feat: extract MediaController, wire into Dispatcher, delete media.php

2026-05-06 11:09:18 +02:00 · 2026-04-17 11:44:08 +02:00
parent b03be51b92
commit 75f808bee4
157 changed files with 1713 additions and 452 deletions
--- a/app/public/admin/account.php
+++ b/app/public/admin/account.php
@@ -0,0 +1,108 @@
+<?php
+require_once __DIR__ . "/../../bootstrap.php";
+require_once __DIR__ . '/../../src/AdminAuth.php';
+AdminAuth::requireLogin();
+
+$pageTitle = "Compte administrateur";
+
+$hasPassword     = AdminAuth::hasPassword();
+
+// Flash messages are consumed by the flash-messages partial below.
+
+if (empty($_SESSION['csrf_token'])) {
+    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+}
+?>
+<?php $isAdmin = true; $bodyClass = 'admin-body'; require_once APP_ROOT . '/templates/head.php'; ?>
+    <?php include APP_ROOT . '/templates/header.php'; ?>
+
+<main id="main-content">
+    <h1>Compte administrateur</h1>
+
+
+
+    <!-- Status info -->
+    <dl class="admin-account-status">
+        <div class="admin-account-status__row">
+            <dt class="admin-account-status__label">Authentification PHP</dt>
+            <dd><?php $badgeType = 'ok'; $badgeValue = $hasPassword; $badgeOkLabel = 'Active'; $badgeWarnLabel = 'Non configurée'; include APP_ROOT . '/templates/partials/status-badge.php'; ?></dd>
+        </div>
+        <div class="admin-account-status__row">
+            <dt class="admin-account-status__label">Stockage</dt>
+            <dd>
+                <code class="admin-account-status__code">site_settings (DB)</code>
+                <?php $badgeType = 'ok'; $badgeValue = $hasPassword; $badgeOkLabel = 'Présent'; $badgeWarnLabel = 'Absent'; include APP_ROOT . '/templates/partials/status-badge.php'; ?>
+            </dd>
+        </div>
+        <?php if (!$hasPassword): ?>
+        <p class="admin-account-status__note">
+            Aucun mot de passe PHP configuré. Le formulaire ci-dessous stockera
+                un hash bcrypt dans la base de données.
+        </p>
+        <?php endif; ?>
+    </dl>
+
+    <!-- Password change form -->
+    <h2 class="admin-section-title"><?= $hasPassword ? 'Changer le mot de passe' : 'Définir le mot de passe' ?></h2>
+
+    <form method="post" action="/admin/actions/account.php" class="admin-form" autocomplete="off">
+        <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
+
+        <?php if ($hasPassword): ?>
+        <div>
+            <label for="current_password">Mot de passe actuel</label>
+            <div>
+                <input type="password" id="current_password"
+                       name="current_password" required autocomplete="current-password">
+            </div>
+        </div>
+        <?php endif; ?>
+
+        <div>
+            <label for="new_password">Nouveau mot de passe</label>
+            <div>
+                <input type="password" id="new_password"
+                       name="new_password" required autocomplete="new-password"
+                       minlength="12">
+                <small>Minimum 12 caractères.</small>
+            </div>
+        </div>
+
+        <div>
+            <label for="confirm_password">Confirmer le mot de passe</label>
+            <div>
+                <input type="password" id="confirm_password"
+                       name="confirm_password" required autocomplete="new-password">
+            </div>
+        </div>
+
+        <div class="admin-form-footer">
+            <button type="submit" class="admin-btn">
+                <?= $hasPassword ? 'Mettre à jour le mot de passe' : 'Définir le mot de passe' ?>
+            </button>
+        </div>
+    </form>
+
+    <?php if ($hasPassword): ?>
+    <!-- Danger zone: remove password -->
+    <h2 class="admin-section-title admin-section-title--danger">Zone de danger</h2>
+    <div class="admin-danger-zone">
+        <p class="admin-danger-zone__description">
+            <strong>Supprimer la configuration du mot de passe PHP</strong><br>
+            <small>
+                Supprime le hash de la base de données. L'accès admin
+                dépendra uniquement de l'authentification nginx Basic Auth si elle est configurée.
+            </small>
+        </p>
+        <form method="post" action="/admin/actions/account.php"
+              onsubmit="return confirm('Supprimer le mot de passe PHP ? L\'accès admin ne sera protégé que par nginx Basic Auth.')">
+            <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
+            <input type="hidden" name="action" value="remove_credentials">
+            <input type="hidden" name="current_password_remove" id="current_password_remove" value="">
+            <button type="submit" class="admin-btn admin-btn--danger">Supprimer</button>
+        </form>
+    </div>
+    <?php endif; ?>
+</main>
+
+<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>