all comments are removed

Author: imanpr33trai

.htaccess

@@ -1,29 +1,24 @@
-# /.htaccess (Final, Clean Version)
-
-# Prevent automatic directory slash append
+ 
+ 
 DirectorySlash Off
 
 RewriteEngine On
-
-# Prevent redirect loops for admin and login
+ 
 RewriteCond %{ENV:REDIRECT_STATUS} 200
 RewriteRule ^ - [L]
-
-# ----------------------------------------------------------------------
-# Rule 1: Redirect requests from "file.php" to "/file"
-# ----------------------------------------------------------------------
-# This cleans up the URL in the user's browser for direct page access.
-RewriteCond %{THE_REQUEST} \s/+(.+?)\.php[\s?] [NC]
-# IGNORE specific files and critical folders
+ 
+ 
+ 
+ 
+RewriteCond %{THE_REQUEST} \s/+(.+?)\.php[\s?] [NC] 
 RewriteCond %{REQUEST_URI} !^/(google_callback|github_callback|admin-create|seed)\.php$ [NC]
 RewriteCond %{REQUEST_URI} !^/ajax/ [NC]
 RewriteCond %{REQUEST_URI} !^/admin/util/ [NC]
 RewriteCond %{REQUEST_URI} !^/config/ [NC]
 RewriteRule ^ /%1 [R=301,L]
-
-# ----------------------------------------------------------------------
-# Rule 2: Front Controller for clean URLs
-# ----------------------------------------------------------------------
+ 
+ 
+ 
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_URI} !^/ajax/ [NC]
 RewriteCond %{REQUEST_URI} !^/admin/util/ [NC]

admin-create.php

@@ -1,17 +1,17 @@
 <?php
 require_once(__DIR__ . '/config/config.php');
 
-// --- Create a new admin user ---
 
-// Temporary credentials
+
+
 $temp_username = 'man1';
 $temp_email = 'man@example.com';
-$temp_password = '135600'; // It's recommended to change this after first login
+$temp_password = '135600'; 
+
 
-// Hash the password for security
 $hashed_password = password_hash($temp_password, PASSWORD_DEFAULT);
 
-// Check if the admin already exists
+
 $check_query = $conn->prepare("SELECT * FROM admins WHERE username = ? OR email = ?");
 $check_query->bind_param("ss", $temp_username, $temp_email);
 $check_query->execute();
@@ -20,7 +20,7 @@
 if ($result->num_rows > 0) {
     echo "Admin user with this username or email already exists.";
 } else {
-    // Insert the new admin into the database
+    
     $insert_query = $conn->prepare("INSERT INTO admins (username, email, password) VALUES (?, ?, ?)");
     $insert_query->bind_param("sss", $temp_username, $temp_email, $hashed_password);
 

admin-router.php

@@ -1,20 +1,20 @@
 <?php
-// /admin-router.php (Final version with clean URL support)
+    
 
 if (session_status() === PHP_SESSION_NONE) {
     session_start();
 }
 
-// Function to check if an admin is logged in
+    
 function isAdminAuthenticated() {
-    return isset($_SESSION['admins_id']); // Use your actual admin session variable
+    return isset($_SESSION['admins_id']);     
 }
 
 $request_uri = strtok($_SERVER['REQUEST_URI'], '?');
 
-// --- Main Admin Routing Logic ---
+    
 switch (true) {
-    // 1. Handle the login page
+        
     case preg_match('#^/admin/login/?$#', $request_uri):
         if (isAdminAuthenticated()) {
             header('Location: /admin');
@@ -23,7 +23,7 @@ function isAdminAuthenticated() {
         include __DIR__ . '/admin/login.php';
         break;
 
-    // 2. Handle AJAX requests for page content (e.g., /admin/pages/category)
+        
     case preg_match('#^/admin/pages/([a-zA-Z0-9-_]+)$#', $request_uri, $matches):
         if (!isAdminAuthenticated()) {
             http_response_code(401);
@@ -34,7 +34,7 @@ function isAdminAuthenticated() {
         $page = $matches[1];
         $page_file = __DIR__ . '/admin/pages/' . $page . '.php';
 
-        // Security: Whitelist allowed pages
+            
 
 $allowed_pages = [
     'dashboard', 'view-ads', 'pending-ads', 'reported-ads', 'category', 'add-ad-category', 'sub-cat',
@@ -45,38 +45,38 @@ function isAdminAuthenticated() {
 
 
         if (in_array($page, $allowed_pages) && file_exists($page_file)) {
-            include $page_file; // Respond with just the content
+            include $page_file;     
         } else {
             http_response_code(404);
             echo 'Page content not found.';
         }
         break;
 
-    // =================================================================
-    // 3. NEW: Handle clean admin URLs like /admin/category or just /admin
-    // This is the primary router for all admin page views.
-    // =================================================================
+        
+        
+        
+        
     case preg_match('#^/admin(/([a-zA-Z0-9-_]+))?/?$#', $request_uri, $matches):
         if (!isAdminAuthenticated()) {
             header('Location: /admin/login');
             exit;
         }
 
-        // The second part of the URL ($matches[2]) is our page name.
-        // If it's not present (i.e., the user visited just /admin), default to 'dashboard'.
+            
+            
         $page = $matches[2] ?? 'dashboard';
 
-        // Pass the page name to the admin shell via a $_GET variable.
-        // The JavaScript will use this to know which content to load initially.
+            
+            
         $_GET['page'] = $page;
 
-        // Always load the main admin "shell" page.
+            
         include __DIR__ . '/admin/admin-page.php';
         break;
 
     default:
         http_response_code(404);
-        include __DIR__ . '/admin/pages/404.php'; // A proper 404 page
+        include __DIR__ . '/admin/pages/404.php';     
         break;
 }
 ?>