2.9.2 114 employees change pass

.phpactor.json

@@ -0,0 +1,4 @@
+{
+    "$schema": "/phpactor.schema.json",
+    "language_server_phpstan.enabled": true
+}

AGENTS.md

@@ -0,0 +1,75 @@
+# Core2 — Agent Instructions
+
+## What this is
+PHP fullstack framework for business apps. Modular MVC with CLI, Gearman workers, REST/SOAP APIs.
+Version: 2.9.1 | PHP >= 8.2 | MySQL/PostgreSQL
+
+## Developer Commands
+
+```bash
+composer install                          # Install deps (classmap-authoritative)
+php cli.php --module cron --action run    # Run CLI task
+php cli.php --module cron --action runJob --param 123
+php worker.php -d -c conf.ini -s site.com # Start Gearman worker daemon
+php worker.php -H                         # Worker help
+
+# Static analysis
+vendor/bin/phpstan analyse                # Level 6, scans inc/ and mod/admin/
+
+# Tests
+vendor/bin/phpunit                        # PHPUnit 9.5 (minimal coverage)
+```
+
+## Project Layout
+
+| Path | What |
+|------|------|
+| `inc/classes/` | 58 core classes — Db, Cache, Acl, Config, Router, Init, Api, SSE |
+| `inc/CoreController.php` | Admin panel controller (action_* methods) |
+| `mod/<name>/` | Modules (admin, auth, billing, cron, webservice, oauth, etc.) |
+| `mod/<name>/vX.Y.Z/` | Module version dirs (e.g. `mod/cron/v3.6.0/`) |
+| `workers/` | Gearman workers (Eventer, Logger, Workhorse) |
+| `html/{default,light,material}/` | UI themes |
+
+## Architecture Facts
+
+- **Entry point**: `Init::dispatch()` routes `module/action/params` → controller method `action_<action>()`
+- **Routing**: `Router::routeParse()` parses URI. `/api/...` → API dispatch, else → module controller
+- **Module naming**: Class `Mod<Name>Controller` for module `<name>`. Submodules use `module_sm_key` as resource ID
+- **Magic getters**: `$this->db`, `$this->cache`, `$this->log`, `$this->translate`, `$this->modAdmin`, `$this->dataUsers`, `$this->apiProfile` — all resolved via `__get()` in `Common`/`Db` base classes
+- **ACL**: Laminas Permissions ACL, role-based. Resources = modules + submodules. Types: `access`, `list_all`, `read_all`, `edit_all`, `delete_all`, `*_owner`, `*_default`. Cached per role
+- **XAJAX**: POST requests from UI go through `post()` function in `Init.php` → `ModAjax.php` methods prefixed with `ax` (e.g. `axSave`, `axDelete`)
+- **SSE**: `/sse` route handled by `Core2\SSE` class
+- **Systemd**: `core2_worker.service` template for Gearman daemon (user=www-data, php8.2)
+
+## Configuration
+
+- **App config**: `conf.ini` next to `index.php`, section = `$_SERVER['SERVER_NAME']` or `production`
+- **Core config**: `core2/conf.ini` (gearman, cache, auth, SSE defaults)
+- **Extended config**: `conf.ext.ini` (optional, merged if present)
+- **Module config**: `mod/<name>/conf.ini` — read via `$this->moduleConfig`
+
+## Key Conventions
+
+- Controller action methods: `public function action_<name>()`
+- Translations: `$this->_("string")` or `$this->translate->tr("string", $module)`
+- Models: `$this->data<Name>` auto-resolves to model classes (e.g. `$this->dataUsers`)
+- API classes: `$this->api<Name>` auto-resolves (e.g. `$this->apiProfile`)
+- Cross-module controllers: `$this->mod<Name>` (e.g. `$this->modAdmin`)
+- File handler contexts: `fileid`, `thumbid`, `tfile`, `field_<name>`
+
+## Gotchas
+
+- `.gitignore` excludes `mod/*` and `html/*` — only `mod/admin` is tracked. Other modules/themes are external
+- `vendor/` is gitignored — always run `composer install`
+- `phpstan-baseline.neon` and `gen/` are gitignored
+- Tests use `$GLOBALS['DB_NAME']`, `$GLOBALS['DB_USER']`, etc. for DB config — set before running
+- Test bootstrap expects `core2/` subdirectory structure (DOC_ROOT points 2 levels up from `tests/`)
+- Multiple DEPRECATED auth paths still present (`HTTP_CORE2M` header, `apikey` param)
+- FIXME/TODO comments throughout — do not treat as implemented
+
+## Security Notes
+
+- Default admin password is MD5("admin") = `ad7123ebca969de21e49c12a7d69ce25` — change immediately
+- `Tool::password_verify_secure()` used for password verification
+- POST requests check `HTTP_REFERER` for same-host validation

cli.php

@@ -2,12 +2,6 @@
 <?php
 namespace Core2;
 
-require_once 'inc/classes/Error.php';
-require_once 'inc/classes/Cli.php';
-require_once 'inc/classes/Registry.php';
-require_once 'inc/classes/Config.php';
-require_once 'inc/classes/I18n.php';
-
 try {
     if (PHP_SAPI !== 'cli') {
         throw new \Exception("Allowed for CLI only.");
@@ -17,6 +11,11 @@
         throw new \Exception("Composer autoload is missing.");
     }
     require_once($autoload);
+    require_once 'inc/classes/Error.php';
+    require_once 'inc/classes/Cli.php';
+    require_once 'inc/classes/Registry.php';
+    require_once 'inc/classes/Config.php';
+    require_once 'inc/classes/I18n.php';
 
     $_SERVER['SERVER_NAME'] = '_';
     $options = getopt('c:m:a:p:s:h', array(

composer.json

@@ -46,7 +46,7 @@
     "phpseclib/phpseclib": "~2.0",
     "zircote/swagger-php": "6.*",
     "phpmailer/phpmailer": "v6.9.3",
-    "predis/predis": "^2.0",
+    "predis/predis": "v3.4.2",
     "ext-json": "*",
     "ext-zip": "*",
     "ext-mbstring": "*",

conf.ini

@@ -11,7 +11,7 @@
 
 [production]
 ; ## Текущая версия ядра
-version = 2.9.1
+version = 2.9.2
 
 ; ## Используется в модуле webservice
 ; ## Время в секундах на которое выписывается вебтокен пользователя
@@ -132,7 +132,7 @@ auth.digest.userhash = false
 ; should be absolute or relative to running
 ; gearman.worker_dir = ./workers
 
-gearman.host = "127.0.0.1:4730"
+; gearman.host = "127.0.0.1:4730"
 
 ; All workers in worker_dir will be loaded
 gearman.include=*

inc/CoreController.php

@@ -392,10 +392,23 @@ public function action_seq(): string {
 
 			if ($rows) {
 				$rows_seq = array_values($rows);
+                $records  = [];
 
-				foreach ($_POST['data'] as $k => $row_id) {
-					$where = $this->db->quoteInto("{$id_name} = ?", $row_id);
-                    $this->db->update($table_name, ['seq' => $rows_seq[$k]], $where);
+                foreach ($_POST['data'] as $k => $row_id) {
+                    $records[$row_id] = $rows_seq[$k];
+                }
+
+
+                $is_custom = $records
+                    ? $this->customSequence($resource, $records)
+                    : false;
+
+
+				if ( ! $is_custom) {
+                    foreach ($records as $row_id => $sequence) {
+                        $where = $this->db->quoteInto("{$id_name} = ?", $row_id);
+                        $this->db->update($table_name, ['seq' => $sequence], $where);
+                    }
                 }
 			}
 
@@ -1106,4 +1119,55 @@ public function action_workhorse() {
             echo Alert::danger($e->getMessage());
         }
     }
+
+
+    /**
+     * Проверка модуля на реализацию собственного удаления
+     * @param string $resource
+     * @param array  $records
+     * @return bool
+     * @throws Exception
+     */
+    private function customSequence(string $resource, array $records): bool {
+
+        $mod             = explode('xxx', $resource);
+        $mod             = explode("_", $mod[0]);
+        $controller_name = "Mod" . ucfirst(strtolower($mod[0])) . "Controller";
+
+        $this->requireController($mod[0], $controller_name);
+        $controller = new $controller_name();
+
+        return $controller instanceof Sequence
+            ? $controller->sequence($resource, $records)
+            : false;
+    }
+
+
+    /**
+     * @param string $module_name
+     * @param string $mod_controller
+     * @return void
+     * @throws Exception
+     */
+    private function requireController(string $module_name, string $mod_controller): void {
+
+        $location        = $this->getModuleLocation($module_name); //определяем местоположение модуля
+        $controller_path = $location . "/" . $mod_controller . ".php";
+
+        if ( ! file_exists($controller_path)) {
+            throw new Exception(sprintf($this->translate->tr("Модуль не найден: %s"), $mod_controller), 400);
+        }
+
+        $autoload = $location . "/vendor/autoload.php";
+
+        if (file_exists($autoload)) { //подключаем автозагрузку если есть
+            require_once $autoload;
+        }
+
+        require_once $controller_path; // подлючаем контроллер
+
+        if ( ! class_exists($mod_controller)) {
+            throw new RuntimeException(sprintf($this->translate->tr("Модуль сломан: %s"), $location));
+        }
+    }
 }

inc/Interfaces/Queue.php

@@ -0,0 +1,16 @@
+<?php
+declare(strict_types=1);
+namespace Core2;
+/**
+ * Очереди Redis с гарантированной доставкой
+ */
+interface Queue
+{
+
+    public function push(array $payload, string $queue = 'default'): bool;
+    public function pop(string $queue = 'default', int $timeout = 0): ?array;
+    public function acknowledge(string $queue, string $messageId): bool;
+    public function reject(string $queue, string $messageId, bool $requeue = false): bool;
+    public function getPendingCount(string $queue): int;
+    public function getQueueSize(string $queue): int;
+}

inc/Interfaces/Sequence.php

@@ -0,0 +1,16 @@
+<?php
+
+
+/**
+ *
+ */
+interface Sequence {
+
+    /**
+     * @param string $resource_name
+     * @param array  $records
+     * Если возвращено true, то будет считаться, что вы самостоятельно сортировали объекты
+     * Если возвращено false будет считаться, что нужно применить стандартную процедуру сортировки
+     */
+    public function sequence(string $resource_name, array $records): bool;
+}

inc/Traits/Import.php

@@ -65,6 +65,8 @@ public function getFieldImport(array $options, array $data): string {
 
             if ($options['rows_select'] == 'checked') {
                 $tpl->row->checked_row->assign('[ROW_NUMBER]', $num);
+            } else {
+                $tpl->row->start_row->assign('[ROW_NUMBER]', $num);
             }
 
             $col = 0;

inc/WorkerManager.php

@@ -731,16 +731,24 @@ protected function load_workers() {
         }
         if (isset($this->functions['Workhorse'])) {
             $db = new Db();
-            $mods = $db->dataModules->getModuleList();
+            $select = $db->dataModules->select()->where("visible='Y'");
+            $mods = $db->dataModules->fetchAll($select);
+
             foreach ($mods as $k => $data) {
-                $location = $this->config['doc_root'] . "/mod/{$data['module_id']}/v{$data['version']}";
+                if ($data['is_system'] === "Y") {
+                    $location = __DIR__ . "/../mod/{$data['module_id']}/v{$data['version']}";
+                } else {
+                    $location = $this->config['doc_root'] . "/mod/{$data['module_id']}/v{$data['version']}";
+                }
+//                $location = $this->config['doc_root'] . "/mod/{$data['module_id']}/v{$data['version']}";
                 $name = "Mod" . ucfirst(strtolower($data['module_id'])) . "Worker";
                 if (!isset($this->functions[$name])) {
-                    $worker = $location . "/{$name}.php";
+                    $worker = realpath($location) . "/{$name}.php";
                     if (file_exists($worker)) {
+                        $co = !empty($this->functions[$name]["count"]) ? $this->functions[$name]["count"] : 2;
                         $this->functions[$name] = [
                             'name'  => 'Workhorse',
-                            'count' => 2,
+                            'count' => $co,
                             'path'  => $worker,
                             'mod'   => $data['module_id'],
                             'path_workhorse' => $this->functions['Workhorse']['path'],
@@ -751,6 +759,7 @@ protected function load_workers() {
             }
             unset($this->functions['Workhorse']);
         }
+
 //        echo "<PRE>";print_r($this->config);echo "</PRE>";//die;
 //        echo "<PRE>";print_r($this->functions);echo "</PRE>";die;
     }

inc/classes/Emitter.php

@@ -64,15 +64,12 @@ public function sync($module, $event_name, $data): array {
 
     public function async($module, $event_name, $data): void {
 
-        foreach ($this->subscribers as $mod => $controller) {
-            $w = $this->workerAdmin->doBackground('Eventer', [
-                'mod' => $mod,
-                'location' => $this->getModuleLocation($mod),
-                'context' => $module,
-                'event' => $event_name,
-                'data' => $data
-            ]);
-        }
+        $w = $this->workerAdmin->doBackground('Eventer', [
+            'context' => $module,
+            'event' => $event_name,
+            'data' => $data
+        ]);
+
 //        $this->log->info(is_array($data) ? json_encode($data) : $data, ['module' => $module, 'event' => $event_name]);
     }
 

inc/classes/Error.php

@@ -106,7 +106,9 @@ public static function catchException(\Exception $exception): void {
                 self::Exception('Нет такой страницы', 404);
 
             } elseif ($message == 'expired') {
-                setcookie($cnf->session->name, false);
+                if ($cnf && $cnf?->session?->name) {
+                    setcookie($cnf->session->name, false);
+                }
                 header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden");
                 die();
             }

inc/classes/File.php

@@ -159,13 +159,12 @@ public function getContent($table, $id)
      * @throws \Exception
      */
     public function handleThumb($table, $id) {
-        $this->getFileData($table, $id);
+        $this->getThumb($table, $id);
         $res2 = $this->data;
 
         header("Content-type: {$res2['type']}");
         header("Content-Disposition: filename=\"{$res2['filename']}\"");
 
-
         if ( ! empty($res2['hash'])) {
             $etagHeader = (isset($_SERVER['HTTP_IF_NONE_MATCH']) ? trim($_SERVER['HTTP_IF_NONE_MATCH']) : false);
 
@@ -175,23 +174,33 @@ public function handleThumb($table, $id) {
             //check if page has changed. If not, send 304 and exit
             if ($etagHeader == $res2['hash']) {
                 header("HTTP/1.1 304 Not Modified");
-                return '';
             }
         }
 
+    }
+
+    /**
+     * @param string $table
+     * @param int    $id
+     * @return string
+     */
+    public function getThumb(string $table, int $id): string
+    {
+        $this->getFileData($table, $id);
         $quote_table_files = $this->db->quoteIdentifier($table . '_files');
         $thumb = $this->db->fetchOne("SELECT `thumb` FROM {$quote_table_files} WHERE id = ?", $id);
         //Если задан размер тамбнейла или если тамбнейла нет в базе
         if (!empty($_GET['size']) || !$thumb) {
             $content = $this->getContent($table, $id);
             ob_start();
             $image = new Image();
-            $image->outStringResized($content, $res2['type'], $this->imgWidth, $this->imgHeight);
+            $image->outStringResized($content, $this->data['type'], $this->imgWidth, $this->imgHeight);
             $this->content = ob_get_clean();
 
         } else {
             $this->content = $thumb;
         }
+        return $this->content;
     }