Fix phpstan problems in test db encryption file

The parameter count methods in the PgSQL class have changed
- the function returns a unique list of $ parameters

The count is now done in the DB IO part where it counts over the unique array

Query hash is stored like the query for the current run one (reset on dbExec call).
The method to create the hash is renamed to dbBuildQueryHash instead of "Get".
The dbGetQueryHash function now just returns the last set query hash. There is a matching dbResetQueryHash for unsetting the query hash.

.gitignore

@@ -5,3 +5,5 @@ vendor/
 tools/
 www/composer.lock
 www/vendor
+**/.env
+**/.target

4dev/tests/ACL/CoreLibsACLLoginTest.php

@@ -152,7 +152,6 @@ final class CoreLibsACLLoginTest extends TestCase
 		// TARGET
 		define('TARGET', 'test');
 		// LOGIN DB SCHEMA
-		// define('LOGIN_DB_SCHEMA', '');
 
 		// SHOULD SET
 		// DEFAULT_ACL_LEVEL (d80)

4dev/tests/Combined/CoreLibsCombinedDateTimeTest.php

@@ -1068,8 +1068,32 @@ final class CoreLibsCombinedDateTimeTest extends TestCase
 				return_named:$return_named,
 				include_end_date:$include_end_date,
 				exclude_start_date:$exclude_start_date
-			)
+			),
+			'call calcDaysInterval'
 		);
+		if ($return_named) {
+			$this->assertEquals(
+				$expected,
+				\CoreLibs\Combined\DateTime::calcDaysIntervalNamedIndex(
+					$input_a,
+					$input_b,
+					include_end_date:$include_end_date,
+					exclude_start_date:$exclude_start_date
+				),
+				'call calcDaysIntervalNamedIndex'
+			);
+		} else {
+			$this->assertEquals(
+				$expected,
+				\CoreLibs\Combined\DateTime::calcDaysIntervalNumIndex(
+					$input_a,
+					$input_b,
+					include_end_date:$include_end_date,
+					exclude_start_date:$exclude_start_date
+				),
+				'call calcDaysIntervalNamedIndex'
+			);
+		}
 	}
 
 	/**

4dev/tests/Convert/CoreLibsConvertByteTest.php

@@ -40,7 +40,7 @@ final class CoreLibsConvertByteTest extends TestCase
 				4 => '1.00 KB',
 				5 => '1.02KiB',
 			],
-			'invalud string number' => [
+			'invalid string number' => [
 				0 => '1024 MB',
 				1 => '1024 MB',
 				2 => '1024 MB',

4dev/tests/Create/CoreLibsCreateHashTest.php

@@ -21,8 +21,10 @@ final class CoreLibsCreateHashTest extends TestCase
 	public function hashData(): array
 	{
 		return [
-			'any string' => [
+			'hash tests' => [
+				// this is the string
 				'text' => 'Some String Text',
+				// hash list special
 				'crc32b_reverse' => 'c5c21d91', // crc32b (in revere)
 				'sha1Short' => '4d2bc9ba0', // sha1Short
 				// via hash
@@ -31,6 +33,8 @@ final class CoreLibsCreateHashTest extends TestCase
 				'fnv132' => '9df444f9', // hash: fnv132
 				'fnv1a32' => '2c5f91b9', // hash: fnv1a32
 				'joaat' => '50dab846', // hash: joaat
+				'ripemd160' => 'aeae3f041b20136451519edd9361570909300342', // hash: ripemd160,
+				'sha256' => '9055080e022f224fa835929b80582b3c71c672206fa3a49a87412c25d9d42ceb', // hash: sha256
 			]
 		];
 	}
@@ -81,7 +85,7 @@ final class CoreLibsCreateHashTest extends TestCase
 	{
 		$list = [];
 		foreach ($this->hashData() as $name => $values) {
-			foreach ([null, 'crc32b', 'adler32', 'fnv132', 'fnv1a32', 'joaat'] as $_hash_type) {
+			foreach ([null, 'crc32b', 'adler32', 'fnv132', 'fnv1a32', 'joaat', 'ripemd160', 'sha256'] as $_hash_type) {
 				// default value test
 				if ($_hash_type === null) {
 					$hash_type = \CoreLibs\Create\Hash::STANDARD_HASH_SHORT;
@@ -114,6 +118,22 @@ final class CoreLibsCreateHashTest extends TestCase
 		];
 	}
 
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function hashStandardProvider(): array
+	{
+		$hash_source = 'Some String Text';
+		return [
+			'Long Hash check: ' . \CoreLibs\Create\Hash::STANDARD_HASH => [
+				$hash_source,
+				hash(\CoreLibs\Create\Hash::STANDARD_HASH, $hash_source)
+			],
+		];
+	}
+
 	/**
 	 * Undocumented function
 	 *
@@ -136,9 +156,13 @@ final class CoreLibsCreateHashTest extends TestCase
 	/**
 	 * Undocumented function
 	 *
+	 * phpcs:disable Generic.Files.LineLength
 	 * @covers ::__sha1Short
+	 * @covers ::__crc32b
+	 * @covers ::sha1Short
 	 * @dataProvider sha1ShortProvider
-	 * @testdox __sha1Short $input will be $expected (crc32b) and $expected_sha1 (sha1 short) [$_dataName]
+	 * @testdox __sha1Short/__crc32b/sha1short $input will be $expected (crc32b) and $expected_sha1 (sha1 short) [$_dataName]
+	 * phpcs:enable Generic.Files.LineLength
 	 *
 	 * @param string $input
 	 * @param string $expected
@@ -149,16 +173,29 @@ final class CoreLibsCreateHashTest extends TestCase
 		// uses crc32b
 		$this->assertEquals(
 			$expected,
-			\CoreLibs\Create\Hash::__sha1Short($input)
+			\CoreLibs\Create\Hash::__sha1Short($input),
+			'__sha1Short depreacted'
 		);
 		$this->assertEquals(
 			$expected,
-			\CoreLibs\Create\Hash::__sha1Short($input, false)
+			\CoreLibs\Create\Hash::__sha1Short($input, false),
+			'__sha1Short (false) depreacted'
+		);
+		$this->assertEquals(
+			$expected,
+			\CoreLibs\Create\Hash::__crc32b($input),
+			'__crc32b'
 		);
 		// sha1 type
 		$this->assertEquals(
 			$expected_sha1,
-			\CoreLibs\Create\Hash::__sha1Short($input, true)
+			\CoreLibs\Create\Hash::__sha1Short($input, true),
+			'__sha1Short (true) depreacted'
+		);
+		$this->assertEquals(
+			$expected_sha1,
+			\CoreLibs\Create\Hash::sha1Short($input),
+			'sha1Short'
 		);
 	}
 
@@ -166,8 +203,10 @@ final class CoreLibsCreateHashTest extends TestCase
 	 * Undocumented function
 	 *
 	 * @covers ::__hash
+	 * @covers ::hashShort
+	 * @covers ::hashShort
 	 * @dataProvider hashProvider
-	 * @testdox __hash $input with $hash_type will be $expected [$_dataName]
+	 * @testdox __hash/hashShort/hash $input with $hash_type will be $expected [$_dataName]
 	 *
 	 * @param string $input
 	 * @param string|null $hash_type
@@ -179,12 +218,24 @@ final class CoreLibsCreateHashTest extends TestCase
 		if ($hash_type === null) {
 			$this->assertEquals(
 				$expected,
-				\CoreLibs\Create\Hash::__hash($input)
+				\CoreLibs\Create\Hash::__hash($input),
+				'__hash'
+			);
+			$this->assertEquals(
+				$expected,
+				\CoreLibs\Create\Hash::hashShort($input),
+				'hashShort'
 			);
 		} else {
 			$this->assertEquals(
 				$expected,
-				\CoreLibs\Create\Hash::__hash($input, $hash_type)
+				\CoreLibs\Create\Hash::__hash($input, $hash_type),
+				'__hash with hash type'
+			);
+			$this->assertEquals(
+				$expected,
+				\CoreLibs\Create\Hash::hash($input, $hash_type),
+				'hash with hash type'
 			);
 		}
 	}
@@ -193,8 +244,9 @@ final class CoreLibsCreateHashTest extends TestCase
 	 * Undocumented function
 	 *
 	 * @covers ::__hashLong
+	 * @covers ::hashLong
 	 * @dataProvider hashLongProvider
-	 * @testdox __hashLong $input will be $expected [$_dataName]
+	 * @testdox __hashLong/hashLong $input will be $expected [$_dataName]
 	 *
 	 * @param string $input
 	 * @param string $expected
@@ -206,6 +258,168 @@ final class CoreLibsCreateHashTest extends TestCase
 			$expected,
 			\CoreLibs\Create\Hash::__hashLong($input)
 		);
+		$this->assertEquals(
+			$expected,
+			\CoreLibs\Create\Hash::hashLong($input)
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::hash
+	 * @covers ::hashStd
+	 * @dataProvider hashStandardProvider
+	 * @testdox hash/hashStd $input will be $expected [$_dataName]
+	 *
+	 * @param string $input
+	 * @param string $expected
+	 * @return void
+	 */
+	public function testHashStandard(string $input, string $expected): void
+	{
+		$this->assertEquals(
+			$expected,
+			\CoreLibs\Create\Hash::hashStd($input)
+		);
+		$this->assertEquals(
+			$expected,
+			\CoreLibs\Create\Hash::hash($input)
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::hash
+	 * @testdox hash with invalid type
+	 *
+	 * @return void
+	 */
+	public function testInvalidHashType(): void
+	{
+		$hash_source = 'Some String Text';
+		$expected = hash(\CoreLibs\Create\Hash::STANDARD_HASH, $hash_source);
+		$this->assertEquals(
+			$expected,
+			\CoreLibs\Create\Hash::hash($hash_source, 'DOES_NOT_EXIST')
+		);
+	}
+
+	/**
+	 * Note: this only tests default sha256
+	 *
+	 * @covers ::hashHmac
+	 * @testdox hash hmac test
+	 *
+	 * @return void
+	 */
+	public function testHashMac(): void
+	{
+		$hash_key = 'FIX KEY';
+		$hash_source = 'Some String Text';
+		$expected = '16479b3ef6fa44e1cdd8b2dcfaadf314d1a7763635e8738f1e7996d714d9b6bf';
+		$this->assertEquals(
+			$expected,
+			\CoreLibs\Create\Hash::hashHmac($hash_source, $hash_key)
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::hashHmac
+	 * @testdox hash hmac with invalid type
+	 *
+	 * @return void
+	 */
+	public function testInvalidHashMacType(): void
+	{
+		$hash_key = 'FIX KEY';
+		$hash_source = 'Some String Text';
+		$expected = hash_hmac(\CoreLibs\Create\Hash::STANDARD_HASH, $hash_source, $hash_key);
+		$this->assertEquals(
+			$expected,
+			\CoreLibs\Create\Hash::hashHmac($hash_source, $hash_key, 'DOES_NOT_EXIST')
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array<mixed>
+	 */
+	public function providerHashTypes(): array
+	{
+		return [
+			'Hash crc32b' => [
+				'crc32b',
+				true,
+				false,
+			],
+			'Hash adler32' => [
+				'adler32',
+				true,
+				false,
+			],
+			'HAsh fnv132' => [
+				'fnv132',
+				true,
+				false,
+			],
+			'Hash fnv1a32' => [
+				'fnv1a32',
+				true,
+				false,
+			],
+			'Hash: joaat' => [
+				'joaat',
+				true,
+				false,
+			],
+			'Hash: ripemd160' => [
+				'ripemd160',
+				true,
+				true,
+			],
+			'Hash: sha256' => [
+				'sha256',
+				true,
+				true,
+			],
+			'Hash: invalid' => [
+				'invalid',
+				false,
+				false
+			]
+		];
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::isValidHashType
+	 * @covers ::isValidHashHmacType
+	 * @dataProvider providerHashTypes
+	 * @testdox check if $hash_type is valid for hash $hash_ok and hash hmac $hash_hmac_ok [$_dataName]
+	 *
+	 * @param  string $hash_type
+	 * @param  bool   $hash_ok
+	 * @param  bool   $hash_hmac_ok
+	 * @return void
+	 */
+	public function testIsValidHashAndHashHmacTypes(string $hash_type, bool $hash_ok, bool $hash_hmac_ok): void
+	{
+		$this->assertEquals(
+			$hash_ok,
+			\CoreLibs\Create\Hash::isValidHashType($hash_type),
+			'hash valid'
+		);
+		$this->assertEquals(
+			$hash_hmac_ok,
+			\CoreLibs\Create\Hash::isValidHashHmacType($hash_type),
+			'hash hmac valid'
+		);
 	}
 }
 

4dev/tests/DB/CoreLibsDBIOTest.php

@@ -135,6 +135,7 @@ final class CoreLibsDBIOTest extends TestCase
 		}
 		// check if they already exist, drop them
 		if ($db->dbShowTableMetaData('table_with_primary_key') !== false) {
+			$db->dbExec("CREATE EXTENSION IF NOT EXISTS pgcrypto");
 			$db->dbExec("DROP TABLE table_with_primary_key");
 			$db->dbExec("DROP TABLE table_without_primary_key");
 			$db->dbExec("DROP TABLE test_meta");
@@ -4744,7 +4745,7 @@ final class CoreLibsDBIOTest extends TestCase
 		$res = $db->dbReturnRowParams($query_select, ['CONVERT_TYPE_TEST']);
 		// all hast to be string
 		foreach ($res as $key => $value) {
-			$this->assertIsString($value, 'Aseert string for column: ' . $key);
+			$this->assertIsString($value, 'Assert string for column: ' . $key);
 		}
 		// convert base only
 		$db->dbSetConvertFlag(Convert::on);
@@ -4757,10 +4758,10 @@ final class CoreLibsDBIOTest extends TestCase
 			}
 			switch ($type_layout[$name]) {
 				case 'int':
-					$this->assertIsInt($value, 'Aseert int for column: ' . $key . '/' . $name);
+					$this->assertIsInt($value, 'Assert int for column: ' . $key . '/' . $name);
 					break;
 				default:
-					$this->assertIsString($value, 'Aseert string for column: ' . $key  . '/' . $name);
+					$this->assertIsString($value, 'Assert string for column: ' . $key  . '/' . $name);
 					break;
 			}
 		}
@@ -4774,13 +4775,13 @@ final class CoreLibsDBIOTest extends TestCase
 			}
 			switch ($type_layout[$name]) {
 				case 'int':
-					$this->assertIsInt($value, 'Aseert int for column: ' . $key . '/' . $name);
+					$this->assertIsInt($value, 'Assert int for column: ' . $key . '/' . $name);
 					break;
 				case 'float':
-					$this->assertIsFloat($value, 'Aseert float for column: ' . $key . '/' . $name);
+					$this->assertIsFloat($value, 'Assert float for column: ' . $key . '/' . $name);
 					break;
 				default:
-					$this->assertIsString($value, 'Aseert string for column: ' . $key  . '/' . $name);
+					$this->assertIsString($value, 'Assert string for column: ' . $key  . '/' . $name);
 					break;
 			}
 		}
@@ -4794,17 +4795,17 @@ final class CoreLibsDBIOTest extends TestCase
 			}
 			switch ($type_layout[$name]) {
 				case 'int':
-					$this->assertIsInt($value, 'Aseert int for column: ' . $key . '/' . $name);
+					$this->assertIsInt($value, 'Assert int for column: ' . $key . '/' . $name);
 					break;
 				case 'float':
-					$this->assertIsFloat($value, 'Aseert float for column: ' . $key . '/' . $name);
+					$this->assertIsFloat($value, 'Assert float for column: ' . $key . '/' . $name);
 					break;
 				case 'json':
 				case 'jsonb':
-					$this->assertIsArray($value, 'Aseert array for column: ' . $key . '/' . $name);
+					$this->assertIsArray($value, 'Assert array for column: ' . $key . '/' . $name);
 					break;
 				default:
-					$this->assertIsString($value, 'Aseert string for column: ' . $key  . '/' . $name);
+					$this->assertIsString($value, 'Assert string for column: ' . $key  . '/' . $name);
 					break;
 			}
 		}
@@ -4818,25 +4819,25 @@ final class CoreLibsDBIOTest extends TestCase
 			}
 			switch ($type_layout[$name]) {
 				case 'int':
-					$this->assertIsInt($value, 'Aseert int for column: ' . $key . '/' . $name);
+					$this->assertIsInt($value, 'Assert int for column: ' . $key . '/' . $name);
 					break;
 				case 'float':
-					$this->assertIsFloat($value, 'Aseert float for column: ' . $key . '/' . $name);
+					$this->assertIsFloat($value, 'Assert float for column: ' . $key . '/' . $name);
 					break;
 				case 'json':
 				case 'jsonb':
-					$this->assertIsArray($value, 'Aseert array for column: ' . $key . '/' . $name);
+					$this->assertIsArray($value, 'Assert array for column: ' . $key . '/' . $name);
 					break;
 				case 'bytea':
 					// for hex types it must not start with \x
 					$this->assertStringStartsNotWith(
 						'\x',
 						$value,
-						'Aseert bytes not starts with \x for column: ' . $key . '/' . $name
+						'Assert bytes not starts with \x for column: ' . $key . '/' . $name
 					);
 					break;
 				default:
-					$this->assertIsString($value, 'Aseert string for column: ' . $key  . '/' . $name);
+					$this->assertIsString($value, 'Assert string for column: ' . $key  . '/' . $name);
 					break;
 			}
 		}
@@ -5008,8 +5009,8 @@ final class CoreLibsDBIOTest extends TestCase
 				)
 			),
 			($params === null ?
-				$db->dbGetQueryHash($query) :
-				$db->dbGetQueryHash($query, $params)
+				$db->dbBuildQueryHash($query) :
+				$db->dbBuildQueryHash($query, $params)
 			),
 			'Failed assertdbGetQueryHash '
 		);
@@ -5235,6 +5236,9 @@ final class CoreLibsDBIOTest extends TestCase
 					$3
 					-- comment 3
 					, $4
+					-- ignore $5, $6
+					-- $7, $8
+					-- digest($9, 10)
 				)
 				SQL,
 				'count' => 4,
@@ -5305,8 +5309,57 @@ final class CoreLibsDBIOTest extends TestCase
 				SQL,
 				'count' => 2,
 				'convert' => false,
+			],
+			// special $$ string case
+			'text string, with $ placehoders that could be seen as $$ string' => [
+				'query' => <<<SQL
+				SELECT row_int
+				FROM table_with_primary_key
+				WHERE
+					row_bytea = digest($3::VARCHAR, $4) OR
+					row_varchar = encode(digest($3, $4), 'hex') OR
+					row_bytea = hmac($3, $5, $4) OR
+					row_varchar = encode(hmac($3, $5, $4), 'hex') OR
+					row_bytea = pgp_sym_encrypt($3, $6) OR
+					row_varchar = encode(pgp_sym_encrypt($1, $6), 'hex') OR
+					row_varchar = CASE WHEN row_int = 1 THEN $1 ELSE $2 END
+				SQL,
+				'count' => 6,
+				'convert' => false,
+			],
+			// NOTE, in SQL heredoc we cannot write $$ strings parts
+			'text string, with $ placehoders are in $$ strings' => [
+				'query' => '
+				SELECT row_int
+				FROM table_with_primary_key
+				WHERE
+					row_varchar = $$some string$$ OR
+					row_varchar = $tag$some string$tag$ OR
+					row_varchar = $btag$some $1 string$btag$ OR
+					row_varchar = $btag$some $1 $subtag$ something $subtag$string$btag$ OR
+					row_varchar = $1
+				',
+				'count' => 1,
+				'convert' => false,
+			],
+			// a text string with escaped quite
+			'text string, with escaped quote' => [
+				'query' => <<<SQL
+				SELECT row_int
+				FROM table_with_primary_key
+				WHERE
+					row_varchar = 'foo bar bar baz $5' OR
+					row_varchar = 'foo bar '' barbar $6' OR
+					row_varchar = E'foo bar \' barbar $7' OR
+					row_varchar = CASE WHEN row_int = 1 THEN $1 ELSE $2 END
+				SQL,
+				'count' => 2,
+				'convert' => false,
 			]
 		];
+		$string = <<<SQL
+		'''
+		SQL;
 	}
 
 	/**

README.md

@@ -114,3 +114,11 @@ Add `.libs` to the master .gitingore
 ### Update phpunit
 
 On a version update the old phpunit folder in .libs has to be removed and the new version extracted again
+
+## Javascript
+
+The original edit.js javascript functions are now in utils.js or utils.min.js.
+
+The development for thos files is located in a different repository
+
+https://[service]/CodeBlocks/javascript-utils

phpstan-bootstrap.php

@@ -10,5 +10,6 @@ $_SERVER['HTTP_HOST'] = 'soba.tokyo.tequila.jp';
 define('BASE_NAME', '');
 define('SITE_DOMAIN', '');
 define('HOST_NAME', 'soba.tokyo.tequila.jp');
+define('DEFAULT_ENCODING', 'en_US.UTF-8');
 
 // __END__

www/admin/class_test.datetime.php

@@ -473,7 +473,10 @@ function intervalStringFormatDeprecated(
 		// print "-> V: $value | $part, $time_name | I: " . is_int($value) . " | F: " . is_float($value)
 		// 	. " | " . ($value != 0 ? 'Not zero' : 'ZERO') . "<br>";
 		// var_dump($skip_last_zero);
-		if ($value != 0 || $skip_zero === false || $skip_last_zero === false) {
+		if (
+			is_numeric($value) &&
+			($value != 0 || $skip_zero === false || $skip_last_zero === false)
+		) {
 			if ($part == 'f') {
 				if ($truncate_nanoseconds === true) {
 					$value = round($value, 3);

www/admin/class_test.db.convert-placeholder.php

@@ -21,6 +21,7 @@ ob_end_flush();
 
 use CoreLibs\Debug\Support;
 use CoreLibs\DB\Support\ConvertPlaceholder;
+use CoreLibs\Convert\Html;
 
 $log = new CoreLibs\Logging\Logging([
 	'log_folder' => BASE . LOG,
@@ -38,10 +39,12 @@ print '<div><h1>' . $PAGE_NAME . '</h1></div>';
 print "LOGFILE NAME: " . $log->getLogFile() . "<br>";
 print "LOGFILE ID: " . $log->getLogFileId() . "<br>";
 
-print "Lookup Regex: <pre>" . ConvertPlaceholder::REGEX_LOOKUP_PLACEHOLDERS . "</pre>";
-print "Replace Named Regex: <pre>" . ConvertPlaceholder::REGEX_REPLACE_NAMED . "</pre>";
-print "Replace Named Regex: <pre>" . ConvertPlaceholder::REGEX_REPLACE_QUESTION_MARK . "</pre>";
-print "Replace Named Regex: <pre>" . ConvertPlaceholder::REGEX_REPLACE_NUMBERED . "</pre>";
+print "Lookup Regex: <pre>" . Html::htmlent(ConvertPlaceholder::REGEX_LOOKUP_PLACEHOLDERS) . "</pre>";
+print "Lookup Numbered Regex: <pre>" . Html::htmlent(ConvertPlaceholder::REGEX_LOOKUP_NUMBERED) . "</pre>";
+print "Replace Named Regex: <pre>" . Html::htmlent(ConvertPlaceholder::REGEX_REPLACE_NAMED) . "</pre>";
+print "Replace Question Mark Regex: <pre>"
+	. Html::htmlent(ConvertPlaceholder::REGEX_REPLACE_QUESTION_MARK) . "</pre>";
+print "Replace Numbered Regex: <pre>" . Html::htmlent(ConvertPlaceholder::REGEX_REPLACE_NUMBERED) . "</pre>";
 
 $uniqid = \CoreLibs\Create\Uids::uniqIdShort();
 // $binary_data = $db->dbEscapeBytea(file_get_contents('class_test.db.php') ?: '');
@@ -91,40 +94,63 @@ RETURNING
 	some_binary
 SQL;
 
-print "[ALL] Convert: "
+print "<b>[ALL] Convert</b>: "
 	. Support::printAr(ConvertPlaceholder::convertPlaceholderInQuery($query, $params))
 	. "<br>";
 echo "<hr>";
 
 $query = "SELECT foo FROM bar WHERE baz = :baz AND buz = :baz AND biz = :biz AND boz = :bez";
 $params = [':baz' => 'SETBAZ', ':bez' => 'SETBEZ', ':biz' => 'SETBIZ'];
-print "[NO PARAMS] Convert: "
+print "<b>[NO PARAMS] Convert</b>: "
 	. Support::printAr(ConvertPlaceholder::convertPlaceholderInQuery($query, $params))
 	. "<br>";
 echo "<hr>";
 
 $query = "SELECT foo FROM bar WHERE baz = :baz AND buz = :baz AND biz = :biz AND boz = :bez";
 $params = null;
-print "[NO PARAMS] Convert: "
+print "<b>[NO PARAMS] Convert</b>: "
 	. Support::printAr(ConvertPlaceholder::convertPlaceholderInQuery($query, $params))
 	. "<br>";
 echo "<hr>";
 
 $query = "SELECT row_varchar FROM table_with_primary_key WHERE row_varchar <> :row_varchar";
 $params = null;
-print "[NO PARAMS] Convert: "
+print "<b>[NO PARAMS] Convert</b>: "
 	. Support::printAr(ConvertPlaceholder::convertPlaceholderInQuery($query, $params))
 	. "<br>";
 echo "<hr>";
 
 $query = "SELECT row_varchar, row_varchar_literal, row_int, row_date FROM table_with_primary_key";
 $params = null;
-print "[NO PARAMS] TEST: "
+print "<b>[NO PARAMS] TEST</b>: "
 	. Support::printAr(ConvertPlaceholder::convertPlaceholderInQuery($query, $params))
 	. "<br>";
 echo "<hr>";
 
-print "[P-CONV]: "
+$query = <<<SQL
+UPDATE table_with_primary_key SET
+	row_int = $1::INT, row_numeric = $1::NUMERIC, row_varchar = $1
+WHERE
+	row_varchar = $1
+SQL;
+$params = [1];
+print "<b>[All the same params] TEST</b>: "
+	. Support::printAr(ConvertPlaceholder::convertPlaceholderInQuery($query, $params))
+	. "<br>";
+echo "<hr>";
+
+$query = <<<SQL
+SELECT row_varchar, row_varchar_literal, row_int, row_date
+FROM table_with_primary_key
+WHERE row_varchar = :row_varchar
+SQL;
+$params = [':row_varchar' => 1];
+print "<b>[: param] TEST</b>: "
+	. Support::printAr(ConvertPlaceholder::convertPlaceholderInQuery($query, $params))
+	. "<br>";
+echo "<hr>";
+
+print "<b>[P-CONV]</b>: "
 	. Support::printAr(
 		ConvertPlaceholder::updateParamList([
 			'original' => [
@@ -186,6 +212,13 @@ SQL,
 		'params' => [\CoreLibs\Create\Uids::uniqIdShort(), 'string A-1', 1234],
 		'direction' => 'pg',
 	],
+	'b?' => [
+		'query' => <<<SQL
+SELECT test FROM test_foo = ?
+SQL,
+		'params' => [1234],
+		'direction' => 'pg',
+	],
 	'b:' => [
 		'query' => <<<SQL
 INSERT INTO test_foo (
@@ -220,7 +253,7 @@ foreach ($test_queries as $info => $data) {
 	$query = $data['query'];
 	$params = $data['params'];
 	$direction = $data['direction'];
-	print "[$info] Convert: "
+	print "<b>[$info] Convert</b>: "
 		. Support::printAr(ConvertPlaceholder::convertPlaceholderInQuery($query, $params, $direction))
 		. "<br>";
 	echo "<hr>";

www/admin/class_test.db.encryption.php

@@ -0,0 +1,166 @@
+<?php // phpcs:ignore warning
+
+/**
+ * @phan-file-suppress PhanTypeSuspiciousStringExpression
+ */
+
+declare(strict_types=1);
+
+// turn on all error reporting
+error_reporting(E_ALL | E_ERROR | E_WARNING | E_PARSE | E_COMPILE_ERROR);
+
+ob_start();
+
+// basic class test file
+define('USE_DATABASE', true);
+// sample config
+require 'config.php';
+// for testing encryption compare
+use OpenPGP\OpenPGP;
+// define log file id
+$LOG_FILE_ID = 'classTest-db-query-encryption';
+ob_end_flush();
+
+// use CoreLibs\Debug\Support;
+use CoreLibs\Security\SymmetricEncryption;
+use CoreLibs\Security\CreateKey;
+use CoreLibs\Create\Hash;
+use CoreLibs\Debug\Support;
+
+$log = new CoreLibs\Logging\Logging([
+	'log_folder' => BASE . LOG,
+	'log_file_id' => $LOG_FILE_ID,
+	'log_per_date' => true,
+]);
+// db connection and attach logger
+$db = new CoreLibs\DB\IO(DB_CONFIG, $log);
+$db->log->debug('START', '=============================>');
+
+$PAGE_NAME = 'TEST CLASS: DB QUERY ENCRYPTION';
+print "<!DOCTYPE html>";
+print "<html><head><title>" . $PAGE_NAME . "</title></head>";
+print "<body>";
+print '<div><a href="class_test.php">Class Test Master</a></div>';
+print '<div><h1>' . $PAGE_NAME . '</h1></div>';
+
+// encryption key
+$key_new = CreateKey::generateRandomKey();
+print "Secret Key NEW: " . $key_new . "<br>";
+// for reproducable test results
+$key = 'e475c19b9a3c8363feb06b51f5b73f1dc9b6f20757d4ab89509bf5cc70ed30ec';
+print "Secret Key: " . $key . "<br>";
+
+// test text
+$text_string = "I a some deep secret";
+$text_string = "I a some deep secret ABC";
+//
+$crypt = new SymmetricEncryption($key);
+$encrypted = $crypt->encrypt($text_string);
+$string_hashed = Hash::hashStd($text_string);
+$string_hmac = Hash::hashHmac($text_string, $key);
+$decrypted = $crypt->decrypt($encrypted);
+
+print "String: " . $text_string . "<br>";
+print "Encrypted: " . $encrypted . "<br>";
+print "Hashed: " . $string_hashed . "<br>";
+print "Hmac: " . $string_hmac . "<br>";
+
+$db->dbExecParams(
+	<<<SQL
+	INSERT INTO test_encryption (
+		-- for compare
+		plain_text,
+		-- via php encryption
+		hash_text, hmac_text, crypt_text,
+		-- -- in DB encryption
+		pg_digest_bytea, pg_digest_text,
+		pg_hmac_bytea, pg_hmac_text,
+		pg_crypt_bytea, pg_crypt_text
+	) VALUES (
+		$1,
+		$2, $3, $4,
+		digest($1::VARCHAR, $5),
+		encode(digest($1, $5), 'hex'),
+		hmac($1, $6, $5),
+		encode(hmac($1, $6, $5), 'hex'),
+		pgp_sym_encrypt($1, $7),
+		encode(pgp_sym_encrypt($1, $7), 'hex')
+	) RETURNING cuuid
+	SQL,
+	[
+		// 1: original string
+		$text_string,
+		// 2: hashed, 3: hmac, 4: encrypted
+		$string_hashed, $string_hmac, $encrypted,
+		// 5: hash type, 6: hmac secret, 7: pgp secret
+		'sha256', $key, $key
+	]
+);
+$cuuid = $db->dbGetReturningExt('cuuid');
+print "INSERTED: " . print_r($cuuid, true) . "<br>";
+print "LAST ERROR: " . $db->dbGetLastError(true) . "<br>";
+
+// read back
+$res = $db->dbReturnRowParams(
+	<<<SQL
+	SELECT
+		-- for compare
+		plain_text,
+		-- via php encryption
+		hash_text, hmac_text, crypt_text,
+		-- in DB encryption
+		pg_digest_bytea, pg_digest_text,
+		pg_hmac_bytea, pg_hmac_text,
+		pg_crypt_bytea, pg_crypt_text,
+		encode(pg_crypt_bytea, 'hex') AS pg_crypt_bytea_hex,
+		pgp_sym_decrypt(pg_crypt_bytea, $2) AS from_pg_crypt_bytea,
+		pgp_sym_decrypt(decode(pg_crypt_text, 'hex'), $2) AS from_pg_crypt_text
+	FROM
+		test_encryption
+	WHERE
+		cuuid = $1
+	SQL,
+	[
+		$cuuid, $key
+	]
+);
+
+print "RES: <pre>" . Support::prAr($res) . "</pre><br>";
+
+if ($res === false) {
+	echo "Failed to run query<br>";
+} else {
+	if (hash_equals($string_hashed, $res['pg_digest_text'])) {
+		print "libsodium and pgcrypto hash match<br>";
+	}
+	if (hash_equals($string_hmac, $res['pg_hmac_text'])) {
+		print "libsodium and pgcrypto hash hmac match<br>";
+	}
+	// do compare for PHP and pgcrypto settings
+	$encryptedMessage_template = <<<TEXT
+	-----BEGIN PGP MESSAGE-----
+
+	{BASE64}
+	-----END PGP MESSAGE-----
+	TEXT;
+	$base64_string = base64_encode(hex2bin($res['pg_crypt_text']) ?: '');
+	$encryptedMessage = str_replace(
+		'{BASE64}',
+		$base64_string,
+		$encryptedMessage_template
+	);
+	try {
+		$literalMessage = OpenPGP::decryptMessage($encryptedMessage, passwords: [$key]);
+		$decrypted = $literalMessage->getLiteralData()->getData();
+		print "Pg decrypted PHP: " . $decrypted . "<br>";
+		if ($decrypted == $text_string) {
+			print "Decryption worked<br>";
+		}
+	} catch (\Exception $e) {
+		print "Error decrypting message: " . $e->getMessage() . "<br>";
+	}
+}
+
+print "</body></html>";
+
+// __END__

www/admin/class_test.db.php

@@ -76,41 +76,41 @@ $db->dbResetEncoding();
 
 // empty calls, none of the below should fail
 //
-$db->dbGetCursor();
+$foo = $db->dbGetCursor();
 //
-$db->dbGetCursorExt();
+$foo = $db->dbGetCursorExt();
 //
-$db->dbGetCursorPos('SELECT foo', ['bar']);
+$foo = $db->dbGetCursorPos('SELECT foo', ['bar']);
 //
-$db->dbGetCursorNumRows('SELECT foo', ['bar']);
+$foo = $db->dbGetCursorNumRows('SELECT foo', ['bar']);
 //
-$db->dbGetInsertPKName();
+$foo = $db->dbGetInsertPKName();
 //
-$db->dbGetInsertPK();
+$foo = $db->dbGetInsertPK();
 //
-$db->dbGetReturningExt();
-$db->dbGetReturningExt('foo');
-$db->dbGetReturningExt('foo', 0);
-$db->dbGetReturningExt(pos:0);
+$foo = $db->dbGetReturningExt();
+$foo = $db->dbGetReturningExt('foo');
+$foo = $db->dbGetReturningExt('foo', 0);
+$foo = $db->dbGetReturningExt(pos:0);
 //
-$db->dbGetReturningArray();
+$foo = $db->dbGetReturningArray();
 //
-$db->dbGetNumRows();
+$foo = $db->dbGetNumRows();
 //
-$db->dbGetNumFields();
+$foo = $db->dbGetNumFields();
 //
-$db->dbGetFieldNames();
+$foo = $db->dbGetFieldNames();
 //
-$db->dbGetFieldTypes();
+$foo = $db->dbGetFieldTypes();
 //
-$db->dbGetFieldNameTypes();
+$foo = $db->dbGetFieldNameTypes();
 //
-$db->dbGetFieldName(0);
+$foo = $db->dbGetFieldName(0);
 //
-$db->dbGetFieldType(0);
-$db->dbGetFieldType('foo');
+$foo = $db->dbGetFieldType(0);
+$foo = $db->dbGetFieldType('foo');
 //
-$db->dbGetPrepareCursorValue('foo', 'bar');
+$foo = $db->dbGetPrepareCursorValue('foo', 'bar');
 
 // TEST CACHE READS
 

www/admin/class_test.db.query-placeholder.php

@@ -54,7 +54,7 @@ if (($dbh = $db->dbGetDbh()) instanceof \PgSql\Connection) {
 	print "NO DB HANDLER<br>";
 }
 // REGEX for placeholder count
-print "Placeholder regex: <pre>" . CoreLibs\DB\Support\ConvertPlaceholder::REGEX_LOOKUP_PLACEHOLDERS . "</pre>";
+print "Placeholder lookup regex: <pre>" . CoreLibs\DB\Support\ConvertPlaceholder::REGEX_LOOKUP_NUMBERED . "</pre>";
 
 // turn on debug replace for placeholders
 $db->dbSetDebugReplacePlaceholder(true);
@@ -148,6 +148,7 @@ RETURNING
 	bigint_a, number_real, number_double, numeric_3,
 	uuid_var
 SQL;
+print "Placeholders: <pre>" . print_r($db->dbGetQueryParamPlaceholders($query_insert), true) . "<pre>";
 $status = $db->dbExecParams($query_insert, $query_params);
 echo "<b>*</b><br>";
 echo "INSERT ALL COLUMN TYPES: "
@@ -326,6 +327,7 @@ SQL,
 ) {
 	print "RES: " . Support::prAr($res) . "<br>";
 }
+print "PL: " . Support::PrAr($db->dbGetPlaceholderConverted()) . "<br>";
 print "ERROR: " . $db->dbGetLastError(true) . "<br>";
 
 print "</body></html>";

www/admin/class_test.hash.php

@@ -19,6 +19,7 @@ $LOG_FILE_ID = 'classTest-hash';
 ob_end_flush();
 
 use CoreLibs\Create\Hash;
+use CoreLibs\Security\CreateKey;
 
 $log = new CoreLibs\Logging\Logging([
 	'log_folder' => BASE . LOG,
@@ -38,28 +39,66 @@ print '<div><h1>' . $PAGE_NAME . '</h1></div>';
 
 $to_crc = 'Some text block';
 // static
-print "S::__CRC32B: $to_crc: " . $hash_class::__crc32b($to_crc) . "<br>";
-print "S::__SHA1SHORT(off): $to_crc: " . $hash_class::__sha1short($to_crc) . "<br>";
-print "S::__SHA1SHORT(on): $to_crc: " . $hash_class::__sha1short($to_crc, true) . "<br>";
-print "S::__hash(d): " . $to_crc . "/"
-	. Hash::STANDARD_HASH_SHORT . ": " . $hash_class::__hash($to_crc) . "<br>";
-foreach (['adler32', 'fnv132', 'fnv1a32', 'joaat', 'sha512'] as $__hash_c) {
-	print "S::__hash($__hash_c): $to_crc: " . $hash_class::__hash($to_crc, $__hash_c) . "<br>";
+print "S::__CRC32B: $to_crc: " . Hash::__crc32b($to_crc) . "<br>";
+// print "S::__SHA1SHORT(off): $to_crc: " . Hash::__sha1short($to_crc) . "<br>";
+print "S::hashShort(__sha1Short replace): $to_crc: " . Hash::hashShort($to_crc) . "<br>";
+// print "S::__SHA1SHORT(on): $to_crc: " . Hash::__sha1short($to_crc, true) . "<br>";
+print "S::sha1Short(__sha1Short replace): $to_crc: " . Hash::sha1Short($to_crc) . "<br>";
+// print "S::__hash(d): " . $to_crc . "/"
+// 	. Hash::STANDARD_HASH_SHORT . ": " . $hash_class::__hash($to_crc) . "<br>";
+$to_crc_list = [
+	'Some text block',
+	'Some String Text',
+	'any string',
+];
+foreach ($to_crc_list as $__to_crc) {
+	foreach (['adler32', 'fnv132', 'fnv1a32', 'joaat', 'ripemd160', 'sha256', 'sha512'] as $__hash_c) {
+		print "Hash::hash($__hash_c): $__to_crc: " . Hash::hash($to_crc, $__hash_c) . "<br>";
+	}
 }
 // static use
 print "U-S::__CRC32B: $to_crc: " . Hash::__crc32b($to_crc) . "<br>";
 
 echo "<hr>";
 $text = 'Some String Text';
+// $text = 'any string';
 $type = 'crc32b';
 print "Hash: " . $type . ": " . hash($type, $text) . "<br>";
-print "Class: " . $type . ": " . Hash::__hash($text, $type) . "<br>";
+// print "Class (old): " . $type . ": " . Hash::__hash($text, $type) . "<br>";
+print "Class (new): " . $type . ": " . Hash::hash($text, $type) . "<br>";
 
 echo "<hr>";
-print "<br>CURRENT STANDARD_HASH_SHORT: " . Hash::STANDARD_HASH_SHORT . "<br>";
-print "<br>CURRENT STANDARD_HASH_LONG: " . Hash::STANDARD_HASH_LONG . "<br>";
-print "HASH SHORT: " . $to_crc . ": " . Hash::__hash($to_crc) . "<br>";
-print "HASH LONG: " . $to_crc . ": " . Hash::__hashLong($to_crc) . "<br>";
+print "CURRENT STANDARD_HASH_SHORT: " . Hash::STANDARD_HASH_SHORT . "<br>";
+print "CURRENT STANDARD_HASH_LONG: " . Hash::STANDARD_HASH_LONG . "<br>";
+print "CURRENT STANDARD_HASH: " . Hash::STANDARD_HASH . "<br>";
+print "HASH SHORT: " . $to_crc . ": " . Hash::hashShort($to_crc) . "<br>";
+print "HASH LONG: " . $to_crc . ": " . Hash::hashLong($to_crc) . "<br>";
+print "HASH DEFAULT: " . $to_crc . ": " . Hash::hashStd($to_crc) . "<br>";
+
+echo "<hr>";
+$key = CreateKey::generateRandomKey();
+$key = "FIX KEY";
+print "Secret Key: " . $key . "<br>";
+print "HASHMAC DEFAULT (fix): " . $to_crc . ": " . Hash::hashHmac($to_crc, $key) . "<br>";
+$key = CreateKey::generateRandomKey();
+print "Secret Key: " . $key . "<br>";
+print "HASHMAC DEFAULT (random): " . $to_crc . ": " . Hash::hashHmac($to_crc, $key) . "<br>";
+
+echo "<hr>";
+$hash_types = ['crc32b', 'sha256', 'invalid'];
+foreach ($hash_types as $hash_type) {
+	echo "<b>Checking $hash_type:</b><br>";
+	if (Hash::isValidHashType($hash_type)) {
+		echo "hash type: $hash_type is valid<br>";
+	} else {
+		echo "hash type: $hash_type is INVALID<br>";
+	}
+	if (Hash::isValidHashHmacType($hash_type)) {
+		echo "hash hmac type: $hash_type is valid<br>";
+	} else {
+		echo "hash hmac type: $hash_type is INVALID<br>";
+	}
+}
 
 // print "UNIQU ID SHORT : " . Hash::__uniqId() . "<br>";
 // print "UNIQU ID LONG : " . Hash::__uniqIdLong() . "<br>";

www/admin/class_test.php

@@ -95,6 +95,7 @@ $test_files = [
 	'class_test.db.dbReturn.php' => 'Class Test: DB dbReturn',
 	'class_test.db.single.php' => 'Class Test: DB single query tests',
 	'class_test.db.convert-placeholder.php' => 'Class Test: DB convert placeholder',
+	'class_test.db.encryption.php' => 'Class Test: DB pgcrypto',
 	'class_test.convert.colors.php' => 'Class Test: CONVERT COLORS',
 	'class_test.check.colors.php' => 'Class Test: CHECK COLORS',
 	'class_test.mime.php' => 'Class Test: MIME',

www/admin/class_test.session.php

@@ -86,8 +86,10 @@ if (!isset($_SESSION['counter'])) {
 $_SESSION['counter']++;
 print "[READ] A " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>";
 $_SESSION[$var] = $value;
+/** @phpstan-ignore-next-line nullCoalesce.offset */
 print "[READ] B " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>";
 print "[READ] Confirm " . $var . " is " . $value . ": "
+/** @phpstan-ignore-next-line equal.alwaysTrue, nullCoalesce.offset */
 	. (($_SESSION[$var] ?? '') == $value ? 'Matching' : 'Not matching') . "<br>";
 
 // test set wrappers methods

www/admin/layout/javascript/edit.jq.js

@@ -1,5 +1,9 @@
-/* general edit javascript */
-/* jquery version */
+/*
+general edit javascript
+jquery version
+*/
+
+/** @deprecated Do not use this anymore, use utils.js or utils.min.js */
 
 /* global i18n */
 
@@ -21,6 +25,7 @@ var GL_OB_BASE = 100;
  * @param {string} el_id Element ID to get
  * @returns {HTMLElement}
  * @throws Error
+ * @deprecated use utils.js
  */
 function loadEl(el_id)
 {
@@ -36,6 +41,7 @@ function loadEl(el_id)
  * @param {String} theURL   the url
  * @param {String} winName  window name
  * @param {Object} features popup features
+ * @deprecated use utils.js
  */
 function pop(theURL, winName, features) // eslint-disable-line no-unused-vars
 {
@@ -46,6 +52,7 @@ function pop(theURL, winName, features) // eslint-disable-line no-unused-vars
 /**
  * automatically resize a text area based on the amount of lines in it
  * @param {string} ta_id element id
+ * @deprecated use utils.js
  */
 function expandTA(ta_id) // eslint-disable-line no-unused-vars
 {
@@ -71,6 +78,7 @@ function expandTA(ta_id) // eslint-disable-line no-unused-vars
 /**
  * wrapper to get the real window size for the current browser window
  * @return {Object} object with width/height
+ * @deprecated use utils.js
  */
 function getWindowSize()
 {
@@ -86,6 +94,7 @@ function getWindowSize()
 /**
  * wrapper to get the correct scroll offset
  * @return {Object} object with x/y px
+ * @deprecated use utils.js
  */
 function getScrollOffset()
 {
@@ -101,6 +110,7 @@ function getScrollOffset()
 /**
  * wrapper to get the correct scroll offset for opener page (from popup)
  * @return {Object} object with x/y px
+ * @deprecated use utils.js
  */
 function getScrollOffsetOpener() // eslint-disable-line no-unused-vars
 {
@@ -118,6 +128,7 @@ function getScrollOffsetOpener() // eslint-disable-line no-unused-vars
  * @param {String}  id   element to center
  * @param {Boolean} left if true centers to the middle from the left
  * @param {Boolean} top  if true centers to the middle from the top
+ * @deprecated use utils.js
  */
 function setCenter(id, left, top)
 {
@@ -155,6 +166,7 @@ function setCenter(id, left, top)
  * @param {Number} [offset=0]         offset from top, default is 0 (px)
  * @param {Number} [duration=500]     animation time, default 500ms
  * @param {String} [base='body,html'] base element for offset scroll
+ * @deprecated use utils.js
  */
 function goToPos(element, offset = 0, duration = 500, base = 'body,html') // eslint-disable-line no-unused-vars
 {
@@ -173,6 +185,7 @@ function goToPos(element, offset = 0, duration = 500, base = 'body,html') // esl
  * go to element, scroll
  * non jquery
  * @param {string} target
+ * @deprecated use utils.js
 */
 function goTo(target) // eslint-disable-line no-unused-vars
 {
@@ -186,6 +199,7 @@ function goTo(target) // eslint-disable-line no-unused-vars
  * that is filled from gettext in PHP
  * @param  {String} string text to translate
  * @return {String}        translated text (based on PHP selected language)
+ * @deprecated use utils.js
  */
 function __(string)
 {
@@ -202,37 +216,70 @@ function __(string)
  * First, checks if it isn't implemented yet.
  * @param  {String} String.prototype.format string with elements to be replaced
  * @return {String}                         Formated string
+ * @deprecated use utils.js
  */
 if (!String.prototype.format) {
 	String.prototype.format = function()
 	{
-		var args = arguments;
-		return this.replace(/{(\d+)}/g, function(match, number)
-		{
-			return typeof args[number] != 'undefined' ?
-				args[number] :
-				match
-			;
-		});
+		console.error('[DEPRECATED] use formatString');
+		return formatString(this, arguments);
+	};
+}
+
+/**
+ * simple sprintf formater for replace
+ * usage: "{0} is cool, {1} is not".format("Alpha", "Beta");
+ * First, checks if it isn't implemented yet.
+ * @param  {String} string String with {..} entries
+ * @param  {...any} args   List of replacement
+ * @returns {String}       Escaped string
+ * @deprecated use utils.js
+ */
+function formatString(string, ...args)
+{
+	return string.replace(/{(\d+)}/g, function(match, number)
+	{
+		return typeof args[number] != 'undefined' ?
+			args[number] :
+			match
+		;
+	});
+}
+
+/**
+ * round to digits (float)
+ * @param  {Number}  Number.prototype.round Float type number to round
+ * @param  {Number} prec                   Precision to round to
+ * @return {Float}                         Rounded number
+ * @deprecated use utils.js
+ */
+if (Number.prototype.round) {
+	Number.prototype.round = function (prec) {
+		console.error('[DEPRECATED] use roundPrecision');
+		return roundPrecision(this, prec);
 	};
 }
 
 /**
  * round to digits (float)
- * @param  {Float}  Number.prototype.round Float type number to round
- * @param  {Number} prec                   Precision to round to
- * @return {Float}                         Rounded number
+ * @param  {Number} number    Float type number to round
+ * @param  {Number} precision Precision to round to
+ * @return {Number}           Rounded number
+ * @deprecated use utils.js
  */
-if (Number.prototype.round) {
-	Number.prototype.round = function (prec) {
-		return Math.round(this * Math.pow(10, prec)) / Math.pow(10, prec);
-	};
+function roundPrecision(number, precision)
+{
+	if (!isNaN(number) || !isNaN(precision)) {
+		return number;
+	}
+	return Math.round(number * Math.pow(10, precision)) / Math.pow(10, precision);
 }
 
 /**
  * formats flat number 123456 to 123,456
  * @param  {Number} x number to be formated
  * @return {String}   formatted with , in thousands
+ * @deprecated use utils.js
  */
 function numberWithCommas(x) // eslint-disable-line no-unused-vars
 {
@@ -245,6 +292,7 @@ function numberWithCommas(x) // eslint-disable-line no-unused-vars
  * converts line breaks to br
  * @param  {String} string any string
  * @return {String}        string with <br>
+ * @deprecated use utils.js
  */
 function convertLBtoBR(string) // eslint-disable-line no-unused-vars
 {
@@ -253,51 +301,78 @@ function convertLBtoBR(string) // eslint-disable-line no-unused-vars
 
 /**
  * escape HTML string
- * @param  {String} !String.prototype.escapeHTML HTML data string to be escaped
- * @return {String}                              escaped string
+ * @param  {String} String.prototype.escapeHTML HTML data string to be escaped
+ * @return {String}                             escaped string
+ * @deprecated use utils.js
  */
 if (!String.prototype.escapeHTML) {
 	String.prototype.escapeHTML = function() {
-		return this.replace(/[&<>"'/]/g, function (s) {
-			var entityMap = {
-				'&': '&amp;',
-				'<': '&lt;',
-				'>': '&gt;',
-				'"': '&quot;',
-				'\'': '&#39;',
-				'/': '&#x2F;'
-			};
-
-			return entityMap[s];
-		});
+		console.error('[DEPRECATED] use escapeHtml');
+		return escapeHtml(this);
 	};
 }
 
 /**
  * unescape a HTML encoded string
- * @param  {String} !String.prototype.unescapeHTML data with escaped entries
- * @return {String}                                HTML formated string
+ * @param  {String} String.prototype.unescapeHTML data with escaped entries
+ * @return {String}                               HTML formated string
+ * @deprecated use utils.js
  */
 if (!String.prototype.unescapeHTML) {
 	String.prototype.unescapeHTML = function() {
-		return this.replace(/&[#\w]+;/g, function (s) {
-			var entityMap = {
-				'&amp;': '&',
-				'&lt;': '<',
-				'&gt;': '>',
-				'&quot;': '"',
-				'&#39;': '\'',
-				'&#x2F;': '/'
-			};
-
-			return entityMap[s];
-		});
+		console.error('[DEPRECATED] use unescapeHtml');
+		return unescapeHtml(this);
 	};
 }
 
+/**
+ * Escapes HTML in string
+ * @param {String} string Text to escape HTML in
+ * @returns {String}
+ * @deprecated use utils.js
+ */
+function escapeHtml(string)
+{
+	return string.replace(/[&<>"'/]/g, function (s) {
+		var entityMap = {
+			'&': '&amp;',
+			'<': '&lt;',
+			'>': '&gt;',
+			'"': '&quot;',
+			'\'': '&#39;',
+			'/': '&#x2F;'
+		};
+
+		return entityMap[s];
+	});
+}
+
+/**
+ * Unescape a HTML encoded string
+ * @param {String} string Text to unescape HTML in
+ * @returns {String}
+ * @deprecated use utils.js
+ */
+function unescapeHtml(string)
+{
+	return string.replace(/&[#\w]+;/g, function (s) {
+		var entityMap = {
+			'&amp;': '&',
+			'&lt;': '<',
+			'&gt;': '>',
+			'&quot;': '"',
+			'&#39;': '\'',
+			'&#x2F;': '/'
+		};
+
+		return entityMap[s];
+	});
+}
+
 /**
  * returns current timestamp (unix timestamp)
  * @return {Number} timestamp (in milliseconds)
+ * @deprecated use utils.js
  */
 function getTimestamp() // eslint-disable-line no-unused-vars
 {
@@ -310,6 +385,7 @@ function getTimestamp() // eslint-disable-line no-unused-vars
  * i.e. 0-255 -> '00'-'ff'
  * @param  {Number} dec decimal string
  * @return {String}     hex encdoded number
+ * @deprecated use utils.js
  */
 function dec2hex(dec)
 {
@@ -321,6 +397,7 @@ function dec2hex(dec)
  * only works on mondern browsers
  * @param  {Number} len length of unique id string
  * @return {String}     random string in length of len
+ * @deprecated use utils.js
  */
 function generateId(len) // eslint-disable-line no-unused-vars
 {
@@ -334,6 +411,7 @@ function generateId(len) // eslint-disable-line no-unused-vars
  * works on all browsers
  * after many runs it will create duplicates
  * @return {String} not true random string
+ * @deprecated use utils.js
  */
 function randomIdF() // eslint-disable-line no-unused-vars
 {
@@ -347,6 +425,7 @@ function randomIdF() // eslint-disable-line no-unused-vars
  * @param  {Number} min minimum int number inclusive
  * @param  {Number} max maximumg int number inclusive
  * @return {Number}     Random number
+ * @deprecated use utils.js
  */
 function getRandomIntInclusive(min, max) // eslint-disable-line no-unused-vars
 {
@@ -360,6 +439,7 @@ function getRandomIntInclusive(min, max) // eslint-disable-line no-unused-vars
  * check if name is a function
  * @param  {string}  name Name of function to check if exists
  * @return {Boolean}      true/false
+ * @deprecated use utils.js
  */
 function isFunction(name) // eslint-disable-line no-unused-vars
 {
@@ -379,6 +459,7 @@ function isFunction(name) // eslint-disable-line no-unused-vars
  * @param  {mixed}  context      context (window or first namespace)
  *                               hidden next are all the arguments
  * @return {mixed}               Return values from functon
+ * @deprecated use utils.js
  */
 function executeFunctionByName(functionName, context /*, args */) // eslint-disable-line no-unused-vars
 {
@@ -395,6 +476,7 @@ function executeFunctionByName(functionName, context /*, args */) // eslint-disa
  * checks if a variable is an object
  * @param  {Mixed}   val possible object
  * @return {Boolean}     true/false if it is an object or not
+ * @deprecated use utils.js
  */
 function isObject(val)
 {
@@ -408,6 +490,7 @@ function isObject(val)
  * get the length of an object (entries)
  * @param  {Object} object object to check
  * @return {Number} number of entry
+ * @deprecated use utils.js
  */
 function getObjectCount(object)
 {
@@ -419,6 +502,7 @@ function getObjectCount(object)
  * @param  {String}  key    key name
  * @param  {Object}  object object to search key in
  * @return {Boolean}        true/false if key exists in object
+ * @deprecated use utils.js
  */
 function keyInObject(key, object)
 {
@@ -430,6 +514,7 @@ function keyInObject(key, object)
  * @param  {Object} object object to search value in
  * @param  {Mixed}  value  any value (String, Number, etc)
  * @return {String}        the key found for the first matching value
+ * @deprecated use utils.js
  */
 function getKeyByValue(object, value) // eslint-disable-line no-unused-vars
 {
@@ -444,6 +529,7 @@ function getKeyByValue(object, value) // eslint-disable-line no-unused-vars
  * @param  {Object}  object object to search value in
  * @param  {Mixed}   value  any value (String, Number, etc)
  * @return {Boolean}        true on value found, false on not found
+ * @deprecated use utils.js
  */
 function valueInObject(object, value) // eslint-disable-line no-unused-vars
 {
@@ -459,6 +545,7 @@ function valueInObject(object, value) // eslint-disable-line no-unused-vars
  * or if JSON.parse(JSON.stringify(obj)) is failing
  * @param  {Object} inObject Object to copy
  * @return {Object}          Copied Object
+ * @deprecated use utils.js
  */
 function deepCopyFunction(inObject)
 {
@@ -482,6 +569,7 @@ function deepCopyFunction(inObject)
  * checks if a DOM element actually exists
  * @param  {String}  id Element id to check for
  * @return {Boolean}    true if element exists, false on failure
+ * @deprecated use utils.js
  */
 function exists(id)
 {
@@ -493,6 +581,7 @@ function exists(id)
  * currently precision is fixed, if dynamic needs check for max/min precision
  * @param  {Number} bytes bytes in int
  * @return {String}       string in GB/MB/KB
+ * @deprecated use utils.js
  */
 function formatBytes(bytes) // eslint-disable-line no-unused-vars
 {
@@ -509,6 +598,7 @@ function formatBytes(bytes) // eslint-disable-line no-unused-vars
  * like formatBytes, but returns bytes for <1KB and not 0.n KB
  * @param  {Number} bytes bytes in int
  * @return {String}       string in GB/MB/KB
+ * @deprecated use utils.js
  */
 function formatBytesLong(bytes) // eslint-disable-line no-unused-vars
 {
@@ -521,6 +611,7 @@ function formatBytesLong(bytes) // eslint-disable-line no-unused-vars
  * Convert a string with B/K/M/etc into a byte number
  * @param  {String|Number} bytes Any string with B/K/M/etc
  * @return {String|Number}       A byte number, or original string as is
+ * @deprecated use utils.js
  */
 function stringByteFormat(bytes) // eslint-disable-line no-unused-vars
 {
@@ -551,6 +642,7 @@ function stringByteFormat(bytes) // eslint-disable-line no-unused-vars
 /**
  * prints out error messages based on data available from the browser
  * @param {Object} err error from try/catch block
+ * @deprecated use utils.js
  */
 function errorCatch(err)
 {
@@ -594,6 +686,7 @@ function errorCatch(err)
  * @param {String}  loc            location name for action indicator
  *                                 default empty. for console.log
  * @param {Boolean} [overlay=true] override the auto hide/show over the overlay div block
+ * @deprecated use utils.js
  */
 function actionIndicator(loc, overlay = true) // eslint-disable-line no-unused-vars
 {
@@ -610,6 +703,7 @@ function actionIndicator(loc, overlay = true) // eslint-disable-line no-unused-v
  * @param {String}  loc            location name for action indicator
  *                                 default empty. for console.log
  * @param {Boolean} [overlay=true] override the auto hide/show over the overlay div block
+ * @deprecated use utils.js
  */
 function actionIndicatorShow(loc, overlay = true)
 {
@@ -632,6 +726,7 @@ function actionIndicatorShow(loc, overlay = true)
  * @param {String}  loc            location name for action indicator
  *                                 default empty. for console.log
  * @param {Boolean} [overlay=true] override the auto hide/show over the overlay div block
+ * @deprecated use utils.js
  */
 function actionIndicatorHide(loc, overlay = true)
 {
@@ -644,6 +739,7 @@ function actionIndicatorHide(loc, overlay = true)
 
 /**
  * shows the overlay box or if already visible, bumps the zIndex to 100
+ * @deprecated use utils.js
  */
 function overlayBoxShow()
 {
@@ -658,6 +754,7 @@ function overlayBoxShow()
 
 /**
  * hides the overlay box or if zIndex is 100 bumps it down to previous level
+ * @deprecated use utils.js
  */
 function overlayBoxHide()
 {
@@ -671,6 +768,7 @@ function overlayBoxHide()
 
 /**
  * position the overlay block box and shows it
+ * @deprecated use utils.js
  */
 function setOverlayBox() // eslint-disable-line no-unused-vars
 {
@@ -681,6 +779,7 @@ function setOverlayBox() // eslint-disable-line no-unused-vars
 
 /**
  * opposite of set, always hides overlay box
+ * @deprecated use utils.js
  */
 function hideOverlayBox() // eslint-disable-line no-unused-vars
 {
@@ -691,6 +790,7 @@ function hideOverlayBox() // eslint-disable-line no-unused-vars
 
 /**
  * the abort call, clears the action box and hides it and the overlay box
+ * @deprecated use utils.js
  */
 function ClearCall() // eslint-disable-line no-unused-vars
 {
@@ -712,6 +812,7 @@ function ClearCall() // eslint-disable-line no-unused-vars
  *   zIndex of 1000
  * - indicator is page centered
  * @param {String} loc ID string, only used for console log
+ * @deprecated use utils.js
  */
 function showActionIndicator(loc) // eslint-disable-line no-unused-vars
 {
@@ -750,6 +851,7 @@ function showActionIndicator(loc) // eslint-disable-line no-unused-vars
  * the overlayBox is not hidden but the zIndex
  * is set to this value
  * @param {String} loc ID string, only used for console log
+ * @deprecated use utils.js
  */
 function hideActionIndicator(loc) // eslint-disable-line no-unused-vars
 {
@@ -773,6 +875,7 @@ function hideActionIndicator(loc) // eslint-disable-line no-unused-vars
 /**
  * checks if overlayBox exists, if not it is
  * added as hidden item at the body end
+ * @deprecated use utils.js
  */
 function checkOverlayExists()
 {
@@ -790,6 +893,7 @@ function checkOverlayExists()
  * if not visible show and set zIndex to 10 (GL_OB_BASE)
  * if visible, add +1 to the GL_OB_S variable and
  * up zIndex by this value
+ * @deprecated use utils.js
  */
 function showOverlayBoxLayers(el_id) // eslint-disable-line no-unused-vars
 {
@@ -822,6 +926,7 @@ function showOverlayBoxLayers(el_id) // eslint-disable-line no-unused-vars
  * and set zIndex and GL_OB_S to 0
  * else just set zIndex to the new GL_OB_S value
  * @param {String} el_id Target to hide layer
+ * @deprecated use utils.js
  */
 function hideOverlayBoxLayers(el_id='')
 {
@@ -847,6 +952,7 @@ function hideOverlayBoxLayers(el_id='')
 
 /**
  * only for single action box
+ * @deprecated use utils.js
  */
 function clearCallActionBox() // eslint-disable-line no-unused-vars
 {
@@ -864,6 +970,7 @@ function clearCallActionBox() // eslint-disable-line no-unused-vars
  * @param  {Array}  [css=[]]     array for css tags
  * @param  {Object} [options={}] anything else (value, placeholder, OnClick, style)
  * @return {Object}              created element as an object
+ * @deprecated use utils.js
  */
 function cel(tag, id = '', content = '', css = [], options = {})
 {
@@ -884,6 +991,7 @@ function cel(tag, id = '', content = '', css = [], options = {})
  * @param  {Object} attach  the object to be attached
  * @param  {String} [id=''] optional id, if given search in base for this id and attach there
  * @return {Object}         "none", technically there is no return needed as it is global attach
+ * @deprecated use utils.js
  */
 function ael(base, attach, id = '')
 {
@@ -914,6 +1022,7 @@ function ael(base, attach, id = '')
  * @param  {Object}    base   object to where we attach the elements
  * @param  {...Object} attach attach 1..n: attach directly to the base element those attachments
  * @return {Object}           "none", technically there is no return needed, global attach
+ * @deprecated use utils.js
  */
 function aelx(base, ...attach)
 {
@@ -930,6 +1039,7 @@ function aelx(base, ...attach)
  * @param  {Object} base   object to where we attach the elements
  * @param  {Array}  attach array of objects to attach
  * @return {Object}        "none", technically there is no return needed, global attach
+ * @deprecated use utils.js
  */
 function aelxar(base, attach) // eslint-disable-line no-unused-vars
 {
@@ -944,6 +1054,7 @@ function aelxar(base, attach) // eslint-disable-line no-unused-vars
  * resets the sub elements of the base element given
  * @param  {Object} base cel created element
  * @return {Object}      returns reset base element
+ * @deprecated use utils.js
  */
 function rel(base) // eslint-disable-line no-unused-vars
 {
@@ -956,6 +1067,7 @@ function rel(base) // eslint-disable-line no-unused-vars
  * @param  {Object} _element element to work one
  * @param  {String} css      style sheet to remove (name)
  * @return {Object}          returns full element
+ * @deprecated use utils.js
  */
 function rcssel(_element, css)
 {
@@ -971,6 +1083,7 @@ function rcssel(_element, css)
  * @param  {Object} _element element to work on
  * @param  {String} css      style sheet to add (name)
  * @return {Object}         returns full element
+ * @deprecated use utils.js
  */
 function acssel(_element, css)
 {
@@ -988,6 +1101,7 @@ function acssel(_element, css)
  * @param  {String} rcss     style to remove (name)
  * @param  {String} acss     style to add (name)
  * @return {Object}          returns full element
+ * @deprecated use utils.js
  */
 function scssel(_element, rcss, acss) // eslint-disable-line no-unused-vars
 {
@@ -1000,6 +1114,7 @@ function scssel(_element, rcss, acss) // eslint-disable-line no-unused-vars
  * that can be inserted into the page
  * @param  {Object} tree object tree with dom element declarations
  * @return {String}      HTML string that can be used as innerHTML
+ * @deprecated use utils.js
  */
 function phfo(tree)
 {
@@ -1106,6 +1221,7 @@ function phfo(tree)
  * Is like tree.sub call
  * @param  {Array}  list Array of cel created objects
  * @return {String}      HTML String
+ * @deprecated use utils.js
  */
 function phfa(list) // eslint-disable-line no-unused-vars
 {
@@ -1132,6 +1248,7 @@ function phfa(list) // eslint-disable-line no-unused-vars
  * @param  {String}  [sort='']             if empty as is, else allowed 'keys',
  *                                         'values' all others are ignored
  * @return {String}                        html with build options block
+ * @deprecated use utils.js
  */
 function html_options(name, data, selected = '', options_only = false, return_string = false, sort = '') // eslint-disable-line no-unused-vars
 {
@@ -1159,6 +1276,7 @@ function html_options(name, data, selected = '', options_only = false, return_st
  *                                         'values' all others are ignored
  * @param  {String}  [onchange='']         onchange trigger call, default unset
  * @return {String}                        html with build options block
+ * @deprecated use utils.js
  */
 function html_options_block(
 	name, data, selected = '', multiple = 0, options_only = false, return_string = false, sort = '', onchange = ''
@@ -1241,6 +1359,7 @@ function html_options_block(
  * @param {String} name      name/id
  * @param {Object} data      array of options
  * @param {String} [sort=''] if empty as is, else allowed 'keys', 'values'
+ * @deprecated use utils.js
  *                            all others are ignored
  */
 function html_options_refill(name, data, sort = '') // eslint-disable-line no-unused-vars
@@ -1289,6 +1408,7 @@ function html_options_refill(name, data, sort = '') // eslint-disable-line no-un
  * @param  {String}        [return_key=''] if set only returns this key entry
  *                                         or empty for none
  * @return {Object|String}                 parameter entry list
+ * @deprecated use utils.js
  */
 function parseQueryString(query = '', return_key = '') // eslint-disable-line no-unused-vars
 {
@@ -1343,6 +1463,7 @@ function parseQueryString(query = '', return_key = '') // eslint-disable-line no
  * @return {Object|Array|String}          if search is empty, object, if search is set
  *                                        and only one entry, then string, else array
  *                                        unless single is true
+ * @deprecated use utils.js
  */
 function getQueryStringParam(search = '', query = '', single = false) // eslint-disable-line no-unused-vars
 {
@@ -1380,6 +1501,7 @@ function getQueryStringParam(search = '', query = '', single = false) // eslint-
 // *** MASTER logout call
 /**
  * submits basic data for form logout
+ * @deprecated use utils.js
  */
 function loginLogout() // eslint-disable-line no-unused-vars
 {
@@ -1400,6 +1522,7 @@ function loginLogout() // eslint-disable-line no-unused-vars
  * @param {String} [header_id='mainHeader'] the target for the main element block
  *                                          if not set mainHeader is assumed
  *                                          this is the target div for the "loginRow"
+ * @deprecated use utils.js
  */
 function createLoginRow(login_string, header_id = 'mainHeader') // eslint-disable-line no-unused-vars
 {
@@ -1435,6 +1558,7 @@ function createLoginRow(login_string, header_id = 'mainHeader') // eslint-disabl
  * @param {String} [header_id='mainHeader'] the target for the main element block
  *                                          if not set mainHeader is assumed
  *                                          this is the target div for the "menuRow"
+ * @deprecated use utils.js
  */
 function createNavMenu(nav_menu, header_id = 'mainHeader') // eslint-disable-line no-unused-vars
 {

www/admin/layout/javascript/edit.pt.js

@@ -1,5 +1,11 @@
-/* general edit javascript */
-/* prototype version */
+/*
+general edit javascript
+prototype version
+*/
+
+/** @deprecated Do not use this anymore, use utils.js */
+
+throw new Error("Prototype Support is deprected, please switch to jquery and utils.js/utils.min.js");
 
 /* jshint esversion: 6 */
 
@@ -25,7 +31,7 @@ function pop(theURL, winName, features) {
 
 /**
  * automatically resize a text area based on the amount of lines in it
- * @param {[string} ta_id element id
+ * @param {string} ta_id element id
  */
 function expandTA(ta_id) {
 	var ta;

www/admin/layout/javascript/translateTest-ja_JP.UTF-8.js

@@ -0,0 +1,5 @@
+var i18n = {
+	"Original": "Translated"
+};
+
+// __END__

www/admin/test.javascript.html

@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<head>
+	<title>JavaScript Test</title>
+	<script type="text/javascript" src="layout/javascript/jquery.min.js"></script>
+	<script type="text/javascript" src="layout/javascript/translateTest-ja_JP.UTF-8.js"></script>
+	<script type="text/javascript" src="layout/javascript/utils.min.js"></script>
+</head>
+<body>
+<div>
+	<h1>JavaScript tests</h1>
+	<div id="test-div">
+	</div>
+</div>
+</body>
+<script languagae="JavaScript">
+document.addEventListener('DOMContentLoaded', function() {
+	console.log('MAIN PAGE LOADED');
+	// console.log('Random: %o', mh.randomIdF());
+	console.log('Random: %o', randomIdF());
+	console.log("GW: %o", getWindowSize());
+	let bytes = 1021152;
+	console.log('FB: %o', formatBytes(bytes));
+	console.log('FBL: %o', formatBytesLong(bytes));
+	console.log('TR: %s', l10n.__('Original'));
+	console.log('TR: %s', l10n.__('Not exists'));
+
+	setCenter('test-div', true, true);
+	ClearCall();
+	overlayBoxShow();
+	actionIndicatorShow('testSmarty');
+	setTimeout(function() {
+		console.log('Waiting dummy ...');
+		actionIndicatorHide('testSmarty');
+		ClearCall();
+	}, 2000);
+});
+</script>

www/composer.json

@@ -24,6 +24,7 @@
         "egrajp/smarty-extended": "^5.4",
         "php": ">=8.1",
         "gullevek/dotenv": "^2.0",
-        "psr/log": "^2.0 || ^3.0"
+        "psr/log": "^2.0 || ^3.0",
+        "php-privacy/openpgp": "^2.1"
     }
 }

www/configs/.target.example

@@ -0,0 +1,3 @@
+# target can be live, stage, test, dev
+# this overrides the SITE set "location" entry
+TARGET=

www/configs/config.master.php

@@ -78,42 +78,11 @@ define('TEMPLATES_C', 'templates_c' . DIRECTORY_SEPARATOR);
 // template base
 define('TEMPLATES', 'templates' . DIRECTORY_SEPARATOR);
 
-/************* HASH / ACL DEFAULT / ERROR SETTINGS / SMARTY *************/
+/************* HASH / ACL DEFAULT *************/
 // default hash type
 define('DEFAULT_HASH', 'sha256');
 // default acl level
-define('DEFAULT_ACL_LEVEL', 80);
-// SSL host name
-// define('SSL_HOST', $_ENV['SSL_HOST'] ?? '');
-// error page strictness, Default is 3
-// 1: only show error page as the last mesure if really no mid & aid can be loaded and found at all
-// 2: if template not found, do not search, show error template
-// 3: if default template is not found, show error template, do not fall back to default tree
-// 4: very strict, even on normal fixable errors through error
-// define('ERROR_STRICT', 3);
-// allow page caching in general, set to 'false' if you do debugging or development!
-// define('ALLOW_SMARTY_CACHE', false);
-// cache life time, in second', default here is 2 days (172800s)
-// -1 is never expire cache
-// define('SMARTY_CACHE_LIFETIME', -1);
-
-/************* LOGOUT ********************/
-// logout target
-define('LOGOUT_TARGET', '');
-
-/************* AJAX / ACCESS *************/
-// ajax request type
-define('AJAX_REQUEST_TYPE', 'POST');
-// what AJAX type to use
-define('USE_PROTOTYPE', false);
-define('USE_SCRIPTACULOUS', false);
-define('USE_JQUERY', true);
-
-/************* LAYOUT WIDTHS *************/
-define('PAGE_WIDTH', '100%');
-define('CONTENT_WIDTH', '100%');
-// the default template name
-define('MASTER_TEMPLATE_NAME', 'main_body.tpl');
+define('DEFAULT_ACL_LEVEL', $ENV['DEFAULT_ACL_LEVEL'] ?? 80);
 
 /************* OVERALL CONTROL NAMES *************/
 // BELOW has HAS to be changed
@@ -136,24 +105,15 @@ define('COMPILE_ID', 'COMPILE_' . BASE_NAME . '_' . SERVER_NAME_HASH);
 
 /************* LANGUAGE / ENCODING *******/
 // default lang + encoding
-define('DEFAULT_LOCALE', 'en_US.UTF-8');
+define('DEFAULT_LOCALE', $_ENV['LOCALE'] ?? 'en_US.UTF-8');
 // default web page encoding setting
-define('DEFAULT_ENCODING', 'UTF-8');
+define('DEFAULT_ENCODING', (string)array_pad(explode('.', DEFAULT_LOCALE, 2), 2, 'UTF-8')[1]);
 
-/************* QUEUE TABLE *************/
-// if we have a dev/live system
-// set_live is a per page/per item
-// live_queue is a global queue system
-// define('QUEUE', 'live_queue');
-
-/************* DB PATHS (PostgreSQL) *****************/
-// schema names, can also be defined per <DB INFO>
-define('PUBLIC_SCHEMA', 'public');
-define('DEV_SCHEMA', 'public');
-define('TEST_SCHEMA', 'public');
-define('LIVE_SCHEMA', 'public');
-define('GLOBAL_DB_SCHEMA', '');
-define('LOGIN_DB_SCHEMA', '');
+/************* HOST NAME *****************/
+// get the name without the port
+list($HOST_NAME) = array_pad(explode(':', $_SERVER['HTTP_HOST'], 2), 2, null);
+// set HOST name
+define('HOST_NAME', $HOST_NAME);
 
 /************* CORE HOST SETTINGS *****************/
 if (file_exists(BASE . CONFIGS . 'config.host.php')) {
@@ -162,6 +122,14 @@ if (file_exists(BASE . CONFIGS . 'config.host.php')) {
 if (!isset($SITE_CONFIG)) {
 	$SITE_CONFIG = [];
 }
+// BAIL ON MISSING MASTER SITE CONFIG
+if (!isset($SITE_CONFIG[HOST_NAME]['location'])) {
+	throw new \InvalidArgumentException(
+		'Missing SITE_CONFIG entry for: "' . HOST_NAME . '". Contact Administrator'
+	);
+}
+// set target first
+define('TARGET', $_ENV['TARGET'] ?? $SITE_CONFIG[HOST_NAME]['location'] ?? 'test');
 /************* DB ACCESS *****************/
 if (file_exists(BASE . CONFIGS . 'config.db.php')) {
 	require BASE . CONFIGS . 'config.db.php';
@@ -175,18 +143,6 @@ if (file_exists(BASE . CONFIGS . 'config.path.php')) {
 }
 
 /************* MASTER INIT *****************/
-// live frontend pages
-// ** missing live domains **
-// get the name without the port
-[$HOST_NAME] = array_pad(explode(':', $_SERVER['HTTP_HOST'], 2), 2, null);
-// set HOST name
-define('HOST_NAME', $HOST_NAME);
-// BAIL ON MISSING MASTER SITE CONFIG
-if (!isset($SITE_CONFIG[HOST_NAME]['location'])) {
-	throw new \InvalidArgumentException(
-		'Missing SITE_CONFIG entry for: "' . HOST_NAME . '". Contact Administrator'
-	);
-}
 // BAIL ON MISSING DB CONFIG:
 // we have either no db selction for this host but have db config entries
 // or we have a db selection but no db config as array or empty
@@ -237,35 +193,31 @@ define('DB_CONFIG', $DB_CONFIG[DB_CONFIG_NAME] ?? [
 ]);
 // because we can't change constant, but we want to for db debug flag
 $GLOBALS['DB_CONFIG_SET'] = DB_CONFIG;
-// define('DB_CONFIG_TARGET', SITE_CONFIG[$HOST_NAME]['db_host_target']);
-// define('DB_CONFIG_OTHER', SITE_CONFIG[$HOST_NAME]['db_host_other']);
-// override for login and global schemas
-// where the edit* tables are
-// define('LOGIN_DB_SCHEMA', PUBLIC_SCHEMA);
-// where global tables are that are used by all schemas (eg queue tables for online, etc)
-// define('GLOBAL_DB_SCHEMA', PUBLIC_SCHEMA);
 // debug settings, site lang, etc
-define('TARGET', $SITE_CONFIG[HOST_NAME]['location'] ?? 'test');
 define('DEBUG_LEVEL', $SITE_CONFIG[HOST_NAME]['debug_level'] ?? 'debug');
 define('SITE_LOCALE', $SITE_CONFIG[HOST_NAME]['site_locale'] ?? DEFAULT_LOCALE);
 define('SITE_DOMAIN', str_replace(DIRECTORY_SEPARATOR, '', CONTENT_PATH));
 define('SITE_ENCODING', $SITE_CONFIG[HOST_NAME]['site_encoding'] ?? DEFAULT_ENCODING);
 define('LOGIN_ENABLED', $SITE_CONFIG[HOST_NAME]['login_enabled'] ?? false);
 define('AUTH', $SITE_CONFIG[HOST_NAME]['auth'] ?? false);
-// paths
-// define('CSV_PATH', $PATHS[TARGET]['csv_path'] ?? '');
-// define('EXPORT_SCRIPT', $PATHS[TARGET]['perl_bin'] ?? '');
-// define('REDIRECT_URL', $PATHS[TARGET]['redirect_url'] ?? '');
 
+// NOTE: everything below is smarty related and should be removed from here
 /************* GENERAL PAGE TITLE ********/
 define('G_TITLE', $_ENV['G_TITLE'] ?? '');
-
+/************* LAYOUT WIDTHS *************/
+define('PAGE_WIDTH', $_ENV['SMARTY.PAGE_WIDTH'] ?? '100%');
+define('CONTENT_WIDTH', $_ENV['SMARTY.CONTENT_WIDTH'] ?? '100%');
+// the default template name
+define('MASTER_TEMPLATE_NAME', $_ENV['MASTER_TEMPLATE_NAME'] ?? 'main_body.tpl');
+/************* JS LIBRARIES *************/
+define('USE_PROTOTYPE', false);
+define('USE_SCRIPTACULOUS', false);
+define('USE_JQUERY', true);
 /************ STYLE SHEETS / JS **********/
-define('ADMIN_STYLESHEET', 'edit.css');
-define('ADMIN_JAVASCRIPT', 'edit.js');
+define('ADMIN_STYLESHEET', $_ENV['ADMIN.STYLESHEET'] ?? 'edit.css');
+define('ADMIN_JAVASCRIPT', $_ENV['ADMIN.JAVASCRIPT'] ?? 'edit.js');
 define('STYLESHEET', $_ENV['STYLESHEET'] ?? 'frontend.css');
 define('JAVASCRIPT', $_ENV['JAVASCRIPT'] ?? 'frontend.js');
-
 // anything optional
 /************* INTERNAL ******************/
 // any other global definitons in the config.other.php

www/configs/config.other.php

@@ -15,6 +15,12 @@ define('EDIT_BASE_STYLESHEET', 'edit.css');
 
 // define('SOME_ID', <SOME VALUE>);
 
+/************* QUEUE TABLE *************/
+// if we have a dev/live system
+// set_live is a per page/per item
+// live_queue is a global queue system
+// define('QUEUE', 'live_queue');
+
 /************* CONVERT *******************/
 // this only needed if the external thumbnail create is used
 $paths = [

www/configs/config.path.php

@@ -35,4 +35,9 @@ define('CONTENT_PATH', $folder . DIRECTORY_SEPARATOR);
 	],
 ];*/
 
+// paths
+// define('CSV_PATH', $PATHS[TARGET]['csv_path'] ?? '');
+// define('EXPORT_SCRIPT', $PATHS[TARGET]['perl_bin'] ?? '');
+// define('REDIRECT_URL', $PATHS[TARGET]['redirect_url'] ?? '');
+
 // __END__

www/configs/config.php

@@ -53,6 +53,11 @@ for (
 		\gullevek\dotEnv\DotEnv::readEnvFile(
 			$__DIR__PATH . $CONFIG_PATH_PREFIX . CONFIG_PATH
 		);
+		// load target file if it exists
+		\gullevek\dotEnv\DotEnv::readEnvFile(
+			$__DIR__PATH . $CONFIG_PATH_PREFIX . CONFIG_PATH,
+			'.target'
+		);
 		// load master config file that loads all other config files
 		require $__DIR__PATH . $CONFIG_PATH_PREFIX . CONFIG_PATH . 'config.master.php';
 		break;

www/lib/CoreLibs/ACL/Login.php

@@ -423,14 +423,9 @@ class Login
 
 		// LOGOUT TARGET
 		if (!isset($options['logout_target'])) {
-			if (defined('LOGOUT_TARGET')) {
-				trigger_error(
-					'loginMainCall: LOGOUT_TARGET should not be used',
-					E_USER_DEPRECATED
-				);
-				$options['logout_target'] = LOGOUT_TARGET;
-				$this->logout_target = $options['logout_target'];
-			}
+			// defaults to ''
+			$options['logout_target'] = '';
+			$this->logout_target = $options['logout_target'];
 		}
 
 		// *** PASSWORD SETTINGS

www/lib/CoreLibs/Basic.php

@@ -103,11 +103,7 @@ class Basic
 				'VIDEOS', 'DOCUMENTS', 'PDFS', 'BINARIES', 'ICONS', 'UPLOADS', 'CSV', 'JS',
 				'CSS', 'TABLE_ARRAYS', 'SMARTY', 'LANG', 'CACHE', 'TMP', 'LOG', 'TEMPLATES',
 				'TEMPLATES_C', 'DEFAULT_LANG', 'DEFAULT_ENCODING', 'DEFAULT_HASH',
-				'DEFAULT_ACL_LEVEL', 'LOGOUT_TARGET', 'PASSWORD_CHANGE', 'AJAX_REQUEST_TYPE',
-				'USE_PROTOTYPE', 'USE_SCRIPTACULOUS', 'USE_JQUERY', 'PAGE_WIDTH',
-				'MASTER_TEMPLATE_NAME', 'PUBLIC_SCHEMA', 'TEST_SCHEMA', 'DEV_SCHEMA',
-				'LIVE_SCHEMA', 'DB_CONFIG_NAME', 'DB_CONFIG', 'TARGET', 'DEBUG',
-				'SHOW_ALL_ERRORS'
+				'DB_CONFIG_NAME', 'DB_CONFIG', 'TARGET'
 			] as $constant
 		) {
 			if (!defined($constant)) {
@@ -1028,8 +1024,12 @@ class Basic
 	 */
 	public function __sha1Short(string $string, bool $use_sha = false): string
 	{
-		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Create\Hash::__sha1Short()', E_USER_DEPRECATED);
-		return \CoreLibs\Create\Hash::__sha1Short($string, $use_sha);
+		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Create\Hash::sha1Short() or ::__crc32b()', E_USER_DEPRECATED);
+		if ($use_sha) {
+			return \CoreLibs\Create\Hash::sha1Short($string);
+		} else {
+			return \CoreLibs\Create\Hash::__crc32b($string);
+		}
 	}
 
 	/**
@@ -1044,8 +1044,8 @@ class Basic
 	 */
 	public function __hash(string $string, string $hash_type = 'adler32'): string
 	{
-		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Create\Hash::__hash()', E_USER_DEPRECATED);
-		return \CoreLibs\Create\Hash::__hash($string, $hash_type);
+		trigger_error('Method ' . __METHOD__ . ' is deprecated, use \CoreLibs\Create\Hash::hash()', E_USER_DEPRECATED);
+		return \CoreLibs\Create\Hash::hash($string, $hash_type);
 	}
 
 	// *** HASH FUNCTIONS END

www/lib/CoreLibs/Combined/DateTime.php

@@ -714,6 +714,66 @@ class DateTime
 		}
 	}
 
+	/**
+	 * wrapper for calcDaysInterval with numeric return only
+	 *
+	 * @param  string $start_date   valid start date (y/m/d)
+	 * @param  string $end_date     valid end date (y/m/d)
+	 * @param  bool   $include_end_date [default=true] include end date in calc
+	 * @param  bool   $exclude_start_date [default=false] include end date in calc
+	 * @return array{0:int,1:int,2:int,3:bool}
+	 */
+	public static function calcDaysIntervalNumIndex(
+		string $start_date,
+		string $end_date,
+		bool $include_end_date = true,
+		bool $exclude_start_date = false
+	): array {
+		$values = self::calcDaysInterval(
+			$start_date,
+			$end_date,
+			false,
+			$include_end_date,
+			$exclude_start_date
+		);
+		return [
+			$values[0] ?? 0,
+			$values[1] ?? 0,
+			$values[2] ?? 0,
+			$values[3] ?? false,
+		];
+	}
+
+	/**
+	 * wrapper for calcDaysInterval with named return only
+	 *
+	 * @param  string $start_date   valid start date (y/m/d)
+	 * @param  string $end_date     valid end date (y/m/d)
+	 * @param  bool   $include_end_date [default=true] include end date in calc
+	 * @param  bool   $exclude_start_date [default=false] include end date in calc
+	 * @return array{overall:int,weekday:int,weekend:int,reverse:bool}
+	 */
+	public static function calcDaysIntervalNamedIndex(
+		string $start_date,
+		string $end_date,
+		bool $include_end_date = true,
+		bool $exclude_start_date = false
+	): array {
+		$values = self::calcDaysInterval(
+			$start_date,
+			$end_date,
+			true,
+			$include_end_date,
+			$exclude_start_date
+		);
+		return [
+			'overall' => $values['overall'] ?? 0,
+			'weekday' => $values['weekday'] ?? 0,
+			'weekend' => $values['weekend'] ?? 0,
+			'reverse' => $values['reverse'] ?? false,
+		];
+	}
+
 	/**
 	 * check if a weekend day (sat/sun) is in the given date range
 	 * Can have time too, but is not needed

www/lib/CoreLibs/Convert/Html.php

@@ -10,9 +10,16 @@ namespace CoreLibs\Convert;
 
 class Html
 {
+	/** @var int */
 	public const SELECTED = 0;
+	/** @var int */
 	public const CHECKED = 1;
 
+	// TODO: check for not valid htmlentites encoding
+	// as of PHP 8.4: https://www.php.net/manual/en/function.htmlentities.php
+	/** @#var array<string> */
+	// public const VALID_HTMLENT_ENCODINGS = [];
+
 	/**
 	 * full wrapper for html entities
 	 *
@@ -22,14 +29,19 @@ class Html
 	 * encodes in UTF-8
 	 * does not double encode
 	 *
-	 * @param  mixed $string string to html encode
-	 * @param  int   $flags [default: ENT_QUOTES | ENT_HTML5]
+	 * @param  mixed  $string string to html encode
+	 * @param  int    $flags [default=ENT_QUOTES | ENT_HTML5]
+	 * @param  string $encoding [default=UTF-8]
 	 * @return mixed         if string, encoded, else as is (eg null)
 	 */
-	public static function htmlent(mixed $string, int $flags = ENT_QUOTES | ENT_HTML5): mixed
-	{
+	public static function htmlent(
+		mixed $string,
+		int $flags = ENT_QUOTES | ENT_HTML5,
+		string $encoding = 'UTF-8'
+	): mixed {
 		if (is_string($string)) {
-			return htmlentities($string, $flags, 'UTF-8', false);
+			// if not a valid encoding this will throw a warning and use UTF-8
+			return htmlentities($string, $flags, $encoding, false);
 		}
 		return $string;
 	}
@@ -37,7 +49,7 @@ class Html
 	/**
 	 * strips out all line breaks or replaced with given string
 	 * @param  string $string  string
-	 * @param  string $replace replace character, default ' '
+	 * @param  string $replace [default=' '] replace character
 	 * @return string          cleaned string without any line breaks
 	 */
 	public static function removeLB(string $string, string $replace = ' '): string

www/lib/CoreLibs/Create/Hash.php

@@ -10,9 +10,14 @@ namespace CoreLibs\Create;
 
 class Hash
 {
+	/** @var string default short hash -> deprecated use STANDARD_HASH_SHORT */
 	public const DEFAULT_HASH = 'adler32';
+	/** @var string default long hash (40 chars) */
 	public const STANDARD_HASH_LONG = 'ripemd160';
+	/** @var string default short hash (8 chars) */
 	public const STANDARD_HASH_SHORT = 'adler32';
+	/** @var string this is the standard hash to use hashStd and hash (64 chars) */
+	public const STANDARD_HASH = 'sha256';
 
 	/**
 	 * checks php version and if >=5.2.7 it will flip the string
@@ -20,6 +25,7 @@ class Hash
 	 * hash returns false
 	 * preg_replace fails for older php version
 	 * Use __hash with crc32b or hash('crc32b', ...) for correct output
+	 * For future short hashes use hashShort() instead
 	 *
 	 * @param  string $string string to crc
 	 * @return string         crc32b hash (old type)
@@ -43,19 +49,31 @@ class Hash
 	 * replacement for __crc32b call
 	 *
 	 * @param  string $string  string to hash
-	 * @param  bool   $use_sha use sha instead of crc32b (default false)
+	 * @param  bool   $use_sha [default=false] use sha1 instead of crc32b
 	 * @return string          hash of the string
+	 * @deprecated use __crc32b() for drop in replacement with default, or sha1Short() for use sha true
 	 */
 	public static function __sha1Short(string $string, bool $use_sha = false): string
 	{
 		if ($use_sha) {
-			// return only the first 9 characters
-			return substr(hash('sha1', $string), 0, 9);
+			return self::sha1Short($string);
 		} else {
 			return self::__crc32b($string);
 		}
 	}
 
+	/**
+	 * returns a short sha1
+	 *
+	 * @param  string $string  string to hash
+	 * @return string          hash of the string
+	 */
+	public static function sha1Short(string $string): string
+	{
+		// return only the first 9 characters
+		return substr(hash('sha1', $string), 0, 9);
+	}
+
 	/**
 	 * replacemend for __crc32b call (alternate)
 	 * defaults to adler 32
@@ -63,34 +81,135 @@ class Hash
 	 * all that create 8 char long hashes
 	 *
 	 * @param  string $string    string to hash
-	 * @param  string $hash_type hash type (default adler32)
+	 * @param  string $hash_type [default=STANDARD_HASH_SHORT] hash type (default adler32)
 	 * @return string            hash of the string
+	 * @deprecated use hashShort() of short hashes with adler 32 or hash() for other hash types
 	 */
 	public static function __hash(
 		string $string,
-		string $hash_type = self::DEFAULT_HASH
+		string $hash_type = self::STANDARD_HASH_SHORT
+	): string {
+		return self::hash($string, $hash_type);
+	}
+
+	/**
+	 * check if hash type is valid, returns false if not
+	 *
+	 * @param  string $hash_type
+	 * @return bool
+	 */
+	public static function isValidHashType(string $hash_type): bool
+	{
+		if (!in_array($hash_type, hash_algos())) {
+			return false;
+		}
+		return true;
+	}
+
+	/**
+	 * check if hash hmac type is valid, returns false if not
+	 *
+	 * @param  string $hash_hmac_type
+	 * @return bool
+	 */
+	public static function isValidHashHmacType(string $hash_hmac_type): bool
+	{
+		if (!in_array($hash_hmac_type, hash_hmac_algos())) {
+			return false;
+		}
+		return true;
+	}
+
+	/**
+	 * creates a hash over string if any valid hash given.
+	 * if no hash type set use sha256
+	 *
+	 * @param  string $string    string to hash
+	 * @param  string $hash_type [default=STANDARD_HASH] hash type (default sha256)
+	 * @return string            hash of the string
+	 */
+	public static function hash(
+		string $string,
+		string $hash_type = self::STANDARD_HASH
 	): string {
-		// if not empty, check if in valid list
 		if (
 			empty($hash_type) ||
 			!in_array($hash_type, hash_algos())
 		) {
-			// fallback to default hash type if none set or invalid
-			$hash_type = self::DEFAULT_HASH;
+			// fallback to default hash type if empty or invalid
+			$hash_type = self::STANDARD_HASH;
 		}
 		return hash($hash_type, $string);
 	}
 
 	/**
-	 * Wrapper function for standard long hashd
+	 * creates a hash mac key
+	 *
+	 * @param  string $string    string to hash mac
+	 * @param  string $key       key to use
+	 * @param  string $hash_type [default=STANDARD_HASH]
+	 * @return string            hash mac string
+	 */
+	public static function hashHmac(
+		string $string,
+		#[\SensitiveParameter]
+		string $key,
+		string $hash_type = self::STANDARD_HASH
+	): string {
+		if (
+			empty($hash_type) ||
+			!in_array($hash_type, hash_hmac_algos())
+		) {
+			// fallback to default hash type if e or invalid
+			$hash_type = self::STANDARD_HASH;
+		}
+		return hash_hmac($hash_type, $string, $key);
+	}
+
+	/**
+	 * short hash with max length of 8, uses adler32
+	 *
+	 * @param  string $string string to hash
+	 * @return string         hash of the string
+	 */
+	public static function hashShort(string $string): string
+	{
+		return hash(self::STANDARD_HASH_SHORT, $string);
+	}
+
+	/**
+	 * Wrapper function for standard long hash
+	 *
+	 * @param string $string String to be hashed
+	 * @return string        Hashed string
+	 * @deprecated use hashLong()
+	 */
+	public static function __hashLong(string $string): string
+	{
+		return self::hashLong($string);
+	}
+
+	/**
+	 * Wrapper function for standard long hash, uses ripmd160
 	 *
 	 * @param string $string String to be hashed
 	 * @return string        Hashed string
 	 */
-	public static function __hashLong(string $string): string
+	public static function hashLong(string $string): string
 	{
 		return hash(self::STANDARD_HASH_LONG, $string);
 	}
+
+	/**
+	 * create standard hash basd on STANDAR_HASH, currently sha256
+	 *
+	 * @param  string $string string in
+	 * @return string         hash of the string
+	 */
+	public static function hashStd(string $string): string
+	{
+		return self::hash($string, self::STANDARD_HASH);
+	}
 }
 
 // __END__

www/lib/CoreLibs/DB/IO.php

@@ -303,6 +303,8 @@ class IO
 	private string $query = '';
 	/** @var array<mixed> current params for query */
 	private array $params = [];
+	/** @var string current hash build from query and params */
+	private string $query_hash = '';
 	// if we do have a convert call, store the convert data in here, else it will be empty
 	/** @var array{}|array{original:array{query:string,params:array<mixed>},type:''|'named'|'numbered'|'question_mark',found:int,matches:array<string>,params_lookup:array<mixed>,query:string,params:array<mixed>} */
 	private array $placeholder_converted = [];
@@ -1319,7 +1321,7 @@ class IO
 	 */
 	private function __dbCountQueryParams(string $query): int
 	{
-		return $this->db_functions->__dbCountQueryParams($query);
+		return count($this->db_functions->__dbGetQueryParams($query));
 	}
 
 	/**
@@ -1382,6 +1384,8 @@ class IO
 		$this->query = $query;
 		// current params
 		$this->params = $params;
+		// empty on new
+		$this->query_hash = '';
 		// no query set
 		if (empty($this->query)) {
 			$this->__dbError(11);
@@ -1441,7 +1445,7 @@ class IO
 			$this->returning_id = true;
 		}
 		// import protection, hash needed
-		$query_hash = $this->dbGetQueryHash($this->query, $this->params);
+		$query_hash = $this->dbBuildQueryHash($this->query, $this->params);
 		// QUERY PARAMS: run query params check and rewrite
 		if ($this->dbGetConvertPlaceholder() === true) {
 			try {
@@ -1475,7 +1479,8 @@ class IO
 				return false;
 			}
 		}
-
+		// set query hash
+		$this->query_hash = $query_hash;
 		// $this->debug('DB IO', 'Q: ' . $this->query . ', RETURN: ' . $this->returning_id);
 		// for DEBUG, only on first time ;)
 		$this->__dbDebug(
@@ -1959,7 +1964,7 @@ class IO
 	{
 		// set start array
 		if ($query) {
-			$array = $this->cursor_ext[$this->dbGetQueryHash($query)] ?? [];
+			$array = $this->cursor_ext[$this->dbBuildQueryHash($query)] ?? [];
 		} else {
 			$array = $this->cursor_ext;
 		}
@@ -2361,7 +2366,7 @@ class IO
 			return false;
 		}
 		// create hash from query ...
-		$query_hash = $this->dbGetQueryHash($query, $params);
+		$query_hash = $this->dbBuildQueryHash($query, $params);
 		// pre declare array
 		if (!isset($this->cursor_ext[$query_hash])) {
 			$this->cursor_ext[$query_hash] = [
@@ -2940,7 +2945,7 @@ class IO
 	public function dbCacheReset(string $query, array $params = []): bool
 	{
 		$this->__dbErrorReset();
-		$query_hash = $this->dbGetQueryHash($query, $params);
+		$query_hash = $this->dbBuildQueryHash($query, $params);
 		// clears cache for this query
 		if (empty($this->cursor_ext[$query_hash]['query'])) {
 			$this->__dbWarning(18, context: [
@@ -2982,7 +2987,7 @@ class IO
 		if ($query === null) {
 			return $this->cursor_ext;
 		}
-		$query_hash = $this->dbGetQueryHash($query, $params);
+		$query_hash = $this->dbBuildQueryHash($query, $params);
 		if (
 			!empty($this->cursor_ext) &&
 			isset($this->cursor_ext[$query_hash])
@@ -3012,7 +3017,7 @@ class IO
 			$this->__dbError(11);
 			return false;
 		}
-		$query_hash = $this->dbGetQueryHash($query, $params);
+		$query_hash = $this->dbBuildQueryHash($query, $params);
 		if (
 			!empty($this->cursor_ext) &&
 			isset($this->cursor_ext[$query_hash])
@@ -3038,7 +3043,7 @@ class IO
 			$this->__dbError(11);
 			return false;
 		}
-		$query_hash = $this->dbGetQueryHash($query, $params);
+		$query_hash = $this->dbBuildQueryHash($query, $params);
 		if (
 			!empty($this->cursor_ext) &&
 			isset($this->cursor_ext[$query_hash])
@@ -3064,7 +3069,7 @@ class IO
 	 */
 	public function dbResetQueryCalled(string $query, array $params = []): void
 	{
-		$this->query_called[$this->dbGetQueryHash($query, $params)] = 0;
+		$this->query_called[$this->dbBuildQueryHash($query, $params)] = 0;
 	}
 
 	/**
@@ -3077,7 +3082,7 @@ class IO
 	 */
 	public function dbGetQueryCalled(string $query, array $params = []): int
 	{
-		$query_hash = $this->dbGetQueryHash($query, $params);
+		$query_hash = $this->dbBuildQueryHash($query, $params);
 		if (!empty($this->query_called[$query_hash])) {
 			return $this->query_called[$query_hash];
 		} else {
@@ -4046,7 +4051,7 @@ class IO
 	}
 
 	/**
-	 * Returns hash for query
+	 * Creates hash for query and parameters
 	 * Hash is used in all internal storage systems for return data
 	 *
 	 * @param  string       $query  The query to create the hash from
@@ -4054,9 +4059,9 @@ class IO
 	 *                              data to create a unique call one, optional
 	 * @return string               Hash, as set by hash long
 	 */
-	public function dbGetQueryHash(string $query, array $params = []): string
+	public function dbBuildQueryHash(string $query, array $params = []): string
 	{
-		return Hash::__hashLong(
+		return Hash::hashLong(
 			$query . (
 				$params !== [] ?
 					'#' . json_encode($params) : ''
@@ -4104,6 +4109,26 @@ class IO
 		$this->params = [];
 	}
 
+	/**
+	 * get the current set query hash
+	 *
+	 * @return string Current Query hash
+	 */
+	public function dbGetQueryHash(): string
+	{
+		return $this->query_hash;
+	}
+
+	/**
+	 * reset query hash
+	 *
+	 * @return void
+	 */
+	public function dbResetQueryHash(): void
+	{
+		$this->query_hash = '';
+	}
+
 	/**
 	 * Returns the placeholder convert set or empty
 	 *
@@ -4283,6 +4308,17 @@ class IO
 		return $this->field_names[$pos] ?? false;
 	}
 
+	/**
+	 * get all the $ placeholders
+	 *
+	 * @param  string $query
+	 * @return array<string>
+	 */
+	public function dbGetQueryParamPlaceholders(string $query): array
+	{
+		return $this->db_functions->__dbGetQueryParams($query);
+	}
+
 	/**
 	 * Return a field type for a field name or pos,
 	 * will return false if field is not found in list

www/lib/CoreLibs/DB/SQL/Interface/SqlFunctions.php

@@ -379,9 +379,9 @@ interface SqlFunctions
 	 * Undocumented function
 	 *
 	 * @param  string $query
-	 * @return int
+	 * @return array<string>
 	 */
-	public function __dbCountQueryParams(string $query): int;
+	public function __dbGetQueryParams(string $query): array;
 }
 
 // __END__

www/lib/CoreLibs/DB/SQL/PgSQL.php

@@ -978,12 +978,12 @@ class PgSQL implements Interface\SqlFunctions
 	}
 
 	/**
-	 * Count placeholder queries. $ only
+	 * Get the all the $ params, as a unique list
 	 *
 	 * @param  string $query
-	 * @return int
+	 * @return array<string>
 	 */
-	public function __dbCountQueryParams(string $query): int
+	public function __dbGetQueryParams(string $query): array
 	{
 		$matches = [];
 		// regex for params: only stand alone $number allowed
@@ -998,11 +998,11 @@ class PgSQL implements Interface\SqlFunctions
 		// Matches in 1:, must be array_filtered to remove empty, count with array_unique
 		// Regex located in the ConvertPlaceholder class
 		preg_match_all(
-			ConvertPlaceholder::REGEX_LOOKUP_PLACEHOLDERS,
+			ConvertPlaceholder::REGEX_LOOKUP_NUMBERED,
 			$query,
 			$matches
 		);
-		return count(array_unique(array_filter($matches[3])));
+		return array_unique(array_filter($matches[ConvertPlaceholder::MATCHING_POS]));
 	}
 }
 

www/lib/CoreLibs/DB/Support/ConvertPlaceholder.php

@@ -14,76 +14,57 @@ namespace CoreLibs\DB\Support;
 
 class ConvertPlaceholder
 {
-	// NOTE for missing: range */+ are not iplemented in the regex below, but - is for now
-	// NOTE some combinations are allowed, but the query will fail before this
-	/** @var string split regex, entries before $ group */
-	private const PATTERN_QUERY_SPLIT =
-		'\?\?|' // UNKNOWN: double ??, is this to avoid something?
-		. '[\(,]|' // for ',' and '(' mostly in INSERT or ANY()
-		. '[<>=]|' // general set for <, >, = in any query with any combination
-		. '\^@|' // text search for start from text with ^@
-		. '\|\||' // concats two elements
-		. '&&|' // array overlap
-		. '\-\|\-|' // range overlap for array
-		. '[^-]-{1}|' // single -, used in JSON too
-		. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-|' // JSON searches, Array searchs, etc
-		. 'THEN|ELSE' // command parts (CASE)
-	;
-	/** @var string the main regex including  the pattern query split */
-	private const PATTERN_ELEMENT = '(?:\'.*?\')?\s*(?:' . self::PATTERN_QUERY_SPLIT . ')\s*';
+	/** @var string text block in SQL, single quited
+	 * Note that does not include $$..$$ strings or anything with token name or nested ones
+	*/
+	private const PATTERN_TEXT_BLOCK_SINGLE_QUOTE = '(?:\'(?:[^\'\\\\]|\\\\.)*\')';
+	/** @var string text block in SQL, dollar quoted
+	 * NOTE: if this is added everything shifts by one lookup number
+	*/
+	private const PATTERN_TEXT_BLOCK_DOLLAR = '(?:\$(\w*)\$.*?\$\1\$)';
 	/** @var string comment regex
-	 * anything that starts with -- and ends with a line break but any character that is not line break inbetween */
-	private const PATTERN_COMMENT = '(?:\-\-[^\r\n]*?\r?\n)*\s*';
-	/** @var string parts to ignore in the SQL */
-	private const PATTERN_IGNORE =
-		// digit -> ignore
-		'\d+|'
-		// other string -> ignore
-		. '(?:\'.*?\')|';
-	/** @var string named parameters */
-	private const PATTERN_NAMED = '(:\w+)';
-	/** @var string question mark parameters */
-	private const PATTERN_QUESTION_MARK = '(?:(?:\?\?)?\s*(\?{1}))';
-	/** @var string numbered parameters */
+	 * anything that starts with -- and ends with a line break but any character that is not line break inbetween
+	 * this is the FIRST thing in the line and will skip any further lookups */
+	private const PATTERN_COMMENT = '(?:\-\-[^\r\n]*?\r?\n)';
+	// below are the params lookups
+	/** @var string named parameters, must start with single : */
+	private const PATTERN_NAMED = '((?<!:):(?:\w+))';
+	/** @var string question mark parameters, will catch any */
+	private const PATTERN_QUESTION_MARK = '(\?{1})';
+	/** @var string numbered parameters, can only start 1 to 9, second and further digits can be 0-9
+	 * This ignores the $$ ... $$ escape syntax. If we find something like this will fail
+	 * It is recommended to use proper string escape quiting for writing data to the DB
+	*/
 	private const PATTERN_NUMBERED = '(\$[1-9]{1}(?:[0-9]{1,})?)';
 	// below here are full regex that will be used
 	/** @var string replace regex for named (:...) entries */
 	public const REGEX_REPLACE_NAMED = '/'
-		. '(' . self::PATTERN_ELEMENT . ')'
-		. self::PATTERN_COMMENT
-		. '('
-		. self::PATTERN_IGNORE
+		. self::PATTERN_COMMENT . '|'
+		. self::PATTERN_TEXT_BLOCK_SINGLE_QUOTE . '|'
+		. self::PATTERN_TEXT_BLOCK_DOLLAR . '|'
 		. self::PATTERN_NAMED
-		. ')'
 		. '/s';
 	/** @var string replace regex for question mark (?) entries */
 	public const REGEX_REPLACE_QUESTION_MARK = '/'
-		. '(' . self::PATTERN_ELEMENT . ')'
-		. self::PATTERN_COMMENT
-		. '('
-		. self::PATTERN_IGNORE
+		. self::PATTERN_COMMENT . '|'
+		. self::PATTERN_TEXT_BLOCK_SINGLE_QUOTE . '|'
+		. self::PATTERN_TEXT_BLOCK_DOLLAR . '|'
 		. self::PATTERN_QUESTION_MARK
-		. ')'
 		. '/s';
 	/** @var string replace regex for numbered ($n) entries */
 	public const REGEX_REPLACE_NUMBERED = '/'
-		. '(' . self::PATTERN_ELEMENT . ')'
-		. self::PATTERN_COMMENT
-		. '('
-		. self::PATTERN_IGNORE
+		. self::PATTERN_COMMENT . '|'
+		. self::PATTERN_TEXT_BLOCK_SINGLE_QUOTE . '|'
+		. self::PATTERN_TEXT_BLOCK_DOLLAR . '|'
 		. self::PATTERN_NUMBERED
-		. ')'
 		. '/s';
 	/** @var string the main lookup query for all placeholders */
 	public const REGEX_LOOKUP_PLACEHOLDERS = '/'
-		// prefix string part, must match towards
-		// seperator for ( = , ? - [and json/jsonb in pg doc section 9.15]
-		. self::PATTERN_ELEMENT
-		. self::PATTERN_COMMENT
+		. self::PATTERN_COMMENT . '|'
+		. self::PATTERN_TEXT_BLOCK_SINGLE_QUOTE . '|'
+		. self::PATTERN_TEXT_BLOCK_DOLLAR . '|'
 		// match for replace part
 		. '(?:'
-		// ignore parts
-		. self::PATTERN_IGNORE
 		// :name named part (PDO) [1]
 		. self::PATTERN_NAMED . '|'
 		// ? question mark part (PDO) [2]
@@ -94,6 +75,26 @@ class ConvertPlaceholder
 		. ')'
 		// single line -> add line break to matches in "."
 		. '/s';
+	/** @var string lookup for only numbered placeholders */
+	public const REGEX_LOOKUP_NUMBERED = '/'
+		. self::PATTERN_COMMENT . '|'
+		. self::PATTERN_TEXT_BLOCK_SINGLE_QUOTE . '|'
+		. self::PATTERN_TEXT_BLOCK_DOLLAR . '|'
+		// match for replace part
+		. '(?:'
+		// $n numbered part (\PG php) [1]
+		. self::PATTERN_NUMBERED
+		// end match
+		. ')'
+		. '/s';
+	/** @var int position for regex in full placeholder lookup: named */
+	public const LOOOKUP_NAMED_POS = 2;
+	/** @var int position for regex in full placeholder lookup: question mark */
+	public const LOOOKUP_QUESTION_MARK_POS = 3;
+	/** @var int position for regex in full placeholder lookup: numbered */
+	public const LOOOKUP_NUMBERED_POS = 4;
+	/** @var int matches position for replacement and single lookup */
+	public const MATCHING_POS = 2;
 
 	/**
 	 * Convert PDO type query with placeholders to \PG style and vica versa
@@ -132,11 +133,12 @@ class ConvertPlaceholder
 			$found = -1;
 		}
 		/** @var array<string> 1: named */
-		$named_matches = array_filter($matches[1]);
+		$named_matches = array_filter($matches[self::LOOOKUP_NAMED_POS]);
 		/** @var array<string> 2: open ? */
-		$qmark_matches = array_filter($matches[2]);
+		$qmark_matches = array_filter($matches[self::LOOOKUP_QUESTION_MARK_POS]);
 		/** @var array<string> 3: $n matches */
-		$numbered_matches = array_filter($matches[3]);
+		$numbered_matches = array_filter($matches[self::LOOOKUP_NUMBERED_POS]);
+		// print "**MATCHES**: <pre>" . print_r($matches, true) . "</pre>";
 		// count matches
 		$count_named = count(array_unique($named_matches));
 		$count_qmark = count($qmark_matches);
@@ -235,38 +237,37 @@ class ConvertPlaceholder
 		$empty_params = $converted_placeholders['original']['empty_params'];
 		switch ($converted_placeholders['type']) {
 			case 'named':
-				// 0: full
-				// 0: full
-				// 1: pre part
-				// 2: keep part UNLESS '3' is set
-				// 3: replace part :named
+				// 1: replace part :named
 				$pos = 0;
 				$query_new = preg_replace_callback(
 					self::REGEX_REPLACE_NAMED,
 					function ($matches) use (&$pos, &$params_new, &$params_lookup, $params, $empty_params) {
-						// only count up if $match[3] is not yet in lookup table
-						if (!empty($matches[3]) && empty($params_lookup[$matches[3]])) {
+						if (!isset($matches[self::MATCHING_POS])) {
+							throw new \RuntimeException(
+								'Cannot lookup ' . self::MATCHING_POS . ' in matches list',
+								209
+							);
+						}
+						$match = $matches[self::MATCHING_POS];
+						// only count up if $match[1] is not yet in lookup table
+						if (empty($params_lookup[$match])) {
 							$pos++;
-							$params_lookup[$matches[3]] = '$' . $pos;
+							$params_lookup[$match] = '$' . $pos;
 							// skip params setup if param list is empty
 							if (!$empty_params) {
-								$params_new[] = $params[$matches[3]] ??
+								$params_new[] = $params[$match] ??
 									throw new \RuntimeException(
-										'Cannot lookup ' . $matches[3] . ' in params list',
+										'Cannot lookup ' . $match . ' in params list',
 										210
 									);
 							}
 						}
 						// add the connectors back (1), and the data sets only if no replacement will be done
-						return $matches[1] . (
-							empty($matches[3]) ?
-								$matches[2] :
-								$params_lookup[$matches[3]] ??
-									throw new \RuntimeException(
-										'Cannot lookup ' . $matches[3] . ' in params lookup list',
-										211
-									)
-						);
+						return $params_lookup[$match] ??
+							throw new \RuntimeException(
+								'Cannot lookup ' . $match . ' in params lookup list',
+								211
+							);
 					},
 					$converted_placeholders['original']['query']
 				);
@@ -276,61 +277,61 @@ class ConvertPlaceholder
 					// order and data stays the same
 					$params_new = $params ?? [];
 				}
-				// 0: full
-				// 1: pre part
-				// 2: keep part UNLESS '3' is set
-				// 3: replace part ?
+				// 1: replace part ?
 				$pos = 0;
 				$query_new = preg_replace_callback(
 					self::REGEX_REPLACE_QUESTION_MARK,
 					function ($matches) use (&$pos, &$params_lookup) {
+						if (!isset($matches[self::MATCHING_POS])) {
+							throw new \RuntimeException(
+								'Cannot lookup ' . self::MATCHING_POS . ' in matches list',
+								229
+							);
+						}
+						$match = $matches[self::MATCHING_POS];
 						// only count pos up for actual replacements we will do
-						if (!empty($matches[3])) {
+						if (!empty($match)) {
 							$pos++;
 							$params_lookup[] = '$' . $pos;
 						}
 						// add the connectors back (1), and the data sets only if no replacement will be done
-						return $matches[1] . (
-							empty($matches[3]) ?
-								$matches[2] :
-								'$' . $pos
-						);
+						return '$' . $pos;
 					},
 					$converted_placeholders['original']['query']
 				);
 				break;
 			case 'numbered':
-				// 0: full
-				// 1: pre part
-				// 2: keep part UNLESS '3' is set
-				// 3: replace part $numbered
+				// 1: replace part $numbered
 				$pos = 0;
 				$query_new = preg_replace_callback(
 					self::REGEX_REPLACE_NUMBERED,
 					function ($matches) use (&$pos, &$params_new, &$params_lookup, $params, $empty_params) {
-						// only count up if $match[3] is not yet in lookup table
-						if (!empty($matches[3]) && empty($params_lookup[$matches[3]])) {
+						if (!isset($matches[self::MATCHING_POS])) {
+							throw new \RuntimeException(
+								'Cannot lookup ' . self::MATCHING_POS . ' in matches list',
+								239
+							);
+						}
+						$match = $matches[self::MATCHING_POS];
+						// only count up if $match[1] is not yet in lookup table
+						if (empty($params_lookup[$match])) {
 							$pos++;
-							$params_lookup[$matches[3]] = ':' . $pos . '_named';
+							$params_lookup[$match] = ':' . $pos . '_named';
 							// skip params setup if param list is empty
 							if (!$empty_params) {
 								$params_new[] = $params[($pos - 1)] ??
 									throw new \RuntimeException(
 										'Cannot lookup ' . ($pos - 1) . ' in params list',
-										220
+										230
 									);
 							}
 						}
 						// add the connectors back (1), and the data sets only if no replacement will be done
-						return $matches[1] . (
-							empty($matches[3]) ?
-								$matches[2] :
-								$params_lookup[$matches[3]] ??
-								throw new \RuntimeException(
-									'Cannot lookup ' . $matches[3] . ' in params lookup list',
-									221
-								)
-						);
+						return $params_lookup[$match]  ??
+							throw new \RuntimeException(
+								'Cannot lookup ' . $match . ' in params lookup list',
+								231
+							);
 					},
 					$converted_placeholders['original']['query']
 				);

www/lib/CoreLibs/Language/GetLocale.php

@@ -50,7 +50,6 @@ class GetLocale
 				$locale = defined('SITE_LOCALE') && !empty(SITE_LOCALE) ?
 					SITE_LOCALE :
 					// else parse from default, if not 'en'
-					/** @phpstan-ignore-next-line DEFAULT_LOCALE could be empty */
 					(defined('DEFAULT_LOCALE') && !empty(DEFAULT_LOCALE) ?
 						DEFAULT_LOCALE : 'en');
 			}
@@ -97,8 +96,7 @@ class GetLocale
 				$encoding = defined('SITE_ENCODING') && !empty(SITE_ENCODING) ?
 					SITE_ENCODING :
 					// or default encoding, if not 'UTF-8'
-					/** @phpstan-ignore-next-line DEFAULT_LOCALE could be empty */
-					(defined('DEFAULT_ENCODING') && !empty(DEFAULT_ENCODING) ?
+					(defined('DEFAULT_ENCODING') ?
 						DEFAULT_ENCODING : 'UTF-8');
 			}
 		}

www/lib/CoreLibs/Output/Form/Generate.php

@@ -1371,7 +1371,7 @@ class Generate
 							) {
 								$this->msg .= sprintf(
 									$this->l->__('Please enter a valid (%s) input for the <b>%s</b> Field!<br>'),
-									$this->dba->getTableArray()[$key]['error_example'],
+									$this->dba->getTableArray()[$key]['error_example'] ?? '[MISSING]',
 									$this->dba->getTableArray()[$key]['output_name']
 								);
 							}
@@ -2602,7 +2602,7 @@ class Generate
 			}
 		}
 		// add lost error ones
-		$this->log->error('P: ' . $data['prefix'] . ', '
+		$this->log->error('Prefix: ' . $data['prefix'] . ', '
 			. Support::prAr($_POST['ERROR'][$data['prefix']] ?? []));
 		if ($this->error && !empty($_POST['ERROR'][$data['prefix']])) {
 			$prfx = $data['prefix']; // short

www/lib/CoreLibs/Output/Form/TableArrays/EditUsers.php

@@ -182,6 +182,7 @@ class EditUsers implements Interface\TableArraysInterface
 					'type' => 'text',
 					'error_check' => 'unique|custom',
 					'error_regex' => "/^[A-Za-z0-9]+$/",
+					'error_example' => "ABCdef123",
 					'emptynull' => 1,'min_edit_acl' => '100',
 					'min_show_acl' => '100',
 				],

www/lib/CoreLibs/Output/ProgressBar.php

@@ -418,9 +418,7 @@ class ProgressBar
 		// if this is percent, we ignore anything, it is auto positioned
 		if ($this->label[$name]['type'] != 'percent') {
 			foreach (['top', 'left', 'width', 'height'] as $pos_name) {
-				if ($$pos_name !== false) {
-					$this->label[$name][$pos_name] = intval($$pos_name);
-				}
+				$this->label[$name][$pos_name] = intval($$pos_name);
 			}
 
 			if ($align != '') {