PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

admin/parametres: cleanup page — remove card syntax, use semantic HTML (checkboxes/fieldsets), move delete-all-TFE danger zone into maintenance

Browse Source
This commit is contained in:
Pontoporeia
2026-04-15 13:28:14 +02:00
parent fd4fb5ce4a
commit 0eb2e310f4
6 changed files with 563 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
public/admin/parametres.php
View File

@@ -12,6 +12,7 @@ $maintenanceOn = file_exists(APP_ROOT . '/storage/maintenance.flag');
require_once APP_ROOT . '/src/Database.php';
$db = new Database();
$siteSettings = $db->getAllSettings();
$stats = $db->getThesesStats();
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
@@ -26,179 +27,174 @@ if (empty($_SESSION['csrf_token'])) {
<?php include APP_ROOT . '/templates/partials/flash-messages.php'; ?>
<!-- ══════════════════════════════════════════════════════════════
SECTION 1 — Maintenance
MAINTENANCE
══════════════════════════════════════════════════════════════ -->
<section class="admin-settings-section" aria-labelledby="settings-maintenance-title">
<h2 class="admin-settings-section__title" id="settings-maintenance-title">Maintenance</h2>
<section aria-labelledby="settings-maintenance-title">
<h2 id="settings-maintenance-title">Maintenance</h2>
<div class="admin-maintenance-status <?= $maintenanceOn ? 'admin-maintenance-status--active' : '' ?>">
<div class="param-maintenance-row">
<?php if ($maintenanceOn): ?>
<p class="admin-maintenance-status__msg">
<p>
<strong>⚠ Mode maintenance activé</strong> — le site public est inaccessible.
</p>
<form method="post" action="actions/maintenance.php">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="disable_maintenance">
<input type="hidden" name="redirect" value="/admin/parametres.php">
<button type="submit" class="admin-btn admin-btn--sm">Désactiver la maintenance</button>
<button type="submit">Désactiver la maintenance</button>
</form>
<?php else: ?>
<p class="admin-maintenance-status__msg">
Site public : <strong>en ligne</strong>
</p>
<p>Site public : <strong>en ligne</strong></p>
<form method="post" action="actions/maintenance.php">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="enable_maintenance">
<input type="hidden" name="redirect" value="/admin/parametres.php">
<button type="submit" class="admin-btn admin-btn--sm admin-btn--warning"
<button type="submit" class="param-btn-warning"
onclick="return confirm('Mettre le site en maintenance ? Les visiteurs verront une page 503.')">
Activer la maintenance
</button>
</form>
<?php endif; ?>
</div>
<!-- Danger zone: delete all TFE → now inside maintenance -->
<fieldset class="param-danger-zone">
<legend>Supprimer tous les TFE</legend>
<p>
Supprime définitivement tous les TFE de la base de données, y compris auteurs,
promoteurs, tags, fichiers associés. Cette action est <strong>irréversible</strong>.
</p>
<form method="post" action="actions/delete.php"
onsubmit="return confirm('⚠ Supprimer définitivement TOUS les TFE ? Cette action est IRRÉVERSIBLE.')">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="delete_all" value="1">
<button type="submit" class="param-btn-danger">Supprimer tous les TFE (<?= $stats['total'] ?? '?' ?>)</button>
</form>
</fieldset>
</section>
<!-- ══════════════════════════════════════════════════════════════
SECTION 2 — Formulaire
FORMULAIRE
══════════════════════════════════════════════════════════════ -->
<section class="admin-settings-section" aria-labelledby="settings-formulaire-title">
<h2 class="admin-settings-section__title" id="settings-formulaire-title">Formulaire</h2>
<section aria-labelledby="settings-formulaire-title">
<h2 id="settings-formulaire-title">Formulaire</h2>
<p>Options de visibilité disponibles dans le formulaire d'ajout de TFE.</p>
<p><small>L'option <strong>Libre</strong> ne sera activée qu'à partir de l'année académique prochaine.</small></p>
<p class="param-note">L'option <strong>Libre</strong> ne sera activée qu'à partir de l'année académique prochaine.</p>
<form method="post" action="actions/settings.php" class="admin-form">
<form method="post" action="actions/settings.php" class="param-form">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="section" value="formulaire">
<div class="admin-settings-toggles">
<label class="admin-toggle-row">
<span class="admin-toggle-label">
<strong>Interdit</strong>
<fieldset>
<legend>Types d'accès</legend>
<label class="param-checkbox">
<input type="checkbox" name="access_type_interdit_enabled" value="1"
<?= ($siteSettings['access_type_interdit_enabled'] ?? '1') === '1' ? 'checked' : '' ?>>
<span>
<strong>Interdit</strong><br>
<small>TFE non disponible en physique ni sur le site</small>
</span>
<input type="checkbox" name="access_type_interdit_enabled" value="1"
class="admin-toggle"
<?= ($siteSettings['access_type_interdit_enabled'] ?? '1') === '1' ? 'checked' : '' ?>>
</label>
<label class="admin-toggle-row">
<span class="admin-toggle-label">
<strong>Interne</strong>
<label class="param-checkbox">
<input type="checkbox" name="access_type_interne_enabled" value="1"
<?= ($siteSettings['access_type_interne_enabled'] ?? '1') === '1' ? 'checked' : '' ?>>
<span>
<strong>Interne</strong><br>
<small>TFE accessible uniquement sur place en physique</small>
</span>
<input type="checkbox" name="access_type_interne_enabled" value="1"
class="admin-toggle"
<?= ($siteSettings['access_type_interne_enabled'] ?? '1') === '1' ? 'checked' : '' ?>>
</label>
<label class="admin-toggle-row admin-toggle-row--disabled">
<span class="admin-toggle-label">
<strong>Libre</strong>
<label class="param-checkbox param-checkbox--disabled">
<input type="checkbox" name="access_type_libre_enabled" value="1"
<?= ($siteSettings['access_type_libre_enabled'] ?? '0') === '1' ? 'checked' : '' ?>>
<span>
<strong>Libre</strong><br>
<small>Libre accès — disponible à partir de l'année académique prochaine</small>
</span>
<input type="checkbox" name="access_type_libre_enabled" value="1"
class="admin-toggle"
<?= ($siteSettings['access_type_libre_enabled'] ?? '0') === '1' ? 'checked' : '' ?>>
</label>
</div>
</fieldset>
<div class="admin-form-footer">
<button type="submit" class="admin-btn">Enregistrer</button>
</div>
<button type="submit">Enregistrer</button>
</form>
</section>
<!-- ══════════════════════════════════════════════════════════════
SECTION 3 — Compte administrateur
COMPTE ADMINISTRATEUR
══════════════════════════════════════════════════════════════ -->
<section class="admin-settings-section" aria-labelledby="settings-account-title">
<h2 class="admin-settings-section__title" id="settings-account-title">Compte administrateur</h2>
<section aria-labelledby="settings-account-title">
<h2 id="settings-account-title">Compte administrateur</h2>
<!-- Status info -->
<dl class="admin-account-status">
<div class="admin-account-status__row">
<dt class="admin-account-status__label">Authentification PHP</dt>
<dl class="param-account-status">
<div>
<dt>Authentification PHP</dt>
<dd><?php $badgeType = 'ok'; $badgeValue = $hasPassword; $badgeOkLabel = 'Active'; $badgeWarnLabel = 'Non configurée'; include APP_ROOT . '/templates/partials/status-badge.php'; ?></dd>
</div>
<div class="admin-account-status__row">
<dt class="admin-account-status__label">Fichier de configuration</dt>
<div>
<dt>Fichier de configuration</dt>
<dd>
<code class="admin-account-status__code">config/admin_credentials.php</code>
<code>config/admin_credentials.php</code>
<?php $badgeType = 'ok'; $badgeValue = file_exists($credentialsFile); $badgeOkLabel = 'Présent'; $badgeWarnLabel = 'Absent'; include APP_ROOT . '/templates/partials/status-badge.php'; ?>
</dd>
</div>
<?php if (!$hasPassword): ?>
<p class="admin-account-status__note">
Aucun mot de passe PHP configuré. Le formulaire ci-dessous créera
<code>config/admin_credentials.php</code> avec un hash bcrypt.
</p>
<?php endif; ?>
</dl>
<!-- Password change form -->
<h3 class="admin-section-title"><?= $hasPassword ? 'Changer le mot de passe' : 'Définir le mot de passe' ?></h3>
<?php if (!$hasPassword): ?>
<p class="param-note">
Aucun mot de passe PHP configuré. Le formulaire ci-dessous créera
<code>config/admin_credentials.php</code> avec un hash bcrypt.
</p>
<?php endif; ?>
<form method="post" action="/admin/actions/account.php" class="admin-form" autocomplete="off">
<form method="post" action="/admin/actions/account.php" class="param-form" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="redirect" value="/admin/parametres.php">
<?php if ($hasPassword): ?>
<div>
<label for="current_password">Mot de passe actuel</label>
<div>
<input type="password" id="current_password"
name="current_password" required autocomplete="current-password">
</div>
<input type="password" id="current_password"
name="current_password" required autocomplete="current-password">
</div>
<?php endif; ?>
<div>
<label for="new_password">Nouveau mot de passe</label>
<div>
<input type="password" id="new_password"
name="new_password" required autocomplete="new-password"
minlength="12">
<small>Minimum 12 caractères.</small>
</div>
<input type="password" id="new_password"
name="new_password" required autocomplete="new-password"
minlength="12">
<small>Minimum 12 caractères.</small>
</div>
<div>
<label for="confirm_password">Confirmer le mot de passe</label>
<div>
<input type="password" id="confirm_password"
name="confirm_password" required autocomplete="new-password">
</div>
<input type="password" id="confirm_password"
name="confirm_password" required autocomplete="new-password">
</div>
<div class="admin-form-footer">
<button type="submit" class="admin-btn">
<?= $hasPassword ? 'Mettre à jour le mot de passe' : 'Définir le mot de passe' ?>
</button>
</div>
<button type="submit">
<?= $hasPassword ? 'Mettre à jour le mot de passe' : 'Définir le mot de passe' ?>
</button>
</form>
<!-- Danger zone: remove credentials -->
<?php if ($hasPassword): ?>
<!-- Danger zone: remove password -->
<h3 class="admin-section-title admin-section-title--danger">Zone de danger</h3>
<div class="admin-danger-zone">
<p class="admin-danger-zone__description">
<strong>Supprimer la configuration du mot de passe PHP</strong><br>
<small>
Supprime <code>config/admin_credentials.php</code>. L'accès admin
dépendra uniquement de l'authentification nginx Basic Auth si elle est configurée.
</small>
<fieldset class="param-danger-zone">
<legend>Supprimer la configuration du mot de passe PHP</legend>
<p>
Supprime <code>config/admin_credentials.php</code>. L'accès admin
dépendra uniquement de l'authentification nginx Basic Auth si elle est configurée.
</p>
<form method="post" action="/admin/actions/account.php"
onsubmit="return confirm('Supprimer le fichier de mot de passe PHP ? L\'accès admin ne sera protégé que par nginx Basic Auth.')">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="remove_credentials">
<input type="hidden" name="redirect" value="/admin/parametres.php">
<input type="hidden" name="current_password_remove" id="current_password_remove" value="">
<button type="submit" class="admin-btn admin-btn--danger">Supprimer le fichier</button>
<input type="hidden" name="current_password_remove" value="">
<button type="submit" class="param-btn-danger">Supprimer le fichier</button>
</form>
</div>
</fieldset>
<?php endif; ?>
</section>
</main>