Problem
Two related maintainability issues in web/_functions:
- Inconsistent function-namespace prefixing. ~51 shared global functions use the
g2ml_ prefix (security.php, cookie_consent.php, data_rights.php, email.php, error_handler.php, breach_response.php, dnt.php, json_validator.php) while ~103 are unprefixed (org.php, auth.php, account_types.php, db_query.php, session.php, i18n.php, router.php, settings.php, db_connect.php, activity_logger.php — e.g. logActivity, getSetting, dbSelect, registerUser). The split is along phase lines. In a Composer-less, namespace-less codebase where these are all global, unprefixed names like getSetting/logActivity raise collision risk with built-ins or future third-party code.
- Duplicated client-IP fallback block. The identical
if (function_exists('g2ml_getClientIP')) { $ipAddress = g2ml_getClientIP(); } else { $ipAddress = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } is copy-pasted ~9 times across 6 files (auth.php:373-377,907-911,995-999,1086-1090; activity_logger.php:128-132; breach_response.php:518; plus cookie_consent.php, session.php, error_handler.php). These copies are also the source of the K&R-vs-Allman brace inconsistency in auth.php.
Recommended fix
- Adopt one naming convention project-wide (safest:
g2ml_ on every shared global function), retrofitting the unprefixed ones (or adding deprecation shims), and document the chosen convention in patterns.md. At minimum, record the rule and apply it to all new code.
- Extract a single helper (e.g.
g2ml_clientIpOrDefault(): string) that performs the function_exists guard + fallback once, and call it everywhere (removes ~36 duplicated lines and the divergent brace style).
Acceptance criteria
Filed from the 2026-06-04 deployment-readiness audit — see docs/AUDIT_2026-06-04.md.
Problem
Two related maintainability issues in
web/_functions:g2ml_prefix (security.php, cookie_consent.php, data_rights.php, email.php, error_handler.php, breach_response.php, dnt.php, json_validator.php) while ~103 are unprefixed (org.php, auth.php, account_types.php, db_query.php, session.php, i18n.php, router.php, settings.php, db_connect.php, activity_logger.php — e.g.logActivity,getSetting,dbSelect,registerUser). The split is along phase lines. In a Composer-less, namespace-less codebase where these are all global, unprefixed names likegetSetting/logActivityraise collision risk with built-ins or future third-party code.if (function_exists('g2ml_getClientIP')) { $ipAddress = g2ml_getClientIP(); } else { $ipAddress = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; }is copy-pasted ~9 times across 6 files (auth.php:373-377,907-911,995-999,1086-1090;activity_logger.php:128-132;breach_response.php:518; pluscookie_consent.php,session.php,error_handler.php). These copies are also the source of the K&R-vs-Allman brace inconsistency inauth.php.Recommended fix
g2ml_on every shared global function), retrofitting the unprefixed ones (or adding deprecation shims), and document the chosen convention inpatterns.md. At minimum, record the rule and apply it to all new code.g2ml_clientIpOrDefault(): string) that performs thefunction_existsguard + fallback once, and call it everywhere (removes ~36 duplicated lines and the divergent brace style).Acceptance criteria
patterns.mdFiled from the 2026-06-04 deployment-readiness audit — see
docs/AUDIT_2026-06-04.md.