EGroupware / egroupware

api/src/Session.php

Spacing +180 added lines, -183 removed lines

@@ -177,7 +177,7 @@ 
 	const CD_SECOND_FACTOR_REQUIRED = 96;
 	const CD_FORCE_PASSWORD_CHANGE = 97;
 	const CD_ACCOUNT_EXPIRED = 98;
-	const CD_BLOCKED = 99;	// to many failed attempts to loing
+	const CD_BLOCKED = 99; // to many failed attempts to loing
 
 	/**
 	 * Verbose reason why session creation failed
@@ -198,7 +198,7 @@ 
 	 *
 	 * @param array $domain_names =null domain-names used in this install
 	 */
-	function __construct(array $domain_names=null)
+	function __construct(array $domain_names = null)
 	{
 		$this->required_files = $_SESSION[self::EGW_REQUIRED_FILES];
 
@@ -214,27 +214,27 @@ 
 			$save_rep = false;
 			if (!isset($GLOBALS['egw_info']['server']['max_access_log_age']))
 			{
-				$GLOBALS['egw_info']['server']['max_access_log_age'] = 90;	// default 90 days
+				$GLOBALS['egw_info']['server']['max_access_log_age'] = 90; // default 90 days
 				$save_rep = true;
 			}
 			if (!isset($GLOBALS['egw_info']['server']['block_time']))
 			{
-				$GLOBALS['egw_info']['server']['block_time'] = 1;	// default 1min, its enough to slow down brute force attacks
+				$GLOBALS['egw_info']['server']['block_time'] = 1; // default 1min, its enough to slow down brute force attacks
 				$save_rep = true;
 			}
 			if (!isset($GLOBALS['egw_info']['server']['num_unsuccessful_id']))
 			{
-				$GLOBALS['egw_info']['server']['num_unsuccessful_id']  = 3;	// default 3 trys per id
+				$GLOBALS['egw_info']['server']['num_unsuccessful_id'] = 3; // default 3 trys per id
 				$save_rep = true;
 			}
 			if (!isset($GLOBALS['egw_info']['server']['num_unsuccessful_ip']))
 			{
-				$GLOBALS['egw_info']['server']['num_unsuccessful_ip']  = $GLOBALS['egw_info']['server']['num_unsuccessful_id'] * 5;	// default is 5 times as high as the id default; since accessing via proxy is quite common
+				$GLOBALS['egw_info']['server']['num_unsuccessful_ip'] = $GLOBALS['egw_info']['server']['num_unsuccessful_id'] * 5; // default is 5 times as high as the id default; since accessing via proxy is quite common
 				$save_rep = true;
 			}
 			if (!isset($GLOBALS['egw_info']['server']['install_id']))
 			{
-				$GLOBALS['egw_info']['server']['install_id']  = md5(Auth::randomstring(15));
+				$GLOBALS['egw_info']['server']['install_id'] = md5(Auth::randomstring(15));
 			}
 			if (!isset($GLOBALS['egw_info']['server']['max_history']))
 			{
@@ -246,18 +246,18 @@ 
 			{
 				$config = new Config('phpgwapi');
 				$config->read_repository();
-				$config->value('max_access_log_age',$GLOBALS['egw_info']['server']['max_access_log_age']);
-				$config->value('block_time',$GLOBALS['egw_info']['server']['block_time']);
-				$config->value('num_unsuccessful_id',$GLOBALS['egw_info']['server']['num_unsuccessful_id']);
-				$config->value('num_unsuccessful_ip',$GLOBALS['egw_info']['server']['num_unsuccessful_ip']);
-				$config->value('install_id',$GLOBALS['egw_info']['server']['install_id']);
-				$config->value('max_history',$GLOBALS['egw_info']['server']['max_history']);
+				$config->value('max_access_log_age', $GLOBALS['egw_info']['server']['max_access_log_age']);
+				$config->value('block_time', $GLOBALS['egw_info']['server']['block_time']);
+				$config->value('num_unsuccessful_id', $GLOBALS['egw_info']['server']['num_unsuccessful_id']);
+				$config->value('num_unsuccessful_ip', $GLOBALS['egw_info']['server']['num_unsuccessful_ip']);
+				$config->value('install_id', $GLOBALS['egw_info']['server']['install_id']);
+				$config->value('max_history', $GLOBALS['egw_info']['server']['max_history']);
 				try
 				{
 					$config->save_repository();
 				}
 				catch (Db\Exception $e) {
-					_egw_log_exception($e);	// ignore exception, as it blocks session creation, if database is not writable
+					_egw_log_exception($e); // ignore exception, as it blocks session creation, if database is not writable
 				}
 			}
 		}
@@ -266,7 +266,7 @@ 
 		// set session_timeout from global php.ini and default to 14400=4h, if not set
 		if (!($GLOBALS['egw_info']['server']['sessions_timeout'] = ini_get('session.gc_maxlifetime')))
       	{
-      		ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']=14400);
+      		ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout'] = 14400);
       	}
 	}
 
@@ -335,15 +335,15 @@ 
 
 		if (!isset($_SESSION[self::EGW_SESSION_ENCRYPTED]) && self::init_crypt($kp3))
 		{
-			foreach(self::$egw_session_vars as $name)
+			foreach (self::$egw_session_vars as $name)
 			{
 				if (isset($_SESSION[$name]))
 				{
-					$_SESSION[$name] = mcrypt_generic(self::$mcrypt,serialize($_SESSION[$name]));
+					$_SESSION[$name] = mcrypt_generic(self::$mcrypt, serialize($_SESSION[$name]));
 					//error_log(__METHOD__."() 'encrypting' session var: $name, len=".strlen($_SESSION[$name]));
 				}
 			}
-			$_SESSION[self::EGW_SESSION_ENCRYPTED] = true;	// flag session as encrypted
+			$_SESSION[self::EGW_SESSION_ENCRYPTED] = true; // flag session as encrypted
 
 			mcrypt_generic_deinit(self::$mcrypt);
 			self::$mcrypt = null;
@@ -358,24 +358,24 @@ 
 	 * @param boolean $recursion =true if true call itself for every item > $limit
 	 * @param int $limit =1000 log only differences > $limit
 	 */
-	static function log_session_usage(&$arr,$label,$recursion=true,$limit=1000)
+	static function log_session_usage(&$arr, $label, $recursion = true, $limit = 1000)
 	{
 		if (!is_array($arr)) return;
 
 		$sizes = array();
-		foreach($arr as $key => &$data)
+		foreach ($arr as $key => &$data)
 		{
 			$sizes[$key] = strlen(serialize($data));
 		}
-		arsort($sizes,SORT_NUMERIC);
-		foreach($sizes as $key => $size)
+		arsort($sizes, SORT_NUMERIC);
+		foreach ($sizes as $key => $size)
 		{
 			$diff = $size - (int)$_SESSION[$label.'-sizes'][$key];
 			$_SESSION[$label.'-sizes'][$key] = $size;
 			if ($diff > $limit)
 			{
 				error_log("strlen({$label}[$key])=".Vfs::hsize($size).", diff=".Vfs::hsize($diff));
-				if ($recursion) self::log_session_usage($arr[$key],$label.'['.$key.']',$recursion,$limit);
+				if ($recursion) self::log_session_usage($arr[$key], $label.'['.$key.']', $recursion, $limit);
 			}
 		}
 	}
@@ -390,15 +390,15 @@ 
 	{
 		if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt(self::get_request('kp3')))
 		{
-			foreach(self::$egw_session_vars as $name)
+			foreach (self::$egw_session_vars as $name)
 			{
 				if (isset($_SESSION[$name]))
 				{
-					$_SESSION[$name] = unserialize(trim(mdecrypt_generic(self::$mcrypt,$_SESSION[$name])));
+					$_SESSION[$name] = unserialize(trim(mdecrypt_generic(self::$mcrypt, $_SESSION[$name])));
 					//error_log(__METHOD__."() 'decrypting' session var $name: gettype($name) = ".gettype($_SESSION[$name]));
 				}
 			}
-			unset($_SESSION[self::EGW_SESSION_ENCRYPTED]);	// delete encryption flag
+			unset($_SESSION[self::EGW_SESSION_ENCRYPTED]); // delete encryption flag
 		}
 	}
 
@@ -413,13 +413,13 @@ 
 	 */
 	static private function init_crypt($kp3)
 	{
-		if(!$GLOBALS['egw_info']['server']['mcrypt_enabled'])
+		if (!$GLOBALS['egw_info']['server']['mcrypt_enabled'])
 		{
-			return false;	// session encryption is switched off
+			return false; // session encryption is switched off
 		}
 		if ($GLOBALS['egw_info']['currentapp'] == 'syncml' || !$kp3)
 		{
-			$kp3 = 'staticsyncmlkp3';	// syncml has no kp3!
+			$kp3 = 'staticsyncmlkp3'; // syncml has no kp3!
 		}
 		if (is_null(self::$mcrypt))
 		{
@@ -435,9 +435,9 @@ 
 			}
 			$iv_size = mcrypt_enc_get_iv_size(self::$mcrypt);
 			$iv = !isset($GLOBALS['egw_info']['server']['mcrypt_iv']) || strlen($GLOBALS['egw_info']['server']['mcrypt_iv']) < $iv_size ?
-				mcrypt_create_iv ($iv_size, MCRYPT_RAND) : substr($GLOBALS['egw_info']['server']['mcrypt_iv'],0,$iv_size);
+				mcrypt_create_iv ($iv_size, MCRYPT_RAND) : substr($GLOBALS['egw_info']['server']['mcrypt_iv'], 0, $iv_size);
 
-			if (mcrypt_generic_init(self::$mcrypt,$kp3, $iv) < 0)
+			if (mcrypt_generic_init(self::$mcrypt, $kp3, $iv) < 0)
 			{
 				error_log(__METHOD__."() could not initialise mcrypt, sessions get NOT encrypted!");
 				return self::$mcrypt = false;
@@ -459,7 +459,7 @@ 
 	 * @param string $remember_me =null "True" for checkbox checked, or periode for user-choice select-box eg. "P1W" or "" for NOT remember
 	 * @return string|boolean session id or false if session was not created, $this->(cd_)reason contains cause
 	 */
-	function create($login,$passwd = '',$passwd_type = '',$no_session=false,$auth_check=true,$fail_on_forced_password_change=false,$check_2fa=false,$remember_me=null)
+	function create($login, $passwd = '', $passwd_type = '', $no_session = false, $auth_check = true, $fail_on_forced_password_change = false, $check_2fa = false, $remember_me = null)
 	{
 		try {
 			if (is_array($login))
@@ -477,9 +477,9 @@ 
 			}
 			if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($this->login,$this->passwd,$this->passwd_type,$no_session,$auth_check) starting ...");
 
-			self::split_login_domain($login,$this->account_lid,$this->account_domain);
+			self::split_login_domain($login, $this->account_lid, $this->account_domain);
 			// add domain to the login, if not already there
-			if (substr($this->login,-strlen($this->account_domain)-1) != '@'.$this->account_domain)
+			if (substr($this->login, -strlen($this->account_domain) - 1) != '@'.$this->account_domain)
 			{
 				$this->login .= '@'.$this->account_domain;
 			}
@@ -496,7 +496,7 @@ 
 			{
 				$this->account_domain = $GLOBALS['egw_info']['user']['domain'];
 			}
-			elseif($this->account_domain != $GLOBALS['egw_info']['user']['domain'])
+			elseif ($this->account_domain != $GLOBALS['egw_info']['user']['domain'])
 			{
 				throw new Exception("Wrong domain! '$this->account_domain' != '{$GLOBALS['egw_info']['user']['domain']}'");
 			}
@@ -504,7 +504,7 @@ 
 
 			$user_ip = self::getuser_ip();
 
-			$this->account_id = $GLOBALS['egw']->accounts->name2id($this->account_lid,'account_lid','u');
+			$this->account_id = $GLOBALS['egw']->accounts->name2id($this->account_lid, 'account_lid', 'u');
 
 			// do we need to check 'remember me' token (to bypass authentication)
 			if ($auth_check && !empty($_COOKIE[self::REMEMBER_ME_COOKIE]))
@@ -512,7 +512,7 @@ 
 				$auth_check = !$this->skipPasswordAuth($_COOKIE[self::REMEMBER_ME_COOKIE], $this->account_id);
 			}
 
-			if (($blocked = $this->login_blocked($login,$user_ip)) ||	// too many unsuccessful attempts
+			if (($blocked = $this->login_blocked($login, $user_ip)) || // too many unsuccessful attempts
 				$GLOBALS['egw_info']['server']['global_denied_users'][$this->account_lid] ||
 				$auth_check && !$GLOBALS['egw']->auth->authenticate($this->account_lid, $this->passwd, $this->passwd_type) ||
 				$this->account_id && $GLOBALS['egw']->accounts->get_type($this->account_id) == 'g')
@@ -521,9 +521,9 @@ 
 				$this->cd_reason = $blocked ? self::CD_BLOCKED : self::CD_BAD_LOGIN_OR_PASSWORD;
 
 				// we dont log anon users as it would block the website
-				if (!$GLOBALS['egw']->acl->get_specific_rights_for_account($this->account_id,'anonymous','phpgwapi'))
+				if (!$GLOBALS['egw']->acl->get_specific_rights_for_account($this->account_id, 'anonymous', 'phpgwapi'))
 				{
-					$this->log_access($this->reason,$login,$user_ip,0);	// log unsuccessfull login
+					$this->log_access($this->reason, $login, $user_ip, 0); // log unsuccessfull login
 				}
 				if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($this->login,$this->passwd,$this->passwd_type,$no_session,$auth_check) UNSUCCESSFULL ($this->reason)");
 				return false;
@@ -541,7 +541,7 @@ 
 			if ($this->account_lid != ($lid = $GLOBALS['egw']->accounts->id2name($this->account_id)))
 			{
 				$this->account_lid = $lid;
-				$this->login = $lid.substr($this->login,strlen($lid));
+				$this->login = $lid.substr($this->login, strlen($lid));
 			}
 
 			$GLOBALS['egw_info']['user']['account_id'] = $this->account_id;
@@ -563,7 +563,7 @@ 
 				}
 				$this->sessionid = session_id();
 			}
-			$this->kp3       = Auth::randomstring(24);
+			$this->kp3 = Auth::randomstring(24);
 
 			$GLOBALS['egw_info']['user'] = $this->read_repositories();
 			if ($GLOBALS['egw']->accounts->is_expired($GLOBALS['egw_info']['user']))
@@ -583,10 +583,10 @@ 
 				try {
 					$this->checkMultifactorAuth($check_2fa, $_COOKIE[self::REMEMBER_ME_COOKIE]);
 				}
-				catch(\Exception $e) {
+				catch (\Exception $e) {
 					$this->cd_reason = $e->getCode();
 					$this->reason = $e->getMessage();
-					$this->log_access($this->reason, $login, $user_ip, 0);	// log unsuccessfull login
+					$this->log_access($this->reason, $login, $user_ip, 0); // log unsuccessfull login
 					if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($this->login,$this->passwd,$this->passwd_type,$no_session,$auth_check,$fail_on_forced_password_change,'$check_2fa') UNSUCCESSFULL ($this->reason)");
 					return false;
 				}
@@ -598,7 +598,7 @@ 
 				return false;
 			}
 
-			if ($GLOBALS['egw']->acl->check('anonymous',1,'phpgwapi'))
+			if ($GLOBALS['egw']->acl->check('anonymous', 1, 'phpgwapi'))
 			{
 				$this->session_flags = 'A';
 			}
@@ -616,41 +616,41 @@ 
 				'passwd'         => $this->passwd,
 				'account_domain' => $this->account_domain,
 				'user_ip'        => $user_ip,
-			),'',true)))	// true = run hooks from all apps, not just the ones the current user has perms to run
+			), '', true)))	// true = run hooks from all apps, not just the ones the current user has perms to run
 			{
-				foreach($hook_result as $reason)
+				foreach ($hook_result as $reason)
 				{
 					if ($reason)	// called hook requests to deny the session
 					{
 						$this->reason = $this->cd_reason = $reason;
-						$this->log_access($this->reason,$login,$user_ip,0);		// log unsuccessfull login
+						$this->log_access($this->reason, $login, $user_ip, 0); // log unsuccessfull login
 						if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($this->login,$this->passwd,$this->passwd_type,$no_session,$auth_check) UNSUCCESSFULL ($this->reason)");
 						return false;
 					}
 				}
 			}
 			$GLOBALS['egw']->db->transaction_begin();
-			$this->register_session($this->login,$user_ip,$now,$this->session_flags);
+			$this->register_session($this->login, $user_ip, $now, $this->session_flags);
 			if ($this->session_flags != 'A')		// dont log anonymous sessions
 			{
-				$this->sessionid_access_log = $this->log_access($this->sessionid,$login,$user_ip,$this->account_id);
+				$this->sessionid_access_log = $this->log_access($this->sessionid, $login, $user_ip, $this->account_id);
 				// We do NOT log anonymous sessions to not block website and also to cope with
 				// high rate anon endpoints might be called creating a bottleneck in the egw_accounts table.
 				Cache::setSession('phpgwapi', 'account_previous_login', $GLOBALS['egw']->auth->previous_login);
-				$GLOBALS['egw']->accounts->update_lastlogin($this->account_id,$user_ip);
+				$GLOBALS['egw']->accounts->update_lastlogin($this->account_id, $user_ip);
 			}
 			$GLOBALS['egw']->db->transaction_commit();
 
 			if ($GLOBALS['egw_info']['server']['usecookies'] && !$no_session)
 			{
-				self::egw_setcookie(self::EGW_SESSION_NAME,$this->sessionid);
-				self::egw_setcookie('kp3',$this->kp3);
-				self::egw_setcookie('domain',$this->account_domain);
+				self::egw_setcookie(self::EGW_SESSION_NAME, $this->sessionid);
+				self::egw_setcookie('kp3', $this->kp3);
+				self::egw_setcookie('domain', $this->account_domain);
 			}
 			if ($GLOBALS['egw_info']['server']['usecookies'] && !$no_session || isset($_COOKIE['last_loginid']))
 			{
-				self::egw_setcookie('last_loginid', $this->account_lid ,$now+1209600); /* For 2 weeks */
-				self::egw_setcookie('last_domain',$this->account_domain,$now+1209600);
+				self::egw_setcookie('last_loginid', $this->account_lid, $now + 1209600); /* For 2 weeks */
+				self::egw_setcookie('last_domain', $this->account_domain, $now + 1209600);
 			}
 
 			// set new remember me token/cookie, if requested and necessary
@@ -674,13 +674,13 @@ 
 				'user_ip'        => $user_ip,
 				'session_type'   => Session\Type::get($_SERVER['REQUEST_URI'],
 					$GLOBALS['egw_info']['flags']['current_app'],
-					true),	// true return WebGUI instead of login, as we are logged in now
-			),'',true);
+					true), // true return WebGUI instead of login, as we are logged in now
+			), '', true);
 
 			return $this->sessionid;
 		}
 		// catch all exceptions, as their (allways logged) trace (eg. on a database error) would contain the user password
-		catch(Exception $e) {
+		catch (Exception $e) {
 			$this->reason = $this->cd_reason = is_a($e, Db\Exception::class) ?
 				// do not output specific database error, eg. invalid SQL statement
 				lang('Database Error!') : $e->getMessage();
@@ -704,7 +704,7 @@ 
 	 * @param int& $account_id =null account_id of token-owner to limit check on that user, on return account_id of token owner
 	 * @return boolean false: if further auth check is required, true: if token is sufficient for authentication
 	 */
-	public function skipPasswordAuth($token, &$account_id=null)
+	public function skipPasswordAuth($token, &$account_id = null)
 	{
 		// if token is empty or disabled --> password authentication required
 		if (empty($token) || $GLOBALS['egw_info']['server']['remember_me_token'] !== 'always' ||
@@ -746,7 +746,7 @@ 
 
 		if ($GLOBALS['egw_info']['server']['2fa_required'] === 'disabled')
 		{
-			return;	// nothing to check
+			return; // nothing to check
 		}
 
 		// check if token exists and is (still) valid
@@ -831,7 +831,7 @@ 
 				$tokenRepo = new OpenID\Repositories\AccessTokenRepository();
 				if ($tokenRepo->findToken($client, $this->account_id, 'PT1S', $token))
 				{
-					return null;	// token still valid, no need to set it again
+					return null; // token still valid, no need to set it again
 				}
 			}
 			$lifetime = $this->rememberMeTokenLifetime(is_string($remember_me) ? $remember_me : null);
@@ -882,17 +882,17 @@ 
 
 		$clients = new OpenID\Repositories\ClientRepository();
 		try {
-			$client = $clients->getClientEntity(self::OPENID_REMEMBER_ME_CLIENT_ID, null, null, false);	// false = do NOT check client-secret
+			$client = $clients->getClientEntity(self::OPENID_REMEMBER_ME_CLIENT_ID, null, null, false); // false = do NOT check client-secret
 		}
 		catch (OAuthServerException $e)
 		{
 			unset($e);
 			$client = new OpenID\Entities\ClientEntity();
 			$client->setIdentifier(self::OPENID_REMEMBER_ME_CLIENT_ID);
-			$client->setSecret(Auth::randomstring(24));	// must not be unset
+			$client->setSecret(Auth::randomstring(24)); // must not be unset
 			$client->setName(lang('Remember me token'));
 			$client->setAccessTokenTTL($this->rememberMeTokenLifetime());
-			$client->setRefreshTokenTTL('P0S');	// no refresh token
+			$client->setRefreshTokenTTL('P0S'); // no refresh token
 			$client->setRedirectUri($GLOBALS['egw_info']['server']['webserver_url'].'/');
 			$clients->persistNewClient($client);
 		}
@@ -906,7 +906,7 @@ 
 	 * @param boolean $ts =false false: return periode string, true: return integer timestamp
 	 * @return string periode spec eg. 'P1M'
 	 */
-	protected function rememberMeTokenLifetime($user=null, $ts=false)
+	protected function rememberMeTokenLifetime($user = null, $ts = false)
 	{
 		switch ((string)$GLOBALS['egw_info']['server']['remember_me_lifetime'])
 		{
@@ -941,13 +941,12 @@ 
 	 * @param int $now
 	 * @param string $session_flags
 	 */
-	private function register_session($login,$user_ip,$now,$session_flags)
+	private function register_session($login, $user_ip, $now, $session_flags)
 	{
 		// restore session vars set before session was started
 		if (is_array($this->required_files))
 		{
-			$_SESSION[self::EGW_REQUIRED_FILES] = !is_array($_SESSION[self::EGW_REQUIRED_FILES]) ? $this->required_files :
-				array_unique(array_merge($_SESSION[self::EGW_REQUIRED_FILES],$this->required_files));
+			$_SESSION[self::EGW_REQUIRED_FILES] = !is_array($_SESSION[self::EGW_REQUIRED_FILES]) ? $this->required_files : array_unique(array_merge($_SESSION[self::EGW_REQUIRED_FILES], $this->required_files));
 			unset($this->required_files);
 		}
 		$_SESSION[self::EGW_SESSION_VAR] = array(
@@ -986,7 +985,7 @@ 
 	 * @param int $account_id =0 numerical account_id
 	 * @return int $sessionid primary key of egw_access_log for login, null otherwise
 	 */
-	private function log_access($sessionid,$login='',$user_ip='',$account_id=0)
+	private function log_access($sessionid, $login = '', $user_ip = '', $account_id = 0)
 	{
 		// do not log anything for anonymous sessions
 		if ($this->session_flags === 'A')
@@ -1004,7 +1003,7 @@ 
 
 		if ($login)
 		{
-			$GLOBALS['egw']->db->insert(self::ACCESS_LOG_TABLE,array(
+			$GLOBALS['egw']->db->insert(self::ACCESS_LOG_TABLE, array(
 				'session_php' => $sessionid,
 				'loginid'   => $login,
 				'ip'        => $user_ip,
@@ -1012,22 +1011,22 @@ 
 				'account_id'=> $account_id,
 				'user_agent'=> $_SERVER['HTTP_USER_AGENT'],
 				'session_dla'    => $now,
-				'session_action' => $this->update_dla(false),	// dont update egw_access_log
-			),false,__LINE__,__FILE__);
+				'session_action' => $this->update_dla(false), // dont update egw_access_log
+			), false, __LINE__, __FILE__);
 
 			$_SESSION[self::EGW_SESSION_VAR]['session_logged_dla'] = $now;
 
-			$ret = $GLOBALS['egw']->db->get_last_insert_id(self::ACCESS_LOG_TABLE,'sessionid');
+			$ret = $GLOBALS['egw']->db->get_last_insert_id(self::ACCESS_LOG_TABLE, 'sessionid');
 
 			// if we can not store failed login attempts in database, store it in cache
 			if (!$ret && !$account_id)
 			{
 				Cache::setInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$user_ip,
-					1+Cache::getInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$user_ip),
+					1 + Cache::getInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$user_ip),
 					$GLOBALS['egw_info']['server']['block_time'] * 60);
 
 				Cache::setInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login,
-					1+Cache::getInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login),
+					1 + Cache::getInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login),
 					$GLOBALS['egw_info']['server']['block_time'] * 60);
 			}
 		}
@@ -1037,20 +1036,20 @@ 
 			{
 				$sessionid = $this->sessionid_access_log;
 			}
-			$GLOBALS['egw']->db->update(self::ACCESS_LOG_TABLE,array(
+			$GLOBALS['egw']->db->update(self::ACCESS_LOG_TABLE, array(
 				'lo' => $now
-			),is_numeric($sessionid) ? array(
+			), is_numeric($sessionid) ? array(
 				'sessionid' => $sessionid,
 			) : array(
 				'session_php' => $sessionid,
-			),__LINE__,__FILE__);
+			), __LINE__, __FILE__);
 
 			// run maintenance only on logout, to not delay login
 			if ($GLOBALS['egw_info']['server']['max_access_log_age'])
 			{
 				$max_age = $now - $GLOBALS['egw_info']['server']['max_access_log_age'] * 24 * 60 * 60;
 
-				$GLOBALS['egw']->db->delete(self::ACCESS_LOG_TABLE,"li < $max_age",__LINE__,__FILE__);
+				$GLOBALS['egw']->db->delete(self::ACCESS_LOG_TABLE, "li < $max_age", __LINE__, __FILE__);
 			}
 		}
 		//error_log(__METHOD__."('$sessionid', '$login', '$user_ip', $account_id) returning ".array2string($ret));
@@ -1064,12 +1063,12 @@ 
 	 * @param string $ip ip of the user
 	 * @returns bool login blocked?
 	 */
-	private function login_blocked($login,$ip)
+	private function login_blocked($login, $ip)
 	{
 		$block_time = time() - $GLOBALS['egw_info']['server']['block_time'] * 60;
 
 		$false_id = $false_ip = 0;
-		foreach($GLOBALS['egw']->db->union(array(
+		foreach ($GLOBALS['egw']->db->union(array(
 			array(
 				'table' => self::ACCESS_LOG_TABLE,
 				'cols'  => "'false_ip' AS name,COUNT(*) AS num",
@@ -1112,7 +1111,7 @@ 
 		if (!empty($GLOBALS['egw_info']['server']['unsuccessful_ip_whitelist']) &&
 			preg_match_all('/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(:\d+)?/',
 				$GLOBALS['egw_info']['server']['unsuccessful_ip_whitelist'], $matches) &&
-			($key=array_search($ip, $matches[1])) !== false)
+			($key = array_search($ip, $matches[1])) !== false)
 		{
 			$blocked = !empty($matches[3][$key]) && $false_ip > $matches[3][$key];
 		}
@@ -1127,28 +1126,28 @@ 
 		//error_log(__METHOD__."('$login', '$ip') false_ip=$false_ip, false_id=$false_id --> blocked=".array2string($blocked));
 
 		if ($blocked && $GLOBALS['egw_info']['server']['admin_mails'] &&
-			$GLOBALS['egw_info']['server']['login_blocked_mail_time'] < time()-5*60)	// max. one mail every 5mins
+			$GLOBALS['egw_info']['server']['login_blocked_mail_time'] < time() - 5 * 60)	// max. one mail every 5mins
 		{
 			try {
 				$mailer = new Mailer();
 				// notify admin(s) via email
 				$mailer->setFrom('eGroupWare@'.$GLOBALS['egw_info']['server']['mail_suffix']);
-				$mailer->addHeader('Subject', lang("eGroupWare: login blocked for user '%1', IP %2",$login,$ip));
-				$mailer->setBody(lang("Too many unsucessful attempts to login: %1 for the user '%2', %3 for the IP %4",$false_id,$login,$false_ip,$ip));
-				foreach(preg_split('/,\s*/',$GLOBALS['egw_info']['server']['admin_mails']) as $mail)
+				$mailer->addHeader('Subject', lang("eGroupWare: login blocked for user '%1', IP %2", $login, $ip));
+				$mailer->setBody(lang("Too many unsucessful attempts to login: %1 for the user '%2', %3 for the IP %4", $false_id, $login, $false_ip, $ip));
+				foreach (preg_split('/,\s*/', $GLOBALS['egw_info']['server']['admin_mails']) as $mail)
 				{
 					$mailer->addAddress($mail);
 				}
 				$mailer->send();
 			}
-			catch(\Exception $e) {
+			catch (\Exception $e) {
 				// ignore exception, but log it, to block the account and give a correct error-message to user
 				error_log(__METHOD__."('$login', '$ip') ".$e->getMessage());
 			}
 			// save time of mail, to not send to many mails
 			$config = new Config('phpgwapi');
 			$config->read_repository();
-			$config->value('login_blocked_mail_time',time());
+			$config->value('login_blocked_mail_time', time());
 			$config->save_repository();
 		}
 		return $blocked;
@@ -1169,7 +1168,7 @@ 
 	 * @param boolean $only_basic_auth =false return only a basic auth pseudo sessionid, default no
 	 * @return string|null (pseudo-)session-id use or NULL if no Cookie or Basic-Auth credentials
 	 */
-	static function get_sessionid($only_basic_auth=false)
+	static function get_sessionid($only_basic_auth = false)
 	{
 		// for WebDAV and GroupDAV we use a pseudo sessionid created from md5(user:passwd)
 		// --> allows this stateless protocolls which use basic auth to use sessions!
@@ -1196,11 +1195,11 @@ 
 				EGW_SERVER_ROOT.':'.self::getuser_ip().':'.filemtime(EGW_SERVER_ROOT.'/api/setup/setup.inc.php').
 				':'.$_SERVER['HTTP_USER_AGENT']);
 		}
-		elseif(!$only_basic_auth && isset($_REQUEST[self::EGW_SESSION_NAME]))
+		elseif (!$only_basic_auth && isset($_REQUEST[self::EGW_SESSION_NAME]))
 		{
 			$sessionid = $_REQUEST[self::EGW_SESSION_NAME];
 		}
-		elseif(!$only_basic_auth && isset($_COOKIE[self::EGW_SESSION_NAME]))
+		elseif (!$only_basic_auth && isset($_COOKIE[self::EGW_SESSION_NAME]))
 		{
 			$sessionid = $_COOKIE[self::EGW_SESSION_NAME];
 		}
@@ -1208,7 +1207,7 @@ 
 		{
 			$sessionid = null;
 		}
-		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() _SERVER[REQUEST_URI]='$_SERVER[REQUEST_URI]' returning ".print_r($sessionid,true));
+		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() _SERVER[REQUEST_URI]='$_SERVER[REQUEST_URI]' returning ".print_r($sessionid, true));
 		return $sessionid;
 	}
 
@@ -1224,9 +1223,7 @@ 
 	 */
 	static function get_request($name)
 	{
-		return isset($_REQUEST[$name]) ? $_REQUEST[$name] :
-			(isset($_COOKIE[$name]) ? $_COOKIE[$name] :
-			(isset($_COOKIE[$name=ucfirst($name)]) ? $_COOKIE[$name] : null));
+		return isset($_REQUEST[$name]) ? $_REQUEST[$name] : (isset($_COOKIE[$name]) ? $_COOKIE[$name] : (isset($_COOKIE[$name = ucfirst($name)]) ? $_COOKIE[$name] : null));
 	}
 
 	/**
@@ -1236,13 +1233,13 @@ 
 	 * @param string $kp3 ?? to be verified
 	 * @return bool is the session valid?
 	 */
-	function verify($sessionid=null,$kp3=null)
+	function verify($sessionid = null, $kp3 = null)
 	{
 		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid','$kp3') ".function_backtrace());
 
 		$fill_egw_info_and_repositories = !$GLOBALS['egw_info']['flags']['restored_from_session'];
 
-		if(!$sessionid)
+		if (!$sessionid)
 		{
 			$sessionid = self::get_sessionid();
 			$kp3       = self::get_request('kp3');
@@ -1278,23 +1275,23 @@ 
 			if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid') session does NOT exist!");
 			return false;
 		}
-		$session =& $_SESSION[self::EGW_SESSION_VAR];
+		$session = & $_SESSION[self::EGW_SESSION_VAR];
 
 		if ($session['session_dla'] <= time() - $GLOBALS['egw_info']['server']['sessions_timeout'])
 		{
 			if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid') session timed out!");
-			$this->destroy($sessionid,$kp3);
+			$this->destroy($sessionid, $kp3);
 			return false;
 		}
 
 		$this->session_flags = $session['session_flags'];
 
-		$this->split_login_domain($session['session_lid'],$this->account_lid,$this->account_domain);
+		$this->split_login_domain($session['session_lid'], $this->account_lid, $this->account_domain);
 
 		// This is to ensure that we authenticate to the correct domain (might not be default)
-		if($GLOBALS['egw_info']['user']['domain'] && $this->account_domain != $GLOBALS['egw_info']['user']['domain'])
+		if ($GLOBALS['egw_info']['user']['domain'] && $this->account_domain != $GLOBALS['egw_info']['user']['domain'])
 		{
-			return false;	// session not verified, domain changed
+			return false; // session not verified, domain changed
 		}
 		$GLOBALS['egw_info']['user']['kp3'] = $this->kp3;
 
@@ -1307,7 +1304,7 @@ 
 		{
 			$this->update_notification_heartbeat();
 		}
-		$this->account_id = $GLOBALS['egw']->accounts->name2id($this->account_lid,'account_lid','u');
+		$this->account_id = $GLOBALS['egw']->accounts->name2id($this->account_lid, 'account_lid', 'u');
 		if (!$this->account_id)
 		{
 			if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) !accounts::name2id('$this->account_lid')");
@@ -1354,7 +1351,7 @@ 
 
 		if ($GLOBALS['egw_info']['server']['sessions_checkip'])
 		{
-			if (strtoupper(substr(PHP_OS,0,3)) != 'WIN' && (!$GLOBALS['egw_info']['user']['session_ip'] ||
+			if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN' && (!$GLOBALS['egw_info']['user']['session_ip'] ||
 				$GLOBALS['egw_info']['user']['session_ip'] != $this->getuser_ip()))
 			{
 				if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) wrong IP");
@@ -1377,9 +1374,9 @@ 
 		// query accesslog-id, if not set in session (session is made persistent after login!)
 		if (!$this->sessionid_access_log && $this->session_flags != 'A')
 		{
-			$this->sessionid_access_log = $GLOBALS['egw']->db->select(self::ACCESS_LOG_TABLE,'sessionid',array(
+			$this->sessionid_access_log = $GLOBALS['egw']->db->select(self::ACCESS_LOG_TABLE, 'sessionid', array(
 				'session_php' => $this->sessionid,
-			),__LINE__,__FILE__)->fetchColumn();
+			), __LINE__, __FILE__)->fetchColumn();
 			//error_log(__METHOD__."() sessionid=$this->sessionid --> sessionid_access_log=$this->sessionid_access_log");
 		}
 
@@ -1390,9 +1387,9 @@ 
 			(!isset($_COOKIE[self::EGW_SESSION_NAME]) || $_COOKIE[self::EGW_SESSION_NAME] !== $_REQUEST[self::EGW_SESSION_NAME]))
 		{
 			if (self::ERROR_LOG_DEBUG) error_log("--> Session::verify($sessionid) SUCCESS, but NO required cookies set --> setting them now");
-			self::egw_setcookie(self::EGW_SESSION_NAME,$this->sessionid);
-			self::egw_setcookie('kp3',$this->kp3);
-			self::egw_setcookie('domain',$this->account_domain);
+			self::egw_setcookie(self::EGW_SESSION_NAME, $this->sessionid);
+			self::egw_setcookie('kp3', $this->kp3);
+			self::egw_setcookie('domain', $this->account_domain);
 		}
 
 		if (self::ERROR_LOG_DEBUG) error_log("--> Session::verify($sessionid) SUCCESS");
@@ -1407,27 +1404,27 @@ 
 	 * @param string $kp3
 	 * @return boolean true on success, false on error
 	 */
-	function destroy($sessionid, $kp3='')
+	function destroy($sessionid, $kp3 = '')
 	{
 		if (!$sessionid && $kp3)
 		{
 			return false;
 		}
-		$this->log_access($sessionid);	// log logout-time
+		$this->log_access($sessionid); // log logout-time
 
 		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($sessionid,$kp3)");
 
 		if (is_numeric($sessionid))	// do we have a access-log-id --> get PHP session id
 		{
-			$sessionid = $GLOBALS['egw']->db->select(self::ACCESS_LOG_TABLE,'session_php',array(
+			$sessionid = $GLOBALS['egw']->db->select(self::ACCESS_LOG_TABLE, 'session_php', array(
 					'sessionid' => $sessionid,
-				),__LINE__,__FILE__)->fetchColumn();
+				), __LINE__, __FILE__)->fetchColumn();
 		}
 
 		Hooks::process(array(
 			'location'  => 'session_destroyed',
 			'sessionid' => $sessionid,
-		),'',true);	// true = run hooks from all apps, not just the ones the current user has perms to run
+		), '', true); // true = run hooks from all apps, not just the ones the current user has perms to run
 
 		// Only do the following, if where working with the current user
 		if (!$GLOBALS['egw_info']['user']['sessionid'] || $sessionid == $GLOBALS['egw_info']['user']['sessionid'])
@@ -1448,7 +1445,7 @@ 
 		}
 		else
 		{
-			$this->commit_session();	// close our own session
+			$this->commit_session(); // close our own session
 
 			session_id($sessionid);
 			if (session_start())
@@ -1488,25 +1485,25 @@ 
 		// as $webserver_url may be part of $url (as /egw is part of phpgwapi/js/egw_instant_load.html)
 		if (($url[0] != '/' || $webserver_url != '/') && (!$webserver_url || strpos($url, $webserver_url.'/') === false))
 		{
-			if($url[0] != '/' && substr($webserver_url,-1) != '/')
+			if ($url[0] != '/' && substr($webserver_url, -1) != '/')
 			{
-				$url = $webserver_url .'/'. $url;
+				$url = $webserver_url.'/'.$url;
 			}
 			else
 			{
-				$url = $webserver_url . $url;
+				$url = $webserver_url.$url;
 			}
 		}
 
-		if(isset($GLOBALS['egw_info']['server']['enforce_ssl']) && $GLOBALS['egw_info']['server']['enforce_ssl'])
+		if (isset($GLOBALS['egw_info']['server']['enforce_ssl']) && $GLOBALS['egw_info']['server']['enforce_ssl'])
 		{
-			if(substr($url ,0,4) != 'http')
+			if (substr($url, 0, 4) != 'http')
 			{
 				$url = 'https://'.$_SERVER['HTTP_HOST'].$url;
 			}
 			else
 			{
-				$url = str_replace ( 'http:', 'https:', $url);
+				$url = str_replace('http:', 'https:', $url);
 			}
 		}
 		$vars = array();
@@ -1519,7 +1516,7 @@ 
 		}
 
 		// check if the url already contains a query and ensure that vars is an array and all strings are in extravars
-		list($ret_url,$othervars) = explode('?', $url, 2);
+		list($ret_url, $othervars) = explode('?', $url, 2);
 		if ($extravars && is_array($extravars))
 		{
 			$vars += $extravars;
@@ -1527,19 +1524,19 @@ 
 		}
 		else
 		{
-			if ($othervars) $extravars .= ($extravars?'&':'').$othervars;
+			if ($othervars) $extravars .= ($extravars ? '&' : '').$othervars;
 		}
 
 		// parse extravars string into the vars array
 		if ($extravars)
 		{
-			foreach(explode('&',$extravars) as $expr)
+			foreach (explode('&', $extravars) as $expr)
 			{
-				list($var,$val) = explode('=', $expr,2);
-				if (strpos($val,'%26') != false) $val = str_replace('%26','&',$val);	// make sure to not double encode &
-				if (substr($var,-2) == '[]')
+				list($var, $val) = explode('=', $expr, 2);
+				if (strpos($val, '%26') != false) $val = str_replace('%26', '&', $val); // make sure to not double encode &
+				if (substr($var, -2) == '[]')
 				{
-					$vars[substr($var,0,-2)][] = $val;
+					$vars[substr($var, 0, -2)][] = $val;
 				}
 				else
 				{
@@ -1552,11 +1549,11 @@ 
 		if (count($vars))
 		{
 			$query = array();
-			foreach($vars as $key => $value)
+			foreach ($vars as $key => $value)
 			{
 				if (is_array($value))
 				{
-					foreach($value as $val)
+					foreach ($value as $val)
 					{
 						$query[] = $key.'[]='.urlencode($val);
 					}
@@ -1566,7 +1563,7 @@ 
 					$query[] = $key.'='.urlencode($value);
 				}
 			}
-			$ret_url .= '?' . implode('&',$query);
+			$ret_url .= '?'.implode('&', $query);
 		}
 		return $ret_url;
 	}
@@ -1627,7 +1624,7 @@ 
 	 * @param int $cookietime =0 when cookie should expire, 0 for session only (optional)
 	 * @param string $cookiepath =null optional path (eg. '/') if the eGW install-dir should not be used
 	 */
-	public static function egw_setcookie($cookiename,$cookievalue='',$cookietime=0,$cookiepath=null)
+	public static function egw_setcookie($cookiename, $cookievalue = '', $cookietime = 0, $cookiepath = null)
 	{
 		if (empty(self::$cookie_domain) || empty(self::$cookie_path))
 		{
@@ -1640,11 +1637,11 @@ 
 		static $is_iOS = null;
 		if (!$cookietime && !isset($is_iOS)) $is_iOS = (bool)preg_match('/^(iPhone|iPad|iPod)/i', Header\UserAgent::mobile());
 
-		if(!headers_sent())	// gives only a warning, but can not send the cookie anyway
+		if (!headers_sent())	// gives only a warning, but can not send the cookie anyway
 		{
 			setcookie($cookiename, $cookievalue,
-				!$cookietime && $is_iOS ? time()+self::IOS_SESSION_COOKIE_LIFETIME : $cookietime,
-				is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain,
+				!$cookietime && $is_iOS ? time() + self::IOS_SESSION_COOKIE_LIFETIME : $cookietime,
+				is_null($cookiepath) ? self::$cookie_path : $cookiepath, self::$cookie_domain,
 				// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
 				empty($GLOBALS['egw_info']['server']['insecure_cookies']) && Header\Http::schema() === 'https', true);
 		}
@@ -1667,17 +1664,17 @@ 
 		}
 		// remove port from HTTP_HOST
 		$arr = null;
-		if (preg_match("/^(.*):(.*)$/",self::$cookie_domain,$arr))
+		if (preg_match("/^(.*):(.*)$/", self::$cookie_domain, $arr))
 		{
 			self::$cookie_domain = $arr[1];
 		}
-		if (count(explode('.',self::$cookie_domain)) <= 1)
+		if (count(explode('.', self::$cookie_domain)) <= 1)
 		{
 			// setcookie dont likes domains without dots, leaving it empty, gets setcookie to fill the domain in
 			self::$cookie_domain = '';
 		}
 		if (!$GLOBALS['egw_info']['server']['cookiepath'] ||
-			!(self::$cookie_path = parse_url($GLOBALS['egw_info']['server']['webserver_url'],PHP_URL_PATH)))
+			!(self::$cookie_path = parse_url($GLOBALS['egw_info']['server']['webserver_url'], PHP_URL_PATH)))
 		{
 			self::$cookie_path = '/';
 		}
@@ -1697,7 +1694,7 @@ 
 	 * @param array $domains =null defaults to $GLOBALS['egw_domain'] from the header
 	 * @return string $GLOBALS['egw_info']['user']['domain'] set with the domain/instance to use
 	 */
-	public static function search_instance($login,$domain_requested,&$default_domain,$server_names,array $domains=null)
+	public static function search_instance($login, $domain_requested, &$default_domain, $server_names, array $domains = null)
 	{
 		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$login','$domain_requested',".array2string($default_domain).".".array2string($server_names).".".array2string($domains).")");
 
@@ -1705,10 +1702,10 @@ 
 
 		if (!isset($default_domain) || !isset($domains[$default_domain]))	// allow to overwrite the default domain
 		{
-			foreach((array)$server_names as $server_name)
+			foreach ((array)$server_names as $server_name)
 			{
-				list($server_name) = explode(':', $server_name);	// remove port from HTTP_HOST
-				if(isset($domains[$server_name]))
+				list($server_name) = explode(':', $server_name); // remove port from HTTP_HOST
+				if (isset($domains[$server_name]))
 				{
 					$default_domain = $server_name;
 					break;
@@ -1718,7 +1715,7 @@ 
 					$parts = explode('.', $server_name);
 					array_shift($parts);
 					$domain_part = implode('.', $parts);
-					if(isset($domains[$domain_part]))
+					if (isset($domains[$domain_part]))
 					{
 						$default_domain = $domain_part;
 						break;
@@ -1734,11 +1731,11 @@ 
 		}
 		if (isset($login))	// on login
 		{
-			if (strpos($login,'@') === false || count($domains) == 1)
+			if (strpos($login, '@') === false || count($domains) == 1)
 			{
-				$login .= '@' . (isset($_POST['logindomain']) ? $_POST['logindomain'] : $default_domain);
+				$login .= '@'.(isset($_POST['logindomain']) ? $_POST['logindomain'] : $default_domain);
 			}
-			$parts = explode('@',$login);
+			$parts = explode('@', $login);
 			$domain = array_pop($parts);
 			$GLOBALS['login'] = $login;
 		}
@@ -1782,7 +1779,7 @@ 
 	 * @param boolean $update_access_log =false false: dont update egw_access_log table, but set $this->action
 	 * @return string action as written to egw_access_log.session_action
 	 */
-	private function update_dla($update_access_log=false)
+	private function update_dla($update_access_log = false)
 	{
 		// This way XML-RPC users aren't always listed as xmlrpc.php
 		if (isset($_GET['menuaction']))
@@ -1796,14 +1793,14 @@ 
 			$action = $_SERVER['PHP_SELF'];
 			// remove EGroupware path, if not installed in webroot
 			$egw_path = $GLOBALS['egw_info']['server']['webserver_url'];
-			if ($egw_path[0] != '/') $egw_path = parse_url($egw_path,PHP_URL_PATH);
+			if ($egw_path[0] != '/') $egw_path = parse_url($egw_path, PHP_URL_PATH);
 			if ($action == '/Microsoft-Server-ActiveSync')
 			{
 				$action .= '?Cmd='.$_GET['Cmd'].'&DeviceId='.$_GET['DeviceId'];
 			}
 			elseif ($egw_path)
 			{
-				list(,$action) = explode($egw_path,$action,2);
+				list(,$action) = explode($egw_path, $action, 2);
 			}
 		}
 		$this->set_action($action);
@@ -1817,14 +1814,14 @@ 
 		{
 			$_SESSION[self::EGW_SESSION_VAR]['session_logged_dla'] = time();
 
-			$GLOBALS['egw']->db->update(self::ACCESS_LOG_TABLE,array(
+			$GLOBALS['egw']->db->update(self::ACCESS_LOG_TABLE, array(
 				'session_dla' => time(),
 				'session_action' => $this->action,
 			) + ($this->action === '/logout.php' ? array() : array(
-				'lo' => null,	// just in case it was (automatic) timed out before
-			)),array(
+				'lo' => null, // just in case it was (automatic) timed out before
+			)), array(
 				'sessionid' => $this->sessionid_access_log,
-			),__LINE__,__FILE__);
+			), __LINE__, __FILE__);
 		}
 
 		$_SESSION[self::EGW_SESSION_VAR]['session_dla'] = time();
@@ -1842,12 +1839,12 @@ 
 		// update dla in access-log table, if we have an access-log row (non-anonymous session)
 		if ($this->sessionid_access_log)
 		{
-			$GLOBALS['egw']->db->update(self::ACCESS_LOG_TABLE,array(
+			$GLOBALS['egw']->db->update(self::ACCESS_LOG_TABLE, array(
 				'notification_heartbeat' => time(),
-			),array(
+			), array(
 				'sessionid' => $this->sessionid_access_log,
 				'lo IS NULL',
-			),__LINE__,__FILE__);
+			), __LINE__, __FILE__);
 		}
 	}
 
@@ -1868,7 +1865,7 @@ 
 		{
 			// authentication happens in login.php, which does NOT yet create egw-object in session
 			// --> need to store homedirectory in session
-			if(isset($GLOBALS['auto_create_acct']['homedirectory']))
+			if (isset($GLOBALS['auto_create_acct']['homedirectory']))
 			{
 				Cache::setSession(__CLASS__, 'homedirectory',
 					$user['homedirectory'] = $GLOBALS['auto_create_acct']['homedirectory']);
@@ -1881,7 +1878,7 @@ 
 		$user['preferences'] = $GLOBALS['egw']->preferences->read_repository();
 		if (is_object($GLOBALS['egw']->datetime))
 		{
-			$GLOBALS['egw']->datetime->__construct();		// to set tz_offset from the now read prefs
+			$GLOBALS['egw']->datetime->__construct(); // to set tz_offset from the now read prefs
 		}
 		$user['apps']        = $GLOBALS['egw']->applications->read_repository();
 		$user['domain']      = $this->account_domain;
@@ -1904,9 +1901,9 @@ 
 	 * @param string &$account_lid returned account_lid (ie. user)
 	 * @param string &$domain returned domain (ie. domain)
 	 */
-	private function split_login_domain($login,&$account_lid,&$domain)
+	private function split_login_domain($login, &$account_lid, &$domain)
 	{
-		$parts = explode('@',$login);
+		$parts = explode('@', $login);
 
 		//conference - for strings like vinicius@thyamad.com@default ,
 		//allows that user have a login that is his e-mail. (viniciuscb)
@@ -1914,11 +1911,11 @@ 
 		{
 			$probable_domain = array_pop($parts);
 			//Last part of login string, when separated by @, is a domain name
-			if (in_array($probable_domain,$this->egw_domains))
+			if (in_array($probable_domain, $this->egw_domains))
 			{
 				$got_login = true;
 				$domain = $probable_domain;
-				$account_lid = implode('@',$parts);
+				$account_lid = implode('@', $parts);
 			}
 		}
 
@@ -1941,9 +1938,9 @@ 
 	 * @param boolean $allow_password_md5 =false can password alread be an md5 hash
 	 * @return string
 	 */
-	static function user_pw_hash($user,$password,$allow_password_md5=false)
+	static function user_pw_hash($user, $password, $allow_password_md5 = false)
 	{
-		$password_md5 = $allow_password_md5 && preg_match('/^[a-f0-9]{32}$/',$password) ? $password : md5($password);
+		$password_md5 = $allow_password_md5 && preg_match('/^[a-f0-9]{32}$/', $password) ? $password : md5($password);
 
 		$hash = sha1(strtolower($user).$password_md5);
 
@@ -1958,12 +1955,12 @@ 
 	 */
 	public static function init_handler()
 	{
-		switch(session_status())
+		switch (session_status())
 		{
 			case PHP_SESSION_DISABLED:
 				throw new \ErrorException('EGroupware requires PHP session extension!');
 			case PHP_SESSION_NONE:
-				ini_set('session.use_cookies',0);	// disable the automatic use of cookies, as it uses the path / by default
+				ini_set('session.use_cookies', 0); // disable the automatic use of cookies, as it uses the path / by default
 				session_name(self::EGW_SESSION_NAME);
 				if (($sessionid = self::get_sessionid()))
 				{
@@ -1976,7 +1973,7 @@ 
 				}
 				break;
 			case PHP_SESSION_ACTIVE:
-				return true;	// session created by MServer
+				return true; // session created by MServer
 		}
 		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() no active session!");
 
@@ -1994,7 +1991,7 @@ 
 	 * @param int $expire =null expiration time in seconds, default $GLOBALS['egw_info']['flags']['nocachecontrol'] or php.ini session.cache_expire
 	 * @param int $private =null allows to set private caching with given expiration time, by setting it to true
 	 */
-	public static function cache_control($expire=null, $private=null)
+	public static function cache_control($expire = null, $private = null)
 	{
 		if (is_null($expire) && isset($GLOBALS['egw_info']['flags']['nocachecontrol']) && is_int($GLOBALS['egw_info']['flags']['nocachecontrol']))
 		{
@@ -2004,7 +2001,7 @@ 
 		if (!isset($_SESSION))
 		{
 			// controling caching and expires header
-			if(!isset($expire) && (!isset($GLOBALS['egw_info']['flags']['nocachecontrol']) ||
+			if (!isset($expire) && (!isset($GLOBALS['egw_info']['flags']['nocachecontrol']) ||
 				!$GLOBALS['egw_info']['flags']['nocachecontrol']))
 			{
 				session_cache_limiter('nocache');
@@ -2014,7 +2011,7 @@ 
 				// allow public caching: proxys, cdns, ...
 				if (isset($expire))
 				{
-					session_cache_expire((int)ceil($expire/60));	// in minutes
+					session_cache_expire((int)ceil($expire / 60)); // in minutes
 				}
 				session_cache_limiter($private ? 'private' : 'public');
 			}
@@ -2027,8 +2024,8 @@ 
 		// session already started
 		if (isset($_SESSION))
 		{
-			if ($expire && (session_cache_limiter() !== ($expire===true?'private_no_expire':'public') ||
-				is_int($expire) && $expire/60 !== session_cache_expire()))
+			if ($expire && (session_cache_limiter() !== ($expire === true ? 'private_no_expire' : 'public') ||
+				is_int($expire) && $expire / 60 !== session_cache_expire()))
 			{
 				$file = $line = null;
 				if (headers_sent($file, $line))
@@ -2036,20 +2033,20 @@ 
 					error_log(__METHOD__."($expire) called, but header already sent in $file: $line");
 					return;
 				}
-				if($expire === true)	// same behavior as session_cache_limiter('private_no_expire')
+				if ($expire === true)	// same behavior as session_cache_limiter('private_no_expire')
 				{
-					header('Cache-Control: private, max-age='.(60*session_cache_expire()));
+					header('Cache-Control: private, max-age='.(60 * session_cache_expire()));
 					header_remove('Expires');
 				}
 				elseif ($private)
 				{
 					header('Cache-Control: private, max-age='.$expire);
-					header('Expires: ' . gmdate('D, d M Y H:i:s', time()+$expire) . ' GMT');
+					header('Expires: '.gmdate('D, d M Y H:i:s', time() + $expire).' GMT');
 				}
 				else
 				{
 					header('Cache-Control: public, max-age='.$expire);
-					header('Expires: ' . gmdate('D, d M Y H:i:s', time()+$expire) . ' GMT');
+					header('Expires: '.gmdate('D, d M Y H:i:s', time() + $expire).' GMT');
 				}
 				// remove Pragma header, might be set by old header
 				if (function_exists('header_remove'))	// PHP 5.3+
@@ -2074,10 +2071,10 @@ 
 	 * @param array $filter =array() extra filter for sessions
 	 * @return array with sessions (values for keys as in $sort)
 	 */
-	public static function session_list($start,$sort='DESC',$order='session_dla',$all_no_sort=False,array $filter=array())
+	public static function session_list($start, $sort = 'DESC', $order = 'session_dla', $all_no_sort = False, array $filter = array())
 	{
 		$sessions = array();
-		if (!preg_match('/^[a-z0-9_ ,]+$/i',$order_by=$order.' '.$sort) || $order_by == ' ')
+		if (!preg_match('/^[a-z0-9_ ,]+$/i', $order_by = $order.' '.$sort) || $order_by == ' ')
 		{
 			$order_by = 'session_dla DESC';
 		}
@@ -2085,7 +2082,7 @@ 
 		$filter[] = 'account_id>0';
 		$filter[] = 'session_dla > '.(int)(time() - $GLOBALS['egw_info']['server']['sessions_timeout']);
 		$filter[] = '(notification_heartbeat IS NULL OR notification_heartbeat > '.self::heartbeat_limit().')';
-		foreach($GLOBALS['egw']->db->select(self::ACCESS_LOG_TABLE, '*', $filter, __LINE__, __FILE__,
+		foreach ($GLOBALS['egw']->db->select(self::ACCESS_LOG_TABLE, '*', $filter, __LINE__, __FILE__,
 			$all_no_sort ? false : $start, 'ORDER BY '.$order_by) as $row)
 		{
 			$sessions[$row['sessionid']] = $row;
@@ -2099,7 +2096,7 @@ 
 	 * @param array $filter =array() extra filter for sessions
 	 * @return int number of active sessions
 	 */
-	public static function session_count(array $filter=array())
+	public static function session_count(array $filter = array())
 	{
 		$filter['lo'] = null;
 		$filter[] = 'account_id>0';
@@ -2115,16 +2112,16 @@ 
 	 */
 	public static function heartbeat_limit()
 	{
-		static $limit=null;
+		static $limit = null;
 
 		if (is_null($limit))
 		{
 			$config = Config::read('notifications');
-			if (!($popup_poll_interval  = $config['popup_poll_interval']))
+			if (!($popup_poll_interval = $config['popup_poll_interval']))
 			{
 				$popup_poll_interval = 60;
 			}
-			$limit = (int)(time() - $popup_poll_interval-10);	// 10s grace periode
+			$limit = (int)(time() - $popup_poll_interval - 10); // 10s grace periode
 		}
 		return $limit;
 	}