refactor: centralny autoloader, Shared\Email i Shared\Security

- Utworzono autoload/autoloader.php (hybrydowy PSR-4 + legacy)
- Zmigrowano 7 entry pointów do centralnego autoloadera
- Dodano PSR-4 mapowanie w composer.json (Domain, Shared, Admin, Frontend)
- Utworzono Shared\Email\Email (PHPMailer, migracja z Helpers)
- Utworzono Shared\Security\CsrfToken (random_bytes + hash_equals)
- Wrappery w Helpers delegują do nowych klas
- Zaktualizowano docs/PROJECT_STRUCTURE.md
- Inicjalizacja PAUL (.paul/) z roadmapą 19 faz refaktoryzacji

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

autoload/Shared/Email/Email.php

@@ -0,0 +1,94 @@
+<?php
+namespace Shared\Email;
+
+class Email
+{
+  public $table = 'pp_newsletter_templates';
+  public $text  = '';
+
+  public function load_by_name( string $name )
+  {
+    global $mdb;
+
+    $result = $mdb->get( $this->table, '*', [ 'name' => $name ] );
+    if ( is_array( $result ) ) foreach ( $result as $key => $val )
+      $this->$key = $val;
+  }
+
+  public function email_check( $email )
+  {
+    return filter_var( $email, FILTER_VALIDATE_EMAIL );
+  }
+
+  public function send( string $email, string $subject, $replay = '', $file = '' )
+  {
+    global $settings;
+
+    $base = dirname( dirname( dirname( __DIR__ ) ) );
+
+    if ( file_exists( $base . '/libraries/phpmailer/class.phpmailer.php' ) )
+      require_once $base . '/libraries/phpmailer/class.phpmailer.php';
+    if ( file_exists( $base . '/libraries/phpmailer/class.smtp.php' ) )
+      require_once $base . '/libraries/phpmailer/class.smtp.php';
+
+    $text = $this->text;
+
+    $regex = "-(<img[^>]+src\s*=\s*['\"])(((?!'|\"|https?://).)*)(['\"][^>]*>)-i";
+    $text  = preg_replace( $regex, "$1https://" . $_SERVER['SERVER_NAME'] . "$2$4", $text );
+
+    $regex = "-(<a[^>]+href\s*=\s*['\"])(((?!'|\"|https?://).)*)(['\"][^>]*>)-i";
+    $text  = preg_replace( $regex, "$1https://" . $_SERVER['SERVER_NAME'] . "$2$4", $text );
+
+    if ( $this->email_check( $email ) and $subject )
+    {
+      $mail = new \PHPMailer();
+      $mail->IsSMTP();
+      $mail->SMTPAuth    = true;
+      $mail->Host        = $settings['email_host'];
+      $mail->Port        = $settings['email_port'];
+      $mail->Username    = $settings['email_login'];
+      $mail->Password    = $settings['email_password'];
+      $mail->CharSet     = "UTF-8";
+      $mail->SMTPOptions = array(
+        'ssl' => array(
+          'verify_peer'       => false,
+          'verify_peer_name'  => false,
+          'allow_self_signed' => true
+        )
+      );
+
+      if ( $this->email_check( $replay ) )
+      {
+        $mail->AddReplyTo( $replay, $replay );
+        $mail->SetFrom( $settings['contact_email'], $settings['contact_email'] );
+      }
+      else
+      {
+        $mail->AddReplyTo( $settings['contact_email'], $settings['firm_name'] );
+        $mail->SetFrom( $settings['contact_email'], $settings['firm_name'] );
+      }
+
+      $mail->AddAddress( $email, '' );
+      $mail->Subject = $subject;
+      $mail->Body    = $text;
+
+      if ( is_array( $file ) )
+      {
+        foreach ( $file as $file_tmp )
+        {
+          if ( file_exists( $file_tmp ) )
+            $mail->AddAttachment( $file_tmp );
+        }
+      }
+      else
+      {
+        if ( file_exists( $file ) )
+          $mail->AddAttachment( $file );
+      }
+
+      $mail->IsHTML( true );
+      return $mail->Send();
+    }
+    return false;
+  }
+}

autoload/Shared/Helpers/Helpers.php

@@ -320,22 +320,13 @@ class Helpers
 
   public static function is_token_valid($token)
   {
-    if (!empty($_SESSION['tokens'][$token]))
-    {
-      unset($_SESSION['tokens'][$token]);
-      return true;
-    }
-    return false;
+    return \Shared\Security\CsrfToken::validate($token);
   }
 
   public static function get_token()
   {
-    $token = sha1(mt_rand());
-    if (!isset($_SESSION['tokens']))
-      $_SESSION['tokens'] = [$token => 1];
-    else
-      $_SESSION['tokens'][$token] = 1;
-    return $token;
+    \Shared\Security\CsrfToken::regenerate();
+    return \Shared\Security\CsrfToken::getToken();
   }
 
   public static function get_domain($url)
@@ -1222,60 +1213,8 @@ class Helpers
 
   public static function send_email( $email, $subject, $text, $replay = '', $file = '' )
   {
-    global $settings;
-
-    if ( file_exists('libraries/phpmailer/class.phpmailer.php') ) require_once 'libraries/phpmailer/class.phpmailer.php';
-    if ( file_exists('libraries/phpmailer/class.smtp.php') ) require_once 'libraries/phpmailer/class.smtp.php';
-    if ( file_exists('../libraries/phpmailer/class.phpmailer.php') ) require_once '../libraries/phpmailer/class.phpmailer.php';
-    if ( file_exists('../libraries/phpmailer/class.smtp.php') ) require_once '../libraries/phpmailer/class.smtp.php';
-    if ( $email and $subject )
-    {
-      $mail = new \PHPMailer();
-      $mail->IsSMTP();
-      $mail->SMTPAuth = true;
-      $mail->Host = $settings['email_host'];
-      $mail->Port = $settings['email_port'];
-      $mail->Username = $settings['email_login'];
-      $mail->Password = $settings['email_password'];
-      $mail->CharSet = "UTF-8";
-      $mail->SMTPOptions = array(
-        'ssl' => array(
-          'verify_peer' => false,
-          'verify_peer_name' => false,
-          'allow_self_signed' => true
-        )
-      );
-
-      if (self::email_check($replay))
-      {
-        $mail->AddReplyTo($replay, $replay);
-        $mail->SetFrom($settings['contact_email'], $settings['contact_email']);
-      }
-      else
-      {
-        $mail->AddReplyTo($settings['contact_email'], $settings['firm_name']);
-        $mail->SetFrom($settings['contact_email'], $settings['firm_name']);
-      }
-
-      $mail->AddAddress($email, '');
-      $mail->Subject = $subject;
-      $mail->Body = $text;
-      if (is_array($file))
-      {
-        foreach ($file as $file_tmp)
-        {
-          if (file_exists($file_tmp))
-            $mail->AddAttachment($file_tmp);
-        }
-      }
-      else
-      {
-        if (file_exists($file))
-          $mail->AddAttachment($file);
-      }
-      $mail->IsHTML(true);
-      return $mail->Send();
-    }
-    return true;
+    $emailObj = new \Shared\Email\Email();
+    $emailObj->text = $text;
+    return $emailObj->send( $email, $subject, $replay, $file );
   }
 }

autoload/Shared/Security/CsrfToken.php

@@ -0,0 +1,28 @@
+<?php
+namespace Shared\Security;
+
+class CsrfToken
+{
+  const SESSION_KEY = 'csrf_token';
+
+  public static function getToken()
+  {
+    if ( empty( $_SESSION[self::SESSION_KEY] ) )
+      $_SESSION[self::SESSION_KEY] = bin2hex( random_bytes( 32 ) );
+
+    return $_SESSION[self::SESSION_KEY];
+  }
+
+  public static function validate( $token )
+  {
+    if ( empty( $_SESSION[self::SESSION_KEY] ) || empty( $token ) )
+      return false;
+
+    return hash_equals( $_SESSION[self::SESSION_KEY], $token );
+  }
+
+  public static function regenerate()
+  {
+    unset( $_SESSION[self::SESSION_KEY] );
+  }
+}