From b5e0bfe59ad581979e62bb10e83a827c997caec5 Mon Sep 17 00:00:00 2001
From: rylon <rylon@web.de>
Date: Mon, 20 Jan 2014 19:48:49 +0100
Subject: [PATCH] more qq, security, locale

---
 dbd/qq/SYS_LOCALE_SET_LOCALE.php     |  15 ++
 dbd/qq/SYS_SECURITY_AVAILABLE.php    |  13 ++
 dbd/qq/SYS_SECURITY_CHECK.php        |  15 ++
 dbd/qq/SYS_SECURITY_CREATE.php       |  17 ++
 dbd/qq/SYS_SECURITY_LOGIN_MD5.php    |  15 ++
 dbd/qq/SYS_SECURITY_LOGIN_SHA1.php   |  15 ++
 dbd/qq/SYS_SECURITY_TRACK_LOGINS.php |  15 ++
 dbd/qq/SYS_SECURITY_UPDATE_PW.php    |  15 ++
 security/Security.php                | 254 +++++----------------------
 system/locale.php                    |  10 +-
 10 files changed, 174 insertions(+), 210 deletions(-)
 create mode 100644 dbd/qq/SYS_LOCALE_SET_LOCALE.php
 create mode 100644 dbd/qq/SYS_SECURITY_AVAILABLE.php
 create mode 100644 dbd/qq/SYS_SECURITY_CHECK.php
 create mode 100644 dbd/qq/SYS_SECURITY_CREATE.php
 create mode 100644 dbd/qq/SYS_SECURITY_LOGIN_MD5.php
 create mode 100644 dbd/qq/SYS_SECURITY_LOGIN_SHA1.php
 create mode 100644 dbd/qq/SYS_SECURITY_TRACK_LOGINS.php
 create mode 100644 dbd/qq/SYS_SECURITY_UPDATE_PW.php

diff --git a/dbd/qq/SYS_LOCALE_SET_LOCALE.php b/dbd/qq/SYS_LOCALE_SET_LOCALE.php
new file mode 100644
index 0000000..ccb7165
--- /dev/null
+++ b/dbd/qq/SYS_LOCALE_SET_LOCALE.php
@@ -0,0 +1,15 @@
+<?php
+namespace SYSTEM\DBD;
+
+class SYS_LOCALE_SET_LOCALE extends \SYSTEM\DB\QP {
+    protected static function query(){
+        return new \SYSTEM\DB\QQuery(get_class(),
+//pg            
+'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.
+' SET '.\SYSTEM\DBD\system_user::FIELD_LOCALE.' = $1'.
+' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
+//mys
+'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.
+' SET '.\SYSTEM\DBD\system_user::FIELD_LOCALE.' = ? '.
+'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;'
+);}}
\ No newline at end of file
diff --git a/dbd/qq/SYS_SECURITY_AVAILABLE.php b/dbd/qq/SYS_SECURITY_AVAILABLE.php
new file mode 100644
index 0000000..b2f1488
--- /dev/null
+++ b/dbd/qq/SYS_SECURITY_AVAILABLE.php
@@ -0,0 +1,13 @@
+<?php
+namespace SYSTEM\DBD;
+
+class SYS_SECURITY_AVAILABLE extends \SYSTEM\DB\QP {
+    protected static function query(){
+        return new \SYSTEM\DB\QQuery(get_class(),
+//pg            
+'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\system_user::NAME_PG.
+' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') like lower($1) ;',
+//mys
+'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
+' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') like lower(?) ;'
+);}}
\ No newline at end of file
diff --git a/dbd/qq/SYS_SECURITY_CHECK.php b/dbd/qq/SYS_SECURITY_CHECK.php
new file mode 100644
index 0000000..7ea3e31
--- /dev/null
+++ b/dbd/qq/SYS_SECURITY_CHECK.php
@@ -0,0 +1,15 @@
+<?php
+namespace SYSTEM\DBD;
+
+class SYS_SECURITY_CHECK extends \SYSTEM\DB\QP {
+    protected static function query(){
+        return new \SYSTEM\DB\QQuery(get_class(),
+//pg            
+'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_PG.
+' WHERE "'.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.'" = $1'.
+' AND "'.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.'" = $2;',
+//mys
+'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_MYS.
+' WHERE '.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.' = ?'.
+' AND '.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.' = ?;'
+);}}
\ No newline at end of file
diff --git a/dbd/qq/SYS_SECURITY_CREATE.php b/dbd/qq/SYS_SECURITY_CREATE.php
new file mode 100644
index 0000000..227a359
--- /dev/null
+++ b/dbd/qq/SYS_SECURITY_CREATE.php
@@ -0,0 +1,17 @@
+<?php
+namespace SYSTEM\DBD;
+
+class SYS_SECURITY_CREATE extends \SYSTEM\DB\QP {
+    protected static function query(){
+        return new \SYSTEM\DB\QQuery(get_class(),
+//pg            
+'INSERT INTO '.\SYSTEM\DBD\system_user::NAME_PG.
+' ('.\SYSTEM\DBD\system_user::FIELD_USERNAME.','.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.','
+    .\SYSTEM\DBD\system_user::FIELD_EMAIL.','.\SYSTEM\DBD\system_user::FIELD_LOCALE.','.\SYSTEM\DBD\system_user::FIELD_ACCOUNT_FLAG.')'.
+' VALUES ($1, $2, $3, $4, $5);',
+//mys
+'INSERT INTO '.\SYSTEM\DBD\system_user::NAME_MYS.
+' ('.\SYSTEM\DBD\system_user::FIELD_USERNAME.','.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.','
+    .\SYSTEM\DBD\system_user::FIELD_EMAIL.','.\SYSTEM\DBD\system_user::FIELD_LOCALE.','.\SYSTEM\DBD\system_user::FIELD_ACCOUNT_FLAG.')'.
+' VALUES (?, ?, ?, ?, ?);'
+);}}
\ No newline at end of file
diff --git a/dbd/qq/SYS_SECURITY_LOGIN_MD5.php b/dbd/qq/SYS_SECURITY_LOGIN_MD5.php
new file mode 100644
index 0000000..a0b6b8f
--- /dev/null
+++ b/dbd/qq/SYS_SECURITY_LOGIN_MD5.php
@@ -0,0 +1,15 @@
+<?php
+namespace SYSTEM\DBD;
+
+class SYS_SECURITY_LOGIN_MD5 extends \SYSTEM\DB\QP {
+    protected static function query(){
+        return new \SYSTEM\DB\QQuery(get_class(),
+//pg            
+'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
+' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
+' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2 OR  '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = $3 );',
+//mys
+'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
+' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
+' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ? OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = ? );'
+);}}
\ No newline at end of file
diff --git a/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php b/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php
new file mode 100644
index 0000000..c703809
--- /dev/null
+++ b/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php
@@ -0,0 +1,15 @@
+<?php
+namespace SYSTEM\DBD;
+
+class SYS_SECURITY_LOGIN_SHA1 extends \SYSTEM\DB\QP {
+    protected static function query(){
+        return new \SYSTEM\DB\QQuery(get_class(),
+//pg            
+'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
+' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
+' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2;',
+//mys
+'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
+' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
+' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ?;'
+);}}
\ No newline at end of file
diff --git a/dbd/qq/SYS_SECURITY_TRACK_LOGINS.php b/dbd/qq/SYS_SECURITY_TRACK_LOGINS.php
new file mode 100644
index 0000000..919b07c
--- /dev/null
+++ b/dbd/qq/SYS_SECURITY_TRACK_LOGINS.php
@@ -0,0 +1,15 @@
+<?php
+namespace SYSTEM\DBD;
+
+class SYS_SECURITY_TRACK_LOGINS extends \SYSTEM\DB\QP {
+    protected static function query(){
+        return new \SYSTEM\DB\QQuery(get_class(),
+//pg            
+'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.
+' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= to_timestamp($1)'.
+' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
+//mys
+'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.
+' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= ?'.
+' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;'
+);}}
\ No newline at end of file
diff --git a/dbd/qq/SYS_SECURITY_UPDATE_PW.php b/dbd/qq/SYS_SECURITY_UPDATE_PW.php
new file mode 100644
index 0000000..49b7adc
--- /dev/null
+++ b/dbd/qq/SYS_SECURITY_UPDATE_PW.php
@@ -0,0 +1,15 @@
+<?php
+namespace SYSTEM\DBD;
+
+class SYS_SECURITY_UPDATE_PW extends \SYSTEM\DB\QP {
+    protected static function query(){
+        return new \SYSTEM\DB\QQuery(get_class(),
+//pg            
+'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.
+' SET '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $1'.
+' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
+//mys
+'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.
+' SET '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ?'.
+' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;'
+);}}
\ No newline at end of file
diff --git a/security/Security.php b/security/Security.php
index 62d6ce8..061e3b0 100644
--- a/security/Security.php
+++ b/security/Security.php
@@ -1,138 +1,55 @@
 <?php
-
 namespace SYSTEM\SECURITY;
 
 class Security {
-
-    const LOGIN_FAIL = false;
-    const LOGIN_OK = true;
-
-    const REGISTER_FAIL = false;
-    const REGISTER_OK = true;
-
-    const LOGOUT_OK = true;
-
-    const AVAILABLE_FAIL = false;
-    const AVAILABLE_OK = true;
+    const FAIL = false;
+    const OK = true;   
     
     public static function create($username, $password, $email, $locale, $advancedResult=false, $checkAvailable = true){
         self::startSession();
-
         // check availability of username (in non-compatibility mode, otherwise it is already checked in DasenseAccount)
         if($checkAvailable && !self::available($username)){
-            return self::REGISTER_FAIL;}        
-        
-        $con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
-        if(\SYSTEM\system::isSystemDbInfoPG()){
-            $result = $con->prepare('createAccountStmt','INSERT INTO '.\SYSTEM\DBD\system_user::NAME_PG.
-                                    ' ('.\SYSTEM\DBD\system_user::FIELD_USERNAME.','.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.','
-                                        .\SYSTEM\DBD\system_user::FIELD_EMAIL.','.\SYSTEM\DBD\system_user::FIELD_LOCALE.','.\SYSTEM\DBD\system_user::FIELD_ACCOUNT_FLAG.')'.
-                                    ' VALUES ($1, $2, $3, $4, $5) RETURNING *;',
-                                    array( $username , $password, $email, $locale, 1 ));
-        } else {
-            $result = $con->prepare('createAccountStmt','INSERT INTO '.\SYSTEM\DBD\system_user::NAME_MYS.
-                                    ' ('.\SYSTEM\DBD\system_user::FIELD_USERNAME.','.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.','
-                                        .\SYSTEM\DBD\system_user::FIELD_EMAIL.','.\SYSTEM\DBD\system_user::FIELD_LOCALE.','.\SYSTEM\DBD\system_user::FIELD_ACCOUNT_FLAG.')'.
-                                    ' VALUES (?, ?, ?, ?, ?);',
-                                    array( $username , $password, $email, $locale, 1 ));
-        }
-        
+            return self::FAIL;}                        
+        $result = \SYSTEM\DBD\SYS_SECURITY_CREATE::Q1(array( $username , $password, $email, $locale, 1 ));                
         if( !$result || !self::login($username, $password, $locale)){
-                return self::REGISTER_FAIL;}        
-         
-        return ($advancedResult ? $result->next() : self::REGISTER_OK);
+                return self::FAIL;}                 
+        return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password)) : self::OK);
     }
-    
-    
-    public static function changePassword($username, $password_sha_old, $password_sha_new){
-        
-        $con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
-        if(\SYSTEM\system::isSystemDbInfoPG()){
-                $result = $con->prepare('',
-                                        'SELECT id FROM '.\SYSTEM\DBD\system_user::NAME_PG.
-                                        ' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
-                                        ' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2;',
-                                        array($username, $password_sha_old) );     
-                
-        }else{
-            return 'MySQL Query not implemented!';
-        }
-        
-        
-        $row = $result->next();
+     
+    public static function changePassword($username, $password_sha_old, $password_sha_new){        
+        $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha_old));                        
         if(!$row){
-            return 0; // old password wrong
-        }
-        
-        $userID = $row['id'];
-        if(\SYSTEM\system::isSystemDbInfoPG()){
-                $result = $con->prepare('', 
-                                    'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.
-                                    ' SET "password_sha" = $1 WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
-                                     array($password_sha_new, $userID) );           
-        }else{
-            return 'MySQL Query not implemented!';
-        }
-        
-        
-        return 1;
+            return self::FAIL;} // old password wrong                  
+        $userID = $row['id'];        
+        \SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($password_sha_new, $userID));        
+        return self::OK;
     }
              
     public static function login($username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
-        self::startSession();
-        
+        self::startSession();        
         if(!isset($password_sha)){
-            self::trackLogins(NULL, self::LOGIN_FAIL);
+            //self::trackLogins(NULL, self::FAIL);
             $_SESSION['user'] = NULL;
-            return self::LOGIN_FAIL;}
-
-        $con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo()); 
+            return self::FAIL;}
+        //Database check
         if(isset($password_md5)){      
-            if(\SYSTEM\system::isSystemDbInfoPG()){
-                $result = $con->prepare('loginAccountStmt', 
-                                        'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
-                                        ' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
-                                        ' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2 OR 
-                                                '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $3 OR  '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = $4 );',
-                                        array($username, $password_sha, $password_sha_new, $password_md5) );            
-            } else {
-                $result = $con->prepare('loginAccountStmt', 
-                                        'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
-                                        ' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
-                                        ' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ? OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = ? );',
-                                        array($username, $password_sha, $password_md5) );
-            }
+            $result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::QQ(array($username, $password_sha, $password_md5));
         }else{
-            if(\SYSTEM\system::isSystemDbInfoPG()){
-                $result = $con->prepare('loginAccountStmtSHA', 
-                                        'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
-                                        ' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
-                                        ' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2 OR 
-                                               '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $3 ;',
-                                        array($username, $password_sha, $password_sha_new) );
-            } else {
-                $result = $con->prepare('loginAccountStmtSHA', 
-                                        'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
-                                        ' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
-                                        ' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ?;',
-                                        array($username, $password_sha) );
-            }
-        }
-
-        //Database check        
+            $result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::QQ(array($username, $password_sha));}
+            
         if(!$result){
             new \SYSTEM\LOG\WARNING("Login Failed, Db result was not valid");            
             $_SESSION['user'] = NULL;
-            return self::LOGIN_FAIL;}        
-
+            return self::FAIL;}
+            
         $row = $result->next();
         if(!$row){
             new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");            
             $_SESSION['user'] = NULL;            
-            return self::LOGIN_FAIL;}        
-        
+            return self::FAIL;}
         // set password_sha if it is empty or if it length is < 40 -> SHA1 Androidappbugfix
-        if(!$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] || strlen($row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA]) < 40){
+        if( !$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] ||
+            strlen($row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA]) < 40){
             
             if($password_sha_new != NULL){
                 $pw = $password_sha_new;
@@ -140,19 +57,9 @@ class Security {
                 $pw = $password_sha;
             }
             unset($result);
-            if(\SYSTEM\system::isSystemDbInfoPG()){
-                $res = $con->prepare(   'updatePasswordSHAStmt',  
-                                        'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.' SET '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.';', 
-                                        array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));
-            }else{
-                $res = $con->prepare(   'updatePasswordSHAStmt',  
-                                        'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.' SET '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ? WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?'.';', 
-                                        array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));
-            }
-            $res = $res->next();
+            \SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));            
             $row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] = $pw;
-        }
-            
+        }            
         // set session variables
         $_SESSION['user'] = new User(   $row[\SYSTEM\DBD\system_user::FIELD_ID],
                                         $row[\SYSTEM\DBD\system_user::FIELD_USERNAME],
@@ -162,60 +69,30 @@ class Security {
                                         getenv('REMOTE_ADDR'),
                                         0,
                                         NULL,
-                                        $row[\SYSTEM\DBD\system_user::FIELD_LOCALE]);
-        
+                                        $row[\SYSTEM\DBD\system_user::FIELD_LOCALE]);        
         if(isset($locale)){
             \SYSTEM\locale::set($locale);}
         // track succesful user login
-        self::trackLogins($row[\SYSTEM\DBD\system_user::FIELD_ID]);        
-        return ($advancedResult ? $row : self::LOGIN_OK);
+        //self::trackLogins($row[\SYSTEM\DBD\system_user::FIELD_ID]);        
+        return ($advancedResult ? $row : self::OK);
     }       
     
     private static function trackLogins($userID){
-        $con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());         
-        if(\SYSTEM\system::isSystemDbInfoPG()){
-            $con->prepare(  'trackLoginAccountStmt', 
-                            'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= to_timestamp($1) '.
-                            'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
-                            array(microtime(true), $userID));
-        } else {
-            $con->prepare(  'trackLoginAccountStmt', 
-                            'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= ? '.
-                            'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;',
-                            array(microtime(true), $userID));
-        }
-    }
+        \SYSTEM\DBD\SYS_SECURITY_TRACK_LOGINS::Q1(array(microtime(true), $userID));}
 
     public static function getUser(){
         if(!self::isLoggedIn()){
             return NULL;}
         return $_SESSION['user'];}
 
-    /**
-     * Determine if username exists
-     *
-     * @param String $username
-     */
+    // Determine if username exists
     public static function available($username){        
-        $con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
-        if(\SYSTEM\system::isSystemDbInfoPG()){
-            $res = $con->prepare(   'availableStmt',  
-                                    'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\system_user::NAME_PG.
-                                    ' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') like lower($1) ;',
-                                    array($username));
-        } else {
-            $res = $con->prepare(   'availableStmt',  
-                                    'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
-                                    ' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') like lower(?) ;',
-                                    array($username));
-        }
-
-        if(!($res = $res->next())){
-            throw new \SYSTEM\LOG\ERRROR("Cannot determine the availability of username!");}
-        
+        $res = \SYSTEM\DBD\SYS_SECURITY_AVAILABLE::Q1(array($username));
+        if(!$res){
+            throw new \SYSTEM\LOG\ERRROR("Cannot determine the availability of username!");}        
         if($res['count'] != 0){
-            return self::AVAILABLE_FAIL;}
-        return self::AVAILABLE_OK;
+            return self::FAIL;}
+        return self::OK;
     }
 
     //checks for a right for a logged in user
@@ -225,25 +102,9 @@ class Security {
         $user = null;
         if(!($user = self::getUser())){
             return false;}
-
-        $con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
-        if(\SYSTEM\system::isSystemDbInfoPG()){
-            $res = $con->prepare(   'security_check',
-                                    'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_PG.
-                                    ' WHERE "'.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.'" = $1'.
-                                    ' AND "'.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.'" = $2;',
-                                    array($user->id, $rightid));
-        } else {
-            $res = $con->prepare(   'security_check',
-                                    'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_MYS.
-                                    ' WHERE '.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.' = ?'.
-                                    ' AND '.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.' = ?;',
-                                    array($user->id, $rightid));
-        }
-
-        if(!($res = $res->next())){
-            throw new \SYSTEM\LOG\ERROR("Cannot determine if you have the required rights!");}
-        
+        $res = \SYSTEM\DBD\SYS_SECURITY_CHECK::Q1(array($user->id, $rightid));
+        if(!$res){
+            throw new \SYSTEM\LOG\ERROR("Cannot determine if you have the required rights!");}        
         if($res['count'] == 0){
             return false;}
         return true;
@@ -253,44 +114,23 @@ class Security {
     public static function logout(){
         self::startSession();
         session_destroy();
-
-        return self::LOGOUT_OK;
-    }
+        return self::OK;}
+        
     public static function save($key,$value){
         self::startSession();
         $_SESSION['values'][$key] = $value;}
+        
     public static function load($key){
         self::startSession();
         if(!isset($_SESSION['values'][$key])){
             return NULL;}
-
-        return $_SESSION['values'][$key];
-    }
+        return $_SESSION['values'][$key];}
+        
     public static function isLoggedIn(){
         self::startSession();
         return (isset($_SESSION['user']) && $_SESSION['user'] instanceof User);}
+        
     private static function startSession(){
         if(!isset($_SESSION) && !headers_sent()){
-            \session_start();}
-    }
-    //This functions is called from \SYSTEM\locale::set()
-    public static function _db_setLocale($lang){
-        $user = self::getUser();
-        if(!$user){
-            throw new \SYSTEM\LOG\ERROR("You need to be logged in");}
-                 
-        $con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
-        if(\SYSTEM\system::isSystemDbInfoPG()){
-            $res = $con->prepare(   'updateUserLocaleStmt',
-                                    'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.' SET '.\SYSTEM\DBD\system_user::FIELD_LOCALE.' = $1 '.
-                                    'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\system_user::FIELD_LOCALE.';', 
-                                    array($lang, $user->id));
-        }else{
-            $res = $con->prepare(   'updateUserLocaleStmt',
-                                    'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.' SET '.\SYSTEM\DBD\system_user::FIELD_LOCALE.' = ? '.
-                                    'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;', 
-                                    array($lang, $user->id));            
-        }
-        return true;
-    }
+            \session_start();}}    
 }
\ No newline at end of file
diff --git a/system/locale.php b/system/locale.php
index fd089bf..efce804 100644
--- a/system/locale.php
+++ b/system/locale.php
@@ -8,9 +8,11 @@ class locale {
         if(!self::isLang($lang)){
             return false;}
 
-        \SYSTEM\SECURITY\Security::save(self::SESSION_KEY, $lang);        
+        \SYSTEM\SECURITY\Security::save(self::SESSION_KEY, $lang);
         if(\SYSTEM\SECURITY\Security::isLoggedIn()){
-            \SYSTEM\SECURITY\Security::_db_setLocale($lang);}
+            $user = \SYSTEM\SECURITY\Security::getUser();            
+            \SYSTEM\DBD\SYS_LOCALE_SET_LOCALE::Q1(array($lang, $user->id));            
+        }
             
         return true;
     }
@@ -52,7 +54,9 @@ class locale {
                  $where .= 'OR '.$q.\SYSTEM\DBD\system_locale_string::FIELD_ID.$q.' = $1 ';
             }
             $where = substr($where,2);
-
+            //those querys cant be done with qq, since they are dynamic
+            //they sql string is generated and prepare does not cover all the required parameterization
+            //hence qq cant be used on this purpose!
             $con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
             $res = $con->prepare( 'localeArrStmt',  'SELECT '.$q.$lang.$q.','.$q.\SYSTEM\DBD\system_locale_string::FIELD_ID.$q.' FROM '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\system_locale_string::NAME_PG : \SYSTEM\DBD\sytem_locale_string::NAME_MYS).' WHERE '.$where,
                                     $request);