# CourseCert .htaccess
# Disable directory listing
Options -Indexes

# PHP settings (may be overridden by hosting)
<IfModule mod_php7.c>
    php_flag output_buffering On
    php_flag display_errors Off
    php_flag log_errors On
    php_value session.cookie_httponly 1
</IfModule>

# Protect sensitive files
<FilesMatch "^(config|database|diagnose)\.php$">
    # Allow access (needed for config to work)
</FilesMatch>

<FilesMatch "\.sql$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Enable rewrite engine (if needed)
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
</IfModule>

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
</IfModule>

# Error documents
ErrorDocument 500 "Server Error - Please check PHP configuration"
ErrorDocument 404 "Page Not Found"
