feat: extract MediaController, wire into Dispatcher, delete media.php

app/public/admin/actions/settings.php

@@ -0,0 +1,49 @@
+<?php
+require_once __DIR__ . '/../../../bootstrap.php';
+require_once __DIR__ . '/../../../src/AdminAuth.php';
+AdminAuth::requireLogin();
+
+if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
+    || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
+    App::flash('error', "Erreur de sécurité : token invalide.");
+    header('Location: /admin/parametres.php');
+    exit;
+}
+
+require_once APP_ROOT . '/src/Database.php';
+require_once APP_ROOT . '/src/SmtpRelay.php';
+$db = new Database();
+
+$section = $_POST['section'] ?? '';
+
+if ($section === 'formulaire') {
+    // Save access-type toggle settings
+    $allowed = ['access_type_libre_enabled', 'access_type_interne_enabled', 'access_type_interdit_enabled'];
+    foreach ($allowed as $key) {
+        $value = isset($_POST[$key]) ? '1' : '0';
+        $db->setSetting($key, $value);
+    }
+    App::flash('success', "Paramètres du formulaire mis à jour.");
+} elseif ($section === 'smtp') {
+    $smtpData = [
+        'host'       => $_POST['smtp_host'] ?? '',
+        'port'       => $_POST['smtp_port'] ?? 587,
+        'encryption' => $_POST['smtp_encryption'] ?? 'tls',
+        'username'   => $_POST['smtp_username'] ?? '',
+        'from_email' => $_POST['smtp_from_email'] ?? '',
+        'from_name'  => $_POST['smtp_from_name'] ?? 'Post-ERG',
+    ];
+    // Only update password when user actually typed something.
+    $pwd = $_POST['smtp_password'] ?? '';
+    if ($pwd !== '') {
+        $smtpData['password'] = $pwd;
+    }
+    SmtpRelay::updateSettings($db, $smtpData);
+    App::flash('success', "Paramètres SMTP mis à jour.");
+} else {
+    App::flash('error', "Section inconnue.");
+}
+
+$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+header('Location: /admin/parametres.php');
+exit;