HEX
Server: LiteSpeed
System: Linux s3.sitechai.com 4.18.0-553.51.1.lve.1.el8.x86_64 #1 SMP Wed May 14 14:34:57 UTC 2025 x86_64
User: workzeni (2217)
PHP: 8.1.32
Disabled: mail, show_source, system, shell_exec, passthru, exec, eval, shell
$ pwd: /home/workzeni/stream-flix.workzenix.com/
Upload Files
File: /home/workzeni/stream-flix.workzenix.com/server.php
<?php
// server.php - put in project root (next to composer.json)

// Normalize request URI path
$uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/';
$path = parse_url($uri, PHP_URL_PATH);

// SECURITY: deny access when someone hits the directory itself:
// e.g. https://example.com/hash_uploads  OR https://example.com/hash_uploads/
if (preg_match('#(^|/)(hash_uploads)/?$#i', trim($path, '/'))) {
    // send 403 Forbidden
    http_response_code(403);
    header('Content-Type: text/plain; charset=utf-8');
    echo "403 Forbidden\n";
    exit;
}

// If running under PHP built-in server, allow direct static file serving
if (php_sapi_name() === 'cli-server') {
    $file = __DIR__ . '/public' . $path;
    if ($path !== '/' && file_exists($file) && is_file($file)) {
        return false; // let PHP built-in server serve the file
    }
}

// Fallback: forward to public/index.php (same behavior as pointing webroot to public/)
require __DIR__ . '/public/index.php';
@ Telegram