Merge branch 'main' into develop

backend/api/dns-lookup.php

@@ -0,0 +1,161 @@
+<?php
+/**
+ * HexaDNS - DNS Lookup API
+ * 
+ * Führt echte DNS-Abfragen durch und gibt die Ergebnisse als JSON zurück.
+ * 
+ * Verwendung: GET /api/dns-lookup.php?domain=example.com
+ */
+
+// CORS Headers für Frontend-Zugriff
+header('Content-Type: application/json; charset=utf-8');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type');
+
+// Preflight request handling
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+// Nur GET-Anfragen erlauben
+if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
+    http_response_code(405);
+    echo json_encode(['error' => 'Nur GET-Anfragen erlaubt']);
+    exit;
+}
+
+// Domain-Parameter prüfen
+$domain = isset($_GET['domain']) ? trim($_GET['domain']) : '';
+
+if (empty($domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Domain-Parameter fehlt']);
+    exit;
+}
+
+// Domain validieren (einfache Prüfung)
+if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\-\.]*\.[a-zA-Z]{2,}$/', $domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Ungültiges Domain-Format']);
+    exit;
+}
+
+// DNS-Abfrage durchführen
+$startTime = microtime(true);
+$result = performDnsLookup($domain);
+$queryTime = round((microtime(true) - $startTime) * 1000, 2);
+
+// Ergebnis zurückgeben
+echo json_encode([
+    'success' => true,
+    'domain' => $domain,
+    'query_time_ms' => $queryTime,
+    'timestamp' => date('Y-m-d H:i:s'),
+    'records' => $result
+], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
+
+/**
+ * Führt DNS-Lookup für verschiedene Record-Typen durch
+ */
+function performDnsLookup(string $domain): array {
+    $records = [
+        'A' => [],
+        'AAAA' => [],
+        'MX' => [],
+        'NS' => [],
+        'TXT' => [],
+        'CNAME' => [],
+        'SOA' => []
+    ];
+    
+    // A-Records (IPv4)
+    $aRecords = @dns_get_record($domain, DNS_A);
+    if ($aRecords) {
+        foreach ($aRecords as $record) {
+            $records['A'][] = [
+                'ip' => $record['ip'],
+                'ttl' => $record['ttl']
+            ];
+        }
+    }
+    
+    // AAAA-Records (IPv6)
+    $aaaaRecords = @dns_get_record($domain, DNS_AAAA);
+    if ($aaaaRecords) {
+        foreach ($aaaaRecords as $record) {
+            $records['AAAA'][] = [
+                'ipv6' => $record['ipv6'],
+                'ttl' => $record['ttl']
+            ];
+        }
+    }
+    
+    // MX-Records (Mail)
+    $mxRecords = @dns_get_record($domain, DNS_MX);
+    if ($mxRecords) {
+        foreach ($mxRecords as $record) {
+            $records['MX'][] = [
+                'target' => $record['target'],
+                'priority' => $record['pri'],
+                'ttl' => $record['ttl']
+            ];
+        }
+        // Nach Priorität sortieren
+        usort($records['MX'], fn($a, $b) => $a['priority'] <=> $b['priority']);
+    }
+    
+    // NS-Records (Nameserver)
+    $nsRecords = @dns_get_record($domain, DNS_NS);
+    if ($nsRecords) {
+        foreach ($nsRecords as $record) {
+            $records['NS'][] = [
+                'target' => $record['target'],
+                'ttl' => $record['ttl']
+            ];
+        }
+    }
+    
+    // TXT-Records
+    $txtRecords = @dns_get_record($domain, DNS_TXT);
+    if ($txtRecords) {
+        foreach ($txtRecords as $record) {
+            $records['TXT'][] = [
+                'txt' => $record['txt'],
+                'ttl' => $record['ttl']
+            ];
+        }
+    }
+    
+    // CNAME-Records
+    $cnameRecords = @dns_get_record($domain, DNS_CNAME);
+    if ($cnameRecords) {
+        foreach ($cnameRecords as $record) {
+            $records['CNAME'][] = [
+                'target' => $record['target'],
+                'ttl' => $record['ttl']
+            ];
+        }
+    }
+    
+    // SOA-Record (Start of Authority)
+    $soaRecords = @dns_get_record($domain, DNS_SOA);
+    if ($soaRecords) {
+        foreach ($soaRecords as $record) {
+            $records['SOA'][] = [
+                'mname' => $record['mname'] ?? '',
+                'rname' => $record['rname'] ?? '',
+                'serial' => $record['serial'] ?? 0,
+                'refresh' => $record['refresh'] ?? 0,
+                'retry' => $record['retry'] ?? 0,
+                'expire' => $record['expire'] ?? 0,
+                'minimum_ttl' => $record['minimum-ttl'] ?? 0,
+                'ttl' => $record['ttl']
+            ];
+        }
+    }
+    
+    // Leere Arrays entfernen
+    return array_filter($records, fn($arr) => !empty($arr));
+}

backend/api/dns-propagation.php

@@ -0,0 +1,175 @@
+<?php
+/**
+ * HexaDNS - DNS Propagation Check API
+ * 
+ * Prüft DNS-Records bei verschiedenen öffentlichen DNS-Servern
+ * 
+ * Verwendung: GET /api/dns-propagation.php?domain=example.com&type=A
+ */
+
+header('Content-Type: application/json; charset=utf-8');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+// Öffentliche DNS-Server für Propagation-Check
+$dnsServers = [
+    ['name' => 'Google', 'ip' => '8.8.8.8', 'location' => 'Global'],
+    ['name' => 'Google Secondary', 'ip' => '8.8.4.4', 'location' => 'Global'],
+    ['name' => 'Cloudflare', 'ip' => '1.1.1.1', 'location' => 'Global'],
+    ['name' => 'Cloudflare Secondary', 'ip' => '1.0.0.1', 'location' => 'Global'],
+    ['name' => 'Quad9', 'ip' => '9.9.9.9', 'location' => 'Global'],
+    ['name' => 'OpenDNS', 'ip' => '208.67.222.222', 'location' => 'USA'],
+    ['name' => 'Comodo', 'ip' => '8.26.56.26', 'location' => 'USA'],
+    ['name' => 'Level3', 'ip' => '4.2.2.1', 'location' => 'USA'],
+];
+
+$domain = isset($_GET['domain']) ? trim($_GET['domain']) : '';
+$type = isset($_GET['type']) ? strtoupper(trim($_GET['type'])) : 'A';
+
+if (empty($domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Domain-Parameter fehlt']);
+    exit;
+}
+
+if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\-\.]*\.[a-zA-Z]{2,}$/', $domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Ungültiges Domain-Format']);
+    exit;
+}
+
+// Erlaubte Record-Typen
+$allowedTypes = ['A', 'AAAA', 'MX', 'NS', 'TXT', 'CNAME'];
+if (!in_array($type, $allowedTypes)) {
+    $type = 'A';
+}
+
+$results = [];
+$startTime = microtime(true);
+
+foreach ($dnsServers as $server) {
+    $serverResult = [
+        'server' => $server['name'],
+        'ip' => $server['ip'],
+        'location' => $server['location'],
+        'records' => [],
+        'status' => 'success',
+        'response_time' => 0
+    ];
+    
+    $queryStart = microtime(true);
+    
+    // DNS-Abfrage mit spezifischem Server via dig (falls verfügbar) oder dns_get_record
+    $records = queryDnsServer($domain, $type, $server['ip']);
+    
+    $serverResult['response_time'] = round((microtime(true) - $queryStart) * 1000, 2);
+    $serverResult['records'] = $records;
+    
+    if (empty($records)) {
+        $serverResult['status'] = 'no_records';
+    }
+    
+    $results[] = $serverResult;
+}
+
+$totalTime = round((microtime(true) - $startTime) * 1000, 2);
+
+// Propagation-Status berechnen
+$propagationStatus = calculatePropagationStatus($results);
+
+echo json_encode([
+    'success' => true,
+    'domain' => $domain,
+    'record_type' => $type,
+    'propagation_status' => $propagationStatus,
+    'total_time_ms' => $totalTime,
+    'timestamp' => date('Y-m-d H:i:s'),
+    'servers' => $results
+], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
+
+/**
+ * DNS-Abfrage bei spezifischem Server
+ */
+function queryDnsServer(string $domain, string $type, string $server): array {
+    $records = [];
+    
+    // Versuche zuerst dig zu verwenden (genauer)
+    $digResult = @shell_exec("dig @{$server} {$domain} {$type} +short +time=2 +tries=1 2>/dev/null");
+    
+    if ($digResult !== null && trim($digResult) !== '') {
+        $lines = array_filter(explode("\n", trim($digResult)));
+        foreach ($lines as $line) {
+            $records[] = trim($line);
+        }
+        return $records;
+    }
+    
+    // Fallback auf PHP dns_get_record (verwendet System-DNS)
+    $dnsType = constant('DNS_' . $type);
+    $result = @dns_get_record($domain, $dnsType);
+    
+    if ($result) {
+        foreach ($result as $record) {
+            switch ($type) {
+                case 'A':
+                    $records[] = $record['ip'] ?? '';
+                    break;
+                case 'AAAA':
+                    $records[] = $record['ipv6'] ?? '';
+                    break;
+                case 'MX':
+                    $records[] = ($record['pri'] ?? '') . ' ' . ($record['target'] ?? '');
+                    break;
+                case 'NS':
+                case 'CNAME':
+                    $records[] = $record['target'] ?? '';
+                    break;
+                case 'TXT':
+                    $records[] = $record['txt'] ?? '';
+                    break;
+            }
+        }
+    }
+    
+    return array_filter($records);
+}
+
+/**
+ * Berechnet den Propagation-Status
+ */
+function calculatePropagationStatus(array $results): array {
+    $totalServers = count($results);
+    $serversWithRecords = 0;
+    $allRecords = [];
+    
+    foreach ($results as $result) {
+        if (!empty($result['records'])) {
+            $serversWithRecords++;
+            foreach ($result['records'] as $record) {
+                $allRecords[] = $record;
+            }
+        }
+    }
+    
+    // Einzigartige Records
+    $uniqueRecords = array_unique($allRecords);
+    
+    // Konsistenz prüfen (haben alle Server die gleichen Records?)
+    $isConsistent = count($uniqueRecords) <= 1 || $serversWithRecords === 0;
+    
+    $percentage = $totalServers > 0 ? round(($serversWithRecords / $totalServers) * 100) : 0;
+    
+    return [
+        'percentage' => $percentage,
+        'servers_responding' => $serversWithRecords,
+        'total_servers' => $totalServers,
+        'is_consistent' => $isConsistent,
+        'unique_values' => array_values($uniqueRecords)
+    ];
+}

backend/api/ping-check.php

@@ -0,0 +1,179 @@
+<?php
+/**
+ * HexaDNS - Ping/Verfügbarkeitstest API
+ * 
+ * Prüft die Erreichbarkeit einer Domain
+ * 
+ * Verwendung: GET /api/ping-check.php?domain=example.com
+ */
+
+header('Content-Type: application/json; charset=utf-8');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+$domain = isset($_GET['domain']) ? trim($_GET['domain']) : '';
+
+if (empty($domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Domain-Parameter fehlt']);
+    exit;
+}
+
+// Protokoll und Pfad entfernen
+$domain = preg_replace('/^(https?:\/\/)?/', '', $domain);
+$domain = explode('/', $domain)[0];
+
+if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\-\.]*\.[a-zA-Z]{2,}$/', $domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Ungültiges Domain-Format']);
+    exit;
+}
+
+$startTime = microtime(true);
+$results = performConnectivityCheck($domain);
+$totalTime = round((microtime(true) - $startTime) * 1000, 2);
+
+echo json_encode([
+    'success' => true,
+    'domain' => $domain,
+    'total_time_ms' => $totalTime,
+    'timestamp' => date('Y-m-d H:i:s'),
+    'results' => $results
+], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
+
+/**
+ * Führt verschiedene Erreichbarkeitstests durch
+ */
+function performConnectivityCheck(string $domain): array {
+    $results = [
+        'dns_resolution' => checkDnsResolution($domain),
+        'icmp_ping' => checkIcmpPing($domain),
+        'http' => checkHttpConnection($domain, false),
+        'https' => checkHttpConnection($domain, true),
+        'overall_status' => 'offline'
+    ];
+    
+    // Overall-Status bestimmen
+    if ($results['https']['reachable'] || $results['http']['reachable']) {
+        $results['overall_status'] = 'online';
+    } elseif ($results['icmp_ping']['reachable']) {
+        $results['overall_status'] = 'partial';
+    } elseif ($results['dns_resolution']['resolved']) {
+        $results['overall_status'] = 'dns_only';
+    }
+    
+    return $results;
+}
+
+/**
+ * DNS-Auflösung prüfen
+ */
+function checkDnsResolution(string $domain): array {
+    $start = microtime(true);
+    $ip = gethostbyname($domain);
+    $time = round((microtime(true) - $start) * 1000, 2);
+    
+    $resolved = $ip !== $domain;
+    
+    return [
+        'resolved' => $resolved,
+        'ip' => $resolved ? $ip : null,
+        'response_time_ms' => $time
+    ];
+}
+
+/**
+ * ICMP Ping (falls verfügbar)
+ */
+function checkIcmpPing(string $domain): array {
+    $result = [
+        'reachable' => false,
+        'response_time_ms' => null,
+        'packet_loss' => null
+    ];
+    
+    // Versuche ping-Kommando
+    $pingResult = @shell_exec("ping -c 3 -W 2 {$domain} 2>/dev/null");
+    
+    if ($pingResult) {
+        // Prüfe auf erfolgreiche Antworten
+        if (preg_match('/(\d+)% packet loss/', $pingResult, $lossMatch)) {
+            $result['packet_loss'] = (int)$lossMatch[1];
+            $result['reachable'] = $result['packet_loss'] < 100;
+        }
+        
+        // Durchschnittliche Zeit extrahieren
+        if (preg_match('/avg.*?=.*?[\d.]+\/([\d.]+)\//', $pingResult, $timeMatch)) {
+            $result['response_time_ms'] = (float)$timeMatch[1];
+        } elseif (preg_match('/time[=<]([\d.]+)\s*ms/', $pingResult, $timeMatch)) {
+            $result['response_time_ms'] = (float)$timeMatch[1];
+        }
+    }
+    
+    return $result;
+}
+
+/**
+ * HTTP(S)-Verbindung prüfen
+ */
+function checkHttpConnection(string $domain, bool $https = false): array {
+    $protocol = $https ? 'https' : 'http';
+    $port = $https ? 443 : 80;
+    $url = "{$protocol}://{$domain}";
+    
+    $result = [
+        'reachable' => false,
+        'status_code' => null,
+        'response_time_ms' => null,
+        'redirect_url' => null,
+        'server' => null
+    ];
+    
+    $start = microtime(true);
+    
+    // cURL verwenden
+    $ch = curl_init();
+    curl_setopt_array($ch, [
+        CURLOPT_URL => $url,
+        CURLOPT_RETURNTRANSFER => true,
+        CURLOPT_HEADER => true,
+        CURLOPT_NOBODY => true,
+        CURLOPT_TIMEOUT => 10,
+        CURLOPT_CONNECTTIMEOUT => 5,
+        CURLOPT_FOLLOWLOCATION => false,
+        CURLOPT_SSL_VERIFYPEER => false,
+        CURLOPT_SSL_VERIFYHOST => 0,
+        CURLOPT_USERAGENT => 'HexaDNS Ping Check/1.0'
+    ]);
+    
+    $response = curl_exec($ch);
+    $result['response_time_ms'] = round((microtime(true) - $start) * 1000, 2);
+    
+    if ($response !== false) {
+        $result['status_code'] = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $result['reachable'] = $result['status_code'] > 0;
+        
+        // Redirect-URL
+        $redirectUrl = curl_getinfo($ch, CURLINFO_REDIRECT_URL);
+        if (!empty($redirectUrl)) {
+            $result['redirect_url'] = $redirectUrl;
+        }
+        
+        // Server-Header
+        if (preg_match('/Server:\s*([^\r\n]+)/i', $response, $serverMatch)) {
+            $result['server'] = trim($serverMatch[1]);
+        }
+    } else {
+        $result['error'] = curl_error($ch);
+    }
+    
+    curl_close($ch);
+    
+    return $result;
+}

backend/api/reverse-dns.php

@@ -0,0 +1,209 @@
+<?php
+/**
+ * HexaDNS - Reverse DNS Lookup API
+ * 
+ * Löst eine IP-Adresse zu einem Hostnamen auf
+ * 
+ * Verwendung: GET /api/reverse-dns.php?ip=8.8.8.8
+ */
+
+header('Content-Type: application/json; charset=utf-8');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+$ip = isset($_GET['ip']) ? trim($_GET['ip']) : '';
+
+if (empty($ip)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'IP-Parameter fehlt']);
+    exit;
+}
+
+// IPv4 oder IPv6 validieren
+$isIPv4 = filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
+$isIPv6 = filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);
+
+if (!$isIPv4 && !$isIPv6) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Ungültiges IP-Format']);
+    exit;
+}
+
+$startTime = microtime(true);
+$result = performReverseLookup($ip, $isIPv6 ? 'IPv6' : 'IPv4');
+$queryTime = round((microtime(true) - $startTime) * 1000, 2);
+
+echo json_encode([
+    'success' => true,
+    'ip' => $ip,
+    'ip_version' => $isIPv6 ? 'IPv6' : 'IPv4',
+    'query_time_ms' => $queryTime,
+    'timestamp' => date('Y-m-d H:i:s'),
+    'result' => $result
+], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
+
+/**
+ * Führt Reverse DNS Lookup durch
+ */
+function performReverseLookup(string $ip, string $version): array {
+    $result = [
+        'hostname' => null,
+        'ptr_record' => null,
+        'additional_info' => []
+    ];
+    
+    // PHP gethostbyaddr
+    $hostname = @gethostbyaddr($ip);
+    
+    if ($hostname && $hostname !== $ip) {
+        $result['hostname'] = $hostname;
+        
+        // Verifizieren durch Forward-Lookup
+        $forwardIp = gethostbyname($hostname);
+        $result['forward_verified'] = ($forwardIp === $ip);
+        
+        // Zusätzliche Infos über den Host sammeln
+        $result['additional_info'] = getHostInfo($hostname);
+    } else {
+        $result['error'] = 'Kein PTR-Record gefunden';
+    }
+    
+    // PTR-Record direkt abfragen
+    $ptrRecord = getPtrRecord($ip, $version);
+    if ($ptrRecord) {
+        $result['ptr_record'] = $ptrRecord;
+    }
+    
+    // IP-Info (GeoIP wenn verfügbar, sonst Basic-Infos)
+    $result['ip_info'] = getIpInfo($ip);
+    
+    return $result;
+}
+
+/**
+ * PTR-Record direkt abfragen
+ */
+function getPtrRecord(string $ip, string $version): ?string {
+    if ($version === 'IPv4') {
+        // IPv4: Reverse die Oktette
+        $parts = array_reverse(explode('.', $ip));
+        $ptrDomain = implode('.', $parts) . '.in-addr.arpa';
+    } else {
+        // IPv6: Komplexer - jedes Nibble umkehren
+        $expanded = expandIPv6($ip);
+        $nibbles = str_replace(':', '', $expanded);
+        $reversed = implode('.', array_reverse(str_split($nibbles)));
+        $ptrDomain = $reversed . '.ip6.arpa';
+    }
+    
+    $records = @dns_get_record($ptrDomain, DNS_PTR);
+    
+    if ($records && !empty($records[0]['target'])) {
+        return $records[0]['target'];
+    }
+    
+    return null;
+}
+
+/**
+ * Expandiert eine IPv6-Adresse
+ */
+function expandIPv6(string $ip): string {
+    // Ersetze :: mit der richtigen Anzahl von 0000
+    if (strpos($ip, '::') !== false) {
+        $parts = explode('::', $ip);
+        $left = $parts[0] ? explode(':', $parts[0]) : [];
+        $right = isset($parts[1]) && $parts[1] ? explode(':', $parts[1]) : [];
+        $missing = 8 - count($left) - count($right);
+        $middle = array_fill(0, $missing, '0000');
+        $all = array_merge($left, $middle, $right);
+    } else {
+        $all = explode(':', $ip);
+    }
+    
+    // Jedes Segment auf 4 Zeichen auffüllen
+    $all = array_map(function($segment) {
+        return str_pad($segment, 4, '0', STR_PAD_LEFT);
+    }, $all);
+    
+    return implode(':', $all);
+}
+
+/**
+ * Sammelt Infos über einen Hostnamen
+ */
+function getHostInfo(string $hostname): array {
+    $info = [];
+    
+    // Domain-Teile analysieren
+    $parts = explode('.', $hostname);
+    $tld = end($parts);
+    
+    $info['tld'] = $tld;
+    
+    // Bekannte Hosting-Provider erkennen
+    $providerPatterns = [
+        'amazonaws.com' => 'Amazon AWS',
+        'googleusercontent.com' => 'Google Cloud',
+        'cloudfront.net' => 'Amazon CloudFront',
+        'azure' => 'Microsoft Azure',
+        'hetzner' => 'Hetzner',
+        'ovh' => 'OVH',
+        'digitalocean' => 'DigitalOcean',
+        'linode' => 'Linode',
+        'vultr' => 'Vultr',
+        'contabo' => 'Contabo',
+        'netcup' => 'Netcup',
+        'strato' => 'Strato',
+        'ionos' => 'IONOS',
+        '1und1' => '1&1',
+        'telekom' => 'Deutsche Telekom',
+        'vodafone' => 'Vodafone',
+    ];
+    
+    foreach ($providerPatterns as $pattern => $provider) {
+        if (stripos($hostname, $pattern) !== false) {
+            $info['provider'] = $provider;
+            break;
+        }
+    }
+    
+    return $info;
+}
+
+/**
+ * Basis-Infos zur IP
+ */
+function getIpInfo(string $ip): array {
+    $info = [
+        'type' => 'unknown'
+    ];
+    
+    // Private IP-Bereiche prüfen
+    if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+        if (preg_match('/^(10\.|172\.(1[6-9]|2[0-9]|3[01])\.|192\.168\.)/', $ip)) {
+            $info['type'] = 'private';
+        } elseif (preg_match('/^(127\.)/', $ip)) {
+            $info['type'] = 'loopback';
+        } else {
+            $info['type'] = 'public';
+        }
+    } else {
+        // IPv6
+        if (preg_match('/^(fc|fd)/i', $ip)) {
+            $info['type'] = 'private';
+        } elseif (preg_match('/^::1$/', $ip) || preg_match('/^fe80:/i', $ip)) {
+            $info['type'] = 'loopback/link-local';
+        } else {
+            $info['type'] = 'public';
+        }
+    }
+    
+    return $info;
+}

backend/api/ssl-check.php

@@ -0,0 +1,164 @@
+<?php
+/**
+ * HexaDNS - SSL Certificate Check API
+ * 
+ * Prüft SSL-Zertifikat-Informationen einer Domain
+ * 
+ * Verwendung: GET /api/ssl-check.php?domain=example.com
+ */
+
+header('Content-Type: application/json; charset=utf-8');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+$domain = isset($_GET['domain']) ? trim($_GET['domain']) : '';
+
+if (empty($domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Domain-Parameter fehlt']);
+    exit;
+}
+
+// Protokoll und Pfad entfernen
+$domain = preg_replace('/^(https?:\/\/)?/', '', $domain);
+$domain = explode('/', $domain)[0];
+$domain = explode(':', $domain)[0]; // Port entfernen
+
+if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\-\.]*\.[a-zA-Z]{2,}$/', $domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Ungültiges Domain-Format']);
+    exit;
+}
+
+$startTime = microtime(true);
+$sslData = checkSslCertificate($domain);
+$queryTime = round((microtime(true) - $startTime) * 1000, 2);
+
+echo json_encode([
+    'success' => $sslData['success'],
+    'domain' => $domain,
+    'query_time_ms' => $queryTime,
+    'timestamp' => date('Y-m-d H:i:s'),
+    'ssl' => $sslData
+], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
+
+/**
+ * Prüft SSL-Zertifikat einer Domain
+ */
+function checkSslCertificate(string $domain): array {
+    $result = [
+        'success' => false,
+        'has_ssl' => false,
+        'is_valid' => false,
+        'error' => null,
+        'certificate' => null
+    ];
+    
+    // Stream Context für SSL
+    $context = stream_context_create([
+        'ssl' => [
+            'capture_peer_cert' => true,
+            'verify_peer' => false,
+            'verify_peer_name' => false,
+        ]
+    ]);
+    
+    // Verbindung herstellen
+    $socket = @stream_socket_client(
+        "ssl://{$domain}:443",
+        $errno,
+        $errstr,
+        10, // Timeout
+        STREAM_CLIENT_CONNECT,
+        $context
+    );
+    
+    if (!$socket) {
+        // Versuche ohne SSL (um zu prüfen ob Server erreichbar)
+        $httpSocket = @fsockopen($domain, 80, $errno, $errstr, 5);
+        if ($httpSocket) {
+            fclose($httpSocket);
+            $result['error'] = 'Kein SSL-Zertifikat auf Port 443 gefunden';
+        } else {
+            $result['error'] = "Verbindung fehlgeschlagen: {$errstr}";
+        }
+        return $result;
+    }
+    
+    $result['has_ssl'] = true;
+    $result['success'] = true;
+    
+    // Zertifikat extrahieren
+    $params = stream_context_get_params($socket);
+    $cert = $params['options']['ssl']['peer_certificate'] ?? null;
+    
+    if ($cert) {
+        $certInfo = openssl_x509_parse($cert);
+        
+        if ($certInfo) {
+            $validFrom = $certInfo['validFrom_time_t'] ?? 0;
+            $validTo = $certInfo['validTo_time_t'] ?? 0;
+            $now = time();
+            
+            $isExpired = $now > $validTo;
+            $isNotYetValid = $now < $validFrom;
+            $result['is_valid'] = !$isExpired && !$isNotYetValid;
+            
+            // Tage bis Ablauf
+            $daysUntilExpiry = floor(($validTo - $now) / 86400);
+            
+            // Subject Alternative Names (SANs)
+            $sans = [];
+            if (isset($certInfo['extensions']['subjectAltName'])) {
+                $sanStr = $certInfo['extensions']['subjectAltName'];
+                preg_match_all('/DNS:([^,\s]+)/', $sanStr, $matches);
+                $sans = $matches[1] ?? [];
+            }
+            
+            // Issuer aufbereiten
+            $issuer = [];
+            if (isset($certInfo['issuer'])) {
+                if (isset($certInfo['issuer']['O'])) $issuer['organization'] = $certInfo['issuer']['O'];
+                if (isset($certInfo['issuer']['CN'])) $issuer['common_name'] = $certInfo['issuer']['CN'];
+                if (isset($certInfo['issuer']['C'])) $issuer['country'] = $certInfo['issuer']['C'];
+            }
+            
+            // Subject aufbereiten
+            $subject = [];
+            if (isset($certInfo['subject'])) {
+                if (isset($certInfo['subject']['CN'])) $subject['common_name'] = $certInfo['subject']['CN'];
+                if (isset($certInfo['subject']['O'])) $subject['organization'] = $certInfo['subject']['O'];
+            }
+            
+            $result['certificate'] = [
+                'subject' => $subject,
+                'issuer' => $issuer,
+                'valid_from' => date('Y-m-d H:i:s', $validFrom),
+                'valid_to' => date('Y-m-d H:i:s', $validTo),
+                'days_until_expiry' => $daysUntilExpiry,
+                'is_expired' => $isExpired,
+                'serial_number' => $certInfo['serialNumberHex'] ?? null,
+                'signature_algorithm' => $certInfo['signatureTypeSN'] ?? null,
+                'san_domains' => $sans,
+                'version' => $certInfo['version'] ?? null,
+            ];
+            
+            // Warnung wenn bald ablaufend
+            if ($daysUntilExpiry <= 30 && $daysUntilExpiry > 0) {
+                $result['warning'] = "Zertifikat läuft in {$daysUntilExpiry} Tagen ab!";
+            } elseif ($isExpired) {
+                $result['error'] = 'Zertifikat ist abgelaufen!';
+                $result['is_valid'] = false;
+            }
+        }
+    }
+    
+    fclose($socket);
+    return $result;
+}

backend/api/whois-lookup.php

@@ -0,0 +1,365 @@
+<?php
+/**
+ * HexaDNS - WHOIS Lookup API
+ * 
+ * Ruft WHOIS-Informationen für eine Domain ab
+ * 
+ * Verwendung: GET /api/whois-lookup.php?domain=example.com
+ */
+
+header('Content-Type: application/json; charset=utf-8');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+$domain = isset($_GET['domain']) ? trim($_GET['domain']) : '';
+
+if (empty($domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Domain-Parameter fehlt']);
+    exit;
+}
+
+// Nur Root-Domain extrahieren
+$domain = extractRootDomain($domain);
+
+if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\-]*\.[a-zA-Z]{2,}$/', $domain)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Ungültiges Domain-Format']);
+    exit;
+}
+
+$startTime = microtime(true);
+$whoisData = performWhoisLookup($domain);
+$queryTime = round((microtime(true) - $startTime) * 1000, 2);
+
+if ($whoisData === null) {
+    http_response_code(500);
+    echo json_encode(['error' => 'WHOIS-Abfrage fehlgeschlagen']);
+    exit;
+}
+
+echo json_encode([
+    'success' => true,
+    'domain' => $domain,
+    'query_time_ms' => $queryTime,
+    'timestamp' => date('Y-m-d H:i:s'),
+    'whois' => $whoisData
+], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
+
+/**
+ * Extrahiert die Root-Domain (ohne Subdomain)
+ */
+function extractRootDomain(string $domain): string {
+    $domain = strtolower($domain);
+    $domain = preg_replace('/^(https?:\/\/)?(www\.)?/', '', $domain);
+    $domain = explode('/', $domain)[0];
+    
+    $parts = explode('.', $domain);
+    if (count($parts) > 2) {
+        // Einfache Logik: nimm die letzten 2 Teile
+        // (funktioniert nicht perfekt für .co.uk etc., aber gut genug)
+        return implode('.', array_slice($parts, -2));
+    }
+    
+    return $domain;
+}
+
+/**
+ * Führt WHOIS-Lookup durch
+ */
+function performWhoisLookup(string $domain): ?array {
+    // Primär: Socket-basierte Abfrage (funktioniert ohne shell_exec)
+    $whoisRaw = whoisViaSocket($domain);
+    
+    // Fallback: Shell-Kommando (sicher escaped)
+    if (empty($whoisRaw) && function_exists('shell_exec')) {
+        $escapedDomain = escapeshellarg($domain);
+        $whoisRaw = @shell_exec("whois {$escapedDomain} 2>/dev/null");
+    }
+    
+    if (empty($whoisRaw)) {
+        return null;
+    }
+    
+    // Parse WHOIS-Daten
+    return parseWhoisData($whoisRaw, $domain);
+}
+
+/**
+ * WHOIS-Abfrage über Socket (unabhängig von shell_exec)
+ */
+function whoisViaSocket(string $domain): ?string {
+    $whoisServer = getWhoisServer($domain);
+    
+    if (!$whoisServer) {
+        return null;
+    }
+    
+    $result = queryWhoisServer($whoisServer, $domain);
+    
+    // Prüfe auf Weiterleitungen zu anderen WHOIS-Servern
+    if ($result && preg_match('/Registrar WHOIS Server:\s*(\S+)/i', $result, $matches)) {
+        $referralServer = trim($matches[1]);
+        if ($referralServer && $referralServer !== $whoisServer) {
+            $referralResult = queryWhoisServer($referralServer, $domain);
+            if ($referralResult) {
+                $result = $referralResult;
+            }
+        }
+    }
+    
+    return $result;
+}
+
+/**
+ * Abfrage an einen spezifischen WHOIS-Server
+ */
+function queryWhoisServer(string $server, string $domain): ?string {
+    $port = 43;
+    $timeout = 10;
+    
+    $socket = @fsockopen($server, $port, $errno, $errstr, $timeout);
+    
+    if (!$socket) {
+        return null;
+    }
+    
+    // Setze Stream-Timeout
+    stream_set_timeout($socket, $timeout);
+    
+    // Sende Anfrage
+    fwrite($socket, $domain . "\r\n");
+    
+    // Lese Antwort
+    $response = '';
+    while (!feof($socket)) {
+        $response .= fread($socket, 8192);
+    }
+    
+    fclose($socket);
+    
+    return !empty($response) ? $response : null;
+}
+
+/**
+ * Ermittelt den zuständigen WHOIS-Server für eine TLD
+ */
+function getWhoisServer(string $domain): ?string {
+    $parts = explode('.', $domain);
+    $tld = strtolower(end($parts));
+    
+    // Bekannte WHOIS-Server nach TLD
+    $whoisServers = [
+        // Generische TLDs
+        'com' => 'whois.verisign-grs.com',
+        'net' => 'whois.verisign-grs.com',
+        'org' => 'whois.pir.org',
+        'info' => 'whois.afilias.net',
+        'biz' => 'whois.biz',
+        'name' => 'whois.nic.name',
+        'mobi' => 'whois.dotmobiregistry.net',
+        'pro' => 'whois.registrypro.pro',
+        'aero' => 'whois.aero',
+        'asia' => 'whois.nic.asia',
+        'cat' => 'whois.nic.cat',
+        'coop' => 'whois.nic.coop',
+        'edu' => 'whois.educause.edu',
+        'gov' => 'whois.dotgov.gov',
+        'int' => 'whois.iana.org',
+        'jobs' => 'whois.nic.jobs',
+        'mil' => 'whois.nic.mil',
+        'museum' => 'whois.museum',
+        'post' => 'whois.dotpostregistry.net',
+        'tel' => 'whois.nic.tel',
+        'travel' => 'whois.nic.travel',
+        'xxx' => 'whois.nic.xxx',
+        
+        // Neue gTLDs
+        'app' => 'whois.nic.google',
+        'dev' => 'whois.nic.google',
+        'page' => 'whois.nic.google',
+        'blog' => 'whois.nic.blog',
+        'cloud' => 'whois.nic.cloud',
+        'shop' => 'whois.nic.shop',
+        'store' => 'whois.nic.store',
+        'online' => 'whois.nic.online',
+        'site' => 'whois.nic.site',
+        'website' => 'whois.nic.website',
+        'tech' => 'whois.nic.tech',
+        'io' => 'whois.nic.io',
+        'co' => 'whois.nic.co',
+        'me' => 'whois.nic.me',
+        'tv' => 'whois.nic.tv',
+        'cc' => 'ccwhois.verisign-grs.com',
+        'ws' => 'whois.website.ws',
+        
+        // Europäische ccTLDs
+        'de' => 'whois.denic.de',
+        'at' => 'whois.nic.at',
+        'ch' => 'whois.nic.ch',
+        'li' => 'whois.nic.li',
+        'uk' => 'whois.nic.uk',
+        'fr' => 'whois.nic.fr',
+        'it' => 'whois.nic.it',
+        'es' => 'whois.nic.es',
+        'pt' => 'whois.dns.pt',
+        'nl' => 'whois.domain-registry.nl',
+        'be' => 'whois.dns.be',
+        'pl' => 'whois.dns.pl',
+        'cz' => 'whois.nic.cz',
+        'sk' => 'whois.sk-nic.sk',
+        'hu' => 'whois.nic.hu',
+        'ro' => 'whois.rotld.ro',
+        'bg' => 'whois.register.bg',
+        'hr' => 'whois.dns.hr',
+        'si' => 'whois.register.si',
+        'rs' => 'whois.rnids.rs',
+        'gr' => 'grwhois.ics.forth.gr',
+        'dk' => 'whois.punktum.dk',
+        'se' => 'whois.iis.se',
+        'no' => 'whois.norid.no',
+        'fi' => 'whois.fi',
+        'ie' => 'whois.iedr.ie',
+        'eu' => 'whois.eu',
+        'lu' => 'whois.dns.lu',
+        
+        // Andere ccTLDs
+        'ru' => 'whois.tcinet.ru',
+        'ua' => 'whois.ua',
+        'us' => 'whois.nic.us',
+        'ca' => 'whois.cira.ca',
+        'mx' => 'whois.mx',
+        'br' => 'whois.registro.br',
+        'ar' => 'whois.nic.ar',
+        'au' => 'whois.auda.org.au',
+        'nz' => 'whois.srs.net.nz',
+        'jp' => 'whois.jprs.jp',
+        'kr' => 'whois.kr',
+        'cn' => 'whois.cnnic.cn',
+        'in' => 'whois.registry.in',
+        'sg' => 'whois.sgnic.sg',
+        'hk' => 'whois.hkirc.hk',
+        'tw' => 'whois.twnic.net.tw',
+        'za' => 'whois.registry.net.za',
+    ];
+    
+    // Spezielle Behandlung für .co.uk, .com.au etc.
+    if (count($parts) >= 2) {
+        $sld = $parts[count($parts) - 2];
+        $combinedTld = $sld . '.' . $tld;
+        
+        $secondLevelTlds = [
+            'co.uk' => 'whois.nic.uk',
+            'org.uk' => 'whois.nic.uk',
+            'me.uk' => 'whois.nic.uk',
+            'com.au' => 'whois.auda.org.au',
+            'net.au' => 'whois.auda.org.au',
+            'org.au' => 'whois.auda.org.au',
+            'co.nz' => 'whois.srs.net.nz',
+            'com.br' => 'whois.registro.br',
+        ];
+        
+        if (isset($secondLevelTlds[$combinedTld])) {
+            return $secondLevelTlds[$combinedTld];
+        }
+    }
+    
+    return $whoisServers[$tld] ?? 'whois.iana.org';
+}
+
+/**
+ * Parsed WHOIS-Rohdaten in strukturiertes Format
+ */
+function parseWhoisData(string $raw, string $domain): array {
+    $data = [
+        'raw' => $raw,
+        'parsed' => [
+            'domain_name' => $domain,
+            'registrar' => null,
+            'registrar_url' => null,
+            'creation_date' => null,
+            'expiration_date' => null,
+            'updated_date' => null,
+            'status' => [],
+            'nameservers' => [],
+            'dnssec' => null,
+        ]
+    ];
+    
+    $lines = explode("\n", $raw);
+    
+    foreach ($lines as $line) {
+        $line = trim($line);
+        if (empty($line) || strpos($line, '%') === 0 || strpos($line, '#') === 0) {
+            continue;
+        }
+        
+        // Key: Value Format
+        if (strpos($line, ':') !== false) {
+            list($key, $value) = array_map('trim', explode(':', $line, 2));
+            $keyLower = strtolower($key);
+            
+            // Registrar
+            if (strpos($keyLower, 'registrar') !== false && strpos($keyLower, 'abuse') === false && strpos($keyLower, 'url') === false) {
+                if (empty($data['parsed']['registrar'])) {
+                    $data['parsed']['registrar'] = $value;
+                }
+            }
+            
+            // Registrar URL
+            if (strpos($keyLower, 'registrar') !== false && strpos($keyLower, 'url') !== false) {
+                $data['parsed']['registrar_url'] = $value;
+            }
+            
+            // Erstellungsdatum
+            if (preg_match('/(creation|created|registered)/i', $keyLower) && strpos($keyLower, 'registrar') === false) {
+                if (empty($data['parsed']['creation_date'])) {
+                    $data['parsed']['creation_date'] = $value;
+                }
+            }
+            
+            // Ablaufdatum
+            if (preg_match('/(expir|paid-till)/i', $keyLower)) {
+                if (empty($data['parsed']['expiration_date'])) {
+                    $data['parsed']['expiration_date'] = $value;
+                }
+            }
+            
+            // Aktualisierungsdatum
+            if (preg_match('/(updated|modified|changed)/i', $keyLower) && strpos($keyLower, 'registrar') === false) {
+                if (empty($data['parsed']['updated_date'])) {
+                    $data['parsed']['updated_date'] = $value;
+                }
+            }
+            
+            // Status
+            if (preg_match('/(status|state)/i', $keyLower) && !empty($value)) {
+                $data['parsed']['status'][] = $value;
+            }
+            
+            // Nameserver
+            if (preg_match('/^(name.?server|nserver)/i', $keyLower) && !empty($value)) {
+                $ns = strtolower(explode(' ', $value)[0]);
+                if (!in_array($ns, $data['parsed']['nameservers'])) {
+                    $data['parsed']['nameservers'][] = $ns;
+                }
+            }
+            
+            // DNSSEC
+            if (strpos($keyLower, 'dnssec') !== false) {
+                $data['parsed']['dnssec'] = $value;
+            }
+        }
+    }
+    
+    // Status einzigartig machen
+    $data['parsed']['status'] = array_unique($data['parsed']['status']);
+    
+    return $data;
+}

backend/config/config.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * HexaHost.de Konfiguration
+ * 
+ * HINWEIS: Diese Datei ist veraltet!
+ * 
+ * Die Konfiguration wurde nach mail-config.php verschoben.
+ * Bitte verwenden Sie stattdessen:
+ * 
+ *   require_once 'config/mail-config.php';
+ * 
+ * Diese Datei wird nur aus Kompatibilitätsgründen beibehalten.
+ */
+
+// Lade die neue Konfiguration
+require_once __DIR__ . '/mail-config.php';
+?>

backend/config/mail-config.php

@@ -0,0 +1,198 @@
+<?php
+/**
+ * HexaHost.de Mail Configuration
+ * 
+ * Bitte passen Sie die folgenden SMTP-Einstellungen an Ihre E-Mail-Provider an.
+ * 
+ * Beispiele für gängige Provider:
+ * 
+ * Gmail:
+ * - SMTP_HOST = 'smtp.gmail.com'
+ * - SMTP_PORT = 587
+ * - SMTP_USERNAME = 'ihre-email@gmail.com'
+ * - SMTP_PASSWORD = 'ihr-app-passwort'
+ * 
+ * Outlook/Hotmail:
+ * - SMTP_HOST = 'smtp-mail.outlook.com'
+ * - SMTP_PORT = 587
+ * 
+ * GMX:
+ * - SMTP_HOST = 'mail.gmx.net'
+ * - SMTP_PORT = 587
+ * 
+ * Web.de:
+ * - SMTP_HOST = 'smtp.web.de'
+ * - SMTP_PORT = 587
+ * 
+ * 1&1:
+ * - SMTP_HOST = 'smtp.1und1.de'
+ * - SMTP_PORT = 587
+ * 
+ * Strato:
+ * - SMTP_HOST = 'smtp.strato.de'
+ * - SMTP_PORT = 587
+ * 
+ * Ionos:
+ * - SMTP_HOST = 'smtp.ionos.de'
+ * - SMTP_PORT = 587
+ */
+
+// SMTP Server Einstellungen
+define('SMTP_HOST', 'smtp.ihre-domain.de');        // Ihr SMTP-Server
+define('SMTP_PORT', 587);                          // SMTP-Port (meist 587 oder 465)
+define('SMTP_USERNAME', 'kontakt@ihre-domain.de'); // Ihr SMTP-Benutzername
+define('SMTP_PASSWORD', 'ihr-smtp-passwort');      // Ihr SMTP-Passwort
+
+// E-Mail Adressen
+define('SMTP_FROM_EMAIL', 'kontakt@hexahost.de');  // Absender-E-Mail (muss zu SMTP_USERNAME passen)
+define('SMTP_TO_EMAIL', 'info@hexahost.de');       // Empfänger-E-Mail für Kontaktformular
+
+// Sicherheitseinstellungen
+define('ENABLE_CSRF_PROTECTION', true);            // CSRF-Schutz aktivieren
+define('ENABLE_RATE_LIMITING', true);              // Rate-Limiting aktivieren
+define('MAX_REQUESTS_PER_HOUR', 10);               // Max. Anfragen pro Stunde
+
+// Spam-Schutz Einstellungen
+define('ENABLE_SPAM_PROTECTION', true);            // Spam-Schutz aktivieren
+define('MAX_MESSAGE_LENGTH', 5000);                // Max. Nachrichtenlänge
+define('MIN_MESSAGE_LENGTH', 10);                  // Min. Nachrichtenlänge
+
+// Debug-Einstellungen (nur für Entwicklung)
+define('DEBUG_MODE', false);                       // Debug-Modus (true/false)
+define('LOG_EMAILS', true);                        // E-Mails loggen (true/false)
+
+// Zusätzliche Sicherheitsheader
+define('ADDITIONAL_HEADERS', [
+    'X-Mailer' => 'HexaHost.de Contact Form',
+    'X-Priority' => '3',
+    'X-MSMail-Priority' => 'Normal',
+    'Importance' => 'Normal',
+    'X-Report-Abuse' => 'Please report abuse here: abuse@hexahost.de',
+    'List-Unsubscribe' => '<mailto:unsubscribe@hexahost.de>',
+    'Precedence' => 'bulk'
+]);
+
+// Erlaubte Domains für E-Mail-Adressen (optional)
+define('ALLOWED_EMAIL_DOMAINS', [
+    // Leer lassen für alle Domains zu erlauben
+    // 'gmail.com',
+    // 'outlook.com',
+    // 'web.de',
+    // 'gmx.de'
+]);
+
+// Blacklist für E-Mail-Adressen (optional)
+define('BLACKLISTED_EMAILS', [
+    // 'spam@example.com',
+    // 'test@test.com'
+]);
+
+// Validierung der Konfiguration
+if (!defined('SMTP_HOST') || !defined('SMTP_USERNAME') || !defined('SMTP_PASSWORD')) {
+    die('SMTP-Konfiguration ist unvollständig. Bitte überprüfen Sie die mail-config.php');
+}
+
+// Überprüfung der E-Mail-Adressen
+if (!filter_var(SMTP_FROM_EMAIL, FILTER_VALIDATE_EMAIL)) {
+    die('Ungültige SMTP_FROM_EMAIL Adresse');
+}
+
+if (!filter_var(SMTP_TO_EMAIL, FILTER_VALIDATE_EMAIL)) {
+    die('Ungültige SMTP_TO_EMAIL Adresse');
+}
+
+// Logging-Funktion
+function logEmail($type, $data) {
+    if (!LOG_EMAILS) return;
+    
+    $logFile = __DIR__ . '/../logs/email.log';
+    $logDir = dirname($logFile);
+    
+    if (!is_dir($logDir)) {
+        mkdir($logDir, 0755, true);
+    }
+    
+    $timestamp = date('Y-m-d H:i:s');
+    $logEntry = "[$timestamp] $type: " . json_encode($data) . "\n";
+    
+    file_put_contents($logFile, $logEntry, FILE_APPEND | LOCK_EX);
+}
+
+// Hilfsfunktion für E-Mail-Validierung
+function isValidEmail($email) {
+    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        return false;
+    }
+    
+    // Prüfe Blacklist
+    if (in_array($email, BLACKLISTED_EMAILS)) {
+        return false;
+    }
+    
+    // Prüfe Domain-Whitelist (falls gesetzt)
+    if (!empty(ALLOWED_EMAIL_DOMAINS)) {
+        $domain = substr(strrchr($email, "@"), 1);
+        if (!in_array($domain, ALLOWED_EMAIL_DOMAINS)) {
+            return false;
+        }
+    }
+    
+    return true;
+}
+
+// CSRF Token generieren (wird in functions.php verwendet)
+// Hinweis: Diese Funktion existiert auch in functions.php - hier nur als Fallback
+if (!function_exists('generateCSRFToken')) {
+    function generateCSRFToken() {
+        if (!isset($_SESSION['csrf_token'])) {
+            $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+        }
+        return $_SESSION['csrf_token'];
+    }
+}
+
+// CSRF Token validieren
+if (!function_exists('validateCSRFToken')) {
+    function validateCSRFToken($token) {
+        return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token);
+    }
+}
+
+/**
+ * Hilfsfunktion zum Abrufen der Konfiguration als Array
+ * Kompatibilität mit contact-handler.php
+ * 
+ * @param string|null $key Optional: einzelner Schlüssel
+ * @return mixed Konfigurationsarray oder einzelner Wert
+ */
+function getHexaHostConfig($key = null) {
+    $config = [
+        // SMTP Server-Einstellungen
+        'smtp_host' => SMTP_HOST,
+        'smtp_port' => SMTP_PORT,
+        'smtp_username' => SMTP_USERNAME,
+        'smtp_password' => SMTP_PASSWORD,
+        'smtp_encryption' => 'tls',
+        
+        // Absender/Empfänger
+        'from_email' => SMTP_FROM_EMAIL,
+        'from_name' => 'HexaHost.de Kontaktformular',
+        'to_email' => SMTP_TO_EMAIL,
+        'to_name' => 'HexaHost Support',
+        
+        // Sicherheit
+        'max_requests_per_hour' => MAX_REQUESTS_PER_HOUR,
+        'honeypot_field' => 'website',
+        
+        // Debug
+        'debug_mode' => DEBUG_MODE,
+        'log_errors' => LOG_EMAILS,
+    ];
+    
+    if ($key === null) {
+        return $config;
+    }
+    
+    return $config[$key] ?? null;
+}
+?>

backend/config/products-config.php

@@ -0,0 +1,541 @@
+<?php
+/**
+ * HexaHost.de Produkt-Konfiguration
+ * 
+ * Hier können Sie alle Preise und Produktinformationen zentral verwalten.
+ * Nach Änderungen: npm run build && npm run deploy
+ * 
+ * Verwendung in PHP-Seiten:
+ *   require_once 'config/products-config.php';
+ *   $packages = getProductPackages('vpc');
+ */
+
+// ============================================================================
+// VIRTUAL PRIVATE CONTAINER (VPC)
+// ============================================================================
+$PRODUCTS['vpc'] = [
+    'name' => 'Virtual Private Container',
+    'short_name' => 'VPC',
+    'description' => 'Effiziente LXC-Container auf Proxmox-Basis',
+    'min_price' => '4,99',
+    'hero_highlight' => 'auf Proxmox LXC',
+    'hero_description' => 'Erleben Sie die Effizienz von Linux-Containern mit der Zuverlässigkeit von Proxmox. Unsere VPC-Lösungen bieten optimale Performance bei minimalem Ressourcenverbrauch.',
+    'packages_title' => 'VPC Pakete',
+    'packages_description' => 'Wählen Sie das perfekte Container-Paket für Ihre Anforderungen',
+    'cta_title' => 'Bereit für Ihren VPC?',
+    'cta_description' => 'Starten Sie noch heute mit einem Virtual Private Container',
+    'page_title' => 'Virtual Private Container - Effiziente LXC Container | HexaHost.de',
+    'page_description' => 'Virtual Private Container auf Proxmox LXC-Basis. Effiziente und preiswerte Container-Lösungen ab 4,99€/Monat bei HexaHost.de',
+    'packages' => [
+        'starter' => [
+            'name' => 'VPC Starter',
+            'price' => '4,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'CPU Kerne', 'value' => '1 vCore'],
+                ['label' => 'RAM', 'value' => '1 GB'],
+                ['label' => 'SSD Speicher', 'value' => '20 GB'],
+                ['label' => 'Traffic', 'value' => '1 TB'],
+                ['label' => 'IPv4 Adressen', 'value' => '1'],
+            ],
+            'features' => [
+                'Proxmox LXC Container',
+                'Root-Zugriff',
+                'SSH-Zugang',
+                'Backup inklusive',
+                '24/7 Monitoring',
+            ],
+        ],
+        'business' => [
+            'name' => 'VPC Business',
+            'price' => '9,99',
+            'featured' => true,
+            'specs' => [
+                ['label' => 'CPU Kerne', 'value' => '2 vCores'],
+                ['label' => 'RAM', 'value' => '4 GB'],
+                ['label' => 'SSD Speicher', 'value' => '80 GB'],
+                ['label' => 'Traffic', 'value' => '3 TB'],
+                ['label' => 'IPv4 Adressen', 'value' => '1'],
+            ],
+            'features' => [
+                'Proxmox LXC Container',
+                'Root-Zugriff',
+                'SSH-Zugang',
+                'Tägliches Backup',
+                '24/7 Monitoring',
+                'Snapshot-Funktion',
+            ],
+        ],
+        'professional' => [
+            'name' => 'VPC Professional',
+            'price' => '19,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'CPU Kerne', 'value' => '4 vCores'],
+                ['label' => 'RAM', 'value' => '8 GB'],
+                ['label' => 'SSD Speicher', 'value' => '160 GB'],
+                ['label' => 'Traffic', 'value' => '5 TB'],
+                ['label' => 'IPv4 Adressen', 'value' => '2'],
+            ],
+            'features' => [
+                'Proxmox LXC Container',
+                'Root-Zugriff',
+                'SSH-Zugang',
+                'Stündliches Backup',
+                '24/7 Monitoring',
+                'Snapshot-Funktion',
+                'Priority Support',
+            ],
+        ],
+        'enterprise' => [
+            'name' => 'VPC Enterprise',
+            'price' => '39,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'CPU Kerne', 'value' => '8 vCores'],
+                ['label' => 'RAM', 'value' => '16 GB'],
+                ['label' => 'SSD Speicher', 'value' => '320 GB'],
+                ['label' => 'Traffic', 'value' => '10 TB'],
+                ['label' => 'IPv4 Adressen', 'value' => '3'],
+            ],
+            'features' => [
+                'Proxmox LXC Container',
+                'Root-Zugriff',
+                'SSH-Zugang',
+                'Stündliches Backup',
+                '24/7 Monitoring',
+                'Snapshot-Funktion',
+                'Priority Support',
+                'Individuelle Konfiguration',
+            ],
+        ],
+    ],
+];
+
+// ============================================================================
+// VIRTUAL PRIVATE SERVER (VPS)
+// ============================================================================
+$PRODUCTS['vps'] = [
+    'name' => 'Virtual Private Server',
+    'short_name' => 'VPS',
+    'description' => 'Vollwertige KVM-Virtualisierung mit Root-Zugriff',
+    'min_price' => '9,99',
+    'hero_highlight' => 'auf Proxmox KVM',
+    'hero_description' => 'Maximale Flexibilität und Kontrolle mit vollwertiger KVM-Virtualisierung. Installieren Sie jedes Betriebssystem und genießen Sie vollständigen Root-Zugriff.',
+    'packages_title' => 'VPS Pakete',
+    'packages_description' => 'Wählen Sie das perfekte VPS-Paket für Ihre Anforderungen',
+    'cta_title' => 'Bereit für Ihren VPS?',
+    'cta_description' => 'Starten Sie noch heute mit einem Virtual Private Server',
+    'page_title' => 'Virtual Private Server - KVM Virtualisierung | HexaHost.de',
+    'page_description' => 'Virtual Private Server auf Proxmox KVM-Basis. Vollwertige Virtualisierung mit Root-Zugriff ab 9,99€/Monat bei HexaHost.de',
+    'packages' => [
+        'starter' => [
+            'name' => 'VPS Starter',
+            'price' => '9,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'CPU Kerne', 'value' => '1 vCore'],
+                ['label' => 'RAM', 'value' => '2 GB'],
+                ['label' => 'SSD Speicher', 'value' => '40 GB'],
+                ['label' => 'Traffic', 'value' => '2 TB'],
+                ['label' => 'IPv4 Adressen', 'value' => '1'],
+            ],
+            'features' => [
+                'Proxmox KVM Virtualisierung',
+                'Root-Zugriff',
+                'SSH-Zugang',
+                'Backup inklusive',
+                '24/7 Monitoring',
+            ],
+        ],
+        'business' => [
+            'name' => 'VPS Business',
+            'price' => '19,99',
+            'featured' => true,
+            'specs' => [
+                ['label' => 'CPU Kerne', 'value' => '2 vCores'],
+                ['label' => 'RAM', 'value' => '4 GB'],
+                ['label' => 'SSD Speicher', 'value' => '80 GB'],
+                ['label' => 'Traffic', 'value' => '4 TB'],
+                ['label' => 'IPv4 Adressen', 'value' => '1'],
+            ],
+            'features' => [
+                'Proxmox KVM Virtualisierung',
+                'Root-Zugriff',
+                'SSH-Zugang',
+                'Tägliches Backup',
+                '24/7 Monitoring',
+                'Snapshot-Funktion',
+            ],
+        ],
+        'professional' => [
+            'name' => 'VPS Professional',
+            'price' => '39,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'CPU Kerne', 'value' => '4 vCores'],
+                ['label' => 'RAM', 'value' => '8 GB'],
+                ['label' => 'SSD Speicher', 'value' => '160 GB'],
+                ['label' => 'Traffic', 'value' => '8 TB'],
+                ['label' => 'IPv4 Adressen', 'value' => '2'],
+            ],
+            'features' => [
+                'Proxmox KVM Virtualisierung',
+                'Root-Zugriff',
+                'SSH-Zugang',
+                'Stündliches Backup',
+                '24/7 Monitoring',
+                'Snapshot-Funktion',
+                'Priority Support',
+            ],
+        ],
+        'enterprise' => [
+            'name' => 'VPS Enterprise',
+            'price' => '79,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'CPU Kerne', 'value' => '8 vCores'],
+                ['label' => 'RAM', 'value' => '16 GB'],
+                ['label' => 'SSD Speicher', 'value' => '320 GB'],
+                ['label' => 'Traffic', 'value' => '15 TB'],
+                ['label' => 'IPv4 Adressen', 'value' => '3'],
+            ],
+            'features' => [
+                'Proxmox KVM Virtualisierung',
+                'Root-Zugriff',
+                'SSH-Zugang',
+                'Stündliches Backup',
+                '24/7 Monitoring',
+                'Snapshot-Funktion',
+                'Priority Support',
+                'Individuelle Konfiguration',
+            ],
+        ],
+    ],
+];
+
+// ============================================================================
+// MAIL GATEWAY
+// ============================================================================
+$PRODUCTS['mail-gateway'] = [
+    'name' => 'Mail Gateway',
+    'short_name' => 'Mail',
+    'description' => 'Professioneller E-Mail-Schutz für Unternehmen',
+    'min_price' => '4,99',
+    'hero_highlight' => 'für Unternehmen',
+    'hero_description' => 'Professionelle E-Mail-Infrastruktur mit maximalem Schutz vor Spam und Malware. Sichern Sie Ihre geschäftliche Kommunikation mit unseren Mail Gateway Lösungen.',
+    'packages_title' => 'Mail Gateway Pakete',
+    'packages_description' => 'Wählen Sie das passende Mail Gateway Paket für Ihr Unternehmen',
+    'cta_title' => 'Bereit für professionelle E-Mail-Kommunikation?',
+    'cta_description' => 'Starten Sie noch heute mit unserem Mail Gateway',
+    'page_title' => 'Mail Gateway - Professionelle E-Mail-Lösungen | HexaHost.de',
+    'page_description' => 'Professionelle Mail Gateway Lösungen für Unternehmen. Spam-Schutz, E-Mail-Archivierung und sichere E-Mail-Kommunikation bei HexaHost.de',
+    'packages' => [
+        'starter' => [
+            'name' => 'Mail Starter',
+            'price' => '4,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'Postfächer', 'value' => '5'],
+                ['label' => 'Speicher/Postfach', 'value' => '5 GB'],
+                ['label' => 'Domains', 'value' => '1'],
+                ['label' => 'E-Mails/Tag', 'value' => '500'],
+            ],
+            'features' => [
+                'Spam-Filter',
+                'Virus-Schutz',
+                'Webmail',
+                'IMAP/POP3',
+                'SSL/TLS Verschlüsselung',
+            ],
+        ],
+        'business' => [
+            'name' => 'Mail Business',
+            'price' => '14,99',
+            'featured' => true,
+            'specs' => [
+                ['label' => 'Postfächer', 'value' => '25'],
+                ['label' => 'Speicher/Postfach', 'value' => '10 GB'],
+                ['label' => 'Domains', 'value' => '3'],
+                ['label' => 'E-Mails/Tag', 'value' => '2.000'],
+            ],
+            'features' => [
+                'Spam-Filter (erweitert)',
+                'Virus-Schutz',
+                'Webmail',
+                'IMAP/POP3',
+                'SSL/TLS Verschlüsselung',
+                'E-Mail Archivierung (30 Tage)',
+                'Kalender & Kontakte',
+            ],
+        ],
+        'professional' => [
+            'name' => 'Mail Professional',
+            'price' => '29,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'Postfächer', 'value' => '100'],
+                ['label' => 'Speicher/Postfach', 'value' => '25 GB'],
+                ['label' => 'Domains', 'value' => '10'],
+                ['label' => 'E-Mails/Tag', 'value' => '10.000'],
+            ],
+            'features' => [
+                'Spam-Filter (KI-gestützt)',
+                'Virus-Schutz',
+                'Webmail',
+                'IMAP/POP3',
+                'SSL/TLS Verschlüsselung',
+                'E-Mail Archivierung (1 Jahr)',
+                'Kalender & Kontakte',
+                'ActiveSync für Mobile',
+            ],
+        ],
+        'enterprise' => [
+            'name' => 'Mail Enterprise',
+            'price' => '59,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'Postfächer', 'value' => 'Unbegrenzt'],
+                ['label' => 'Speicher/Postfach', 'value' => '50 GB'],
+                ['label' => 'Domains', 'value' => 'Unbegrenzt'],
+                ['label' => 'E-Mails/Tag', 'value' => 'Unbegrenzt'],
+            ],
+            'features' => [
+                'Spam-Filter (KI-gestützt)',
+                'Virus-Schutz',
+                'Webmail',
+                'IMAP/POP3',
+                'SSL/TLS Verschlüsselung',
+                'E-Mail Archivierung (10 Jahre)',
+                'Kalender & Kontakte',
+                'ActiveSync für Mobile',
+                'Dedizierte IP',
+                'Priority Support',
+            ],
+        ],
+    ],
+];
+
+// ============================================================================
+// WEBHOSTING
+// ============================================================================
+$PRODUCTS['webhosting'] = [
+    'name' => 'Webhosting',
+    'short_name' => 'Webhosting',
+    'description' => 'Klassisches Hosting mit PHP, MySQL und SSL',
+    'min_price' => '1,99',
+    'hero_highlight' => 'Alles für Ihre Website',
+    'hero_description' => 'Klassisches Webhosting mit allem, was Sie für eine erfolgreiche Website benötigen. PHP, MySQL, SSL-Zertifikate und E-Mail-Postfächer - alles inklusive.',
+    'packages_title' => 'Webhosting Pakete',
+    'packages_description' => 'Von der ersten Website bis zum professionellen Online-Shop',
+    'cta_title' => 'Bereit für Ihr Webhosting?',
+    'cta_description' => 'Starten Sie noch heute mit professionellem Webhosting',
+    'page_title' => 'Webhosting - Klassisches Hosting für Websites | HexaHost.de',
+    'page_description' => 'Webhosting mit PHP, MySQL und SSL-Zertifikaten. Klassisches Hosting für Websites ab 1,99€/Monat bei HexaHost.de',
+    'packages' => [
+        'starter' => [
+            'name' => 'Webhosting Starter',
+            'price' => '1,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'Webspace', 'value' => '5 GB'],
+                ['label' => 'Domains', 'value' => '1'],
+                ['label' => 'E-Mail-Postfächer', 'value' => '5'],
+                ['label' => 'Datenbanken', 'value' => '1 MySQL'],
+                ['label' => 'Traffic', 'value' => '10 GB'],
+            ],
+            'features' => [
+                'cPanel/Webmin',
+                'PHP 8.1',
+                'SSL-Zertifikat',
+                'E-Mail-Postfächer',
+                'MySQL Datenbank',
+            ],
+        ],
+        'business' => [
+            'name' => 'Webhosting Business',
+            'price' => '4,99',
+            'featured' => true,
+            'specs' => [
+                ['label' => 'Webspace', 'value' => '20 GB'],
+                ['label' => 'Domains', 'value' => '5'],
+                ['label' => 'E-Mail-Postfächer', 'value' => '25'],
+                ['label' => 'Datenbanken', 'value' => '5 MySQL'],
+                ['label' => 'Traffic', 'value' => '50 GB'],
+            ],
+            'features' => [
+                'cPanel/Webmin',
+                'PHP 8.1',
+                'SSL-Zertifikat',
+                'E-Mail-Postfächer',
+                'MySQL Datenbanken',
+                'Backup-Service',
+            ],
+        ],
+        'professional' => [
+            'name' => 'Webhosting Professional',
+            'price' => '9,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'Webspace', 'value' => '50 GB'],
+                ['label' => 'Domains', 'value' => 'Unbegrenzt'],
+                ['label' => 'E-Mail-Postfächer', 'value' => '100'],
+                ['label' => 'Datenbanken', 'value' => 'Unbegrenzt'],
+                ['label' => 'Traffic', 'value' => '200 GB'],
+            ],
+            'features' => [
+                'cPanel/Webmin',
+                'PHP 8.1',
+                'SSL-Zertifikat',
+                'E-Mail-Postfächer',
+                'MySQL Datenbanken',
+                'Backup-Service',
+                'Priority Support',
+            ],
+        ],
+        'enterprise' => [
+            'name' => 'Webhosting Enterprise',
+            'price' => '19,99',
+            'featured' => false,
+            'specs' => [
+                ['label' => 'Webspace', 'value' => '100 GB'],
+                ['label' => 'Domains', 'value' => 'Unbegrenzt'],
+                ['label' => 'E-Mail-Postfächer', 'value' => 'Unbegrenzt'],
+                ['label' => 'Datenbanken', 'value' => 'Unbegrenzt'],
+                ['label' => 'Traffic', 'value' => '500 GB'],
+            ],
+            'features' => [
+                'cPanel/Webmin',
+                'PHP 8.1',
+                'SSL-Zertifikat',
+                'E-Mail-Postfächer',
+                'MySQL Datenbanken',
+                'Backup-Service',
+                'Priority Support',
+                'Individuelle Konfiguration',
+            ],
+        ],
+    ],
+];
+
+// ============================================================================
+// HILFSFUNKTIONEN
+// ============================================================================
+
+/**
+ * Alle Produkte abrufen
+ */
+function getAllProducts() {
+    global $PRODUCTS;
+    return $PRODUCTS;
+}
+
+/**
+ * Ein Produkt abrufen
+ */
+function getProduct($productId) {
+    global $PRODUCTS;
+    return $PRODUCTS[$productId] ?? null;
+}
+
+/**
+ * Alle Pakete eines Produkts abrufen
+ */
+function getProductPackages($productId) {
+    global $PRODUCTS;
+    return $PRODUCTS[$productId]['packages'] ?? [];
+}
+
+/**
+ * Ein bestimmtes Paket abrufen
+ */
+function getPackage($productId, $packageId) {
+    global $PRODUCTS;
+    return $PRODUCTS[$productId]['packages'][$packageId] ?? null;
+}
+
+/**
+ * Preis eines Pakets abrufen
+ */
+function getPackagePrice($productId, $packageId) {
+    $package = getPackage($productId, $packageId);
+    return $package['price'] ?? null;
+}
+
+/**
+ * Minimalen Preis eines Produkts abrufen
+ */
+function getMinPrice($productId) {
+    global $PRODUCTS;
+    return $PRODUCTS[$productId]['min_price'] ?? null;
+}
+
+/**
+ * Preis formatiert ausgeben
+ */
+function formatPrice($price, $withCurrency = true) {
+    return $withCurrency ? $price . '€' : $price;
+}
+
+/**
+ * Generiert HTML für eine Paket-Karte
+ */
+function renderPackageCard($productId, $packageId, $package) {
+    $featuredClass = $package['featured'] ? ' featured' : '';
+    $featuredBadge = $package['featured'] ? '<div class="featured-badge">Beliebt</div>' : '';
+    
+    $specsHtml = '';
+    foreach ($package['specs'] as $spec) {
+        $specsHtml .= sprintf(
+            '<div class="spec-item"><span class="spec-label">%s:</span><span class="spec-value">%s</span></div>',
+            htmlspecialchars($spec['label']),
+            htmlspecialchars($spec['value'])
+        );
+    }
+    
+    $featuresHtml = '';
+    foreach ($package['features'] as $feature) {
+        $featuresHtml .= sprintf('<div class="feature">✓ %s</div>', htmlspecialchars($feature));
+    }
+    
+    return sprintf('
+                <div class="package-card glass-card%s">
+                    %s
+                    <div class="package-header">
+                        <h3 class="package-name">%s</h3>
+                        <div class="package-price">
+                            <span class="price">%s€</span>
+                            <span class="period">/Monat</span>
+                        </div>
+                    </div>
+                    <div class="package-specs">
+                        %s
+                    </div>
+                    <div class="package-features">
+                        %s
+                    </div>
+                    <a href="contact.php?package=%s-%s" class="btn btn-primary">Jetzt bestellen</a>
+                </div>',
+        $featuredClass,
+        $featuredBadge,
+        htmlspecialchars($package['name']),
+        $package['price'],
+        $specsHtml,
+        $featuresHtml,
+        $productId,
+        $packageId
+    );
+}
+
+/**
+ * Generiert HTML für alle Pakete eines Produkts
+ */
+function renderAllPackages($productId) {
+    $packages = getProductPackages($productId);
+    $html = '';
+    foreach ($packages as $packageId => $package) {
+        $html .= renderPackageCard($productId, $packageId, $package);
+    }
+    return $html;
+}
+?>

backend/includes/footer.php

@@ -0,0 +1,167 @@
+    <footer class="footer">
+        <div class="container">
+            <div class="footer-content">
+                <div class="footer-section">
+                    <h4>HexaHost.de</h4>
+                    <p>Zuverlässiges Hosting aus Niederbayern</p>
+                    <div class="footer-location">
+                        <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                            <path d="M21 10c0 7-9 13-9 13s-9-6-9-13a9 9 0 0 1 18 0z"/>
+                            <circle cx="12" cy="10" r="3"/>
+                        </svg>
+                        <span>Niederbayern, Deutschland</span>
+                    </div>
+                </div>
+                <div class="footer-section">
+                    <h4>Produkte</h4>
+                    <ul>
+                        <li><a href="/vpc">Virtual Private Container</a></li>
+                        <li><a href="/vps">Virtual Private Server</a></li>
+                        <li><a href="/mail-gateway">Mail Gateway</a></li>
+                        <li><a href="/webhosting">Webhosting</a></li>
+                    </ul>
+                </div>
+                <div class="footer-section">
+                    <h4>Unternehmen</h4>
+                    <ul>
+                        <li><a href="/about">Über mich</a></li>
+                        <li><a href="/contact">Kontakt</a></li>
+                        <li><a href="/impressum">Impressum</a></li>
+                        <li><a href="/datenschutz">Datenschutz</a></li>
+                        <li><a href="/agb">AGB</a></li>
+                        <li><a href="/widerruf">Widerrufsbelehrung</a></li>
+                        <li><a href="#" id="openCookieSettings" onclick="CookieConsent.resetConsent(); return false;">Cookie-Einstellungen</a></li>
+                    </ul>
+                </div>
+                <div class="footer-section">
+                    <h4>Support</h4>
+                    <ul>
+                        <li><a href="https://shop.hexahost.de/clientarea.php">Kunden-Center</a></li>
+                        <li><a href="https://shop.hexahost.de/serverstatus.php">Status</a></li>
+                        <li><a href="https://shop.hexahost.de/supporttickets.php">Support-Ticket</a></li>
+                        <li><a href="#">FAQ</a></li>
+                    </ul>
+                </div>
+            </div>
+            <div class="footer-bottom">
+                <p>&copy; <?php echo date('Y'); ?> HexaHost.de - Alle Rechte vorbehalten</p>
+            </div>
+        </div>
+    </footer>
+
+    <!-- Cookie Consent Banner -->
+    <div id="cookieConsent" class="cookie-consent" role="dialog" aria-labelledby="cookieConsentTitle" aria-describedby="cookieConsentDesc">
+        <div class="cookie-consent-container">
+            <div class="cookie-consent-content">
+                <div class="cookie-consent-icon">
+                    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                        <circle cx="12" cy="12" r="10"/>
+                        <circle cx="8" cy="9" r="1" fill="currentColor"/>
+                        <circle cx="15" cy="8" r="1" fill="currentColor"/>
+                        <circle cx="10" cy="14" r="1" fill="currentColor"/>
+                        <circle cx="16" cy="13" r="1" fill="currentColor"/>
+                        <circle cx="13" cy="17" r="1" fill="currentColor"/>
+                    </svg>
+                </div>
+                <div class="cookie-consent-text">
+                    <h3 id="cookieConsentTitle">Cookie-Einstellungen</h3>
+                    <p id="cookieConsentDesc">
+                        Wir verwenden Cookies, um Ihnen die bestmögliche Erfahrung auf unserer Website zu bieten. 
+                        Technisch notwendige Cookies sind für die Funktionalität erforderlich. 
+                        <a href="/datenschutz">Mehr erfahren</a>
+                    </p>
+                </div>
+            </div>
+            <div class="cookie-consent-actions">
+                <button type="button" id="cookieAcceptAll" class="btn btn-primary">Alle akzeptieren</button>
+                <button type="button" id="cookieAcceptEssential" class="btn btn-secondary">Nur notwendige</button>
+                <button type="button" id="cookieSettings" class="btn btn-text">Einstellungen</button>
+            </div>
+        </div>
+        
+        <!-- Erweiterte Cookie-Einstellungen (standardmäßig versteckt) -->
+        <div id="cookieSettingsPanel" class="cookie-settings-panel" style="display: none;">
+            <div class="cookie-settings-content">
+                <h4>Cookie-Einstellungen</h4>
+                <div class="cookie-option">
+                    <div class="cookie-option-info">
+                        <strong>Notwendige Cookies</strong>
+                        <p>Diese Cookies sind für die Grundfunktionen der Website erforderlich.</p>
+                    </div>
+                    <label class="cookie-toggle disabled">
+                        <input type="checkbox" checked disabled>
+                        <span class="cookie-toggle-slider"></span>
+                    </label>
+                </div>
+                <div class="cookie-option">
+                    <div class="cookie-option-info">
+                        <strong>Analyse-Cookies</strong>
+                        <p>Helfen uns zu verstehen, wie Besucher unsere Website nutzen.</p>
+                    </div>
+                    <label class="cookie-toggle">
+                        <input type="checkbox" id="cookieAnalytics">
+                        <span class="cookie-toggle-slider"></span>
+                    </label>
+                </div>
+                <div class="cookie-option">
+                    <div class="cookie-option-info">
+                        <strong>Marketing-Cookies</strong>
+                        <p>Werden verwendet, um relevante Werbung anzuzeigen.</p>
+                    </div>
+                    <label class="cookie-toggle">
+                        <input type="checkbox" id="cookieMarketing">
+                        <span class="cookie-toggle-slider"></span>
+                    </label>
+                </div>
+                <div class="cookie-settings-actions">
+                    <button type="button" id="cookieSaveSettings" class="btn btn-primary">Einstellungen speichern</button>
+                    <button type="button" id="cookieCloseSettings" class="btn btn-secondary">Abbrechen</button>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <!-- Google Analytics (GA4) mit Consent Mode -->
+    <script>
+        window.dataLayer = window.dataLayer || [];
+        function gtag(){dataLayer.push(arguments);}
+
+        // Standard: keine Analyse/Marketing-Cookies bis zur Einwilligung
+        gtag('consent', 'default', {
+            analytics_storage: 'denied',
+            ad_storage: 'denied',
+            ad_user_data: 'denied',
+            ad_personalization: 'denied'
+        });
+
+        gtag('js', new Date());
+        gtag('config', 'G-EF0E9VPMTD', {
+            anonymize_ip: true
+        });
+
+        // Übergibt Consent-Änderungen aus dem eigenen Cookie-Banner an GA
+        window.addEventListener('cookieConsentUpdated', function (event) {
+            var payload = event && event.detail ? event.detail : {};
+            var consent = payload.consent ? payload.consent : payload;
+            var analyticsGranted = !!(consent && consent.analytics);
+            var marketingGranted = !!(consent && consent.marketing);
+
+            gtag('consent', 'update', {
+                analytics_storage: analyticsGranted ? 'granted' : 'denied',
+                ad_storage: marketingGranted ? 'granted' : 'denied',
+                ad_user_data: marketingGranted ? 'granted' : 'denied',
+                ad_personalization: marketingGranted ? 'granted' : 'denied'
+            });
+        });
+    </script>
+    <script async src="https://www.googletagmanager.com/gtag/js?id=G-EF0E9VPMTD"></script>
+
+    <script src="/assets/js/main.js" defer></script>
+    <script src="/assets/js/cookie-consent.js" defer></script>
+    <?php if (isset($additional_scripts)): ?>
+        <?php foreach ($additional_scripts as $script): ?>
+            <script src="<?php echo $script; ?>" defer></script>
+        <?php endforeach; ?>
+    <?php endif; ?>
+</body>
+</html> 

backend/includes/functions.php

@@ -0,0 +1,98 @@
+<?php
+/**
+ * Helper functions for HexaHost.de
+ */
+
+// Sichere Session-Konfiguration
+if (session_status() === PHP_SESSION_NONE) {
+    // Session-Cookie-Sicherheit
+    ini_set('session.cookie_httponly', 1);
+    ini_set('session.cookie_secure', isset($_SERVER['HTTPS']) ? 1 : 0);
+    ini_set('session.cookie_samesite', 'Strict');
+    ini_set('session.use_strict_mode', 1);
+    ini_set('session.use_only_cookies', 1);
+    
+    session_start();
+    
+    // Session-ID regenerieren bei Login/wichtigen Aktionen (Schutz vor Session Fixation)
+    if (!isset($_SESSION['initiated'])) {
+        session_regenerate_id(true);
+        $_SESSION['initiated'] = true;
+    }
+}
+
+// PHP Error Display in Produktion deaktivieren
+if (!defined('DEBUG_MODE') || !DEBUG_MODE) {
+    ini_set('display_errors', 0);
+    ini_set('display_startup_errors', 0);
+    error_reporting(E_ALL);
+    ini_set('log_errors', 1);
+}
+
+/**
+ * Set page configuration and include header
+ * 
+ * @param string $title The page title
+ * @param string $description The page description
+ * @param string $page The current page identifier
+ * @param array $scripts Additional scripts to include
+ */
+function includeHeader($title = '', $description = '', $page = '', $scripts = []) {
+    global $page_title, $page_description, $current_page, $additional_scripts;
+    
+    // Set page configuration from parameters
+    $page_title = !empty($title) 
+        ? $title 
+        : 'HexaHost.de - Zuverlässiges Hosting aus Niederbayern';
+    
+    $page_description = !empty($description) 
+        ? $description 
+        : 'HexaHost.de - Zuverlässiges und preiswertes Hosting aus Niederbayern. VPS, VPC, Mail Gateway und Webhosting Lösungen.';
+    
+    $current_page = $page;
+    $additional_scripts = $scripts;
+    
+    include __DIR__ . '/header.php';
+}
+
+/**
+ * Include footer
+ */
+function includeFooter() {
+    include __DIR__ . '/footer.php';
+}
+
+/**
+ * Generate breadcrumb navigation
+ * 
+ * @param array $breadcrumbs Array of breadcrumb items [['title' => 'Home', 'url' => 'index.html'], ...]
+ */
+function generateBreadcrumbs($breadcrumbs) {
+    echo '<div class="breadcrumb">';
+    $last_index = count($breadcrumbs) - 1;
+    
+    foreach ($breadcrumbs as $index => $item) {
+        if ($index === $last_index) {
+            // Last item (current page)
+            echo '<span>' . htmlspecialchars($item['title']) . '</span>';
+        } else {
+            // Link to other pages
+            echo '<a href="' . htmlspecialchars($item['url']) . '">' . htmlspecialchars($item['title']) . '</a>';
+            echo '<span>/</span>';
+        }
+    }
+    echo '</div>';
+}
+
+/**
+ * Generate CSRF token for form security
+ * 
+ * @return string CSRF token
+ */
+function generateCSRFToken() {
+    if (!isset($_SESSION['csrf_token'])) {
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    }
+    return $_SESSION['csrf_token'];
+}
+?> 

backend/includes/header.php

@@ -0,0 +1,81 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    
+    <!-- Performance: DNS Prefetch & Preconnect -->
+    <link rel="dns-prefetch" href="//fonts.googleapis.com">
+    <link rel="dns-prefetch" href="//fonts.gstatic.com">
+    <link rel="dns-prefetch" href="//cdn.hexahost.de">
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link rel="preconnect" href="https://cdn.hexahost.de" crossorigin>
+    
+    <!-- Performance: Preload kritischer Ressourcen -->
+    <link rel="preload" href="/assets/css/style.css" as="style">
+    <link rel="preload" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" as="style">
+    
+    <title><?php echo isset($page_title) ? htmlspecialchars($page_title) : 'HexaHost.de - Zuverlässiges Hosting aus Niederbayern'; ?></title>
+    
+    <!-- SEO Meta Tags -->
+    <meta name="description" content="<?php echo isset($page_description) ? htmlspecialchars($page_description) : 'HexaHost.de - Zuverlässiges und preiswertes Hosting aus Niederbayern. VPS, VPC, Mail Gateway und Webhosting Lösungen.'; ?>">
+    <meta name="robots" content="index, follow">
+    <meta name="author" content="HexaHost.de">
+    <meta name="theme-color" content="#0d0821">
+    
+    <!-- Open Graph / Social Media -->
+    <meta property="og:type" content="website">
+    <meta property="og:site_name" content="HexaHost.de">
+    <meta property="og:title" content="<?php echo isset($page_title) ? htmlspecialchars($page_title) : 'HexaHost.de'; ?>">
+    <meta property="og:description" content="<?php echo isset($page_description) ? htmlspecialchars($page_description) : 'Zuverlässiges Hosting aus Niederbayern'; ?>">
+    <meta property="og:locale" content="de_DE">
+    
+    <!-- Main Stylesheets -->
+    <link rel="stylesheet" href="/assets/css/style.css">
+    <link rel="stylesheet" href="/assets/css/custom.css">
+    
+    <!-- Fonts -->
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&family=Russo+One&family=Source+Sans+Pro:wght@300;400;600;700&display=swap" rel="stylesheet">
+    
+    <!-- Favicon -->
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg">
+    <link rel="apple-touch-icon" href="/favicon.svg">
+    
+    <!-- Canonical URL (falls gesetzt) -->
+    <?php if (isset($canonical_url)): ?>
+    <link rel="canonical" href="<?php echo htmlspecialchars($canonical_url); ?>">
+    <?php endif; ?>
+</head>
+<body>
+    <header class="header">
+        <nav class="nav">
+            <div class="nav-container">
+                <div class="nav-logo">
+                    <a href="/">
+                        <img src="https://cdn.hexahost.de/assets/img/logo/8iFs123BynHQWHI5.png" alt="HexaHost.de Logo" class="logo-image">
+                    </a>
+                </div>
+                <ul class="nav-menu">
+                    <li><a href="/" class="nav-link <?php echo ($current_page === 'home') ? 'active' : ''; ?>">Home</a></li>
+                    <li class="nav-dropdown">
+                        <a href="#" class="nav-link <?php echo (in_array($current_page, ['vpc', 'vps', 'mail-gateway', 'webhosting'])) ? 'active' : ''; ?>">Produkte</a>
+                        <ul class="dropdown-menu">
+                            <li><a href="/vpc" class="<?php echo ($current_page === 'vpc') ? 'active' : ''; ?>">Virtual Private Container</a></li>
+                            <li><a href="/vps" class="<?php echo ($current_page === 'vps') ? 'active' : ''; ?>">Virtual Private Server</a></li>
+                            <li><a href="/mail-gateway" class="<?php echo ($current_page === 'mail-gateway') ? 'active' : ''; ?>">Mail Gateway</a></li>
+                            <li><a href="/webhosting" class="<?php echo ($current_page === 'webhosting') ? 'active' : ''; ?>">Webhosting</a></li>
+                        </ul>
+                    </li>
+                    <li><a href="/it-dienstleistungen" class="nav-link <?php echo ($current_page === 'it-dienstleistungen') ? 'active' : ''; ?>">IT-Dienstleistungen</a></li>
+                    <li><a href="/about" class="nav-link <?php echo ($current_page === 'about') ? 'active' : ''; ?>">Über mich</a></li>
+                    <li><a href="/contact" class="nav-link <?php echo ($current_page === 'contact') ? 'active' : ''; ?>">Kontakt</a></li>
+                </ul>
+                <div class="nav-toggle">
+                    <span></span>
+                    <span></span>
+                    <span></span>
+                </div>
+            </div>
+        </nav>
+    </header>