commit

Author: Iqbolshoh

.gitignore

@@ -1,22 +1,22 @@
-# 🛠 Composer `vendor/` papkasi yuklanmaydi
+# 🛠 Composer `vendor/` directory should not be included
 /vendor/
 
-# 🛠 `.env` fayli maxfiy ma'lumotlarni saqlaydi
+# 🛠 `.env` file contains sensitive information
 .env
 .env.local
 .env.*.local
 
-# 🛠 Kesh, loglar va vaqtinchalik fayllar
+# 🛠 Cache, logs, and temporary files
 /storage/logs/
 storage/cache/
 storage/framework/sessions/
 storage/framework/views/
 storage/framework/cache/
 
-# 🛠 `node_modules/` agar frontend ham ishlatilsa
+# 🛠 `node_modules/` if frontend is used
 /node_modules/
 
-# 🛠 IDE va OS fayllari
+# 🛠 IDE and OS files
 .idea/
 .vscode/
 *.swp
@@ -26,6 +26,6 @@ storage/framework/cache/
 *.DS_Store
 Thumbs.db
 
-# 🛠 Debug va error loglar
+# 🛠 Debug and error logs
 *.log
-php_errorlog
+php_errorlog

.htaccess

@@ -1,29 +1,26 @@
-# .htaccess fayli
+<IfModule mod_rewrite.c>
 
-# ModRewrite ni yoqish
-RewriteEngine On
+    RewriteEngine On
 
-# Barcha so'rovlarni public/index.php ga yo'naltirish
-RewriteCond %{REQUEST_URI} !^/public/
-RewriteRule ^(.*)$ public/$1 [L]
+    # Redirect requests not pointing to /public, /assets (for specific file types), to /public
+    RewriteCond %{REQUEST_URI} !^/public
+    RewriteCond %{REQUEST_URI} !^/assets/.*\.(css|js|png|jpg|jpeg|svg|json)$ [NC]
+    RewriteRule ^(.*)$ /public/$1 [L]
 
-# Agar fayl yoki papka mavjud bo'lmasa, index.php ga yo'naltirish
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule ^(.*)$ public/index.php [QSA,L]
+    # Allow access to specific file types in /assets for all IPs
+    RewriteCond %{REQUEST_URI} ^/assets/.*\.(css|js|png|jpg|jpeg|svg|json)$ [NC]
+    RewriteRule ^(.*)$ - [L]
 
-# Favicon uchun so'rovlarni boshqarish
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^favicon\.ico$ public/assets/images/favicon.ico [L]
+    # Deny access to /assets for all other files except for IP 127.0.0.1
+    RewriteCond %{REQUEST_URI} ^/assets
+    RewriteCond %{REMOTE_ADDR} !=127.0.0.1
+    RewriteRule ^(.*)$ - [R=404,L]
 
-# CSS, JS va boshqa statik fayllarga kirishni ruxsat berish
-RewriteCond %{REQUEST_URI} \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ [NC]
-RewriteRule ^(.*)$ public/assets/$1 [L]
+    # Custom error documents
+    ErrorDocument 400 /public/errors.php?error=400
+    ErrorDocument 401 /public/errors.php?error=401
+    ErrorDocument 403 /public/errors.php?error=403
+    ErrorDocument 404 /public/errors.php?error=404
+    ErrorDocument 500 /public/errors.php?error=500
 
-# Index faylini ko'rsatish
-DirectoryIndex public/index.php
-
-# Xatolik sahifalarini sozlash
-ErrorDocument 404 /public/index.php
-ErrorDocument 403 /public/index.php
-ErrorDocument 500 /public/index.php
+</IfModule>

app/core/Database.php

@@ -125,32 +125,31 @@ public function count($table, $condition = "", $params = [])
         )->fetch()['total'];
     }
 
+    /**
+     * Generate CSRF token and store it in session.
+     *
+     * @return string The generated CSRF token.
+     */
+
+    public function generate_csrf_token()
+    {
+        return $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    }
+
     // ============================== //
     //        TRANSACTION METHODS     //
     // ============================== //
 
-    /**
-     * Starts a new database transaction.
-     * Transactions allow multiple queries to be executed safely.
-     */
     public function beginTransaction()
     {
         $this->conn->beginTransaction();
     }
 
-    /**
-     * Commits the current transaction.
-     * This ensures that all queries within the transaction are saved to the database.
-     */
     public function commit()
     {
         $this->conn->commit();
     }
 
-    /**
-     * Rolls back the current transaction.
-     * This cancels all queries within the transaction if an error occurs.
-     */
     public function rollback()
     {
         $this->conn->rollBack();

assets/css/style.css

@@ -0,0 +1,3 @@
+h1 {
+  color: red;
+}

public/errors.php

@@ -0,0 +1,104 @@
+<?php
+$errors = [
+    400 => [
+        'title' => 'Bad Request',
+        'icon' => 'fas fa-exclamation-triangle',
+        'description' => 'Oops! Your request is invalid or malformed.'
+    ],
+    401 => [
+        'title' => 'Unauthorized',
+        'icon' => 'fas fa-lock',
+        'description' => 'Oops! You are not authorized to access this page.'
+    ],
+    403 => [
+        'title' => 'Forbidden',
+        'icon' => 'fas fa-ban',
+        'description' => 'Oops! You don\'t have permission to access this page.'
+    ],
+    404 => [
+        'title' => 'Page Not Found',
+        'icon' => 'fas fa-exclamation-circle',
+        'description' => 'Oops! The page you\'re looking for doesn\'t exist.'
+    ],
+    500 => [
+        'title' => 'Internal Server Error',
+        'icon' => 'fas fa-server',
+        'description' => 'Oops! Something went wrong on our server. Please try again later.'
+    ],
+];
+
+$error_code = $_GET['error'] ?? 404;
+$error = $errors[$error_code] ?? $errors[404];
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title><?= $error['title'] ?></title>
+    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css" rel="stylesheet">
+    <style>
+        body {
+            background-color: #f8d7da;
+        }
+
+        .error-container {
+            max-width: 600px;
+            margin: 0 auto;
+            padding: 20px;
+            text-align: center;
+        }
+
+        .error-icon {
+            font-size: 100px;
+            color: #dc3545;
+            margin-bottom: 20px;
+        }
+
+        .error-title {
+            font-size: 72px;
+            color: #dc3545;
+            margin-bottom: 10px;
+        }
+
+        .error-message {
+            font-size: 24px;
+            color: #721c24;
+            margin-bottom: 20px;
+        }
+
+        .btn-home {
+            margin-top: 20px;
+            padding: 10px 20px;
+            font-size: 18px;
+            color: #ffffff;
+            background-color: #dc3545;
+            border-color: #dc3545;
+            transition: background-color 0.3s, border-color 0.3s;
+        }
+
+        .btn-home:hover {
+            background-color: #c82333;
+            border-color: #bd2130;
+        }
+    </style>
+</head>
+
+<body>
+    <div class="container mt-5">
+        <div class="error-container">
+            <div class="error-icon">
+                <i class="<?= $error['icon'] ?>"></i>
+            </div>
+            <h1 class="error-title"><?= $error_code ?></h1>
+            <h2 class="display-4"><?= $error['title'] ?></h2>
+            <p class="error-message"><?= $error['description'] ?></p>
+            <a href="/" class="btn btn-lg btn-home">Go to Homepage</a>
+        </div>
+    </div>
+</body>
+
+</html>