Add comprehensive unit tests for Security, UserModel, and Validation utilities

- Implemented SecurityTest to validate token generation, CSRF protection, input sanitization, and rate limiting.
- Created UserModelTest to ensure correct database operations for user management, including creation, updating, banning, and fetching active users.
- Developed ValidationTest to verify input validation and sanitization for user IDs, nicknames, messages, and API requests.
- Introduced Security and Validation utility classes with methods for secure token generation, input sanitization, and comprehensive validation rules.

includes/autoloader.php

@@ -0,0 +1,103 @@
+<?php
+/**
+ * PSR-4 Autoloader
+ * Automatically loads classes based on PSR-4 standards
+ */
+
+spl_autoload_register(function ($className) {
+    // PSR-4 mapping for the application
+    $prefixes = [
+        'App\\' => __DIR__ . '/../app/',
+        'Models\\' => __DIR__ . '/../models/',
+        'Controllers\\' => __DIR__ . '/../controllers/',
+        'Utils\\' => __DIR__ . '/../utils/',
+        'Services\\' => __DIR__ . '/../services/',
+        'Middleware\\' => __DIR__ . '/../middleware/'
+    ];
+
+    // Check for exact class match first (for legacy classes)
+    $legacyMappings = [
+        'Config' => __DIR__ . '/Config.php',
+        'Security' => __DIR__ . '/../utils/Security.php',
+        'Validation' => __DIR__ . '/../utils/Validation.php',
+        'Database' => __DIR__ . '/Database.php',
+        'UserModel' => __DIR__ . '/../models/UserModel.php',
+        'ChatMessageModel' => __DIR__ . '/../models/ChatMessageModel.php',
+        'ActiveViewerModel' => __DIR__ . '/../models/ActiveViewerModel.php'
+    ];
+
+    // First check legacy mappings
+    if (isset($legacyMappings[$className])) {
+        $file = $legacyMappings[$className];
+        if (file_exists($file)) {
+            require_once $file;
+            return;
+        }
+    }
+
+    // Check PSR-4 mappings
+    foreach ($prefixes as $prefix => $baseDir) {
+        $len = strlen($prefix);
+        if (strncmp($prefix, $className, $len) !== 0) {
+            continue;
+        }
+
+        $relativeClass = substr($className, $len);
+        $file = $baseDir . str_replace('\\', '/', $relativeClass) . '.php';
+
+        if (file_exists($file)) {
+            require_once $file;
+            if (Config::isDebug()) {
+                error_log("Autoloaded: {$className} from {$file}");
+            }
+            return;
+        }
+    }
+
+    // Class not found - this will throw an exception from spl_autoload_register
+    if (Config::isDebug()) {
+        error_log("Autoloader: Class {$className} not found in any mapping");
+    }
+});
+
+/**
+ * Optional: Load additional helper functions
+ */
+if (file_exists(__DIR__ . '/helpers.php')) {
+    require_once __DIR__ . '/helpers.php';
+}
+
+/**
+ * Optional: Load composer autoloader if it exists (for future dependencies)
+ */
+$composerAutoloader = __DIR__ . '/../vendor/autoload.php';
+if (file_exists($composerAutoloader)) {
+    require_once $composerAutoloader;
+}
+
+// Verify critical classes are loaded
+$criticalClasses = [
+    'Config',
+    'Security',
+    'Validation',
+    'Database'
+];
+
+foreach ($criticalClasses as $class) {
+    if (!class_exists($class, false)) {
+        // Try to load manually
+        $legacyPaths = [
+            'Config' => 'includes/Config.php',
+            'Security' => 'utils/Security.php',
+            'Validation' => 'utils/Validation.php',
+            'Database' => 'includes/Database.php'
+        ];
+
+        if (isset($legacyPaths[$class])) {
+            $path = __DIR__ . '/../' . $legacyPaths[$class];
+            if (file_exists($path)) {
+                require_once $path;
+            }
+        }
+    }
+}