# .htaccess - URL Rewriting & Security
# File location: /bidwheels.net/.htaccess

RewriteEngine On

# Force HTTPS (uncomment in production)
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# Hide .php extension
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

# Product detail URL rewriting
RewriteRule ^product/([0-9]+)/(.*)$ product/detail.php?id=$1 [NC,L]

# Category URL rewriting
RewriteRule ^category/([0-9]+)/(.*)$ product/category.php?id=$1 [NC,L]

# Blog post URL rewriting
RewriteRule ^blog/([0-9]+)/(.*)$ blog/post.php?id=$1 [NC,L]

# Security: Block access to includes folder
RewriteRule ^includes/ - [F,L]

# Security: Block access to config files
<Files "config.php">
    Order Allow,Deny
    Deny from all
</Files>

<Files "*.sql">
    Order Allow,Deny
    Deny from all
</Files>

# Default index page
DirectoryIndex index.php

# Custom error pages
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php