# Hey! Everything in here is better suited to httpd.conf, since
# we get a performance boost if we can turn off AllowOverride and
# not have to stat the webroot for every request. On the other
# hand, this means we never have to touch apache once it's up.
# Flexibility over performance.
# In an ideal world, you'd stick it in here on dev and your build
# system would bundle the changes into (a file included in) httpd.conf
# for your production deployment. Yeah. Do that.
# ETags are a bad idea if you have multiple web servers. We'll do
# more explicit caching with Expires headers anyway.
# The base set of sensible PHP options. These are a duplicate of those
# in www/php.ini.example, but I'm assuming your web host runs PHP as an Apache
# module and not as a CGI.
# If your Apache error log is full of barf like ...
# www/.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration
# ... then PHP is a CGI. So comment out every php_value and php_flag command in this
# file and rename www/php.ini.example to www/php.ini and all should be happy again.
# Magic quotes off because they are stupid.
# Register globals off for the same reason.
# Track errors is so that we can at least get at the error messages we hide using @func().
# last_modified is a bad idea if we have any dynamic content.
# Short tags make for a few saved bytes of cruft and are fine unless you're
# running another XML preprocessor over your code (wtf?).
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value magic_quotes_runtime 0
php_value track_errors 1
php_value last_modified off
php_value short_open_tag on
php_flag display_errors off
# this sets all current and future error flags on, except for E_NOTICE
# which can go fuck itself. we have some separate code for checking the
# one notice we do care about.
php_value error_reporting 2147483639
# Some basic pointers to php files
ErrorDocument 404 /404.php
ErrorDocument 403 /403.php
# Get mod_rewrite fired up
# Login stuff
RewriteRule ^signup/?$ signup.php [L]
RewriteRule ^signin/?$ signin.php [L]
RewriteRule ^signin/google/?$ signin_google_oauth2.php [L]
RewriteRule ^signin/twitter/?$ signin_twitter_oauth.php [L]
RewriteRule ^signout/?$ signout.php [L]
RewriteRule ^checkcookie/?$ checkcookie.php [L]
# Password retrieval stuff
RewriteRule ^forgot/?$ forgot.php [L]
RewriteRule ^reset/([a-zA-Z0-9]+)/?$ reset.php?reset=$1 [L,QSA]
# Account stuff
RewriteRule ^account/?$ account.php [L]
RewriteRule ^account/password/?$ account_password.php [L]
RewriteRule ^account/delete/?$ account_delete.php [L]
RewriteRule ^account/auth/google/?$ account_google_oauth2.php [L]
RewriteRule ^account/auth/twitter/?$ account_twitter_oauth.php [L]