From 665d5bded91e0fdfef67dbd43561b0decc9ac84f Mon Sep 17 00:00:00 2001
From: Yasen Pramatarov <yasen@lindeas.com>
Date: Sat, 11 Apr 2026 19:15:09 +0300
Subject: [PATCH] troubleshooting

---
 app/classes/api_response.php |  3 +++
 app/classes/session.php      | 14 +++++++-------
 app/classes/validator.php    |  2 +-
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/app/classes/api_response.php b/app/classes/api_response.php
index 39bc280..1aa86cb 100644
--- a/app/classes/api_response.php
+++ b/app/classes/api_response.php
@@ -39,6 +39,9 @@ class ApiResponse {
      * @param int $status HTTP status code
      */
     private static function send($data, $status) {
+        while (ob_get_level() > 0) {
+            ob_end_clean();
+        }
         http_response_code($status);
         header('Content-Type: application/json');
         echo json_encode($data);
diff --git a/app/classes/session.php b/app/classes/session.php
index d94c0de..18f8f41 100644
--- a/app/classes/session.php
+++ b/app/classes/session.php
@@ -17,8 +17,8 @@ class Session {
     }
     private static $sessionOptions = [
         'cookie_httponly' => 1,
-        'cookie_secure' => 1,
-        'cookie_samesite' => 'Strict',
+        'cookie_secure' => 0,
+        'cookie_samesite' => 'Lax',
         'gc_maxlifetime' => 7200 // 2 hours
     ];
 
@@ -52,13 +52,13 @@ class Session {
                 'domain' => $thisDomain,
                 'secure' => $isSecure,
                 'httponly' => true,
-                'samesite' => 'Strict'
+                'samesite' => 'Lax'
             ]);
         }
 
         // Align session start options dynamically with current transport
         self::$sessionOptions['cookie_secure'] = $isSecure ? 1 : 0;
-        self::$sessionOptions['cookie_samesite'] = 'Strict';
+        self::$sessionOptions['cookie_samesite'] = 'Lax';
 
         self::$initialized = true;
     }
@@ -181,7 +181,7 @@ class Session {
                 'domain' => $config['domain'],
                 'secure' => isset($_SERVER['HTTPS']),
                 'httponly' => true,
-                'samesite' => 'Strict'
+                'samesite' => 'Lax'
             ]);
         }
 
@@ -219,7 +219,7 @@ class Session {
                     'domain' => $config['domain'] ?? '',
                     'secure' => isset($_SERVER['HTTPS']),
                     'httponly' => true,
-                    'samesite' => 'Strict'
+                    'samesite' => 'Lax'
                 ]
             );
 
@@ -230,7 +230,7 @@ class Session {
                 'domain' => $config['domain'] ?? '',
                 'secure' => isset($_SERVER['HTTPS']),
                 'httponly' => true,
-                'samesite' => 'Strict'
+                'samesite' => 'Lax'
             ]);
         }
 
diff --git a/app/classes/validator.php b/app/classes/validator.php
index b94d98e..0b8230c 100644
--- a/app/classes/validator.php
+++ b/app/classes/validator.php
@@ -63,7 +63,7 @@ class Validator {
                 }
                 break;
             case 'phone':
-                if (!empty($value) && !preg_match('/^[+]?[\d\s-()]{7,}$/', $value)) {
+                if (!empty($value) && !preg_match('/^(\+?\d{1,4})?\s?(\d[\d\s]{6,})$/', $value)) {
                     $this->addError($field, "Invalid phone number format");
                 }
                 break;