Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-09 08:40:31 +03:00
commit d8901e1a87
3161 changed files with 536187 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
backend/core/helpers.php Normal file
View File

@@ -0,0 +1,178 @@
<?php
// ============================================================
// core/helpers.php — دوال مساعدة موحدة
// ============================================================
// ── فلترة المدخلات (محسّنة) ─────────────────────────────────
function filterRequest(string $name, string $type = 'string'): mixed
{
// قراءة من POST أو JSON body
$value = null;
if (isset($_POST[$name]) && $_POST[$name] !== '') {
$value = $_POST[$name];
} else {
// محاولة قراءة من JSON body
static $jsonBody = null;
if ($jsonBody === null) {
$raw = file_get_contents('php://input');
$jsonBody = json_decode($raw, true) ?? [];
}
$value = $jsonBody[$name] ?? null;
}
if ($value === null || $value === '') return null;
$value = trim((string)$value);
// إزالة control characters
$value = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/', '', $value);
return match ($type) {
'int' => filter_var($value, FILTER_VALIDATE_INT) !== false ? (int)$value : null,
'float' => filter_var($value, FILTER_VALIDATE_FLOAT) !== false ? (float)$value : null,
'email' => filter_var($value, FILTER_VALIDATE_EMAIL) ?: null,
'url' => filter_var($value, FILTER_VALIDATE_URL) ?: null,
'bool' => filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE),
default => $value, // string — بدون htmlspecialchars (نتركه لـ PDO)
};
}
// ── ردود JSON موحدة ─────────────────────────────────────────
function jsonSuccess(mixed $data = null, string $message = 'success', int $code = 200): never
{
http_response_code($code);
// توحيد الأسلوب ليكون متوافقاً مع الكود القديم (وضع البيانات في message)
$payload = ($data !== null && (!empty($data) || is_array($data))) ? $data : $message;
echo json_encode(['status' => 'success', 'message' => $payload], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
exit;
}
function jsonError(string $message, int $code = 400, mixed $extra = null): never
{
http_response_code($code);
$response = ['status' => 'failure', 'message' => $message];
if ($extra !== null) $response['details'] = $extra;
echo json_encode($response, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
exit;
}
// (للتوافق مع الكود القديم)
function printSuccess(mixed $message = 'success'): void
{
echo json_encode(['status' => 'success', 'message' => $message], JSON_UNESCAPED_UNICODE);
}
function printFailure(mixed $message = 'failure'): void
{
echo json_encode(['status' => 'failure', 'message' => $message], JSON_UNESCAPED_UNICODE);
}
function result(int $count): void
{
if ($count > 0) {
printSuccess();
} else {
printFailure();
}
}
function sendEmail(string $from, string $to, string $title, string $body): void
{
$header = "From: $from\nCC: $from";
mail($to, $title, $body, $header);
}
// ── رفع صورة آمن ──────────────────────────────────────────────
function uploadImageSecure(
string $fileKey,
string $targetDir,
string $prefix = '',
array $allowedMimes = ['image/jpeg', 'image/png', 'image/webp']
): array {
if (!isset($_FILES[$fileKey]) || $_FILES[$fileKey]['error'] !== UPLOAD_ERR_OK) {
return ['success' => false, 'error' => 'File upload error'];
}
$file = $_FILES[$fileKey];
$maxSize = 5 * 1024 * 1024; // 5MB
// حجم الملف
if ($file['size'] > $maxSize) {
return ['success' => false, 'error' => 'File too large (max 5MB)'];
}
// MIME validation حقيقي (ليس extension فقط)
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->file($file['tmp_name']);
if (!in_array($mimeType, $allowedMimes, true)) {
return ['success' => false, 'error' => "Invalid file type: $mimeType"];
}
// اسم ملف آمن وعشوائي
$ext = match ($mimeType) {
'image/jpeg' => 'jpg',
'image/png' => 'png',
'image/webp' => 'webp',
default => 'bin',
};
$filename = ($prefix ? "{$prefix}_" : '') . bin2hex(random_bytes(8)) . ".$ext";
if (!is_dir($targetDir)) {
mkdir($targetDir, 0750, true);
}
$targetPath = rtrim($targetDir, '/') . '/' . $filename;
if (!move_uploaded_file($file['tmp_name'], $targetPath)) {
return ['success' => false, 'error' => 'Failed to move uploaded file'];
}
return ['success' => true, 'filename' => $filename, 'path' => $targetPath];
}
// ── تحميل ملف .env ───────────────────────────────────────────
function loadEnvironment(string $path): void
{
if (!file_exists($path)) {
error_log("[ENV] File not found: $path");
return;
}
$lines = file($path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach ($lines as $line) {
if (str_starts_with(trim($line), '#')) continue;
if (!str_contains($line, '=')) continue;
[$key, $value] = explode('=', $line, 2);
$key = trim($key);
$value = trim($value, " \t\n\r\0\x0B\"'");
if ($key && !getenv($key)) {
putenv("$key=$value");
$_ENV[$key] = $value;
}
}
}
// ── Logging منظم ──────────────────────────────────────────────
function securityLog(string $message, array $context = []): void
{
$logDir = __DIR__ . '/../logs';
if (!is_dir($logDir)) {
@mkdir($logDir, 0777, true);
}
$entry = date('Y-m-d H:i:s') . ' [SECURITY] ' . $message;
if ($context) $entry .= ' | ' . json_encode($context, JSON_UNESCAPED_UNICODE);
@error_log($entry . PHP_EOL, 3, $logDir . '/security.log');
}
function appLog(string $message, string $level = 'INFO'): void
{
$logDir = __DIR__ . '/../logs';
if (!is_dir($logDir)) {
@mkdir($logDir, 0777, true);
}
$entry = date('Y-m-d H:i:s') . " [$level] " . $message;
@error_log($entry . PHP_EOL, 3, $logDir . '/app.log');
}
function debugLog(string $message): void
{
appLog($message, 'DEBUG');
}