Support for PHP-8

build.php

@@ -36,14 +36,14 @@
 date_default_timezone_set('UTC');
 
 // === identifiers recognized in EXPORT and ###something### directives ===
-$build_data = array(
-	// used for resource embedding
-	'resources' => array(),
-	'resourcesize' => 0,
-	// custom variables
-	'build_date' => date('Y-m-d'),
-	'build_year' => date('Y'),
-);
+$build_data = [
+    // used for resource embedding
+    'resources' => [],
+    'resourcesize' => 0,
+    // custom variables
+    'build_date' => date('Y-m-d'),
+    'build_year' => date('Y'),
+];
 
 ?>
 <!doctype html>
@@ -122,7 +122,7 @@ function minify_js($js)
 
 function comment_lines($text)
 {
-	return preg_replace('/^/m', "//\t", $text);
+	return preg_replace('/^/m', "//\t", (string) $text);
 }
 
 
@@ -131,9 +131,9 @@ function comment_lines($text)
 function replace_include($m)
 {
 	if ($m['filters']) {
-		$filters = array_map('trim', preg_split('@\s*\|\s*@', trim($m['filters'], ' |')));
+		$filters = array_map('trim', preg_split('@\s*\|\s*@', trim((string) $m['filters'], ' |')));
 	} else {
-		$filters = array();
+		$filters = [];
 	}
 
 	$source = '';
@@ -165,9 +165,9 @@ function replace_include($m)
 function replace_embed($m)
 {
 	if ($m['filters']) {
-		$filters = array_map('trim', preg_split('@\s*\|\s*@', trim($m['filters'], ' |')));
+		$filters = array_map('trim', preg_split('@\s*\|\s*@', trim((string) $m['filters'], ' |')));
 	} else {
-		$filters = array();
+		$filters = [];
 	}
 
 	$result = '';
@@ -190,8 +190,8 @@ function replace_embed($m)
 				$result .= $data;
 
 				// evaluate size and position relative to __COMPILER_HALT_OFFSET__
-				$size = strlen($data);
-				$build_data['resources'][$filename] = array($build_data['resourcesize'], $size);
+				$size = strlen((string) $data);
+				$build_data['resources'][$filename] = [$build_data['resourcesize'], $size];
 				$build_data['resourcesize'] += $size;
 			} else {
 				echo "<li class='warn'><span>{$filename}</span> - cannot read file";

classes/Authorization.php

@@ -5,17 +5,17 @@
 
 class Authorization
 {
-	private $authorized;
-	private $login_failed;
-	private $system_password_encrypted;
+	private bool $authorized;
+	private bool $login_failed;
+	private string $system_password_encrypted;
 
 	public function __construct()
 	{
 		// first, make sure a CSRF token is generated
 		$this->generateToken();
 		// second, check for possible CSRF attacks. to protect logins, this is done before checking login
 		$this->checkToken();
-		
+
 		// the salt and password encrypting is probably unnecessary protection but is done just
 		// for the sake of being very secure
 		if(!isset($_SESSION[COOKIENAME.'_salt']) && !isset($_COOKIE[COOKIENAME.'_salt']))
@@ -36,24 +36,24 @@ public function __construct()
 			// no password
 			SYSTEMPASSWORD == ''
 			// correct password stored in session
-			|| isset($_SESSION[COOKIENAME.'password']) && hash_equals($_SESSION[COOKIENAME.'password'], $this->system_password_encrypted) 
+			|| isset($_SESSION[COOKIENAME.'password']) && hash_equals($_SESSION[COOKIENAME.'password'], $this->system_password_encrypted)
 			// correct password stored in cookie
 			|| isset($_COOKIE[COOKIENAME]) && isset($_COOKIE[COOKIENAME.'_salt']) && hash_equals(md5(SYSTEMPASSWORD."_".$_COOKIE[COOKIENAME.'_salt']), $_COOKIE[COOKIENAME]);
 	}
 
-	public function attemptGrant($password, $remember)
-	{
+	public function attemptGrant($password, $remember): bool
+    {
 		$hashed_password = crypt(SYSTEMPASSWORD, '$2a$07$'.self::generateSalt(22).'$');
-		if (hash_equals($hashed_password, crypt($password, $hashed_password))) {
+		if (hash_equals($hashed_password, crypt((string) $password, $hashed_password))) {
 			if ($remember) {
 				// user wants to be remembered, so set a cookie
 				$expire = time()+60*60*24*30; //set expiration to 1 month from now
-				setcookie(COOKIENAME, $this->system_password_encrypted, $expire, null, null, null, true);
-				setcookie(COOKIENAME."_salt", $_SESSION[COOKIENAME.'_salt'], $expire, null, null, null, true);
+				setcookie(COOKIENAME, $this->system_password_encrypted, ['expires' => $expire, 'path' => '', 'domain' => '', 'secure' => null, 'httponly' => true]);
+				setcookie(COOKIENAME."_salt", (string) $_SESSION[COOKIENAME.'_salt'], ['expires' => $expire, 'path' => '', 'domain' => '', 'secure' => null, 'httponly' => true]);
 			} else {
 				// user does not want to be remembered, so destroy any potential cookies
-				setcookie(COOKIENAME, "", time()-86400, null, null, null, true);
-				setcookie(COOKIENAME."_salt", "", time()-86400, null, null, null, true);
+				setcookie(COOKIENAME, "", ['expires' => time()-86400, 'path' => '', 'domain' => '', 'secure' => null, 'httponly' => true]);
+				setcookie(COOKIENAME."_salt", "", ['expires' => time()-86400, 'path' => '', 'domain' => '', 'secure' => null, 'httponly' => true]);
 				unset($_COOKIE[COOKIENAME]);
 				unset($_COOKIE[COOKIENAME.'_salt']);
 			}
@@ -67,11 +67,11 @@ public function attemptGrant($password, $remember)
 		return false;
 	}
 
-	public function revoke()
+	public function revoke(): void
 	{
 		//destroy everything - cookies and session vars
-		setcookie(COOKIENAME, "", time()-86400, null, null, null, true);
-		setcookie(COOKIENAME."_salt", "", time()-86400, null, null, null, true);
+		setcookie(COOKIENAME, "", ['expires' => time()-86400, 'path' => '', 'domain' => '', 'secure' => null, 'httponly' => true]);
+		setcookie(COOKIENAME."_salt", "", ['expires' => time()-86400, 'path' => '', 'domain' => '', 'secure' => null, 'httponly' => true]);
 		unset($_COOKIE[COOKIENAME]);
 		unset($_COOKIE[COOKIENAME.'_salt']);
 		session_unset();
@@ -82,23 +82,23 @@ public function revoke()
 		$this->generateToken();
 	}
 
-	public function isAuthorized()
-	{
-		return $this->authorized;      
+	public function isAuthorized(): bool
+    {
+		return $this->authorized;
 	}
 
-	public function isFailedLogin()
-	{
+	public function isFailedLogin(): bool
+    {
 		return $this->login_failed;
 	}
 
-	public function isPasswordDefault()
-	{
+	public function isPasswordDefault(): bool
+    {
 		return SYSTEMPASSWORD == 'admin';
 	}
 
-	private static function generateSalt($saltSize)
-	{
+	private static function generateSalt(int $saltSize): string
+    {
 		$set = 'ABCDEFGHiJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
 		$setLast = strlen($set) - 1;
 		$salt = '';
@@ -107,29 +107,17 @@ private static function generateSalt($saltSize)
 		}
 		return $salt;
 	}
-	
-	private function generateToken()
+
+    private function generateToken(): void
 	{
-		// generate CSRF token 
+		// generate CSRF token
 		if (empty($_SESSION[COOKIENAME.'token']))
 		{
-			if (function_exists('random_bytes')) // introduced in PHP 7.0
-			{
-				$_SESSION[COOKIENAME.'token'] = bin2hex(random_bytes(32));
-			}
-			elseif (function_exists('openssl_random_pseudo_bytes')) // introduced in PHP 5.3.0
-			{
-				$_SESSION[COOKIENAME.'token'] = bin2hex(openssl_random_pseudo_bytes(32));
-			}
-			else
-			{
-				// For PHP 5.2.x - This case can be removed once we drop support for 5.2.x
-				$_SESSION[COOKIENAME.'token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
-			}
+			$_SESSION[COOKIENAME.'token'] = bin2hex(random_bytes(32));
 		}
 	}
-	
-	private function checkToken()
+
+	private function checkToken(): void
 	{
 		// checking CSRF token
 		if($_SERVER['REQUEST_METHOD'] === 'POST' || isset($_GET['download'])) // all POST forms need tokens! downloads are protected as well
@@ -138,7 +126,7 @@ private function checkToken()
 				$check_token=$_POST['token'];
 			elseif($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['token']))
 				$check_token=$_GET['token'];
-			
+
 			if (!isset($check_token))
 			{
 				die("CSRF token missing");