Updated

.htaccess

@@ -1,83 +1,16 @@
 <IfModule mod_rewrite.c>
-	RewriteEngine On
-	RewriteBase /
-        ## Begin - Rewrite rules to block out some common exploits.
-	# If you experience problems on your site block out the operations listed below
-	# This attempts to block the most common type of exploit `attempts` to Monstra
-	#        
-	# Block out any script trying to base64_encode data within the URL.
-	RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
-	# Block out any script that includes a <script> tag in URL.
-	RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
-	# Block out any script trying to set a PHP GLOBALS variable via URL.
-	RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
-	# Block out any script trying to modify a _REQUEST variable via URL.
-	RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
-	# Return 403 Forbidden header and show the content of the root homepage
-	RewriteRule .* index.php [F,L]
-	#
-	RewriteCond %{REQUEST_FILENAME} !-f
-        RewriteCond %{REQUEST_FILENAME} !-d
-        # RewriteRule ^([^\.]+)$ $1.php [NC,L]
-        # RewriteRule ^(.+)\.php$ /$1 [R,L]
-	# RewriteCond %{REQUEST_FILENAME}/index.html !-f
-	RewriteCond %{REQUEST_FILENAME}/index.php !-f
-        #
-        # RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
-        RewriteRule ^ index.php [QSA,L]
-	# RewriteRule . index.php [L]
-        Redirect 301 "/home" "/"
-	Redirect 301 "/inicio" "/"
-        Redirect 301 "/system" "/admin"
-        Redirect 301 "/login" "/signin"
-</IfModule>
-<IfModule mod_headers.c>
-        # Make sure proxies don't deliver the wrong content
-        # Header always set Content-Security-Policy: upgrade-insecure-requests        
-        # This one can be a pain in the A** to set up, which is why I commented it out.
-        Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
-        Header append Vary User-Agent env=!dont-vary
-        Header always append X-Frame-Options SAMEORIGIN
-        Header always set Content-Security-Policy "upgrade-insecure-requests;"
-        # // This is the Xss header you are looking for
-        Header set X-XSS-Protection "1; mode=block"       
-        Header set X-Content-Type-Options nosniff
-        Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
-        Header set Access-Control-Allow-Origin "*"
-        IndexIgnore *.zip *.css *.js *.pyt    
-        Options -MultiViews -Indexes        
+    RewriteEngine On
+    RewriteBase /
 
+    RewriteCond %{THE_REQUEST} /public/([^\s?]*) [NC]
+    RewriteRule ^ %1 [L,NE,R=302]
+    RewriteRule ^((?!public/).*)$ public/$1 [L,NC]
+    #RewriteRule ^(.*)$ public/index.php?$1 [L,QSA]
+
+    RewriteCond %{REQUEST_FILENAME}.php -f
+    RewriteCond %{REQUEST_FILENAME}.php -d
+    RewriteCond %{REQUEST_URI} !/$
+    RewriteRule ^(.*)$ $1.php [L]
+
 </IfModule>
-<IfModule mod_security.c>
-        SecFilterEngine On
-                # ^Turn the filtering engine On or Off
-        SecFilterScanPOST On
-                # ^Should mod_security inspect POST payloads
-        SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
-                # ^Require HTTP_USER_AGENT and HTTP_HOST in all requests
-        SecFilter "../"
-                # ^Prevent path traversal (..) attacks
-        SecFilter "<[[:space:]]*script"
-                # ^Weaker XSS protection but allows common HTML tags
-        SecFilter "<(.|n)+>"
-                # ^Prevent XSS atacks (HTML/Javascript injection)
-        SecFilter "delete[[:space:]]+from"
-        SecFilter "insert[[:space:]]+into"
-        SecFilter "select.+from"
-        SecFilter "drop[[:space:]]table"
-                # ^Very crude filters to prevent SQL injection attacks
-        SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
-        SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
-                # ^Protecting from XSS attacks through the PHP session cookie
-        SecFilterDefaultAction "deny,log,status:500"
-                # ^Action to take by default
-</IfModule>
-                # Block access to backup and source files.
-                # These files may be left by some text editors and can pose a great security
-                # danger when anyone has access to them.
 
-<FilesMatch "(^#.*#|.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$">
-        Order allow,deny
-        Deny from all
-        Satisfy All
-</FilesMatch>

admin/Autoload.php

@@ -4,7 +4,7 @@ class Autoload {
 
     static public function loader($classes) {
 
-        $filename = "../classes/" . str_replace("\\", '/', $classes) . ".php";
+        $filename = "../controller/" . str_replace("\\", '/', $classes) . ".php";
         if (file_exists($filename)) {
             include($filename);
             if (class_exists($classes)) {

config/App.php

@@ -0,0 +1,53 @@
+<?php
+
+
+class App
+{
+	private $controller = 'Home';
+	private $method 	= 'index';
+
+	private function splitURL()
+	{
+		$URL = $_GET['url'] ?? 'home';
+		$URL = explode("/", trim($URL,"/"));
+		return $URL;	
+	}
+
+	public function loadController()
+	{
+		$URL = $this->splitURL();
+
+		/** select controller **/
+		$filename = "../app/controllers/".ucfirst($URL[0]).".php";
+		if(file_exists($filename))
+		{
+			require $filename;
+			$this->controller = ucfirst($URL[0]);
+			unset($URL[0]);
+		}else{
+
+			$filename = "../app/controllers/_404.php";
+			require $filename;
+			$this->controller = "_404";
+		}
+
+		$controller = new $this->controller;
+
+		/** select method **/
+		if(!empty($URL[1]))
+		{
+			if(method_exists($controller, $URL[1]))
+			{
+				$this->method = $URL[1];
+				unset($URL[1]);
+			}	
+		}
+
+		call_user_func_array([$controller,$this->method], $URL);
+
+	}	
+
+}
+
+
+

config/Controller.php

@@ -0,0 +1,22 @@
+<?php 
+
+
+Trait Controller
+{
+
+	public function view($name, $data = [])
+	{
+		if(!empty($data))
+			extract($data);
+
+		$filename = "../views/".$name.".view.php";
+		if(file_exists($filename))
+		{
+			require $filename;
+		}else{
+
+			$filename = "../views/404.view.php";
+			require $filename;
+		}
+	}
+}

config/Routers.php

@@ -1,6 +1,7 @@
 <?php
-class Routers
-{
+
+class Routers {
+
     protected $conn;
     public $url;
     public $host;
@@ -9,30 +10,25 @@ class Routers
     public $escaped_url;
     public $url_path;
     public $active = 1;
+    public $startpage = 1;
     public $parent = 0;
     public $pg404;
 
-    public function __construct()
-    {
+    public function __construct() {
         global $conn;
         $this->conn = $conn;
 
-        $this->protocol =
-            (!empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] != "off") ||
-            $_SERVER["SERVER_PORT"] == 443
-                ? "https://"
-                : "http://";
+        $this->protocol = (!empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] != "off") ||
+            $_SERVER["SERVER_PORT"] == 443 ? "https://" : "http://";
         $this->host = $this->protocol . $_SERVER["HTTP_HOST"] . "/";
         $this->pg404 = $this->host . "404.php";
-        $this->url =
-            $this->protocol . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
+        $this->url = $this->protocol . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
         $this->escaped_url = htmlspecialchars($this->url, ENT_QUOTES, "UTF-8");
         $this->url_path = parse_url($this->escaped_url, PHP_URL_PATH);
         $this->basename = pathinfo($this->url_path, PATHINFO_BASENAME);
     }
 
-    public function Pages($plink)
-    {
+    public function Pages($plink) {
         $pg = $this->conn->prepare(
             "SELECT link, parent, active FROM pages WHERE link = ? AND active = ? "
         );
@@ -50,12 +46,11 @@ public function Pages($plink)
             }
         } else {
             header("Location: $this->pg404");
-            exit();
+            die();
         }
     }
 
-    public function GetParent($parent)
-    {
+    public function GetParent($parent) {
         $pr = $this->conn->prepare(
             "SELECT id, link, parent, active FROM pages WHERE id = ? AND active = ? "
         );
@@ -72,8 +67,7 @@ public function GetParent($parent)
         }
     }
 
-    public function GetSecondParent($parent)
-    {
+    public function GetSecondParent($parent) {
         $pr = $this->conn->prepare(
             "SELECT id, link, parent, active FROM pages WHERE id = ? AND active = ? "
         );
@@ -90,8 +84,7 @@ public function GetSecondParent($parent)
         }
     }
 
-    public function GetThirdParent($parent)
-    {
+    public function GetThirdParent($parent) {
         $pr = $this->conn->prepare(
             "SELECT id, link, parent, active FROM pages WHERE id = ? AND active = ? "
         );
@@ -103,4 +96,93 @@ public function GetThirdParent($parent)
         return $row["link"];
     }
 
+    private function SplitUrl() {
+        $host = explode("/", substr($_SERVER["REQUEST_URI"], 1));
+        $extension = pathinfo($host[0], PATHINFO_EXTENSION);
+        if ($extension == true) {
+            return pathinfo($host[0], PATHINFO_FILENAME);
+        } else {
+            return $host[0];
+        }
+    }
+
+    public function ExistsPage() {
+        return $_SERVER["REQUEST_URI"];
+    }
+
+    public function GoPage() {
+        $page = $this->SplitUrl();
+        if ($page === "home" || $page === "inicio" || empty($page)) {
+            return true;
+        } else {
+            $spg = $this->conn->prepare("SELECT * FROM pages WHERE link = ? AND active = ? ");
+            $spg->bind_param("si", $page, $this->active);
+            $spg->execute();
+            $rs = $spg->get_result();
+            $nm = $rs->num_rows;
+            if ($nm > 0) {
+                return true;
+            } else {
+                return false;
+            }
+        }
+    }
+
+    public function routePages() {
+
+        $nm = "";
+        $page = $this->SplitUrl();
+        if ($page === "home" || $page === "inicio") {
+            header("Location: $this->host");
+            die();
+        } else if (isset($_GET['url']) && !empty($_GET['url'])) {
+            $id = (int) $_GET['url'];
+            $spg = $this->conn->prepare("SELECT * FROM pages WHERE id = ? AND active = ? ");
+            $spg->bind_param("ii", $id, $this->active);
+            $spg->execute();
+            $rs = $spg->get_result();
+            $nm = $rs->num_rows;
+            if ($nm > 0) {
+                $rpx = $rs->fetch_assoc();
+                $link = $this->Pages($rpx['link']);
+                header("Location: $link");
+                die();
+            } else {
+                header("Location: $this->host");
+                die();
+            }
+        } else {
+            return;
+        }
+    }
+
+    public function ContentPage() {
+        $page = $this->SplitUrl();
+        $nm = "";
+        if ($this->host === $this->url) {
+            $spg = $this->conn->prepare("SELECT * FROM pages WHERE startpage = ? AND active = ? ");
+            $spg->bind_param("ii", $this->startpage, $this->active);
+            $spg->execute();
+            $rs = $spg->get_result();
+            $nm = $rs->num_rows;
+            return $rs->fetch_assoc();
+        } elseif ($page === $this->basename) {
+            $spg = $this->conn->prepare("SELECT * FROM pages WHERE link = ? AND active = ? ");
+            $spg->bind_param("si", $this->basename, $this->active);
+            $spg->execute();
+            $rs = $spg->get_result();
+            $spg->close();
+            $nm = $rs->num_rows;
+
+            if ($nm > 0) {
+                return $rs->fetch_assoc();
+            } else {
+                header("Location: $this->host");
+                die();
+            }
+        } else {
+            header("Location: $this->host");
+            die();
+        }
+    }
 }

config/domains.php

@@ -7,5 +7,5 @@
         'pepiuox_com' => ['dataserver' => 'cms_2'],
         'pepiuox_org' => ['dataserver' => 'cms_3']
     ]
-    ]
+]
 ?>

elements/index.php

@@ -2,5 +2,5 @@
 
 $url = '../index.php';
 header('Location: ' . $url);
-exit();
-?>
+die();
+?>