php

@@ -26,7 +26,9 @@ class ConvertPlaceholder
 		. '&&|' // array overlap
 		. '\-\|\-|' // range overlap for array
 		. '[^-]-{1}|' // single -, used in JSON too
-		. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-'; //JSON searches, Array searchs, etc
+		. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-|' // JSON searches, Array searchs, etc
+		. 'THEN|ELSE' // command parts (CASE)
+	;
 	/** @var string the main regex including  the pattern query split */
 	private const PATTERN_ELEMENT = '(?:\'.*?\')?\s*(?:' . self::PATTERN_QUERY_SPLIT . ')\s*';
 	/** @var string comment regex

www/lib/CoreLibs/Security/AsymmetricAnonymousEncryption.php

@@ -115,7 +115,7 @@ class AsymmetricAnonymousEncryption
 	 * @return string
 	 * @throws \UnexpectedValueException key pair empty
 	 * @throws \UnexpectedValueException invalid hex key pair
-	 * @throws \UnexpectedValueException key pair not correct size
+	 * @throws \RangeException key pair not correct size
 	 */
 	private function createKeyPair(
 		#[\SensitiveParameter]
@@ -147,7 +147,7 @@ class AsymmetricAnonymousEncryption
 	 * @return string
 	 * @throws \UnexpectedValueException public key empty
 	 * @throws \UnexpectedValueException invalid hex key
-	 * @throws \UnexpectedValueException invalid key length
+	 * @throws \RangeException invalid key length
 	 */
 	private function createPublicKey(?string $public_key): string
 	{

www/lib/CoreLibs/Template/SmartyExtend.php

@@ -19,12 +19,13 @@ declare(strict_types=1);
 
 namespace CoreLibs\Template;
 
-// leading slash if this is in lib\Smarty
-class SmartyExtend extends \Smarty
+class SmartyExtend extends \Smarty\Smarty
 {
 	// internal translation engine
-	/** @var \CoreLibs\Language\L10n */
+	/** @var \CoreLibs\Language\L10n language class */
 	public \CoreLibs\Language\L10n $l10n;
+	/** @var \CoreLibs\Logging\Logging $log logging class */
+	public \CoreLibs\Logging\Logging $log;
 
 	// lang & encoding
 	/** @var string */
@@ -157,14 +158,18 @@ class SmartyExtend extends \Smarty
 	 * calls L10 for pass on internaly in smarty
 	 * also registers the getvar caller plugin
 	 *
-	 * @param \CoreLibs\Language\L10n $l10n l10n language class
-	 * @param string|null             $cache_id
-	 * @param string|null             $compile_id
+	 * @param \CoreLibs\Language\L10n   $l10n l10n language class
+	 * @param \CoreLibs\Logging\Logging $log Logger class
+	 * @param string|null               $cache_id [default=null]
+	 * @param string|null               $compile_id [default=null]
+	 * @param array<string,mixed>       $options [default=[]]
 	 */
 	public function __construct(
 		\CoreLibs\Language\L10n $l10n,
+		\CoreLibs\Logging\Logging $log,
 		?string $cache_id = null,
-		?string $compile_id = null
+		?string $compile_id = null,
+		array $options = []
 	) {
 		// trigger deprecation
 		if (
@@ -177,14 +182,33 @@ class SmartyExtend extends \Smarty
 				E_USER_DEPRECATED
 			);
 		}
-		// set variables (to be deprecated)
-		$cache_id = $cache_id ??
-			(defined('CACHE_ID') ? CACHE_ID : '');
-		$compile_id = $compile_id ??
-			(defined('COMPILE_ID') ? COMPILE_ID : '');
+		// set variables from global constants (deprecated)
+		if ($cache_id === null && defined('CACHE_ID')) {
+			trigger_error(
+				'SmartyExtended: No cache_id set and CACHE_ID constant set, this is deprecated',
+				E_USER_DEPRECATED
+			);
+			$cache_id = CACHE_ID;
+		}
+		if ($compile_id === null && defined('COMPILE_ID')) {
+			trigger_error(
+				'SmartyExtended: No compile_id set and COMPILE_ID constant set, this is deprecated',
+				E_USER_DEPRECATED
+			);
+			$compile_id = COMPILE_ID;
+		}
+		if (empty($cache_id)) {
+			throw new \BadMethodCallException('cache_id parameter is not set');
+		}
+		if (empty($compile_id)) {
+			throw new \BadMethodCallException('compile_id parameter is not set');
+		}
+
 		// call basic smarty
-		// or Smarty::__construct();
 		parent::__construct();
+
+		$this->log = $log;
+
 		// init lang
 		$this->l10n = $l10n;
 		// parse and read, legacy stuff
@@ -194,7 +218,6 @@ class SmartyExtend extends \Smarty
 		$this->lang_short = $locale['lang_short'];
 		$this->domain = $locale['domain'];
 		$this->lang_dir = $locale['path'];
-
 		// opt load functions so we can use legacy init for smarty run perhaps
 		\CoreLibs\Language\L10n::loadFunctions();
 		_setlocale(LC_MESSAGES, $locale['locale']);
@@ -203,7 +226,6 @@ class SmartyExtend extends \Smarty
 		_bind_textdomain_codeset($this->domain, $this->encoding);
 
 		// register smarty variable
-		// $this->registerPlugin(\Smarty\Smarty::PLUGIN_MODIFIER, 'getvar', [&$this, 'getTemplateVars']);
 		$this->registerPlugin(self::PLUGIN_MODIFIER, 'getvar', [&$this, 'getTemplateVars']);
 
 		$this->page_name = \CoreLibs\Get\System::getPageName();
@@ -211,6 +233,77 @@ class SmartyExtend extends \Smarty
 		// set internal settings
 		$this->CACHE_ID = $cache_id;
 		$this->COMPILE_ID = $compile_id;
+		// set options
+		$this->setOptions($options);
+	}
+
+	/**
+	 * set options
+	 *
+	 * @param  array<string,mixed> $options
+	 * @return void
+	 */
+	private function setOptions(array $options): void
+	{
+		// set escape html if option is set
+		if (!empty($options['escape_html'])) {
+			$this->setEscapeHtml(true);
+		}
+		// load plugins
+		// plugin array:
+		// 'file': string, path to plugin content to load
+		// 'type': a valid smarty type see Smarty PLUGIN_ constants for correct names
+		// 'tag': the smarty tag
+		// 'callback': the function to call in 'file'
+		if (!empty($options['plugins'])) {
+			foreach ($options['plugins'] as $plugin) {
+				// file is readable
+				if (
+					empty($plugin['file']) ||
+					!is_file($plugin['file']) ||
+					!is_readable($plugin['file'])
+				) {
+					$this->log->warning('SmartyExtended plugin load failed, file not accessable', [
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+				// tag is alphanumeric
+				if (!preg_match("/^\w+$/", $plugin['tag'] ?? '')) {
+					$this->log->warning('SmartyExtended plugin load failed, invalid tag', [
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+				// callback is alphanumeric
+				if (!preg_match("/^\w+$/", $plugin['callback'] ?? '')) {
+					$this->log->warning('SmartyExtended plugin load failed, invalid callback', [
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+				try {
+					/** @phan-suppress-next-line PhanNoopNew */
+					new \ReflectionClassConstant($this, $plugin['type']);
+				} catch (\ReflectionException $e) {
+					$this->log->error('SmartyExtended plugin load failed, type is not valid', [
+						'message' => $e->getMessage(),
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+				try {
+					require $plugin['file'];
+					$this->registerPlugin($plugin['type'], $plugin['tag'], $plugin['callback']);
+				} catch (\Smarty\Exception $e) {
+					$this->log->error('SmartyExtended plugin load failed with exception', [
+						'message' => $e->getMessage(),
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+			}
+		}
 	}
 
 	/**