# SonicPesa .htaccess - Generated by Installer

# Enable Rewriting
RewriteEngine On
RewriteBase /

# -------------------------------------------------------
# FIX: Always allow direct access to install.php so the
# installer is never caught by any rewrite or deny rule.
# -------------------------------------------------------
RewriteRule ^install\.php$ - [L,NC]

# --- Clean URLs: Strip .php extension ---
# Redirect /page.php to /page (skip system files and POST requests)
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{THE_REQUEST} \s/+([^?\s]*?)([^/?.\s]+)\.php[?\s] [NC]
RewriteCond %2 !^(index|store|install|webhook|404|api)$ [NC]
RewriteRule ^(.+)\.php$ /$1 [R=301,L,NE]

# Internally serve page.php when /page is requested
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+)/?$ $1.php [L]

# --- Route /webhook ---
RewriteRule ^webhook/?$ webhook.php [L,QSA]

# --- Route /404 ---
RewriteRule ^404/?$ 404.php [L]

# --- Landing Page Slug Catch-All ---
# Explicitly skip reserved system filenames
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !/(index|store|install|login|register|dashboard|superadmin|admin_payments|webhook|revenue_stats|transactions|withdraw|profile|settings|statistics|sonicpesa_sandbox|users|domains|videos|upload|user_uploads|v|watch|edit_video|analytics|404|api)(\.php)?/?$ [NC]
RewriteRule ^([a-zA-Z0-9_-]+)/?$ store.php?name=$1 [L,QSA]

# --- Error Documents ---
ErrorDocument 404 /404.php

# --- Security: Protect Sensitive Files ---
<Files "config.php">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</Files>

# Note: install.php is intentionally NOT blocked here.
# DELETE install.php manually after completing all steps.