POSA_LEAKSMS/scripts/backup_evidence.php

<?php
// =============================================================================
// backup_evidence.php - generate backup and restore-test evidence markdown
//
// Usage:
//   php scripts/backup_evidence.php --backup-dir C:\path\to\backups --restore-test "2026-05 restore OK"
// =============================================================================

if (php_sapi_name() !== 'cli') {
    http_response_code(403);
    header('Content-Type: text/plain; charset=utf-8');
    echo "Forbidden\n";
    exit;
}

$root = dirname(__DIR__);
$backupDir = $root . DIRECTORY_SEPARATOR . 'backups';
$restoreTest = 'not recorded';

for ($i = 1; $i < count($argv); $i++) {
    if ($argv[$i] === '--backup-dir' && isset($argv[$i + 1])) {
        $backupDir = $argv[++$i];
    } elseif ($argv[$i] === '--restore-test' && isset($argv[$i + 1])) {
        $restoreTest = $argv[++$i];
    }
}

function backup_evidence_bool(bool $value): string {
    return $value ? 'yes' : 'no';
}

function backup_evidence_files(string $dir): array {
    if (!is_dir($dir)) {
        return [];
    }
    $files = [];
    $iterator = new RecursiveIteratorIterator(
        new RecursiveDirectoryIterator($dir, FilesystemIterator::SKIP_DOTS)
    );
    foreach ($iterator as $file) {
        if (!$file->isFile()) {
            continue;
        }
        $files[] = [
            'path' => $file->getPathname(),
            'size' => $file->getSize(),
            'mtime' => date('Y-m-d H:i:s', $file->getMTime()),
        ];
    }
    usort($files, fn($a, $b) => strcmp($b['mtime'], $a['mtime']));
    return $files;
}

$files = backup_evidence_files($backupDir);
$generatedAt = date('Y-m-d H:i:s');
$configLocal = $root . DIRECTORY_SEPARATOR . 'php' . DIRECTORY_SEPARATOR . 'config.local.php';
$adminAudit = $root . DIRECTORY_SEPARATOR . 'php' . DIRECTORY_SEPARATOR . 'var' . DIRECTORY_SEPARATOR . 'admin_audit.log';

echo "# backup-evidence\n\n";
echo "- generated_at: {$generatedAt}\n";
echo "- backup_dir: {$backupDir}\n";
echo "- backup_file_count: " . count($files) . "\n";
echo "- restore_test: {$restoreTest}\n";
echo "- config_local_present: " . backup_evidence_bool(is_file($configLocal)) . "\n";
echo "- admin_audit_log_present: " . backup_evidence_bool(is_file($adminAudit)) . "\n\n";

echo "## Backup Files\n\n";
echo "| modified_at | size_bytes | path |\n";
echo "|---|---:|---|\n";
foreach (array_slice($files, 0, 50) as $file) {
    $safePath = str_replace('|', '/', $file['path']);
    echo "| {$file['mtime']} | {$file['size']} | {$safePath} |\n";
}
if (!$files) {
    echo "| - | 0 | no backup files found |\n";
}

echo "\n## Restore Evidence\n\n";
echo "Record the latest restore drill result in `--restore-test`. Include DB restore, login, SMS test, and monthly report checks.\n";