Edwin Noorlander
494ae7dc3b
- Move content outside public web root for security - Consolidate all code and assets in engine/ directory - Download Bootstrap locally for offline functionality - Update public/ to contain only entry point files - Add router.php for PHP development server security - Update README.md with new structure and setup instructions - Block direct access to content files via URL - Maintain clean separation between content and code
31 lines
990 B
PHP
31 lines
990 B
PHP
<?php
|
|
// Router file for PHP development server to handle security
|
|
|
|
$requestUri = $_SERVER['REQUEST_URI'];
|
|
$parsedUrl = parse_url($requestUri);
|
|
$path = $parsedUrl['path'];
|
|
|
|
// Block direct access to content directory
|
|
if (strpos($path, '/content/') === 0) {
|
|
http_response_code(403);
|
|
echo '<h1>403 - Forbidden</h1><p>Direct access to content files is not allowed.</p>';
|
|
return true;
|
|
}
|
|
|
|
// Block access to sensitive files
|
|
$sensitiveFiles = ['.htaccess', 'config.php'];
|
|
foreach ($sensitiveFiles as $file) {
|
|
if (basename($path) === $file && dirname($path) === '/') {
|
|
http_response_code(403);
|
|
echo '<h1>403 - Forbidden</h1><p>Access to this file is not allowed.</p>';
|
|
return true;
|
|
}
|
|
}
|
|
|
|
// Serve static files from engine/assets
|
|
if (strpos($path, '/engine/') === 0 && file_exists(__DIR__ . $path)) {
|
|
return false; // Let PHP server serve the file
|
|
}
|
|
|
|
// Route all other requests to index.php
|
|
return false; // Let PHP server handle routing to index.php
|