mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
refactor: extract edit.php POST handler to actions/edit.php
edit.php was a 530-line file mixing form display, POST handling, file
uploads, and reference-data loading. This refactor splits it along the
same action-file pattern already used by formulaire.php, tag.php, and
page.php.
Changes:
- public/admin/actions/edit.php (new): standalone POST handler; auth
guard, CSRF check, transaction, redirect with session flash messages
- public/admin/edit.php: display-only; reads edit_success/edit_error
flash keys from session; form action points to actions/edit.php via
a hidden thesis_id field instead of a query-string self-post
- src/Database.php: four new methods to remove all raw PDO from both
files:
- updateThesis(int, array): void — UPDATE theses core fields
- setThesisAuthors(int, array): void — delete-then-reinsert authors
- getThesisLanguageIds(int): array — SELECT language_id for form
- getThesisFormatIds(int): array — SELECT format_id for form
This commit is contained in:
Pontoporeia
@@ -14,167 +14,41 @@ if (empty($_SESSION['csrf_token'])) {
|
||||
require_once __DIR__ . '/../../src/Database.php';
|
||||
|
||||
$thesisId = isset($_GET['id']) ? intval($_GET['id']) : 0;
|
||||
$error = null;
|
||||
$success = null;
|
||||
|
||||
if ($thesisId <= 0) {
|
||||
die("ID invalide");
|
||||
}
|
||||
|
||||
// Consume flash messages from the edit action
|
||||
$error = $_SESSION['edit_error'] ?? null;
|
||||
$success = $_SESSION['edit_success'] ?? null;
|
||||
unset($_SESSION['edit_error'], $_SESSION['edit_success']);
|
||||
|
||||
try {
|
||||
$db = new Database();
|
||||
$pdo = $db->getPDO();
|
||||
|
||||
// Handle form submission
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['csrf_token'])) {
|
||||
// Verify CSRF token
|
||||
if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
||||
throw new Exception("Erreur de sécurité : token invalide.");
|
||||
}
|
||||
|
||||
try {
|
||||
$db->beginTransaction();
|
||||
|
||||
// Update thesis basic info
|
||||
$editLicenseId = filter_var($_POST['license_id'] ?? '', FILTER_VALIDATE_INT) ?: null;
|
||||
$editAccessTypeId = filter_var($_POST['access_type_id'] ?? '', FILTER_VALIDATE_INT) ?: null;
|
||||
$editContextNote = trim($_POST['context_note'] ?? '');
|
||||
|
||||
$stmt = $pdo->prepare("
|
||||
UPDATE theses SET
|
||||
title = ?,
|
||||
subtitle = ?,
|
||||
year = ?,
|
||||
orientation_id = ?,
|
||||
ap_program_id = ?,
|
||||
finality_id = ?,
|
||||
synopsis = ?,
|
||||
context_note = ?,
|
||||
file_size_info = ?,
|
||||
baiu_link = ?,
|
||||
license_id = ?,
|
||||
access_type_id = ?,
|
||||
is_published = ?,
|
||||
updated_at = CURRENT_TIMESTAMP
|
||||
WHERE id = ?
|
||||
");
|
||||
|
||||
$stmt->execute([
|
||||
trim($_POST['titre']),
|
||||
!empty($_POST['subtitle']) ? trim($_POST['subtitle']) : null,
|
||||
intval($_POST['année']),
|
||||
intval($_POST['orientation']),
|
||||
intval($_POST['ap']),
|
||||
intval($_POST['finality']),
|
||||
trim($_POST['synopsis']),
|
||||
!empty($editContextNote) ? $editContextNote : null,
|
||||
!empty($_POST['duration_info']) ? trim($_POST['duration_info']) : null,
|
||||
!empty($_POST['lien']) ? trim($_POST['lien']) : null,
|
||||
$editLicenseId,
|
||||
$editAccessTypeId,
|
||||
isset($_POST['is_published']) ? 1 : 0,
|
||||
$thesisId
|
||||
]);
|
||||
|
||||
// Update authors
|
||||
$pdo->prepare("DELETE FROM thesis_authors WHERE thesis_id = ?")->execute([$thesisId]);
|
||||
$authorsRaw = trim($_POST['auteurice'] ?? '');
|
||||
if (!empty($authorsRaw)) {
|
||||
$authors = array_map('trim', explode(',', $authorsRaw));
|
||||
foreach ($authors as $index => $authorName) {
|
||||
if (!empty($authorName)) {
|
||||
$authorId = $db->findOrCreateAuthor($authorName, $index === 0 ? ($_POST['mail'] ?? null) : null);
|
||||
$stmt = $pdo->prepare("INSERT INTO thesis_authors (thesis_id, author_id, author_order) VALUES (?, ?, ?)");
|
||||
$stmt->execute([$thesisId, $authorId, $index + 1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Update jury
|
||||
$editJuryMembers = [];
|
||||
if (!empty(trim($_POST['jury_president'] ?? ''))) {
|
||||
$editJuryMembers[] = ['name' => trim($_POST['jury_president']), 'role' => 'president', 'is_external' => 0];
|
||||
}
|
||||
if (!empty(trim($_POST['jury_promoteur'] ?? ''))) {
|
||||
$editJuryMembers[] = ['name' => trim($_POST['jury_promoteur']), 'role' => 'promoteur',
|
||||
'is_external' => isset($_POST['jury_promoteur_ext']) ? 1 : 0];
|
||||
}
|
||||
foreach ($_POST['jury_lecteurs'] ?? [] as $i => $name) {
|
||||
$name = trim($name);
|
||||
if ($name !== '') {
|
||||
$editJuryMembers[] = ['name' => $name, 'role' => 'lecteur',
|
||||
'is_external' => isset($_POST['jury_lecteurs_ext'][$i]) ? 1 : 0];
|
||||
}
|
||||
}
|
||||
$db->setThesisJury($thesisId, $editJuryMembers);
|
||||
|
||||
// Update languages
|
||||
$db->setThesisLanguages($thesisId, isset($_POST['languages']) && is_array($_POST['languages']) ? $_POST['languages'] : []);
|
||||
|
||||
// Update formats
|
||||
$db->setThesisFormats($thesisId, isset($_POST['formats']) && is_array($_POST['formats']) ? $_POST['formats'] : []);
|
||||
|
||||
// Update tags
|
||||
$keywordsRaw = trim($_POST['tag'] ?? '');
|
||||
$editKeywords = !empty($keywordsRaw) ? array_map('trim', explode(',', $keywordsRaw)) : [];
|
||||
$db->setThesisTags($thesisId, $editKeywords);
|
||||
|
||||
$db->commit();
|
||||
|
||||
// Handle banner upload/removal (after commit, outside transaction)
|
||||
if (isset($_POST['remove_banner'])) {
|
||||
$currentBannerPath = $db->getThesisBannerPath($thesisId);
|
||||
if ($currentBannerPath && defined('STORAGE_ROOT')) {
|
||||
$absPath = STORAGE_ROOT . '/' . $currentBannerPath;
|
||||
if (file_exists($absPath)) unlink($absPath);
|
||||
}
|
||||
$db->setBannerPath($thesisId, null);
|
||||
} else {
|
||||
$db->handleBannerUpload($thesisId, $_FILES['banner'] ?? null);
|
||||
}
|
||||
|
||||
$success = "TFE mis à jour avec succès!";
|
||||
|
||||
// Regenerate CSRF token
|
||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
||||
|
||||
} catch (Exception $e) {
|
||||
$db->rollback();
|
||||
$error = $e->getMessage();
|
||||
error_log("Edit error: " . $e->getMessage());
|
||||
}
|
||||
}
|
||||
$db = new Database();
|
||||
|
||||
// Load thesis data
|
||||
$thesis = $db->getThesis($thesisId);
|
||||
|
||||
if (!$thesis) {
|
||||
die("TFE non trouvé");
|
||||
}
|
||||
|
||||
// Load current relationships
|
||||
$stmt = $pdo->prepare("SELECT language_id FROM thesis_languages WHERE thesis_id = ?");
|
||||
$stmt->execute([$thesisId]);
|
||||
$currentLanguages = $stmt->fetchAll(PDO::FETCH_COLUMN);
|
||||
// Load current relationships via dedicated DB methods (no raw PDO)
|
||||
$currentLanguages = $db->getThesisLanguageIds($thesisId);
|
||||
$currentFormats = $db->getThesisFormatIds($thesisId);
|
||||
$jury = $db->getThesisJury($thesisId);
|
||||
|
||||
$stmt = $pdo->prepare("SELECT format_id FROM thesis_formats WHERE thesis_id = ?");
|
||||
$stmt->execute([$thesisId]);
|
||||
$currentFormats = $stmt->fetchAll(PDO::FETCH_COLUMN);
|
||||
|
||||
// Load jury
|
||||
$jury = $db->getThesisJury($thesisId);
|
||||
|
||||
// Load reference data
|
||||
$orientations = $db->getAllOrientations();
|
||||
$apPrograms = $db->getAllAPPrograms();
|
||||
// Reference / lookup data
|
||||
$orientations = $db->getAllOrientations();
|
||||
$apPrograms = $db->getAllAPPrograms();
|
||||
$finalityTypes = $db->getAllFinalityTypes();
|
||||
$languages = $db->getAllLanguages();
|
||||
$formatTypes = $db->getAllFormatTypes();
|
||||
$licenseTypes = $db->getAllLicenseTypes();
|
||||
$accessTypes = $db->getAccessTypes();
|
||||
$languages = $db->getAllLanguages();
|
||||
$formatTypes = $db->getAllFormatTypes();
|
||||
$licenseTypes = $db->getAllLicenseTypes();
|
||||
$accessTypes = $db->getAccessTypes();
|
||||
|
||||
// Fetch raw FK IDs (view only exposes name strings)
|
||||
$rawRow = $db->getThesisRawFields($thesisId);
|
||||
$rawRow = $db->getThesisRawFields($thesisId);
|
||||
$currentLicenseId = $rawRow['license_id'] ?? null;
|
||||
$currentAccessTypeId = $rawRow['access_type_id'] ?? null;
|
||||
$currentContextNote = $rawRow['context_note'] ?? '';
|
||||
@@ -199,8 +73,9 @@ try {
|
||||
<div class="admin-alert admin-alert--success">✓ <?= htmlspecialchars($success) ?></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<form method="post" action="edit.php?id=<?= $thesisId ?>" class="admin-form" enctype="multipart/form-data">
|
||||
<form method="post" action="/admin/actions/edit.php" class="admin-form" enctype="multipart/form-data">
|
||||
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
||||
<input type="hidden" name="thesis_id" value="<?= $thesisId ?>">
|
||||
|
||||
<div class="admin-form-row">
|
||||
<label class="admin-label" for="auteurice">Auteur·ice(s) :</label>
|
||||
@@ -257,11 +132,10 @@ try {
|
||||
|
||||
<!-- Composition du jury -->
|
||||
<?php
|
||||
// Pre-split jury by role for easy pre-population
|
||||
$juryPresident = null;
|
||||
$juryPromoteur = null;
|
||||
$juryPresident = null;
|
||||
$juryPromoteur = null;
|
||||
$juryPromoteurExt = 0;
|
||||
$juryLecteurs = [];
|
||||
$juryLecteurs = [];
|
||||
foreach ($jury as $jm) {
|
||||
if ($jm['role'] === 'president') {
|
||||
$juryPresident = $jm['name'];
|
||||
|
||||
Reference in New Issue
Block a user