Options -Indexes
#DirectoryIndex index.php

RewriteEngine On
RewriteBase /

# ── Allow .well-known for SSL/ACME challenges ──────────────────────────────
RewriteRule ^\.well-known/ - [L]

# ── Block all other dotfiles ───────────────────────────────────────────────
RewriteRule (?:^|/)\. - [F,L]

# ── www → non-www (301) ────────────────────────────────────────────────────
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

# ── Strip .php from the address bar (GET/HEAD only — POST submissions kept) ─
# e.g. /login/login.php → /login/login
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$
RewriteCond %{THE_REQUEST} \s/+(.*?)\.php[\s?]
RewriteRule ^ /%2 [R=301,L,QSA]

# ── Serve extensionless URLs by mapping to the matching .php file ──────────
# e.g. /login/login → /login/login.php (internal, URL stays clean)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.+?)/?$ $1.php [L]
