# BEGIN cPanel-generated php ini directives, do not edit
<IfModule php8_module>
   php_flag display_errors Off
   php_value max_execution_time 300
   php_value max_input_time 300
   php_value max_input_vars 1000
   php_value memory_limit 1024M
   php_value post_max_size 768M
   php_value session.gc_maxlifetime 1440
   php_value session.save_path "/var/cpanel/php/sessions/ea-php81"
   php_value upload_max_filesize 768M
   php_flag zlib.output_compression Off
</IfModule>
<IfModule lsapi_module>
   php_flag display_errors Off
   php_value max_execution_time 300
   php_value max_input_time 300
   php_value max_input_vars 1000
   php_value memory_limit 1024M
   php_value post_max_size 768M
   php_value session.gc_maxlifetime 1440
   php_value session.save_path "/var/cpanel/php/sessions/ea-php81"
   php_value upload_max_filesize 768M
   php_flag zlib.output_compression Off
</IfModule>
# END cPanel-generated php ini directives, do not edit

# ---------------------------------------------------
# Custom rewrite rules for Guest Parking System
# ---------------------------------------------------
<IfModule mod_rewrite.c>
  RewriteEngine On

  # ----------------------------
  # Legacy pages removed — return 410 Gone
  # ----------------------------
  RewriteRule ^(addToDatabase|authentication|extend|pre\-register|reAddToDatabase|register|thankyou|variables)\.php$ - [G,NC,L]

  # ----------------------------
  # Catch-all rule for *any* missing .php or .html files
  # ----------------------------
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule \.(php|html)$ - [G,L]

  # ----------------------------
  # API Routing (portable)
  # ----------------------------
  RewriteCond %{REQUEST_URI} ^/api/
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^api/(.*)$ api/index.php [L,QSA]

  # ----------------------------
  # UI Routing
  # ----------------------------
  DirectoryIndex ui/index.html

  # Allow direct access to static files (css, js, images, etc.)
  RewriteCond %{REQUEST_FILENAME} -f
  RewriteRule . - [L]

  # Prevent direct access to PHP files inside /endpoints
  RewriteRule ^api/endpoints/ - [F,L]

  # Prevent direct access to config, lib, and wallet internals
  RewriteRule ^api/config/ - [F,L]
  RewriteRule ^api/lib/ - [F,L]
  RewriteRule ^api/wallet/tmp/ - [F,L]
</IfModule>

# ---------------------------------------------------
# Security Hardening
# ---------------------------------------------------

# Block PHP execution in tmp folder
<FilesMatch "\.php$">
  <If "%{REQUEST_URI} =~ m#^/api/wallet/tmp/#">
    Require all denied
  </If>
</FilesMatch>

# Disable directory browsing
Options -Indexes

# Deny access to sensitive files
<FilesMatch "(^\.|composer\.(json|lock)|phpunit\.xml|readme\.md|license\.txt)">
  Require all denied
</FilesMatch>

# Extra security headers
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set X-XSS-Protection "1; mode=block"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
  Header always set Permissions-Policy "geolocation=(), camera=(), microphone=()"
</IfModule>

# Custom 410 page for better UX
ErrorDocument 410 /410.php
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
