# =========================================================
# .HTACCESS - COMPLETE & OPTIMIZED
# =========================================================

# =========================================================
# BASIC SETTINGS
# =========================================================
Options -Indexes
Options +FollowSymLinks
AddDefaultCharset UTF-8
DefaultLanguage en-US

# =========================================================
# SERVER SIGNATURE OFF
# =========================================================
ServerSignature Off

# =========================================================
# DISABLE DIRECTORY BROWSING
# =========================================================
<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

# =========================================================
# DEFAULT INDEX FILE
# =========================================================
DirectoryIndex index.php index.html index.htm

# =========================================================
# SET PHP HANDLER (IMPORTANT FOR PHP EXECUTION)
# =========================================================
<IfModule mod_php7.c>
    AddHandler application/x-httpd-php74 .php
</IfModule>

<IfModule mod_php8.c>
    AddHandler application/x-httpd-php80 .php
</IfModule>

# =========================================================
# GZIP COMPRESSION
# =========================================================
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/json text/plain text/xml application/xml
</IfModule>

# =========================================================
# BROWSER CACHING
# =========================================================
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1 month"
    
    # Images
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/x-icon "access plus 1 year"
    
    # CSS & JavaScript
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    
    # Fonts
    ExpiresByType font/ttf "access plus 1 year"
    ExpiresByType font/otf "access plus 1 year"
    ExpiresByType font/woff "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
    ExpiresByType application/font-woff "access plus 1 year"
    ExpiresByType application/font-woff2 "access plus 1 year"
    
    # HTML (no cache - always fresh)
    ExpiresByType text/html "access plus 0 seconds"
    
    # JSON (no cache)
    ExpiresByType application/json "access plus 0 seconds"
</IfModule>

# =========================================================
# CACHE CONTROL HEADERS
# =========================================================
<IfModule mod_headers.c>
    # Static files - long cache
    <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|woff|woff2|ttf|otf|svg|webp)$">
        Header set Cache-Control "max-age=31536000, public"
        Header unset ETag
        FileETag None
    </FilesMatch>
    
    # Dynamic files - no cache
    <FilesMatch "\.(html|htm|php|json)$">
        Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
        Header set Pragma "no-cache"
        Header set Expires "Thu, 01 Jan 1970 00:00:00 GMT"
    </FilesMatch>
    
    # Security Headers
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>

# =========================================================
# REMOVE ETAGS
# =========================================================
<IfModule mod_headers.c>
    Header unset ETag
</IfModule>
FileETag None

# =========================================================
# ERROR DOCUMENTS
# =========================================================
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 500 /error/500.html
ErrorDocument 503 /error/503.html

# =========================================================
# SECURE SENSITIVE FILES
# =========================================================
<FilesMatch "^(config\.php|\.htaccess|\.htpasswd|composer\.json|composer\.lock|package\.json|package-lock\.json)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# =========================================================
# BLOCK ACCESS TO BACKUP FILES
# =========================================================
<FilesMatch "\.(bak|old|sql|log|sh|inc|swp|dist|php~|php_bak|backup)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# =========================================================
# PROTECT UPLOADS FOLDER (Prevent PHP execution)
# =========================================================
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^uploads/.*\.(php|php2|php3|php4|php5|php6|php7|phtml|pl|py|jsp|asp|htm|html|shtml)$ - [F,L]
</IfModule>

# =========================================================
# PROTECT CACHE FOLDER
# =========================================================
<IfModule mod_rewrite.c>
    RewriteRule ^cache/.*$ - [F,L]
</IfModule>

# =========================================================
# URL REWRITING (Clean URLs)
# =========================================================
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    
    # Remove trailing slash (if not a directory)
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]
    
    # Blog pretty URLs
    RewriteRule ^blog/([0-9]+)/([a-zA-Z0-9-]+)$ single_post.php?id=$1 [L]
    RewriteRule ^blog/category/([a-zA-Z0-9-]+)$ blog.php?category=$1 [L]
    
    # Product pretty URLs
    RewriteRule ^product/([0-9]+)/([a-zA-Z0-9-]+)$ index.php?product_id=$1 [L]
    
    # Service pretty URLs
    RewriteRule ^service/([0-9]+)/([a-zA-Z0-9-]+)$ index.php?service_id=$1 [L]
    
    # Doctor pretty URLs
    RewriteRule ^doctor/([0-9]+)/([a-zA-Z0-9-]+)$ opd/book_appointment.php?doctor_id=$1 [L]
    
    # Chamber pretty URLs
    RewriteRule ^chamber/([0-9]+)/([a-zA-Z0-9-]+)$ index.php?chamber_id=$1 [L]
    
    # Affiliate pretty URLs
    RewriteRule ^affiliate/([a-zA-Z0-9]+)$ affiliate/dashboard.php?ref=$1 [L]
    
    # OPD booking
    RewriteRule ^opd/book/([0-9]+)$ opd/book_appointment.php?doctor_id=$1 [L]
    
    # Prevent access to hidden files
    RedirectMatch 404 /\..*$
</IfModule>

# =========================================================
# REDIRECT WWW TO NON-WWW (Optional - Uncomment to enable)
# =========================================================
# RewriteCond %{HTTP_HOST} ^www\.drmdferdous\.com [NC]
# RewriteRule ^(.*)$ https://drmdferdous.com/$1 [L,R=301]

# =========================================================
# FORCE HTTPS (Optional - Uncomment if SSL is installed)
# =========================================================
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# =========================================================
# PHP SETTINGS (via .htaccess)
# =========================================================
<IfModule mod_php7.c>
    php_value upload_max_filesize 64M
    php_value post_max_size 64M
    php_value max_execution_time 300
    php_value max_input_time 300
    php_value memory_limit 256M
    php_value session.gc_maxlifetime 14400
    php_value session.cookie_lifetime 14400
</IfModule>

<IfModule mod_php8.c>
    php_value upload_max_filesize 64M
    php_value post_max_size 64M
    php_value max_execution_time 300
    php_value max_input_time 300
    php_value memory_limit 256M
    php_value session.gc_maxlifetime 14400
    php_value session.cookie_lifetime 14400
</IfModule>

# =========================================================
# CORS HEADERS (For fonts and assets)
# =========================================================
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css)$">
    <IfModule mod_headers.c>
        Header set Access-Control-Allow-Origin "*"
    </IfModule>
</FilesMatch>

# =========================================================
# BLOCK BAD BOTS (Optional - Uncomment to enable)
# =========================================================
# SetEnvIfNoCase User-Agent ".*(bot|crawler|spider|scraper|curl|wget|python|java|perl|ruby|php|backlink|checker|email|harvest|extract|grab|miner|parser).*" bad_bot
# Deny from env=bad_bot

# =========================================================
# END OF HTACCESS
# =========================================================
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
