smueller/HexaHost-Frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor configuration files for HexaHost.de: Updated mail and product configuration files to improve clarity and maintainability. Added deprecation notices in the old config file, migrated email handling to a new structure, and enhanced documentation for better understanding. Improved header comments across various public pages for better organization and readability.

Browse Source
This commit is contained in:
smueller
2026-05-27 13:22:46 +02:00
parent b893272d64
commit b9bd339607
32 changed files with 360 additions and 1452 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/includes/footer.php
View File

@@ -49,7 +49,7 @@
</div>
</footer>
<!-- Cookie Consent Banner -->
<div id="cookieConsent" class="cookie-consent" role="dialog" aria-labelledby="cookieConsentTitle" aria-describedby="cookieConsentDesc">
<div class="cookie-consent-container">
<div class="cookie-consent-content">
@@ -79,7 +79,7 @@
</div>
</div>
<!-- Erweiterte Cookie-Einstellungen (standardmäßig versteckt) -->
<div id="cookieSettingsPanel" class="cookie-settings-panel" style="display: none;">
<div class="cookie-settings-content">
<h4>Cookie-Einstellungen</h4>
@@ -121,7 +121,7 @@
</div>
</div>
<!-- Google Analytics (GA4) mit Consent Mode -->
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}

55
backend/includes/functions.php
View File

@@ -1,9 +1,11 @@
<?php
/**
* Helper functions for HexaHost.de
*/
// Sichere Session-Konfiguration
if (session_status() === PHP_SESSION_NONE) {
// Session-Cookie-Sicherheit
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', isset($_SERVER['HTTPS']) ? 1 : 0);
ini_set('session.cookie_samesite', 'Strict');
@@ -12,14 +14,14 @@ if (session_status() === PHP_SESSION_NONE) {
session_start();
// Session-ID regenerieren bei Login/wichtigen Aktionen (Schutz vor Session Fixation)
if (!isset($_SESSION['initiated'])) {
session_regenerate_id(true);
$_SESSION['initiated'] = true;
}
}
// PHP Error Display in Produktion deaktivieren
if (!defined('DEBUG_MODE') || !DEBUG_MODE) {
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
@@ -27,11 +29,18 @@ if (!defined('DEBUG_MODE') || !DEBUG_MODE) {
ini_set('log_errors', 1);
}
/**
* Set page configuration and include header
*
* @param string $title The page title
* @param string $description The page description
* @param string $page The current page identifier
* @param array $scripts Additional scripts to include
*/
function includeHeader($title = '', $description = '', $page = '', $scripts = []) {
global $page_title, $page_description, $current_page, $additional_scripts;
// Set page configuration from parameters
$page_title = !empty($title)
? $title
: 'HexaHost.de - Zuverlässiges Hosting aus Niederbayern';
@@ -46,22 +55,28 @@ function includeHeader($title = '', $description = '', $page = '', $scripts = []
include __DIR__ . '/header.php';
}
/**
* Include footer
*/
function includeFooter() {
include __DIR__ . '/footer.php';
}
/**
* Generate breadcrumb navigation
*
* @param array $breadcrumbs Array of breadcrumb items [['title' => 'Home', 'url' => 'index.html'], ...]
*/
function generateBreadcrumbs($breadcrumbs) {
echo '<div class="breadcrumb">';
$last_index = count($breadcrumbs) - 1;
foreach ($breadcrumbs as $index => $item) {
if ($index === $last_index) {
// Last item (current page)
echo '<span>' . htmlspecialchars($item['title']) . '</span>';
} else {
// Link to other pages
echo '<a href="' . htmlspecialchars($item['url']) . '">' . htmlspecialchars($item['title']) . '</a>';
echo '<span>/</span>';
}
@@ -69,7 +84,11 @@ function generateBreadcrumbs($breadcrumbs) {
echo '</div>';
}
/**
* Generate CSRF token for form security
*
* @return string CSRF token
*/
function generateCSRFToken() {
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
@@ -77,7 +96,9 @@ function generateCSRFToken() {
return $_SESSION['csrf_token'];
}
/**
* CSRF-Token prüfen und nach Erfolg invalidieren (Replay-Schutz)
*/
function validateCSRFToken($token) {
if (!isset($_SESSION['csrf_token']) || !is_string($token)) {
return false;
@@ -89,12 +110,16 @@ function validateCSRFToken($token) {
return true;
}
/**
* Werte für E-Mail-Header bereinigen (Header-Injection verhindern)
*/
function sanitizeHeaderValue(string $value): string {
return str_replace(["\r", "\n", "\0"], '', trim($value));
}
/**
* Client-IP für Logging (Cloudflare / vertrauenswürdiger Reverse-Proxy)
*/
function getClientIP(): string {
if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])
&& filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP)) {

16
backend/includes/header.php
View File

@@ -4,7 +4,7 @@
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Performance: DNS Prefetch & Preconnect -->
<link rel="dns-prefetch" href="//fonts.googleapis.com">
<link rel="dns-prefetch" href="//fonts.gstatic.com">
<link rel="dns-prefetch" href="//cdn.hexahost.de">
@@ -12,37 +12,37 @@
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="preconnect" href="https://cdn.hexahost.de" crossorigin>
<!-- Performance: Preload kritischer Ressourcen -->
<link rel="preload" href="/assets/css/style.css" as="style">
<link rel="preload" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" as="style">
<title><?php echo isset($page_title) ? htmlspecialchars($page_title) : 'HexaHost.de - Zuverlässiges Hosting aus Niederbayern'; ?></title>
<!-- SEO Meta Tags -->
<meta name="description" content="<?php echo isset($page_description) ? htmlspecialchars($page_description) : 'HexaHost.de - Zuverlässiges und preiswertes Hosting aus Niederbayern. VPS, VPC, Mail Gateway und Webhosting Lösungen.'; ?>">
<meta name="robots" content="index, follow">
<meta name="author" content="HexaHost.de">
<meta name="theme-color" content="#0d0821">
<!-- Open Graph / Social Media -->
<meta property="og:type" content="website">
<meta property="og:site_name" content="HexaHost.de">
<meta property="og:title" content="<?php echo isset($page_title) ? htmlspecialchars($page_title) : 'HexaHost.de'; ?>">
<meta property="og:description" content="<?php echo isset($page_description) ? htmlspecialchars($page_description) : 'Zuverlässiges Hosting aus Niederbayern'; ?>">
<meta property="og:locale" content="de_DE">
<!-- Main Stylesheets -->
<link rel="stylesheet" href="/assets/css/style.css">
<link rel="stylesheet" href="/assets/css/custom.css">
<!-- Fonts -->
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&family=Russo+One&family=Source+Sans+Pro:wght@300;400;600;700&display=swap" rel="stylesheet">
<!-- Favicon -->
<link rel="icon" type="image/svg+xml" href="/favicon.svg">
<link rel="apple-touch-icon" href="/favicon.svg">
<!-- Canonical URL (falls gesetzt) -->
<?php if (isset($canonical_url)): ?>
<link rel="canonical" href="<?php echo htmlspecialchars($canonical_url); ?>">
<?php endif; ?>