<?php
// Test der HTTPS-Sicherheit
echo "🔒 HTTPS-Sicherheit Test\n";
echo "======================\n\n";

// 1. Prüfe .env Einstellungen
echo "1. .env Einstellungen:\n";
$envVars = ['APP_URL', 'FORCE_HTTPS', 'SECURE_COOKIES', 'SESSION_SECURE_COOKIE'];
foreach ($envVars as $var) {
    $value = getenv($var) ?: 'nicht gesetzt';
    echo "   - $var: $value\n";
}

// 2. Prüfe Session-Konfiguration
echo "\n2. Session-Konfiguration:\n";
if (file_exists('config/session.php')) {
    $content = file_get_contents('config/session.php');
    if (strpos($content, "'secure' => true") !== false) {
        echo "   ✅ Session secure: true\n";
    } else {
        echo "   ❌ Session secure: false\n";
    }
    if (strpos($content, "'http_only' => true") !== false) {
        echo "   ✅ Session http_only: true\n";
    } else {
        echo "   ❌ Session http_only: false\n";
    }
}

// 3. Prüfe CSRF-Konfiguration
echo "\n3. CSRF-Konfiguration:\n";
if (file_exists('config/csrf.php')) {
    $content = file_get_contents('config/csrf.php');
    if (strpos($content, "'secure' => true") !== false) {
        echo "   ✅ CSRF secure: true\n";
    } else {
        echo "   ❌ CSRF secure: false\n";
    }
}

// 4. Prüfe .htaccess
echo "\n4. .htaccess HTTPS-Headers:\n";
if (file_exists('public/.htaccess')) {
    $content = file_get_contents('public/.htaccess');
    if (strpos($content, 'Strict-Transport-Security') !== false) {
        echo "   ✅ HSTS Header vorhanden\n";
    } else {
        echo "   ❌ HSTS Header fehlt\n";
    }
    if (strpos($content, 'upgrade-insecure-requests') !== false) {
        echo "   ✅ CSP upgrade-insecure-requests vorhanden\n";
    } else {
        echo "   ❌ CSP upgrade-insecure-requests fehlt\n";
    }
}

echo "\n✅ HTTPS-Sicherheit Test abgeschlossen!\n";
echo "🔗 Testen Sie jetzt: https://neonail.vogt.de.com/admin/users\n";
?>