Initial commit of simple php site.
This commit is contained in:
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
// --- Security headers ---
|
||||
header_remove('X-Powered-By');
|
||||
header('X-Frame-Options: DENY');
|
||||
header('X-Content-Type-Options: nosniff');
|
||||
header('Referrer-Policy: strict-origin-when-cross-origin');
|
||||
header('Content-Security-Policy: default-src \'self\'');
|
||||
|
||||
// --- Routing ---
|
||||
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
|
||||
|
||||
if ($uri === false || $uri === null) {
|
||||
http_response_code(400);
|
||||
exit;
|
||||
}
|
||||
|
||||
$routes = [
|
||||
'/' => 'web/pages/home.php',
|
||||
'/about' => 'web/pages/about.php',
|
||||
];
|
||||
|
||||
$base = realpath(ROOT . '/web/pages');
|
||||
|
||||
if ($base === false) {
|
||||
http_response_code(500);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (array_key_exists($uri, $routes)) {
|
||||
$real = realpath(ROOT . '/' . $routes[$uri]);
|
||||
|
||||
if ($real !== false && str_starts_with($real, $base . DIRECTORY_SEPARATOR)) {
|
||||
require $real;
|
||||
} else {
|
||||
http_response_code(403);
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
http_response_code(404);
|
||||
require ROOT . '/web/pages/404.php';
|
||||
}
|
||||
Reference in New Issue
Block a user