Separate admin views from controllers — move HTML to templates/admin/

All admin pages refactored to thin controllers + pure view templates, mirroring
the public-page pattern:

Controllers (public/admin/*.php): auth, data loading, include template
Views (templates/admin/*.php): pure HTML/PHP output
Fragment partials (templates/admin/partials/): toast, system-log-panel, system-nginx-config-panel

Pages migrated: login, tags, contenus, contenus-edit, account, acces-etudiante,
thanks, add, edit, parametres, system, index

Fragment endpoints refactored: system-fragment.php, toast-fragment.php
Skipped (pure redirects): logout, logs, status, import

app/public/admin/account.php

@@ -5,104 +5,14 @@ AdminAuth::requireLogin();
 
 $pageTitle = "Compte administrateur";
 
-$hasPassword     = AdminAuth::hasPassword();
-
-// Flash messages are consumed by the flash-messages partial below.
+$hasPassword = AdminAuth::hasPassword();
 
 if (empty($_SESSION['csrf_token'])) {
     $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
 }
-?>
-<?php $isAdmin = true; $bodyClass = 'admin-body'; require_once APP_ROOT . '/templates/head.php'; ?>
-    <?php include APP_ROOT . '/templates/header.php'; ?>
 
-<main id="main-content">
-    <h1>Compte administrateur</h1>
-
-
-
-    <!-- Status info -->
-    <dl class="admin-account-status">
-        <div class="admin-account-status__row">
-            <dt class="admin-account-status__label">Authentification PHP</dt>
-            <dd><?php $badgeType = 'ok'; $badgeValue = $hasPassword; $badgeOkLabel = 'Active'; $badgeWarnLabel = 'Non configurée'; include APP_ROOT . '/templates/partials/status-badge.php'; ?></dd>
-        </div>
-        <div class="admin-account-status__row">
-            <dt class="admin-account-status__label">Stockage</dt>
-            <dd>
-                <code class="admin-account-status__code">site_settings (DB)</code>
-                <?php $badgeType = 'ok'; $badgeValue = $hasPassword; $badgeOkLabel = 'Présent'; $badgeWarnLabel = 'Absent'; include APP_ROOT . '/templates/partials/status-badge.php'; ?>
-            </dd>
-        </div>
-        <?php if (!$hasPassword): ?>
-        <p class="admin-account-status__note">
-            Aucun mot de passe PHP configuré. Le formulaire ci-dessous stockera
-                un hash bcrypt dans la base de données.
-        </p>
-        <?php endif; ?>
-    </dl>
-
-    <!-- Password change form -->
-    <h2 class="admin-section-title"><?= $hasPassword ? 'Changer le mot de passe' : 'Définir le mot de passe' ?></h2>
-
-    <form method="post" action="/admin/actions/account.php" class="admin-form" autocomplete="off">
-        <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
-
-        <?php if ($hasPassword): ?>
-        <div>
-            <label for="current_password">Mot de passe actuel</label>
-            <div>
-                <input type="password" id="current_password"
-                       name="current_password" required autocomplete="current-password">
-            </div>
-        </div>
-        <?php endif; ?>
-
-        <div>
-            <label for="new_password">Nouveau mot de passe</label>
-            <div>
-                <input type="password" id="new_password"
-                       name="new_password" required autocomplete="new-password"
-                       minlength="12">
-                <small>Minimum 12 caractères.</small>
-            </div>
-        </div>
-
-        <div>
-            <label for="confirm_password">Confirmer le mot de passe</label>
-            <div>
-                <input type="password" id="confirm_password"
-                       name="confirm_password" required autocomplete="new-password">
-            </div>
-        </div>
-
-        <div class="admin-form-footer">
-            <button type="submit" class="admin-btn">
-                <?= $hasPassword ? 'Mettre à jour le mot de passe' : 'Définir le mot de passe' ?>
-            </button>
-        </div>
-    </form>
-
-    <?php if ($hasPassword): ?>
-    <!-- Danger zone: remove password -->
-    <h2 class="admin-section-title admin-section-title--danger">Zone de danger</h2>
-    <div class="admin-danger-zone">
-        <p class="admin-danger-zone__description">
-            <strong>Supprimer la configuration du mot de passe PHP</strong><br>
-            <small>
-                Supprime le hash de la base de données. L'accès admin
-                dépendra uniquement de l'authentification nginx Basic Auth si elle est configurée.
-            </small>
-        </p>
-        <form method="post" action="/admin/actions/account.php"
-              onsubmit="return confirm('Supprimer le mot de passe PHP ? L\'accès admin ne sera protégé que par nginx Basic Auth.')">
-            <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
-            <input type="hidden" name="action" value="remove_credentials">
-            <input type="hidden" name="current_password_remove" id="current_password_remove" value="">
-            <button type="submit" class="admin-btn admin-btn--danger">Supprimer</button>
-        </form>
-    </div>
-    <?php endif; ?>
-</main>
-
-<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>
+$isAdmin = true; $bodyClass = 'admin-body';
+require_once APP_ROOT . '/templates/head.php';
+include APP_ROOT . '/templates/header.php';
+include APP_ROOT . '/templates/admin/account.php';
+require_once APP_ROOT . '/templates/admin/footer.php';