feat: Add comprehensive documentation suite and reorganize project structure

- Created complete documentation in docs/ directory - Added PROJECT_OVERVIEW.md with feature highlights and getting started guide - Added ARCHITECTURE.md with system design and technical details - Added SECURITY.md with comprehensive security implementation guide - Added DEVELOPMENT.md with development workflows and best practices - Added DEPLOYMENT.md with production deployment instructions - Added API.md with complete REST API documentation - Added CONTRIBUTING.md with contribution guidelines - Added CHANGELOG.md with version history and migration notes - Reorganized all documentation files into docs/ directory for better organization - Updated README.md with proper documentation links and quick navigation - Enhanced project structure with professional documentation standards
2025-10-21 00:39:45 -07:00
commit 0b7e2d0a5b
6080 changed files with 1332936 additions and 0 deletions
--- a/examples/example_secure_form.php
+++ b/examples/example_secure_form.php
@@ -0,0 +1,140 @@
+<?php
+/*******************************************************************************************************************
+| Example: Secure Form Implementation
+| This file demonstrates how to use the new security features
+|*******************************************************************************************************************/
+
+define('_ISVALID', true);
+include_once 'f_core/config.core.php';
+
+// Example: Handling a secure form submission
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    // Validate CSRF token
+    if (!validate_csrf('user_update')) {
+        die('CSRF token validation failed');
+    }
+    
+    // Rate limiting check
+    $user_ip = $_SERVER['REMOTE_ADDR'];
+    if (!check_rate_limit('form_submit_' . $user_ip, 5, 300)) {
+        die('Rate limit exceeded. Please try again later.');
+    }
+    
+    // Secure parameter extraction
+    $username = post_param('username', 'alphanum', '', ['min_length' => 3, 'max_length' => 20]);
+    $email = post_param('email', 'email');
+    $age = post_param('age', 'int', 0, ['min' => 13, 'max' => 120]);
+    $bio = post_param('bio', 'html'); // Will be sanitized by VFilter
+    
+    // Validate required fields
+    if (empty($username) || empty($email)) {
+        $error = 'Username and email are required';
+    } else {
+        // Process the form (save to database, etc.)
+        // The database class now uses prepared statements automatically
+        
+        $update_data = [
+            'usr_user' => $username,
+            'usr_email' => $email,
+            'usr_age' => $age,
+            'usr_bio' => $bio
+        ];
+        
+        $success = $class_database->doUpdate('db_accountuser', 'usr_id', $update_data, $_SESSION['USER_ID']);
+        
+        if ($success) {
+            log_security_event('user_profile_updated', ['user_id' => $_SESSION['USER_ID']]);
+            $message = 'Profile updated successfully';
+        } else {
+            $error = 'Failed to update profile';
+        }
+    }
+}
+
+// Example: Secure file upload
+if (isset($_FILES['avatar'])) {
+    $allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];
+    $maxSize = 2 * 1024 * 1024; // 2MB
+    
+    $validation = validate_file_upload($_FILES['avatar'], $allowedTypes, $maxSize);
+    
+    if ($validation['valid']) {
+        // Process the file upload
+        $uploadDir = 'f_data/data_userfiles/avatars/';
+        $filename = uniqid() . '_' . basename($_FILES['avatar']['name']);
+        $uploadPath = $uploadDir . $filename;
+        
+        if (move_uploaded_file($_FILES['avatar']['tmp_name'], $uploadPath)) {
+            log_security_event('avatar_uploaded', ['user_id' => $_SESSION['USER_ID'], 'filename' => $filename]);
+            $avatar_message = 'Avatar uploaded successfully';
+        } else {
+            $avatar_error = 'Failed to upload avatar';
+        }
+    } else {
+        $avatar_error = 'Invalid file: ' . $validation['error'];
+    }
+}
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Secure Form Example</title>
+</head>
+<body>
+    <h1>Secure User Profile Form</h1>
+    
+    <?php if (isset($error)): ?>
+        <div style="color: red;"><?= secure_output($error) ?></div>
+    <?php endif; ?>
+    
+    <?php if (isset($message)): ?>
+        <div style="color: green;"><?= secure_output($message) ?></div>
+    <?php endif; ?>
+    
+    <form method="POST" enctype="multipart/form-data">
+        <?= csrf_field('user_update') ?>
+        
+        <div>
+            <label>Username:</label>
+            <input type="text" name="username" value="<?= secure_output(get_param('username', 'alphanum', '')) ?>" required>
+        </div>
+        
+        <div>
+            <label>Email:</label>
+            <input type="email" name="email" value="<?= secure_output(get_param('email', 'email', '')) ?>" required>
+        </div>
+        
+        <div>
+            <label>Age:</label>
+            <input type="number" name="age" value="<?= secure_output(get_param('age', 'int', '')) ?>" min="13" max="120">
+        </div>
+        
+        <div>
+            <label>Bio:</label>
+            <textarea name="bio"><?= secure_output(get_param('bio', 'string', '')) ?></textarea>
+        </div>
+        
+        <div>
+            <label>Avatar:</label>
+            <input type="file" name="avatar" accept="image/*">
+            <?php if (isset($avatar_error)): ?>
+                <div style="color: red;"><?= secure_output($avatar_error) ?></div>
+            <?php endif; ?>
+            <?php if (isset($avatar_message)): ?>
+                <div style="color: green;"><?= secure_output($avatar_message) ?></div>
+            <?php endif; ?>
+        </div>
+        
+        <button type="submit">Update Profile</button>
+    </form>
+    
+    <script>
+        // Example of secure JavaScript output
+        var userMessage = <?= secure_js($message ?? '') ?>;
+        if (userMessage) {
+            console.log('Success: ' + userMessage);
+        }
+    </script>
+</body>
+</html>