# Turn off directory browsing (Security)
Options -Indexes

# Custom Error Pages
ErrorDocument 404 /index.php

# Block access to crucial configuration files (starts with dot)
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

# Block direct access to the 'includes' folder (Security)
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^includes/ - [F,L]
</IfModule>

RewriteEngine On

# 1. Force HTTPS (Security)
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# 2. EXTERNAL REDIRECT (The "Hide" Trick)
# If browser requests /file.php, redirect to /file
RewriteCond %{THE_REQUEST} \s/+(.+?)\.php[\s?] [NC]
RewriteRule ^ /%1 [R=301,L,NE]

# 3. INTERNAL REWRITE (The "Load" Logic)
# If browser requests /file, silently load /file.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+?)/?$ $1.php [L]

# 4. Handle Admin Folder specifically (Ensures admin/dashboard works)
RewriteCond %{REQUEST_URI} ^/admin/(.*)$
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^admin/(.*)$ admin/$1.php [NC,L]