fix: disable APP_DEBUG in production, fix .htaccess structure, add .gitignore cleanup

- Set APP_DEBUG=false in .env to prevent stack trace leakage
- Use strict comparison (===) for MD5 password migration check
- Fix duplicate rewrite rules and orphaned closing tag in .htaccess
- Remove leftover test files (cookies.txt, ci_test.txt, test-registration.php)
- Remove duplicate package-lock.json (using yarn only)
- Update .gitignore for above files

.gitignore

@@ -31,5 +31,12 @@ check-updates.sh
 /storage/debugbar/rr
 .rr.yaml
 
+# Lockfiles (kies 1 package manager)
+package-lock.json
+
+# Overgebleven test/temp bestanden
+ci_test.txt
+cookies.txt
+
 # GitHub workflows (pushen naar GitLab)
 !/.github/workflows/

app/Actions/Fortify/RedirectIfTwoFactorAuthenticatable.php

@@ -179,7 +179,7 @@ class RedirectIfTwoFactorAuthenticatable
 
     private function convertUserPassword(User $user, string $password): void
     {
-        if ($user->password == md5($password)) {
+        if ($user->password === md5($password)) {
             $user->update([
                 'password' => Hash::make($password),
             ]);

ci_test.txt

@@ -1 +0,0 @@
-Last pipeline test: 2026-05-23 17:11:24 UTC

cookies.txt

@@ -1,4 +0,0 @@
-# Netscape HTTP Cookie File
-# https://curl.se/docs/http-cookies.html
-# This file was generated by libcurl! Edit at your own risk.
-

public/.htaccess

@@ -44,20 +44,3 @@
 <IfModule mod_deflate.c>
     AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json application/xml
 </IfModule>
-
-    RewriteEngine On
-
-    # Handle Authorization Header
-    RewriteCond %{HTTP:Authorization} .
-    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-
-    # Redirect Trailing Slashes If Not A Folder...
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteCond %{REQUEST_URI} (.+)/$
-    RewriteRule ^ %1 [L,R=301]
-
-    # Send Requests To Front Controller...
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteCond %{REQUEST_FILENAME} !-f
-    RewriteRule ^ index.php [L]
-</IfModule>

test-registration.php

@@ -1,35 +0,0 @@
-<?php
-
-use App\Models\User;
-use Illuminate\Contracts\Console\Kernel;
-
-require __DIR__ . '/vendor/autoload.php';
-$app = require __DIR__ . '/bootstrap/app.php';
-$kernel = $app->make(Kernel::class);
-$kernel->bootstrap();
-
-try {
-    $user = User::create([
-        'username' => 'testreg123',
-        'mail' => 'testreg123@test.nl',
-        'password' => bcrypt('test123'),
-        'account_created' => time(),
-        'last_login' => time(),
-        'motto' => 'Test registration',
-        'look' => 'hr-100-61.hd-180-1.ch-210-66',
-        'auth_ticket' => '',
-        'home_room' => 0,
-        'ip_register' => '127.0.0.1',
-        'ip_current' => '127.0.0.1',
-    ]);
-
-    echo 'SUCCESS! User created with ID: ' . $user->id . "\n";
-    echo 'ip_register: ' . $user->ip_register . "\n";
-    echo 'ip_current: ' . $user->ip_current . "\n";
-
-    $user->delete();
-    echo "Test user deleted. All good!\n";
-} catch (Exception $e) {
-    echo 'ERROR: ' . $e->getMessage() . "\n";
-    echo 'File: ' . $e->getFile() . ' line ' . $e->getLine() . "\n";
-}