Remove config.php generation from setup, retain .env with input sanitization

[Copilot]

System configuration will now be managed via database after initial setup. The setup script should only create the .env file with essential credentials, not generate config.php.

Changes

Removed

• config.php generation and all associated logic (48 config variables)
• Form sections: Basis-Daten, Server-Daten, Roleplay-Daten, Funktionen & Einstellungen
• Config variables: SYSTEM_NAME, SYSTEM_COLOR, SYSTEM_URL, SERVER_NAME, RP_ORGTYPE, CHAR_ID, ENOTF_USE_PIN, REGISTRATION_MODE, BASE_PATH, API_KEY, etc.
• Associated validation for removed variables

Retained

• .env file creation for database credentials (DB_HOST, DB_USER, DB_PASS, DB_NAME)
• Discord OAuth credentials (DISCORD_CLIENT_ID, DISCORD_CLIENT_SECRET)
• Git repository initialization and Composer installation flows

Security improvements

Added input sanitization to prevent .env injection:

function sanitizeEnvValue($value) {
    return trim(str_replace(["\r", "\n"], '', $value));
}

function formatEnvValue($value) {
    $value = sanitizeEnvValue($value);
    $value = str_replace(['\\', '"'], ['\\\\', '\\"'], $value);
    return '"' . $value . '"';
}

// All values are now properly escaped and quoted
$envContent = "DB_HOST=" . formatEnvValue($envConfig['DB_HOST']) . "\n";

Impact

• Reduced setup.php from 1207 to 964 lines (20% reduction)
• Simplified user flow: only essential credentials required during setup
• Configuration UI moves to post-setup database admin panel

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Config-Variablen aus setup entfernen</issue_title>
<issue_description>1. Die Config-Varaiblen und erstellung/überschreibung der config.php sollte entfernt werden. Da künftig die Config an sich über die Datenbank (nach dem Setup) stattfinden wird.
2. Die Erstellung der .env ist essenziell und sollte bestehen bleiben. </issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Config-Variablen aus setup entfernen #3

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.