Bump to 3.1.1-Release

.htaccess

@@ -17,3 +17,4 @@ RewriteCond %{REQUEST_FILENAME} !-l
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule .* index.php [L,QSA,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+

composer.json

@@ -0,0 +1,10 @@
+{
+	"name": "bcosca/fatfree",
+	"description": "A powerful yet easy-to-use PHP micro-framework designed to help you build dynamic and robust Web applications - fast!",
+	"homepage": "https://github.com/bcosca/fatfree",
+	"license": "GPL-3.0",
+	"require": {
+		"php": ">=5.3.0"
+	}
+}
+

index.php

@@ -2,6 +2,10 @@
 
 $f3=require('lib/base.php');
 
+$f3->set('DEBUG',1);
+if ((float)PCRE_VERSION<7.9)
+	trigger_error('PCRE version is out of date');
+
 $f3->config('config.ini');
 
 $f3->route('GET /',

lib/base.php

@@ -19,7 +19,7 @@ final class Base {
 	//@{ Framework details
 	const
 		PACKAGE='Fat-Free Framework',
-		VERSION='3.1.0-Release';
+		VERSION='3.1.1-Dev';
 	//@}
 
 	//@{ HTTP status codes (RFC 2616)
@@ -139,7 +139,7 @@ function &ref($key,$add=TRUE) {
 			$this->sync('SESSION');
 		}
 		elseif (!preg_match('/^\w+$/',$parts[0]))
-			trigger_error(sprintf(self::E_Hive,$this->stringify($key)));
+			user_error(sprintf(self::E_Hive,$this->stringify($key)));
 		if ($add)
 			$var=&$this->hive;
 		else
@@ -165,7 +165,7 @@ function &ref($key,$add=TRUE) {
 					$var=array();
 				$var=&$var[$part];
 			}
-			elseif (isset($var[$part]))
+			elseif (is_array($var) && isset($var[$part]))
 				$var=$var[$part];
 			else
 				return $this->null;
@@ -877,7 +877,8 @@ function($frame) use($debug) {
 			if (isset($frame['function']))
 				$line.=$frame['function'].'('.(isset($frame['args'])?
 					$this->csv($frame['args']):'').')';
-			$src=$this->fixslashes($frame['file']).':'.$frame['line'].' ';
+			$src=$this->fixslashes(str_replace($_SERVER['DOCUMENT_ROOT'].
+				'/','',$frame['file'])).':'.$frame['line'].' ';
 			error_log('- '.$src.$line);
 			$out.='• '.($highlight?
 				($this->highlight($src).' '.$this->highlight($line)):
@@ -909,7 +910,8 @@ function($frame) use($debug) {
 					($debug?('<pre>'.$out.'</pre>'.$eol):'').
 				'</body>'.$eol.
 				'</html>');
-		die;
+		if (!$this->hive['BAIL'])
+			die;
 	}
 
 	/**
@@ -1307,7 +1309,7 @@ function mutex($id,$func,$args=NULL) {
 			filemtime($lock)+ini_get('max_execution_time')<microtime(TRUE))
 			// Stale lock
 			@unlink($lock);
-		while (!$handle=@fopen($lock,'x') && !connection_aborted())
+		while (!($handle=@fopen($lock,'x')) && !connection_aborted())
 			usleep(mt_rand(0,100));
 		$out=$this->call($func,$args);
 		fclose($handle);
@@ -1392,14 +1394,13 @@ protected function autoload($class) {
 	*	@return NULL
 	**/
 	function unload() {
-		if (($error=error_get_last()) &&
-			in_array($error['type'],
-				array(E_ERROR,E_PARSE,E_CORE_ERROR,E_COMPILE_ERROR)))
+		$handler=$this->hive['UNLOAD'];
+		if ((!$handler || $this->call($handler,$this)===FALSE) &&
+			($error=error_get_last()) && in_array($error['type'],
+			array(E_ERROR,E_PARSE,E_CORE_ERROR,E_COMPILE_ERROR)))
 			// Fatal error detected
 			$this->error(500,sprintf(self::E_Fatal,$error['message']),
 				array($error));
-		if (isset($this->hive['UNLOAD']))
-			$this->hive['UNLOAD']($this);
 	}
 
 	/**
@@ -1479,6 +1480,7 @@ function($code,$text) use($fw) {
 				$_SERVER['SCRIPT_FILENAME']);
 			apache_setenv("DOCUMENT_ROOT",$_SERVER['DOCUMENT_ROOT']);
 		}
+		$_SERVER['DOCUMENT_ROOT']=realpath($_SERVER['DOCUMENT_ROOT']);
 		// Default configuration
 		$this->hive=array(
 			'AGENT'=>isset($headers['X-Operamini-Phone-UA'])?
@@ -1490,6 +1492,7 @@ function($code,$text) use($fw) {
 			'AJAX'=>isset($headers['X-Requested-With']) &&
 				$headers['X-Requested-With']=='XMLHttpRequest',
 			'AUTOLOAD'=>'./',
+			'BAIL'=>FALSE,
 			'BASE'=>$base,
 			'BODY'=>file_get_contents('php://input'),
 			'CACHE'=>FALSE,

lib/basket.php

@@ -72,23 +72,36 @@ function clear($key) {
 	}
 
 	/**
-	*	Return item that matches key/value pair
-	*	@return object|FALSE
+	*	Return items that match key/value pair
+	*	@return array|FALSE
 	*	@param $key string
 	*	@param $val mixed
 	**/
 	function find($key,$val) {
-		if (isset($_SESSION[$this->key]))
+		if (isset($_SESSION[$this->key])) {
+			$out=array();
 			foreach ($_SESSION[$this->key] as $id=>$item)
 				if (array_key_exists($key,$item) && $item[$key]==$val) {
 					$obj=clone($this);
 					$obj->id=$id;
 					$obj->item=$item;
-					return $obj;
+					$out[]=$obj;
 				}
+			return $out;
+		}
 		return FALSE;
 	}
 
+	/**
+	*	Return first item that matches key/value pair
+	*	@return object|FALSE
+	*	@param $key string
+	*	@param $val mixed
+	**/
+	function findone($key,$val) {
+		return ($data=$this->find($key,$val))?$data[0]:FALSE;
+	}
+
 	/**
 	*	Map current item to matching key/value pair
 	*	@return array
@@ -97,8 +110,8 @@ function find($key,$val) {
 	**/
 	function load($key,$val) {
 		if ($found=$this->find($key,$val)) {
-			$this->id=$found->id;
-			return $this->item=$found->item;
+			$this->id=$found[0]->id;
+			return $this->item=$found[0]->item;
 		}
 		$this->reset();
 		return array();
@@ -126,7 +139,7 @@ function count() {
 	**/
 	function save() {
 		if (!$this->id)
-			$this->id=uniqid();
+			$this->id=uniqid(NULL,TRUE);
 		$_SESSION[$this->key][$this->id]=$this->item;
 		session_commit();
 		return $this->item;
@@ -140,7 +153,7 @@ function save() {
 	**/
 	function erase($key,$val) {
 		$found=$this->find($key,$val);
-		if ($found && $id=$found->id) {
+		if ($found && $id=$found[0]->id) {
 			unset($_SESSION[$this->key][$id]);
 			session_commit();
 			if ($id==$this->id)

lib/bcrypt.php

@@ -18,24 +18,28 @@ class Bcrypt extends Prefab {
 
 	//@{ Error messages
 	const
-		E_Cost='Invalid cost parameter',
-		E_Salt='Invalid salt (must be at least 22 alphanumeric characters)';
+		E_CostArg='Invalid cost parameter',
+		E_SaltArg='Salt must be at least 22 alphanumeric characters';
 	//@}
 
+	//! Default cost
+	const
+		COST=10;
+
 	/**
 	*	Generate bcrypt hash of string
 	*	@return string|FALSE
 	*	@param $pw string
 	*	@param $salt string
 	*	@param $cost int
 	**/
-	function hash($pw,$salt=NULL,$cost=10) {
+	function hash($pw,$salt=NULL,$cost=self::COST) {
 		if ($cost<4 || $cost>31)
-			trigger_error(self::E_Cost);
+			user_error(self::E_Cost);
 		$len=22;
 		if ($salt) {
 			if (!preg_match('/^[[:alnum:]\.\/]{'.$len.',}$/',$salt))
-				trigger_error(self::E_Salt);
+				user_error(self::E_Salt);
 		}
 		else {
 			$raw=16;
@@ -54,6 +58,17 @@ function hash($pw,$salt=NULL,$cost=10) {
 		return strlen($hash)>13?$hash:FALSE;
 	}
 
+	/**
+	*	Check if password is still strong enough
+	*	@return bool
+	*	@param $hash string
+	*	@param $cost int
+	**/
+	function needs_rehash($hash,$cost=self::COST) {
+		list($pwcost)=sscanf($hash,"$2y$%d$");
+		return $pwcost!=$cost;
+	}
+
 	/**
 	*	Verify password against hash using timing attack resistant approach
 	*	@return bool

lib/changelog.txt

@@ -1,7 +1,33 @@
 CHANGELOG
 
+3.1.1 (13 October 2013)
+*	NEW: Support OpenID attribute exchange
+*	NEW: BAIL variable enables/disables continuance of execution on non-fatal
+	errors
+*	Add support for Oracle
+*	Mark cached queries in log (Feature Request #405)
+*	Implement Bcrypt->needs_reshash()
+*	Add entropy to SQL cache hash; Add uuid() method to DB backends
+*	Find real document root; Simplify debug paths
+*	Permit OpenID required fields to be declared as comma-separated string or
+	array
+*	Pass modified filename as argument to user-defined function in
+	Web->receive()
+*	Quote keys in optional SQL clauses (Issue #408)
+*	Allow UNLOAD to override fatal error detection (Issue #404)
+*	Mutex operator precedence error (Issue #406)
+*	Bug fix: exists() malfunction (Issue #401)
+*	Bug fix: Jig mapper triggers error when loading from CACHE (Issue #403)
+*	Bug fix: Array index check
+*	Bug fix: OpenID verified() return value
+*	Bug fix: Basket->find() should return a set of results (Issue #407);
+	Also implemented findone() for consistency with mappers
+*	Bug fix: PostgreSQL last insert ID (Issue #410)
+*	Bug fix: $port component URL overwritten by _socket()
+*	Bug fix: Calculation of elapsed time
+
 3.1.0 (20 August 2013)
-*	NEW: NEW: Web->filler() returns a chunk of text from the standard
+*	NEW: Web->filler() returns a chunk of text from the standard
 	Lorem Ipsum passage
 *	Change in behavior: Drop support for JSON serialization
 *	SQL->exec() now returns value of RETURNING clause

lib/db/jig.php

@@ -25,6 +25,8 @@ class Jig {
 	//@}
 
 	protected
+		//! UUID
+		$uuid,
 		//! Storage location
 		$dir,
 		//! Current storage format
@@ -73,6 +75,22 @@ function write($file,array $data=NULL) {
 		return $out;
 	}
 
+	/**
+	*	Return directory
+	*	@return string
+	**/
+	function dir() {
+		return $this->dir;
+	}
+
+	/**
+	*	Return UUID
+	*	@return string
+	**/
+	function uuid() {
+		return $this->uuid;
+	}
+
 	/**
 	*	Return SQL profiler results
 	*	@return string
@@ -109,7 +127,7 @@ function drop() {
 	function __construct($dir,$format=self::FORMAT_JSON) {
 		if (!is_dir($dir))
 			mkdir($dir,\Base::MODE,TRUE);
-		$this->dir=$dir;
+		$this->uuid=\Base::instance()->hash($this->dir=$dir);
 		$this->format=$format;
 	}
 

lib/db/jig/mapper.php

@@ -151,8 +151,9 @@ function find($filter=NULL,array $options=NULL,$ttl=0,$log=TRUE) {
 		$db=$this->db;
 		$now=microtime(TRUE);
 		if (!$fw->get('CACHE') || !$ttl || !($cached=$cache->exists(
-			$hash=$fw->hash($fw->stringify(array($filter,$options))).'.jig',
-				$data)) || $cached[0]+$ttl<microtime(TRUE)) {
+			$hash=$fw->hash($this->db->dir().
+				$fw->stringify(array($filter,$options))).'.jig',$data)) ||
+			$cached[0]+$ttl<microtime(TRUE)) {
 			$data=$db->read($this->file);
 			foreach ($data as $id=>&$doc) {
 				$doc['_id']=$id;
@@ -248,7 +249,7 @@ function($val1,$val2) use($cols) {
 			$out[]=$this->factory($id,$doc);
 			unset($doc);
 		}
-		if ($log) {
+		if ($log && isset($args)) {
 			if ($filter)
 				foreach ($args as $key=>$val) {
 					$vals[]=$fw->stringify(is_array($val)?$val[0]:$val);
@@ -296,7 +297,7 @@ function insert() {
 			return $this->update();
 		$db=$this->db;
 		$now=microtime(TRUE);
-		while (($id=uniqid()) &&
+		while (($id=uniqid(NULL,TRUE)) &&
 			($data=$db->read($this->file)) && isset($data[$id]) &&
 			!connection_aborted())
 			usleep(mt_rand(0,100));

lib/db/mongo.php

@@ -24,9 +24,29 @@ class Mongo extends \MongoDB {
 	//@}
 
 	private
+		//! UUID
+		$uuid,
+		//! Data source name
+		$dsn,
 		//! MongoDB log
 		$log;
 
+	/**
+	*	Return data source name
+	*	@return string
+	**/
+	function dsn() {
+		return $this->dsn;
+	}
+
+	/**
+	*	Return UUID
+	*	@return string
+	**/
+	function uuid() {
+		return $this->uuid;
+	}
+
 	/**
 	*	Return MongoDB profiler results
 	*	@return string
@@ -63,6 +83,7 @@ function drop() {
 	*	@param $options array
 	**/
 	function __construct($dsn,$dbname,array $options=NULL) {
+		$this->uuid=\Base::instance()->hash($this->dsn=$dsn);
 		$class=class_exists('\MongoClient')?'\MongoClient':'\Mongo';
 		parent::__construct(new $class($dsn,$options?:array()),$dbname);
 		$this->setprofilinglevel(2);