Viewing index.php

filename: index.php
branch: main
back to repo
<?php

declare(strict_types=1);

require __DIR__ . '/config.php';
require_once __DIR__ . '/auth.php';

$path = current_path();

// Define minimal routing table
$routes = [
    '/' => ['view' => 'public/home', 'requiresLogin' => false, 'adminOnly' => false],
    '/register' => ['view' => 'public/register', 'requiresLogin' => false, 'adminOnly' => false],
    '/signin' => ['view' => 'public/signin', 'requiresLogin' => false, 'adminOnly' => false],
    '/contact' => ['view' => 'public/contact', 'requiresLogin' => false, 'adminOnly' => false],
    '/logout' => ['view' => 'public/logout', 'requiresLogin' => true, 'adminOnly' => false],
    '/members' => ['view' => 'public/members', 'requiresLogin' => false, 'adminOnly' => false],
    '/schedule' => ['view' => 'public/schedule', 'requiresLogin' => false, 'adminOnly' => false],
    '/upload' => ['view' => 'public/upload', 'requiresLogin' => true, 'adminOnly' => false],
    '/profile' => ['view' => 'public/profile', 'requiresLogin' => true, 'adminOnly' => false],
    '/admin' => ['view' => 'admin/dashboard', 'requiresLogin' => true, 'adminOnly' => true],
    '/admin/users' => ['view' => 'admin/users', 'requiresLogin' => true, 'adminOnly' => true],
    '/admin/uploads' => ['view' => 'admin/uploads', 'requiresLogin' => true, 'adminOnly' => true],
    '/admin/stats' => ['view' => 'admin/stats', 'requiresLogin' => true, 'adminOnly' => true],
    // Server-rendered HTML endpoints for the upload interactions modal
    '/api/upload-interactions' => ['view' => 'api/upload_interactions', 'requiresLogin' => false, 'adminOnly' => false],
    // RSVP upsert endpoint (upsert for today/day)
    '/api/rsvp-day' => ['view' => 'api/rsvp_day', 'requiresLogin' => true, 'adminOnly' => false],
    // Chat endpoints
    '/api/chat-messages' => ['view' => 'api/chat_messages', 'requiresLogin' => false, 'adminOnly' => false],
    '/api/chat-send' => ['view' => 'api/chat_send', 'requiresLogin' => true, 'adminOnly' => false],
];

if (!array_key_exists($path, $routes)) {
    http_response_code(404);
    render_view('public/404');
    exit;
}

$route = $routes[$path];

if (!empty($route['requiresLogin']) && !isLoggedIn()) {
    header('Location: ' . url('signin'));
    exit;
}

if (!empty($route['adminOnly']) && !isAdmin()) {
    http_response_code(403);
    render_view('public/403');
    exit;
}

// Log visit for all routed pages
log_visit($db, $path);

// For modal/fragment endpoints, return ONLY the view contents (no global header/footer).
// These endpoints live under `views/api/...` and are fetched client-side.
if (str_starts_with($route['view'], 'api/')) {
    $viewFile = __DIR__ . '/views/' . $route['view'] . '.php';
    if (!is_file($viewFile)) {
        http_response_code(500);
        echo 'View not found.';
        exit;
    }
    include $viewFile;
    exit;
}

render_view($route['view']);