chore(release): obfuscate and hash production assets [skip ci]

backend/includes/api-helpers.php

@@ -1,11 +1,11 @@
 <?php
-/**
- * Gemeinsame Hilfsfunktionen für öffentliche DNS/API-Endpunkte
- */
 
-/**
- * Client-IP für Rate-Limiting (Cloudflare-sicher, kein blindes X-Forwarded-For)
- */
+
+
+
+
+
+
 function getApiClientIp(): string {
     if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])
         && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP)) {
@@ -34,9 +34,9 @@ function getApiClientIp(): string {
     return $remoteAddr;
 }
 
-/**
- * Einfaches Rate-Limiting pro Endpunkt und IP
- */
+
+
+
 function checkApiRateLimit(string $endpoint, int $maxPerHour = 120): bool {
     $ip = getApiClientIp();
     $cacheFile = sys_get_temp_dir() . '/hexahost_api_' . md5($endpoint . '_' . $ip) . '.txt';
@@ -82,9 +82,9 @@ function checkApiRateLimit(string $endpoint, int $maxPerHour = 120): bool {
     return true;
 }
 
-/**
- * Domain aus GET-Parameter normalisieren und validieren
- */
+
+
+
 function getValidatedDomainParam(string $param = 'domain'): ?string {
     if (empty($_GET[$param])) {
         return null;
@@ -102,9 +102,9 @@ function getValidatedDomainParam(string $param = 'domain'): ?string {
     return $domain;
 }
 
-/**
- * Rate-Limit-JSON-Antwort senden und beenden
- */
+
+
+
 function rejectApiRateLimit(): void {
     http_response_code(429);
     echo json_encode(['error' => 'Zu viele Anfragen. Bitte versuchen Sie es später erneut.']);

backend/includes/footer.php

@@ -126,7 +126,7 @@
         window.dataLayer = window.dataLayer || [];
         function gtag(){dataLayer.push(arguments);}
 
-        // Standard: keine Analyse/Marketing-Cookies bis zur Einwilligung
+        
         gtag('consent', 'default', {
             analytics_storage: 'denied',
             ad_storage: 'denied',
@@ -139,7 +139,7 @@
             anonymize_ip: true
         });
 
-        // Übergibt Consent-Änderungen aus dem eigenen Cookie-Banner an GA
+        
         window.addEventListener('cookieConsentUpdated', function (event) {
             var payload = event && event.detail ? event.detail : {};
             var consent = payload.consent ? payload.consent : payload;
@@ -156,8 +156,8 @@
     </script>
     <script async src="https://www.googletagmanager.com/gtag/js?id=G-EF0E9VPMTD"></script>
 
-    <script src="/assets/js/main.js" defer></script>
-    <script src="/assets/js/cookie-consent.js" defer></script>
+    <script src="/assets/js/main.915e0206c30f.js" defer></script>
+    <script src="/assets/js/cookie-consent.de9e404f0700.js" defer></script>
     <?php if (isset($additional_scripts)): ?>
         <?php foreach ($additional_scripts as $script): ?>
             <script src="<?php echo htmlspecialchars($script, ENT_QUOTES, 'UTF-8'); ?>" defer></script>

backend/includes/functions.php

@@ -1,11 +1,11 @@
 <?php
-/**
- * Helper functions for HexaHost.de
- */
 
-// Sichere Session-Konfiguration
+
+
+
+
 if (session_status() === PHP_SESSION_NONE) {
-    // Session-Cookie-Sicherheit
+    
     ini_set('session.cookie_httponly', 1);
     ini_set('session.cookie_secure', isset($_SERVER['HTTPS']) ? 1 : 0);
     ini_set('session.cookie_samesite', 'Strict');
@@ -14,14 +14,14 @@ if (session_status() === PHP_SESSION_NONE) {
     
     session_start();
     
-    // Session-ID regenerieren bei Login/wichtigen Aktionen (Schutz vor Session Fixation)
+    
     if (!isset($_SESSION['initiated'])) {
         session_regenerate_id(true);
         $_SESSION['initiated'] = true;
     }
 }
 
-// PHP Error Display in Produktion deaktivieren
+
 if (!defined('DEBUG_MODE') || !DEBUG_MODE) {
     ini_set('display_errors', 0);
     ini_set('display_startup_errors', 0);
@@ -29,18 +29,18 @@ if (!defined('DEBUG_MODE') || !DEBUG_MODE) {
     ini_set('log_errors', 1);
 }
 
-/**
- * Set page configuration and include header
- * 
- * @param string $title The page title
- * @param string $description The page description
- * @param string $page The current page identifier
- * @param array $scripts Additional scripts to include
- */
+
+
+
+
+
+
+
+
 function includeHeader($title = '', $description = '', $page = '', $scripts = []) {
     global $page_title, $page_description, $current_page, $additional_scripts;
     
-    // Set page configuration from parameters
+    
     $page_title = !empty($title) 
         ? $title 
         : 'HexaHost.de - Zuverlässiges Hosting aus Niederbayern';
@@ -55,28 +55,28 @@ function includeHeader($title = '', $description = '', $page = '', $scripts = []
     include __DIR__ . '/header.php';
 }
 
-/**
- * Include footer
- */
+
+
+
 function includeFooter() {
     include __DIR__ . '/footer.php';
 }
 
-/**
- * Generate breadcrumb navigation
- * 
- * @param array $breadcrumbs Array of breadcrumb items [['title' => 'Home', 'url' => 'index.html'], ...]
- */
+
+
+
+
+
 function generateBreadcrumbs($breadcrumbs) {
     echo '<div class="breadcrumb">';
     $last_index = count($breadcrumbs) - 1;
     
     foreach ($breadcrumbs as $index => $item) {
         if ($index === $last_index) {
-            // Last item (current page)
+            
             echo '<span>' . htmlspecialchars($item['title']) . '</span>';
         } else {
-            // Link to other pages
+            
             echo '<a href="' . htmlspecialchars($item['url']) . '">' . htmlspecialchars($item['title']) . '</a>';
             echo '<span>/</span>';
         }
@@ -84,11 +84,11 @@ function generateBreadcrumbs($breadcrumbs) {
     echo '</div>';
 }
 
-/**
- * Generate CSRF token for form security
- * 
- * @return string CSRF token
- */
+
+
+
+
+
 function generateCSRFToken() {
     if (!isset($_SESSION['csrf_token'])) {
         $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
@@ -96,9 +96,9 @@ function generateCSRFToken() {
     return $_SESSION['csrf_token'];
 }
 
-/**
- * CSRF-Token prüfen und nach Erfolg invalidieren (Replay-Schutz)
- */
+
+
+
 function validateCSRFToken($token) {
     if (!isset($_SESSION['csrf_token']) || !is_string($token)) {
         return false;
@@ -110,16 +110,16 @@ function validateCSRFToken($token) {
     return true;
 }
 
-/**
- * Werte für E-Mail-Header bereinigen (Header-Injection verhindern)
- */
+
+
+
 function sanitizeHeaderValue(string $value): string {
     return str_replace(["\r", "\n", "\0"], '', trim($value));
 }
 
-/**
- * Client-IP für Logging (Cloudflare / vertrauenswürdiger Reverse-Proxy)
- */
+
+
+
 function getClientIP(): string {
     if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])
         && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP)) {

backend/includes/header.php

@@ -13,7 +13,7 @@
     <link rel="preconnect" href="https://cdn.hexahost.de" crossorigin>
     
     <!-- Performance: Preload kritischer Ressourcen -->
-    <link rel="preload" href="/assets/css/style.css" as="style">
+    <link rel="preload" href="/assets/css/style.d01979e8c871.css" as="style">
     <link rel="preload" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" as="style">
     
     <title><?php echo isset($page_title) ? htmlspecialchars($page_title) : 'HexaHost.de - Zuverlässiges Hosting aus Niederbayern'; ?></title>
@@ -32,8 +32,8 @@
     <meta property="og:locale" content="de_DE">
     
     <!-- Main Stylesheets -->
-    <link rel="stylesheet" href="/assets/css/style.css">
-    <link rel="stylesheet" href="/assets/css/custom.css">
+    <link rel="stylesheet" href="/assets/css/style.d01979e8c871.css">
+    <link rel="stylesheet" href="/assets/css/custom.0bc6a878fec2.css">
     
     <!-- Fonts -->
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&family=Russo+One&family=Source+Sans+Pro:wght@300;400;600;700&display=swap" rel="stylesheet">