215 lines
8.3 KiB
PHP
215 lines
8.3 KiB
PHP
<?php
|
|
// ============================================================
|
|
// core/helpers.php — دوال مساعدة موحدة
|
|
// ============================================================
|
|
|
|
// ── فلترة المدخلات (محسّنة) ─────────────────────────────────
|
|
function filterRequest(string $name, string $type = 'string'): mixed
|
|
{
|
|
// قراءة من POST أو JSON body
|
|
$value = null;
|
|
|
|
if (isset($_POST[$name]) && $_POST[$name] !== '') {
|
|
$value = $_POST[$name];
|
|
} else {
|
|
// محاولة قراءة من JSON body
|
|
static $jsonBody = null;
|
|
if ($jsonBody === null) {
|
|
$raw = file_get_contents('php://input');
|
|
$jsonBody = json_decode($raw, true) ?? [];
|
|
}
|
|
$value = $jsonBody[$name] ?? null;
|
|
}
|
|
|
|
if ($value === null || $value === '') return null;
|
|
|
|
$value = trim((string)$value);
|
|
|
|
// إزالة control characters
|
|
$value = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/', '', $value);
|
|
|
|
return match ($type) {
|
|
'int' => filter_var($value, FILTER_VALIDATE_INT) !== false ? (int)$value : null,
|
|
'float' => filter_var($value, FILTER_VALIDATE_FLOAT) !== false ? (float)$value : null,
|
|
'email' => filter_var($value, FILTER_VALIDATE_EMAIL) ?: null,
|
|
'url' => filter_var($value, FILTER_VALIDATE_URL) ?: null,
|
|
'bool' => filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE),
|
|
default => $value, // string — بدون htmlspecialchars (نتركه لـ PDO)
|
|
};
|
|
}
|
|
|
|
// ── ردود JSON موحدة ─────────────────────────────────────────
|
|
function jsonSuccess(mixed $data = null, string $message = 'success', int $code = 200): never
|
|
{
|
|
http_response_code($code);
|
|
// توحيد الأسلوب ليكون متوافقاً مع الكود القديم (وضع البيانات في message)
|
|
$payload = ($data !== null && (!empty($data) || is_array($data))) ? $data : $message;
|
|
echo json_encode(['status' => 'success', 'message' => $payload], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
|
|
exit;
|
|
}
|
|
|
|
function jsonError(string $message, int $code = 400, mixed $extra = null): never
|
|
{
|
|
http_response_code($code);
|
|
$response = ['status' => 'failure', 'message' => $message];
|
|
if ($extra !== null) $response['details'] = $extra;
|
|
echo json_encode($response, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
|
|
exit;
|
|
}
|
|
|
|
// (للتوافق مع الكود القديم)
|
|
function printSuccess(mixed $message = 'success'): void
|
|
{
|
|
echo json_encode(['status' => 'success', 'message' => $message], JSON_UNESCAPED_UNICODE);
|
|
}
|
|
function printFailure(mixed $message = 'failure'): void
|
|
{
|
|
echo json_encode(['status' => 'failure', 'message' => $message], JSON_UNESCAPED_UNICODE);
|
|
}
|
|
function result(int $count): void
|
|
{
|
|
if ($count > 0) {
|
|
printSuccess();
|
|
} else {
|
|
printFailure();
|
|
}
|
|
}
|
|
function sendEmail(string $from, string $to, string $title, string $body): void
|
|
{
|
|
$header = "From: $from\nCC: $from";
|
|
mail($to, $title, $body, $header);
|
|
}
|
|
|
|
// ── رفع صورة آمن ──────────────────────────────────────────────
|
|
function uploadImageSecure(
|
|
string $fileKey,
|
|
string $targetDir,
|
|
string $prefix = '',
|
|
array $allowedMimes = ['image/jpeg', 'image/png', 'image/webp']
|
|
): array {
|
|
if (!isset($_FILES[$fileKey]) || $_FILES[$fileKey]['error'] !== UPLOAD_ERR_OK) {
|
|
return ['success' => false, 'error' => 'File upload error'];
|
|
}
|
|
|
|
$file = $_FILES[$fileKey];
|
|
$maxSize = 5 * 1024 * 1024; // 5MB
|
|
|
|
// حجم الملف
|
|
if ($file['size'] > $maxSize) {
|
|
return ['success' => false, 'error' => 'File too large (max 5MB)'];
|
|
}
|
|
|
|
// MIME validation حقيقي (ليس extension فقط)
|
|
$finfo = new finfo(FILEINFO_MIME_TYPE);
|
|
$mimeType = $finfo->file($file['tmp_name']);
|
|
|
|
if (!in_array($mimeType, $allowedMimes, true)) {
|
|
return ['success' => false, 'error' => "Invalid file type: $mimeType"];
|
|
}
|
|
|
|
// اسم ملف آمن وعشوائي
|
|
$ext = match ($mimeType) {
|
|
'image/jpeg' => 'jpg',
|
|
'image/png' => 'png',
|
|
'image/webp' => 'webp',
|
|
default => 'bin',
|
|
};
|
|
$filename = ($prefix ? "{$prefix}_" : '') . bin2hex(random_bytes(8)) . ".$ext";
|
|
|
|
if (!is_dir($targetDir)) {
|
|
mkdir($targetDir, 0750, true);
|
|
}
|
|
|
|
$targetPath = rtrim($targetDir, '/') . '/' . $filename;
|
|
|
|
if (!move_uploaded_file($file['tmp_name'], $targetPath)) {
|
|
return ['success' => false, 'error' => 'Failed to move uploaded file'];
|
|
}
|
|
|
|
return ['success' => true, 'filename' => $filename, 'path' => $targetPath];
|
|
}
|
|
|
|
// ── تحميل ملف .env ───────────────────────────────────────────
|
|
function loadEnvironment(string $path): void
|
|
{
|
|
if (!file_exists($path)) {
|
|
error_log("[ENV] File not found: $path");
|
|
return;
|
|
}
|
|
$lines = file($path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
|
|
foreach ($lines as $line) {
|
|
if (str_starts_with(trim($line), '#')) continue;
|
|
if (!str_contains($line, '=')) continue;
|
|
[$key, $value] = explode('=', $line, 2);
|
|
$key = trim($key);
|
|
$value = trim($value, " \t\n\r\0\x0B\"'");
|
|
if ($key && !getenv($key)) {
|
|
putenv("$key=$value");
|
|
$_ENV[$key] = $value;
|
|
}
|
|
}
|
|
}
|
|
|
|
// ── Logging منظم ──────────────────────────────────────────────
|
|
function securityLog(string $message, array $context = []): void
|
|
{
|
|
$logDir = __DIR__ . '/../logs';
|
|
if (!is_dir($logDir)) {
|
|
@mkdir($logDir, 0777, true);
|
|
}
|
|
$entry = date('Y-m-d H:i:s') . ' [SECURITY] ' . $message;
|
|
if ($context) $entry .= ' | ' . json_encode($context, JSON_UNESCAPED_UNICODE);
|
|
@error_log($entry . PHP_EOL, 3, $logDir . '/security.log');
|
|
}
|
|
|
|
function appLog(string $message, string $level = 'INFO'): void
|
|
{
|
|
$logDir = __DIR__ . '/../logs';
|
|
if (!is_dir($logDir)) {
|
|
@mkdir($logDir, 0777, true);
|
|
}
|
|
$entry = date('Y-m-d H:i:s') . " [$level] " . $message;
|
|
@error_log($entry . PHP_EOL, 3, $logDir . '/app.log');
|
|
}
|
|
|
|
function uploadLog(string $message, string $level = 'INFO', array $context = []): void
|
|
{
|
|
$logDir = __DIR__ . '/../logs';
|
|
if (!is_dir($logDir)) {
|
|
@mkdir($logDir, 0777, true);
|
|
}
|
|
|
|
if (!isset($context['ip'])) {
|
|
$context['ip'] = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
|
|
}
|
|
if (!isset($context['user_agent'])) {
|
|
$context['user_agent'] = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown';
|
|
}
|
|
|
|
if (isset($context['upload_error_code'])) {
|
|
$errCode = $context['upload_error_code'];
|
|
$context['upload_error_desc'] = match ($errCode) {
|
|
UPLOAD_ERR_OK => 'UPLOAD_ERR_OK (0): No error, file uploaded successfully.',
|
|
UPLOAD_ERR_INI_SIZE => 'UPLOAD_ERR_INI_SIZE (1): The uploaded file exceeds the upload_max_filesize directive in php.ini.',
|
|
UPLOAD_ERR_FORM_SIZE => 'UPLOAD_ERR_FORM_SIZE (2): The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
|
|
UPLOAD_ERR_PARTIAL => 'UPLOAD_ERR_PARTIAL (3): The uploaded file was only partially uploaded (common on weak/3G networks).',
|
|
UPLOAD_ERR_NO_FILE => 'UPLOAD_ERR_NO_FILE (4): No file was uploaded.',
|
|
UPLOAD_ERR_NO_TMP_DIR => 'UPLOAD_ERR_NO_TMP_DIR (6): Missing a temporary folder.',
|
|
UPLOAD_ERR_CANT_WRITE => 'UPLOAD_ERR_CANT_WRITE (7): Failed to write file to disk.',
|
|
UPLOAD_ERR_EXTENSION => 'UPLOAD_ERR_EXTENSION (8): A PHP extension stopped the file upload.',
|
|
default => "Unknown upload error code: $errCode",
|
|
};
|
|
}
|
|
|
|
$entry = date('Y-m-d H:i:s') . " [$level] " . $message;
|
|
if ($context) {
|
|
$entry .= ' | ' . json_encode($context, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
|
|
}
|
|
@error_log($entry . PHP_EOL, 3, $logDir . '/upload.log');
|
|
}
|
|
|
|
function debugLog(string $message): void
|
|
{
|
|
appLog($message, 'DEBUG');
|
|
}
|