Implement comprehensive improvement plan (Phases 1-6)

Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants

Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields

Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows

Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles

Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
  Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
  manage_recurring, custom_fields, get_users
- Add admin routes in index.php

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

config/config.php

@@ -17,12 +17,54 @@ if ($envVars) {
 
 // Global configuration
 $GLOBALS['config'] = [
+    // Database settings
     'DB_HOST' => $envVars['DB_HOST'] ?? 'localhost',
     'DB_USER' => $envVars['DB_USER'] ?? 'root',
     'DB_PASS' => $envVars['DB_PASS'] ?? '',
     'DB_NAME' => $envVars['DB_NAME'] ?? 'tinkertickets',
+
+    // URL settings
     'BASE_URL' => '', // Empty since we're serving from document root
     'ASSETS_URL' => '/assets', // Assets URL
-    'API_URL' => '/api' // API URL
+    'API_URL' => '/api', // API URL
+
+    // Session settings
+    'SESSION_TIMEOUT' => 3600, // 1 hour in seconds
+    'SESSION_REGENERATE_INTERVAL' => 300, // Regenerate session ID every 5 minutes
+
+    // CSRF settings
+    'CSRF_LIFETIME' => 3600, // 1 hour in seconds
+
+    // Pagination settings
+    'PAGINATION_DEFAULT' => 15, // Default items per page
+    'PAGINATION_MAX' => 100, // Maximum items per page
+
+    // File upload settings
+    'MAX_UPLOAD_SIZE' => 10485760, // 10MB in bytes
+    'ALLOWED_FILE_TYPES' => [
+        'image/jpeg',
+        'image/png',
+        'image/gif',
+        'image/webp',
+        'application/pdf',
+        'text/plain',
+        'text/csv',
+        'application/msword',
+        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+        'application/vnd.ms-excel',
+        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+        'application/zip',
+        'application/x-7z-compressed',
+        'application/x-tar',
+        'application/gzip'
+    ],
+    'UPLOAD_DIR' => __DIR__ . '/../uploads',
+
+    // Rate limiting
+    'RATE_LIMIT_DEFAULT' => 100, // Requests per minute for general
+    'RATE_LIMIT_API' => 60, // Requests per minute for API
+
+    // Audit log settings
+    'AUDIT_LOG_RETENTION_DAYS' => 90
 ];
 ?>