feat: Add comprehensive documentation suite and reorganize project structure

- Created complete documentation in docs/ directory
- Added PROJECT_OVERVIEW.md with feature highlights and getting started guide
- Added ARCHITECTURE.md with system design and technical details
- Added SECURITY.md with comprehensive security implementation guide
- Added DEVELOPMENT.md with development workflows and best practices
- Added DEPLOYMENT.md with production deployment instructions
- Added API.md with complete REST API documentation
- Added CONTRIBUTING.md with contribution guidelines
- Added CHANGELOG.md with version history and migration notes
- Reorganized all documentation files into docs/ directory for better organization
- Updated README.md with proper documentation links and quick navigation
- Enhanced project structure with professional documentation standards

f_core/config.security.php

@@ -0,0 +1,29 @@
+<?php
+// Security configuration
+if (!defined("_VALID_ACCESS")) { exit("Direct access not allowed"); }
+
+// Security settings
+$cfg["security_salt"] = "change_this_salt_" . md5(__FILE__);
+$cfg["session_timeout"] = 3600; // 1 hour
+$cfg["max_login_attempts"] = 5;
+$cfg["password_min_length"] = 8;
+$cfg["csrf_protection"] = true;
+$cfg["secure_cookies"] = true;
+$cfg["session_regenerate"] = true;
+
+// CSRF token generation
+if (!function_exists("generate_csrf_token")) {
+    function generate_csrf_token() {
+        if (!isset($_SESSION["csrf_token"])) {
+            $_SESSION["csrf_token"] = bin2hex(random_bytes(32));
+        }
+        return $_SESSION["csrf_token"];
+    }
+}
+
+// CSRF token validation
+if (!function_exists("validate_csrf_token")) {
+    function validate_csrf_token($token) {
+        return isset($_SESSION["csrf_token"]) && hash_equals($_SESSION["csrf_token"], $token);
+    }
+}