Enhance configuration management: Updated README.md with Windows sync instructions, refactored backend configuration files to improve loading logic, and ensured consistent function definitions. Improved error handling in bootstrap.php for better user feedback during application startup.

2026-05-22 14:07:27 +02:00
parent 96a5977283
commit 8afba16905
15 changed files with 1433 additions and 37 deletions
--- a/public/includes/functions.php
+++ b/public/includes/functions.php
@@ -0,0 +1,163 @@
+<?php
+/**
+ * Helper functions for HexaHost.de
+ */
+
+$configDir = defined('HEXAHOST_CONFIG_DIR')
+    ? HEXAHOST_CONFIG_DIR
+    : __DIR__ . '/../config';
+
+$siteConfigFile = $configDir . '/site-config.php';
+if (is_file($siteConfigFile)) {
+    require_once $siteConfigFile;
+} elseif (!function_exists('getSiteHost')) {
+    define('SITE_DOMAIN_PRODUCTION', 'hexahost.de');
+    define('SITE_DOMAIN_DEVELOPMENT', 'dev.hexahost.de');
+
+    function getSiteHost()
+    {
+        $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : SITE_DOMAIN_PRODUCTION;
+        $host = strtolower($host);
+        if (strpos($host, ':') !== false) {
+            $host = explode(':', $host, 2)[0];
+        }
+        return $host;
+    }
+
+    function isDevelopmentSite()
+    {
+        return getSiteHost() === SITE_DOMAIN_DEVELOPMENT;
+    }
+
+    function getSiteBaseUrl()
+    {
+        $https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
+            || (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
+        return ($https ? 'https' : 'http') . '://' . getSiteHost();
+    }
+
+    function getAllowedOrigins()
+    {
+        return [
+            'https://' . SITE_DOMAIN_PRODUCTION,
+            'https://www.' . SITE_DOMAIN_PRODUCTION,
+            'https://' . SITE_DOMAIN_DEVELOPMENT,
+            'http://localhost',
+            'http://127.0.0.1',
+            'http://localhost:8000',
+        ];
+    }
+
+    function getCanonicalBaseUrl()
+    {
+        return 'https://' . SITE_DOMAIN_PRODUCTION;
+    }
+}
+
+// Fehleranzeige auf Dev/localhost für einfacheres Debugging
+$hexahostHost = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
+if (
+    (function_exists('isDevelopmentSite') && isDevelopmentSite())
+    || preg_match('/^(localhost|127\.0\.0\.1)(:\d+)?$/', $hexahostHost)
+) {
+    ini_set('display_errors', '1');
+    ini_set('display_startup_errors', '1');
+}
+
+// Sichere Session-Konfiguration
+if (session_status() === PHP_SESSION_NONE) {
+    // Session-Cookie-Sicherheit
+    ini_set('session.cookie_httponly', 1);
+    ini_set('session.cookie_secure', isset($_SERVER['HTTPS']) ? 1 : 0);
+    ini_set('session.cookie_samesite', 'Strict');
+    ini_set('session.use_strict_mode', 1);
+    ini_set('session.use_only_cookies', 1);
+    
+    session_start();
+    
+    // Session-ID regenerieren bei Login/wichtigen Aktionen (Schutz vor Session Fixation)
+    if (!isset($_SESSION['initiated'])) {
+        session_regenerate_id(true);
+        $_SESSION['initiated'] = true;
+    }
+}
+
+// PHP Error Display in Produktion deaktivieren
+if (!defined('DEBUG_MODE') || !DEBUG_MODE) {
+    ini_set('display_errors', 0);
+    ini_set('display_startup_errors', 0);
+    error_reporting(E_ALL);
+    ini_set('log_errors', 1);
+}
+
+/**
+ * Set page configuration and include header
+ * 
+ * @param string $title The page title
+ * @param string $description The page description
+ * @param string $page The current page identifier
+ * @param array $scripts Additional scripts to include
+ */
+function includeHeader($title = '', $description = '', $page = '', $scripts = []) {
+    global $page_title, $page_description, $current_page, $additional_scripts;
+    
+    // Set page configuration from parameters
+    $page_title = !empty($title) 
+        ? $title 
+        : 'HexaHost.de - Zuverlässiges Hosting aus Niederbayern';
+    
+    $page_description = !empty($description) 
+        ? $description 
+        : 'HexaHost.de - Zuverlässiges und preiswertes Hosting aus Niederbayern. VPS, VPC, Mail Gateway und Webhosting Lösungen.';
+    
+    $current_page = $page;
+    $additional_scripts = $scripts;
+
+    if (!isset($canonical_url)) {
+        $requestPath = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH) ?: '/';
+        $canonical_url = rtrim(getCanonicalBaseUrl(), '/') . $requestPath;
+    }
+    
+    include __DIR__ . '/header.php';
+}
+
+/**
+ * Include footer
+ */
+function includeFooter() {
+    include __DIR__ . '/footer.php';
+}
+
+/**
+ * Generate breadcrumb navigation
+ * 
+ * @param array $breadcrumbs Array of breadcrumb items [['title' => 'Home', 'url' => 'index.html'], ...]
+ */
+function generateBreadcrumbs($breadcrumbs) {
+    echo '<div class="breadcrumb">';
+    $last_index = count($breadcrumbs) - 1;
+    
+    foreach ($breadcrumbs as $index => $item) {
+        if ($index === $last_index) {
+            // Last item (current page)
+            echo '<span>' . htmlspecialchars($item['title']) . '</span>';
+        } else {
+            // Link to other pages
+            echo '<a href="' . htmlspecialchars($item['url']) . '">' . htmlspecialchars($item['title']) . '</a>';
+            echo '<span>/</span>';
+        }
+    }
+    echo '</div>';
+}
+
+/**
+ * Generate CSRF token for form security
+ * 
+ * @return string CSRF token
+ */
+function generateCSRFToken() {
+    if (!isset($_SESSION['csrf_token'])) {
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    }
+    return $_SESSION['csrf_token'];
+}