Edit .htaccess via Editor

.htaccess

@@ -1,10 +1,10 @@
-# KI-Fit Check - AI Readiness Assessment Tool
-# .htaccess Configuration
+# KI-Fit Check Questionnaire - Server Configuration
+# For Appwizzy platform compatibility
 
-# Set default index files (your HTML file doesn't have PHP, so removed index.php)
-DirectoryIndex index.html
+# Set default index files
+DirectoryIndex index.php index.html
 
-# Security & Performance Settings
+# Security & Performance
 Options -Indexes
 Options -MultiViews
 ServerSignature Off
@@ -12,8 +12,7 @@ ServerSignature Off
 # Enable Rewrite Engine
 RewriteEngine On
 
-# Force HTTPS (if you have SSL certificate)
-# Uncomment when you have SSL installed
+# Force HTTPS (uncomment when SSL is installed)
 # RewriteCond %{HTTPS} off
 # RewriteCond %{HTTP_HOST} !^localhost [NC]
 # RewriteCond %{HTTP_HOST} !^127\.0\.0\.1 [NC]
@@ -32,11 +31,45 @@ RewriteEngine On
     
     # Referrer Policy
     Header set Referrer-Policy "strict-origin-when-cross-origin"
-    
-    # Content Security Policy (adjust based on your needs)
-    # Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self';"
 </IfModule>
 
+# ===== URL REWRITING =====
+
+# 1) Serve existing files/directories as-is
+RewriteCond %{REQUEST_FILENAME} -f [OR]
+RewriteCond %{REQUEST_FILENAME} -d
+RewriteRule ^ - [L]
+
+# 2) Handle clean URLs for questionnaire
+# Rewrite /ki-fit-check to index.php (main questionnaire)
+RewriteRule ^ki-fit-check/?$ index.php [L]
+
+# 3) Handle other pages
+RewriteRule ^kontakt/?$ ki-check.php [L]
+RewriteRule ^ergebnisse/?$ results.php [L]
+RewriteRule ^erfolg/?$ success.php [L]
+
+# 4) Handle API endpoints
+RewriteRule ^api/submit/?$ api/submit.php [L]
+RewriteRule ^api/analyze/?$ api/analyze.php [L]
+RewriteRule ^api/generate-pdf/?$ api/generate-pdf.php [L]
+RewriteRule ^api/send-email/?$ api/send-email.php [L]
+
+# 5) Remove trailing slashes for non-directories
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteCond %{REQUEST_URI} (.+)/$
+RewriteRule ^ %1 [R=301,L]
+
+# 6) Custom error pages
+ErrorDocument 404 /404.html
+ErrorDocument 500 /500.html
+
+# ===== REDIRECTIONS =====
+
+# Redirect old .php URLs to clean URLs
+RewriteRule ^index\.php$ / [R=301,L]
+RewriteRule ^ki-check\.php$ /ki-fit-check [R=301,L]
+
 # ===== PERFORMANCE OPTIMIZATION =====
 <IfModule mod_expires.c>
     ExpiresActive On
@@ -83,68 +116,19 @@ RewriteEngine On
     AddOutputFilterByType DEFLATE font/woff2
 </IfModule>
 
-# ===== URL REWRITING =====
-
-# 0) Serve existing files/directories as-is
-RewriteCond %{REQUEST_FILENAME} -f [OR]
-RewriteCond %{REQUEST_FILENAME} -d
-RewriteRule ^ - [L]
-
-# 1) Handle clean URLs for questionnaire
-# Rewrite /ki-fit-check to /index.html (your main page)
-RewriteRule ^ki-fit-check/?$ /index.html [L]
-
-# 2) Handle other pages if they exist
-# Example: Rewrite /kontakt to /contact.html
-# RewriteRule ^kontakt/?$ /contact.html [L]
-# RewriteRule ^agb/?$ /terms.html [L]
-# RewriteRule ^datenschutz/?$ /privacy.html [L]
-
-# 3) Remove trailing slashes for non-directories
-RewriteCond %{REQUEST_FILENAME} !-d
-RewriteCond %{REQUEST_URI} (.+)/$
-RewriteRule ^ %1 [R=301,L]
-
-# 4) Custom error pages (if you create them)
-# ErrorDocument 404 /404.html
-# ErrorDocument 500 /500.html
-
-# ===== REDIRECTIONS (OPTIONAL) =====
-
-# Redirect old .php URLs to clean URLs (if migrating)
-# RewriteRule ^index\.php$ / [R=301,L]
-# RewriteRule ^ki-fit-check\.php$ /ki-fit-check [R=301,L]
-
-# Redirect www to non-www (or vice versa)
-# Uncomment and choose one:
-# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
-# RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
-
-# OR non-www to www:
-# RewriteCond %{HTTP_HOST} !^www\. [NC]
-# RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
-
-# ===== BLOCK ACCESS TO SENSITIVE FILES =====
-<FilesMatch "^\.">
-    Order allow,deny
-    Deny from all
-</FilesMatch>
-
-<FilesMatch "\.(log|sql|bak|inc|cfg|config|ini)$">
-    Order allow,deny
-    Deny from all
-</FilesMatch>
-
-# ===== CORS SETTINGS (if needed for API calls) =====
+# ===== CORS SETTINGS =====
 <IfModule mod_headers.c>
-    # Allow requests from your domain only
-    Header set Access-Control-Allow-Origin "https://yourdomain.com"
+    # Allow requests from any origin (adjust for production)
+    Header set Access-Control-Allow-Origin "*"
     
     # Allow specific methods
     Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
     
     # Allow specific headers
-    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
+    Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
+    
+    # Allow credentials
+    Header set Access-Control-Allow-Credentials "true"
 </IfModule>
 
 # ===== CACHE CONTROL =====
@@ -155,7 +139,44 @@ RewriteRule ^ %1 [R=301,L]
     </FilesMatch>
     
     # Don't cache HTML files (except static pages)
-    <FilesMatch "\.(html)$">
+    <FilesMatch "\.(html|php)$">
         Header set Cache-Control "public, max-age=3600, must-revalidate"
     </FilesMatch>
 </IfModule>
+
+# ===== BLOCK ACCESS TO SENSITIVE FILES =====
+<FilesMatch "^\.">
+    Order allow,deny
+    Deny from all
+</FilesMatch>
+
+<FilesMatch "\.(log|sql|bak|inc|cfg|config|ini|env)$">
+    Order allow,deny
+    Deny from all
+</FilesMatch>
+
+# Block access to config directories
+RedirectMatch 403 ^/ai/.*$
+RedirectMatch 403 ^/db/.*$
+RedirectMatch 403 ^/mail/.*$
+RedirectMatch 403 ^/api/.*$
+
+# ===== PHP SETTINGS =====
+<IfModule mod_php.c>
+    php_value upload_max_filesize 10M
+    php_value post_max_size 10M
+    php_value max_execution_time 300
+    php_value max_input_time 300
+    php_value memory_limit 256M
+</IfModule>
+
+# ===== FOR APPWIZZY COMPATIBILITY =====
+# Ensure PHP files are processed correctly
+AddType application/x-httpd-php .php
+AddHandler application/x-httpd-php .php
+
+# Set default charset
+AddDefaultCharset UTF-8
+
+# Disable directory listing
+IndexIgnore *