Restructure project for security and offline capability

- Move content outside public web root for security - Consolidate all code and assets in engine/ directory - Download Bootstrap locally for offline functionality - Update public/ to contain only entry point files - Add router.php for PHP development server security - Update README.md with new structure and setup instructions - Block direct access to content files via URL - Maintain clean separation between content and code
2025-11-19 17:05:25 +01:00
parent 277f86346d
commit 494ae7dc3b
28 changed files with 2707 additions and 102 deletions
--- a/public/router.php
+++ b/public/router.php
@@ -0,0 +1,31 @@
+<?php
+// Router file for PHP development server to handle security
+
+$requestUri = $_SERVER['REQUEST_URI'];
+$parsedUrl = parse_url($requestUri);
+$path = $parsedUrl['path'];
+
+// Block direct access to content directory
+if (strpos($path, '/content/') === 0) {
+    http_response_code(403);
+    echo '<h1>403 - Forbidden</h1><p>Direct access to content files is not allowed.</p>';
+    return true;
+}
+
+// Block access to sensitive files
+$sensitiveFiles = ['.htaccess', 'config.php'];
+foreach ($sensitiveFiles as $file) {
+    if (basename($path) === $file && dirname($path) === '/') {
+        http_response_code(403);
+        echo '<h1>403 - Forbidden</h1><p>Access to this file is not allowed.</p>';
+        return true;
+    }
+}
+
+// Serve static files from engine/assets
+if (strpos($path, '/engine/') === 0 && file_exists(__DIR__ . $path)) {
+    return false; // Let PHP server serve the file
+}
+
+// Route all other requests to index.php
+return false; // Let PHP server handle routing to index.php