Enhance API functionality and security: Added rate limiting and domain validation across multiple API endpoints, improved error handling for missing or invalid parameters, and refactored email handling in contact form for better security and maintainability. Updated README.md with production build instructions and prerequisites.

backend/config/mail-config.php

@@ -140,24 +140,6 @@ function isValidEmail($email) {
     return true;
 }
 
-// CSRF Token generieren (wird in functions.php verwendet)
-// Hinweis: Diese Funktion existiert auch in functions.php - hier nur als Fallback
-if (!function_exists('generateCSRFToken')) {
-    function generateCSRFToken() {
-        if (!isset($_SESSION['csrf_token'])) {
-            $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
-        }
-        return $_SESSION['csrf_token'];
-    }
-}
-
-// CSRF Token validieren
-if (!function_exists('validateCSRFToken')) {
-    function validateCSRFToken($token) {
-        return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token);
-    }
-}
-
 /**
  * Hilfsfunktion zum Abrufen der Konfiguration als Array
  * Kompatibilität mit contact-handler.php
@@ -183,6 +165,9 @@ function getHexaHostConfig($key = null) {
         // Sicherheit
         'max_requests_per_hour' => MAX_REQUESTS_PER_HOUR,
         'honeypot_field' => 'website',
+        'enable_csrf' => ENABLE_CSRF_PROTECTION,
+        'min_message_length' => MIN_MESSAGE_LENGTH,
+        'max_message_length' => MAX_MESSAGE_LENGTH,
         
         // Debug
         'debug_mode' => DEBUG_MODE,