Fix admin CSS not loading and quirks mode issues

Fixed multiple issues in admin panel:

1. CSS path: modern-normalize.css → modern-normalize.min.css
   (File is actually named .min.css)

2. Icon path: assets/icon.svg → /assets/admin_favicon.svg
   (Was relative, now absolute; correct filename)

3. Navigation: /admin/list.php → /admin/
   (list.php was renamed to index.php)

4. Short PHP tags: <? → <?php
   (Better compatibility, some servers don't enable short_open_tag)

5. Quirks mode warning was due to CSS not loading, not DOCTYPE
   (DOCTYPE was already present)

Files modified:
- public/admin/inc/head.php (main fixes)
- public/admin/index.php (short tags)
- public/admin/add.php (short tags)
- public/admin/import.php (short tags)

Need to redeploy for production: just deploy

scripts/deploy-production.sh

@@ -0,0 +1,180 @@
+#!/bin/bash
+# Deploy production nginx configuration and fix permissions for Post-ERG
+
+set -e
+
+echo "🚀 Post-ERG Production Deployment"
+echo "=================================="
+echo ""
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+    echo -e "${RED}Error: This script must be run as root (use sudo)${NC}"
+    exit 1
+fi
+
+echo "📋 Step 1: Fixing file permissions..."
+echo "--------------------------------------"
+
+# Change group to posterg (www-data is member of this group)
+chown -R theophile:posterg /var/www/html/
+echo "✓ Changed group to posterg"
+
+# Set directory permissions (755 - readable/executable by everyone)
+find /var/www/html -type d -exec chmod 755 {} \;
+echo "✓ Set directory permissions to 755"
+
+# Set file permissions (640 - owner read/write, group read)
+find /var/www/html -type f -exec chmod 640 {} \;
+echo "✓ Set file permissions to 640"
+
+# Make upload directories writable by group (for www-data to write)
+if [ -d "/var/www/html/formulaire/data/theses" ]; then
+    chmod 775 /var/www/html/formulaire/data/theses
+    chmod 775 /var/www/html/formulaire/data/covers
+    echo "✓ Set upload directories to 775"
+fi
+
+# Protect database if it exists
+if [ -f "/var/www/html/database/posterg.db" ]; then
+    chmod 660 /var/www/html/database/posterg.db
+    chown www-data:posterg /var/www/html/database/posterg.db
+    echo "✓ Protected database file"
+fi
+
+echo ""
+echo "📋 Step 2: Checking prerequisites..."
+echo "--------------------------------------"
+
+# Check if htpasswd is available
+if ! command -v htpasswd &>/dev/null; then
+    echo -e "${YELLOW}⚠️  htpasswd not found, installing apache2-utils...${NC}"
+    apt-get update -qq
+    apt-get install -y apache2-utils
+    echo -e "${GREEN}✓ apache2-utils installed${NC}"
+fi
+
+# Check if htpasswd file exists
+if [ ! -f "/etc/nginx/.htpasswd-posterg" ]; then
+    echo -e "${YELLOW}⚠️  Warning: /etc/nginx/.htpasswd-posterg not found${NC}"
+    echo "   Creating it now..."
+    echo ""
+    echo "Please enter admin username:"
+    read -r ADMIN_USER
+    htpasswd -c /etc/nginx/.htpasswd-posterg "$ADMIN_USER"
+    echo -e "${GREEN}✓ Password file created${NC}"
+    echo ""
+else
+    echo "✓ Password file exists"
+fi
+
+# Check if config file was uploaded
+if [ ! -f "/tmp/posterg.conf" ]; then
+    echo -e "${RED}✗ Error: /tmp/posterg.conf not found${NC}"
+    echo "Please upload it first: rsync -vur ./nginx/posterg-production.conf posterg:/tmp/posterg.conf"
+    exit 1
+fi
+
+echo ""
+echo "📋 Step 3: Installing nginx configuration..."
+echo "--------------------------------------"
+
+# Backup existing config if it exists
+if [ -f "/etc/nginx/sites-available/posterg" ]; then
+    cp /etc/nginx/sites-available/posterg /etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S)
+    echo "✓ Backed up existing config"
+fi
+
+# Copy new configuration
+cp /tmp/posterg.conf /etc/nginx/sites-available/posterg
+echo "✓ Installed configuration to /etc/nginx/sites-available/posterg"
+
+# Create symlink
+if [ ! -L "/etc/nginx/sites-enabled/posterg" ]; then
+    ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/posterg
+    echo "✓ Created symlink in sites-enabled"
+else
+    echo "✓ Symlink already exists"
+fi
+
+# Remove default site
+if [ -L "/etc/nginx/sites-enabled/default" ]; then
+    rm /etc/nginx/sites-enabled/default
+    echo "✓ Disabled default site"
+fi
+
+echo ""
+echo "📋 Step 4: Testing nginx configuration..."
+echo "--------------------------------------"
+
+if nginx -t; then
+    echo -e "${GREEN}✓ Nginx configuration is valid${NC}"
+else
+    echo -e "${RED}✗ Nginx configuration has errors!${NC}"
+    echo "Restoring backup..."
+    if ls /etc/nginx/sites-available/posterg.backup* 1>/dev/null 2>&1; then
+        BACKUP=$(ls -t /etc/nginx/sites-available/posterg.backup* | head -1)
+        cp "$BACKUP" /etc/nginx/sites-available/posterg
+        echo "Configuration restored from backup"
+    fi
+    exit 1
+fi
+
+echo ""
+echo "📋 Step 5: Reloading nginx..."
+echo "--------------------------------------"
+
+if systemctl reload nginx; then
+    echo -e "${GREEN}✓ Nginx reloaded successfully${NC}"
+else
+    echo -e "${RED}✗ Failed to reload nginx${NC}"
+    exit 1
+fi
+
+echo ""
+echo "📋 Step 6: Verifying services..."
+echo "--------------------------------------"
+
+# Check PHP-FPM
+if systemctl is-active --quiet php8.4-fpm; then
+    echo -e "${GREEN}✓ PHP 8.4-FPM is running${NC}"
+else
+    echo -e "${YELLOW}⚠️  PHP-FPM is not running, starting it...${NC}"
+    systemctl start php8.4-fpm
+    systemctl enable php8.4-fpm
+    echo -e "${GREEN}✓ PHP-FPM started${NC}"
+fi
+
+# Check nginx
+if systemctl is-active --quiet nginx; then
+    echo -e "${GREEN}✓ Nginx is running${NC}"
+else
+    echo -e "${RED}✗ Nginx is not running!${NC}"
+    exit 1
+fi
+
+echo ""
+echo "═══════════════════════════════════════"
+echo -e "${GREEN}✅ Deployment Complete!${NC}"
+echo "═══════════════════════════════════════"
+echo ""
+echo "🧪 Quick Tests:"
+echo "  • Test public site:  curl -I http://localhost/"
+echo "  • Test admin panel:  curl -I http://localhost/formulaire/"
+echo "  • Test PHP:          curl http://localhost/index.php"
+echo ""
+echo "📊 View logs:"
+echo "  • Access log:  tail -f /var/log/nginx/posterg_access.log"
+echo "  • Error log:   tail -f /var/log/nginx/posterg_error.log"
+echo ""
+echo "🔒 Security Checks:"
+echo "  • Database blocked:  curl -I http://localhost/database/posterg.db"
+echo "  • MD files blocked:  curl -I http://localhost/README.md"
+echo "  • Shared blocked:    curl -I http://localhost/shared/Database.php"
+echo ""

scripts/install-php-sqlite.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+# Install PHP SQLite extension
+
+echo "🔧 Installing PHP SQLite extension..."
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: This script must be run as root (use sudo)"
+    exit 1
+fi
+
+# Detect PHP version
+PHP_VERSION=$(php -r "echo PHP_MAJOR_VERSION.'.'.PHP_MINOR_VERSION;")
+echo "Detected PHP version: $PHP_VERSION"
+
+# Install SQLite extension
+echo "Installing php${PHP_VERSION}-sqlite3..."
+apt-get update -qq
+apt-get install -y php${PHP_VERSION}-sqlite3
+
+# Restart PHP-FPM
+echo "Restarting PHP-FPM..."
+systemctl restart php${PHP_VERSION}-fpm
+
+# Verify installation
+if php -m | grep -q sqlite3; then
+    echo "✅ SQLite extension installed successfully"
+    echo ""
+    echo "Installed extensions:"
+    php -m | grep -i sqlite
+else
+    echo "❌ Failed to install SQLite extension"
+    exit 1
+fi

scripts/manage-admin-user.sh

@@ -0,0 +1,199 @@
+#!/bin/bash
+# Manage admin users for Post-ERG nginx basic authentication
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+PASSWORD_FILE="/etc/nginx/.htpasswd-posterg"
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+    echo -e "${RED}Error: This script must be run as root (use sudo)${NC}"
+    exit 1
+fi
+
+# Check if htpasswd is available
+if ! command -v htpasswd &>/dev/null; then
+    echo -e "${YELLOW}Installing apache2-utils...${NC}"
+    apt-get update -qq
+    apt-get install -y apache2-utils
+fi
+
+show_menu() {
+    echo ""
+    echo -e "${BLUE}════════════════════════════════════════${NC}"
+    echo -e "${BLUE}  Post-ERG Admin User Management${NC}"
+    echo -e "${BLUE}════════════════════════════════════════${NC}"
+    echo ""
+    echo "1. List all users"
+    echo "2. Add new user"
+    echo "3. Change user password"
+    echo "4. Delete user"
+    echo "5. Reset all (create new password file)"
+    echo "6. Exit"
+    echo ""
+    echo -n "Choose an option [1-6]: "
+}
+
+list_users() {
+    echo ""
+    if [ ! -f "$PASSWORD_FILE" ]; then
+        echo -e "${YELLOW}No password file found.${NC}"
+        return
+    fi
+
+    echo -e "${GREEN}Current admin users:${NC}"
+    echo "────────────────────────"
+    cut -d: -f1 "$PASSWORD_FILE" | nl
+    echo ""
+}
+
+add_user() {
+    echo ""
+    echo -n "Enter new username: "
+    read -r USERNAME
+
+    if [ -z "$USERNAME" ]; then
+        echo -e "${RED}Username cannot be empty${NC}"
+        return
+    fi
+
+    # Check if user already exists
+    if [ -f "$PASSWORD_FILE" ] && grep -q "^${USERNAME}:" "$PASSWORD_FILE"; then
+        echo -e "${YELLOW}User '$USERNAME' already exists. Use option 3 to change password.${NC}"
+        return
+    fi
+
+    # Add user (use -c only if file doesn't exist)
+    if [ ! -f "$PASSWORD_FILE" ]; then
+        htpasswd -c "$PASSWORD_FILE" "$USERNAME"
+    else
+        htpasswd "$PASSWORD_FILE" "$USERNAME"
+    fi
+
+    echo -e "${GREEN}✓ User '$USERNAME' added successfully${NC}"
+}
+
+change_password() {
+    list_users
+    echo -n "Enter username to change password: "
+    read -r USERNAME
+
+    if [ -z "$USERNAME" ]; then
+        echo -e "${RED}Username cannot be empty${NC}"
+        return
+    fi
+
+    if [ ! -f "$PASSWORD_FILE" ]; then
+        echo -e "${RED}Password file not found${NC}"
+        return
+    fi
+
+    if ! grep -q "^${USERNAME}:" "$PASSWORD_FILE"; then
+        echo -e "${RED}User '$USERNAME' not found${NC}"
+        return
+    fi
+
+    htpasswd "$PASSWORD_FILE" "$USERNAME"
+    echo -e "${GREEN}✓ Password changed for user '$USERNAME'${NC}"
+}
+
+delete_user() {
+    list_users
+    echo -n "Enter username to delete: "
+    read -r USERNAME
+
+    if [ -z "$USERNAME" ]; then
+        echo -e "${RED}Username cannot be empty${NC}"
+        return
+    fi
+
+    if [ ! -f "$PASSWORD_FILE" ]; then
+        echo -e "${RED}Password file not found${NC}"
+        return
+    fi
+
+    if ! grep -q "^${USERNAME}:" "$PASSWORD_FILE"; then
+        echo -e "${RED}User '$USERNAME' not found${NC}"
+        return
+    fi
+
+    echo -n "Are you sure you want to delete user '$USERNAME'? [y/N] "
+    read -r CONFIRM
+
+    if [ "$CONFIRM" = "y" ] || [ "$CONFIRM" = "Y" ]; then
+        htpasswd -D "$PASSWORD_FILE" "$USERNAME"
+        echo -e "${GREEN}✓ User '$USERNAME' deleted${NC}"
+    else
+        echo "Cancelled"
+    fi
+}
+
+reset_all() {
+    echo ""
+    echo -e "${YELLOW}WARNING: This will delete ALL existing users!${NC}"
+    echo -n "Are you sure? [y/N] "
+    read -r CONFIRM
+
+    if [ "$CONFIRM" != "y" ] && [ "$CONFIRM" != "Y" ]; then
+        echo "Cancelled"
+        return
+    fi
+
+    # Backup existing file
+    if [ -f "$PASSWORD_FILE" ]; then
+        BACKUP="${PASSWORD_FILE}.backup.$(date +%Y%m%d_%H%M%S)"
+        cp "$PASSWORD_FILE" "$BACKUP"
+        echo -e "${GREEN}✓ Backed up to: $BACKUP${NC}"
+    fi
+
+    echo ""
+    echo -n "Enter new username: "
+    read -r USERNAME
+
+    if [ -z "$USERNAME" ]; then
+        echo -e "${RED}Username cannot be empty${NC}"
+        return
+    fi
+
+    htpasswd -c "$PASSWORD_FILE" "$USERNAME"
+    echo -e "${GREEN}✓ Password file reset with user '$USERNAME'${NC}"
+}
+
+# Main loop
+while true; do
+    show_menu
+    read -r CHOICE
+
+    case $CHOICE in
+    1)
+        list_users
+        ;;
+    2)
+        add_user
+        ;;
+    3)
+        change_password
+        ;;
+    4)
+        delete_user
+        ;;
+    5)
+        reset_all
+        ;;
+    6)
+        echo ""
+        echo "Goodbye!"
+        exit 0
+        ;;
+    *)
+        echo -e "${RED}Invalid option${NC}"
+        ;;
+    esac
+done