-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
71 lines (58 loc) · 2.13 KB
/
index.php
File metadata and controls
71 lines (58 loc) · 2.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
/**
* Main Entry Point
* Daybook Application
*/
require_once __DIR__ . '/config/database.php';
require_once __DIR__ . '/config/constants.php';
require_once __DIR__ . '/config/security.php';
require_once __DIR__ . '/includes/helpers.php';
require_once __DIR__ . '/includes/auth_middleware.php';
// Initialize session
initSecureSession();
// Security Headers
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://code.jquery.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; connect-src 'self';");
// Get current user
$currentUser = getCurrentUser();
// Parse URL
$uri = $_SERVER['REQUEST_URI'] ?? '/';
$path = parse_url($uri, PHP_URL_PATH);
$path = preg_replace('#^/daybook#', '', $path);
$path = trim($path, '/');
// Handle routes
$page = $path ?: 'dashboard';
// Auth check - single user mode, no registration
$publicPages = ['login'];
if (!$currentUser && !in_array($page, $publicPages)) {
redirect(APP_URL . '/login');
}
if ($currentUser && in_array($page, $publicPages)) {
redirect(APP_URL . '/dashboard');
}
// Load appropriate view
$viewFile = VIEWS_PATH . '/' . $page . '.php';
if (!file_exists($viewFile)) {
$viewFile = VIEWS_PATH . '/dashboard.php';
$page = 'dashboard';
}
// Page data
$pageData = [
'title' => ucfirst(str_replace('-', ' ', $page)),
'page' => $page,
'user' => $currentUser,
'csrf_token' => generateCSRFToken()
];
// Check if this is an AJAX partial request
$isAjax = !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';
$isPartial = $isAjax && isset($_GET['partial']);
if ($isPartial) {
// Send title in header for the client to update the tab
header('X-Page-Title: ' . $pageData['title'] . ' - ' . APP_NAME);
include $viewFile;
exit;
}
// Include layout for full page loads
include VIEWS_PATH . '/layouts/main.php';