<?php
// Generated by setup_mariadb_project.sh — edit as needed.
define('DB_HOST', '127.0.0.1');
define('DB_NAME', 'app_38220');
define('DB_USER', 'app_38220');
define('DB_PASS', '5f905595-f08d-48bc-9b00-3e1a868017ea');

if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

function db() {
  static $pdo;
  if (!$pdo) {
    try {
        $pdo = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset=utf8mb4', DB_USER, DB_PASS, [
          PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
          PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
          PDO::ATTR_EMULATE_PREPARES => false,
        ]);
    } catch (PDOException $e) {
        die("Connection failed: " . $e->getMessage());
    }
  }
  return $pdo;
}

/**
 * XSS Protection helper
 */
function e($value) {
    return htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
}

/**
 * CSRF Token generation
 */
function csrf_token() {
    if (empty($_SESSION['csrf_token'])) {
        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
    }
    return $_SESSION['csrf_token'];
}

/**
 * CSRF Token validation
 */
function validate_csrf($token) {
    return !empty($token) && hash_equals($_SESSION['csrf_token'] ?? '', $token);
}

/**
 * Format currency
 */
function format_currency($amount) {
    return '$' . number_format((float)$amount, 2);
}