RewriteEngine On
RewriteBase /

# Redirect ke login jika belum login
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^$ login.php [L]

# Mencegah akses langsung ke folder includes
RewriteRule ^includes/.*$ - [F,L]

# Set max upload size
php_value upload_max_filesize 10M
php_value post_max_size 10M
php_value max_execution_time 300
php_value max_input_time 300

# Enable error reporting (matikan di production)
# php_flag display_errors on
# php_flag display_startup_errors on

# Disable directory browsing
Options -Indexes

# Protect config file
<Files "config.php">
    Order Allow,Deny
    Deny from all
</Files>