Applied MODERNISIERUNG_RULES v2.0:
Modern Array Syntax (Kapitel 11)
- array() → [] (6 occurrences)
- Lines: 13, 14, 78, 79, 127, 151, 163, 164
Function Return Types (Kapitel 12)
- lang_main(): void
- lang_file(): void
- lang_save(): void
- lang_conf(): void
- lang_info(): void
Modern Template Functions (Kapitel 16)
- tpl_eval('open') → setTemplateBasic('open')
- tpl_eval('close') → setTemplateBasic('close')
- tpl_warn() → setTemplateWarning() with array parameters
Changes:
- All array() syntax replaced with []
- All functions typed with void return type
- Modern template API throughout
- Consistent with MODERNISIERUNG_RULES v2.0
Added 11 new chapters based on admins.php analysis: 11. Modern PHP Array Syntax
- array() → [] (PHP 7+ standard)- void, string, int, array, bool
- Type safety for all functions- GET/POST flexible parameter handling
- Use case: Edit forms with ID from GET- Inline: ≤3 parameters
- Multi-line: ≥4 parameters for readability- Checkboxen: bool → TINYINT(1)
- Pattern: getVar('bool', 0) ? 1 : 0- setTemplateWarning() statt tpl_warn()
- setTemplateBasic() statt tpl_eval()- Modern API with [] instead of ''
- Shorter parameter list- Optional parameters: ($send ?? '')- $stop[] pattern für Fehlersammlung
- Better UX: Show all errors at once- ✅ DO: 8 additional patterns
- ❌ DON'T: 5 additional anti-patterns- Complete function with all modern patternsModernized all input handling and config save:
lang_navi()
- func_get_args() → typed parameters
- Added return type: string
lang_file()
- $_GET['mod_dir'] → getVar('get', 'mod_dir', 'var', '')
- $_GET['adm_fl'] → getVar('get', 'adm_fl', 'bool', false)
- $_GET['lng_wh'] → getVar('get', 'lng_wh', 'var', '')
lang_save()
- $_POST['mod_dir'] → getVar('post', 'mod_dir', 'var', '')
- $_POST['lwh'] → getVar('post', 'lwh', 'var', '')
- $_POST['lcn'] → getVar('post', 'lcn[]', 'var') (bracket notation)
- $_POST['cnst'] → getVar('post', 'cnst[]', 'var')
- $_POST['lng'] → getVar('post', 'lng', 'var', [])
lang_conf_save()
- $_POST → getVar() for all inputs
- save_conf() → setConfigFile() (modern API)
- Compact array-based config structure
- Added void return type
Benefits:
- Consistent input filtering across module
- Type safety with modern PHP 8 patterns
- Bracket notation for arrays
- Secure config file handling
Created MODERNISIERUNG_RULES.md with complete guidelines for:
getVar() Array Handling
- FILTER_REQUIRE_ARRAY → getVar('post', 'field[]', 'num')
- Bracket notation patterns
Compact Config-Save Functions
- Inline getVar() in $cont arrays
- Elvis operator for defaults
- Eliminate intermediate variables
Remove Redundant Code
- intval() checks when using getVar('num')
- stripslashes() (PHP 8+)
- array_map('intval') after filtered arrays
Modern PHP Patterns
- Typed function parameters
- setConfigFile() 4th parameter
- Inline processing
Migration Checklist
- Step-by-step modernization guide
- DO/DON'T rules
- Commit message templates
Purpose: Enable consistent modernization across different code instances (work/home environments)
Core improvements:
core.php: Modernize setArticleNumbers() with typed parameters
- func_get_args() → named parameters with types
- Improved SQL with prepared statements support
- Better category access control logic
security.php: Fix config path
- config_users.php → users.php (consistent naming)
- config/users.php: Add modern users config file
Admin modules:
database.php: Add new database() overview function
- SHOW TABLE STATUS with detailed metrics
- Exact row counts via COUNT(*)
- Size calculations (Data + Index + Free)
- Support for optimize/repair operations
groups.php: Code formatting + setConfigFile() fix
- Multi-line if → one-liner (consistency)
- SQL arrays formatted inline
- setConfigFile() now receives $confu parameter
- admins.php: 2 occurrences (admins_add, admins_save)
- comments.php: 1 occurrence (comm_del)
- blocks.php: 2 occurrences (blocks_add_save, blocks_change)
Changed pattern: filter_input(INPUT_POST, 'field', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY) ?? [] → getVar('post', 'field[]', 'num') ?: [] Simplified array processing: is_array($arr) ? implode(',', array_map('intval', $arr)) : '' → $arr ? implode(',', $arr) : '' (getVar with 'num' type already returns filtered integers) Consistent with modern getVar() API across entire admin module
- sitemap_save(): filter_input() → getVar('post', 'mod[]', 'num')
users_save(): Restructured to compact inline style
- Eliminated 25 intermediate variables
- Removed redundant validation block
- getVar() calls directly in $cont array
- Elvis operator for defaults
- Inline processing (strtolower, strtr)
Reduces users_save() from 60+ lines to 33 lines Consistent with modern getVar() bracket notation pattern
Validationsblock simplified (Lines 586-601):
- Redundant intval() checks removed (getVar 'num' already returns int)
- Elvis-Operator (?:) instead of ternary operator with !intval()
- stripslashes() removed (PHP 8 compatible - Magic Quotes deprecated)
- Logical code grouping: String-Defaults, Numeric-Defaults, processed strings
- String-Interpolation instead of concatenation in Heredoc
Advantages: ✓ Reduced code complexity without behavior change ✓ Moderne PHP-Syntax (Elvis-Operator, String-Interpolation) ✓ Better readability with clear structure ✓ PHP 8+ compatible
SICHERHEIT (KRITISCH!):
- ALLE SQL-Injection-Schwachstellen behoben
- All SQL queries → PDO Prepared Statements mit Parameter-Binding
- users_show(): Parametrisierte LIKE-Suche (:search, :group, :points)
- users_add(): PDO mit :id, :extra
- users_add_save(): Alle UPDATE/INSERT mit PDO (24 Parameter!)
- users_new(), users_null_save(): PDO mit :offset, :limit, :zero, :empty
- users_new_del(), users_del(): Neue separate Funktionen mit PDO
- $_POST → getVar() with security filters
MODERNIZATIONS:
- Copyright 2017 → 2026
- PHP 8 Type Hints for all functions (int, string, void)
- array() → [] (Short Array Syntax)
- tpl_eval()/tpl_warn() → setTemplateBasic()/setTemplateWarning()
- navi_gen() + func_get_args() → getAdminTabs() mit Parametern
- include() → require_once CONFIG_DIR
- save_conf() → setConfigFile()
- checkConfigFile() statt end_chmod()
CODE-STRUKTUR:
- Switch-Case bereinigt: Inline-Queries extrahiert
- users_null_save() als eigene Funktion (Line 329)
- users_new_del() als eigene Funktion (Line 441)
- users_del() als eigene Funktion (Line 450)
- Alle DELETE-Operationen jetzt mit PDO-Schutz
ZEILEN: 440 → 512 (+72)
MODERNIZATIONS:
- Copyright 2018 → 2026
- PHP 8 Type Hints for all functions (int, string, void)
- array() → [] (Short Array Syntax)
- $_POST/$_GET/$_REQUEST → getVar() with security filters
- tpl_eval()/tpl_warn() → setTemplateBasic()/setTemplateWarning()
- navi_gen() → getAdminTabs()
- func_get_args() → named parameters
- Manual file operations → setConfigFile()
SQL SECURITY:
- All SQL queries → PDO Prepared Statements
- Parameter binding with :param placeholders
- SQL injection protection
FUNCTIONAL CHANGES:
- groups_del() extracted as separate function
- Error handling in groups_save() corrected
- Code formatting standardized