RewriteEngine On

# Redirect root directory to login.php
RewriteRule ^$ public/login.php [L,R=301]

# Redirect any direct access to root to login.php
RewriteRule ^index\.php$ public/login.php [L,R=301]

# Allow access to public directory files
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ public/$1 [L]

# Prevent direct access to sensitive files and directories
RewriteRule ^(config|src|storage|templates|logs|scripts|vendor)/ - [F,L]
RewriteRule ^(composer\.(json|lock)|\.env|database_.*\.sql)$ - [F,L]