feat: extract MediaController, wire into Dispatcher, delete media.php

app/public/admin/login.php

@@ -0,0 +1,49 @@
+<?php
+require_once __DIR__ . '/../../bootstrap.php';
+require_once __DIR__ . '/../../src/AdminAuth.php';
+
+if (!AdminAuth::hasPassword()) {
+    header('Location: /admin/');
+    exit;
+}
+if (AdminAuth::isAuthenticated()) {
+    header('Location: /admin/');
+    exit;
+}
+
+$error = '';
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $password = $_POST['password'] ?? '';
+    if (AdminAuth::login($password)) {
+        header('Location: /admin/');
+        exit;
+    }
+    $error = 'Mot de passe incorrect.';
+}
+
+$pageTitle = 'Connexion';
+?>
+<?php $isAdmin = true; $bodyClass = 'admin-body'; require_once APP_ROOT . '/templates/head.php'; ?>
+    <?php include APP_ROOT . '/templates/header.php'; ?>
+
+    <main id="main-content">
+    <div class="admin-login-wrap">
+        <div class="admin-login-box">
+            <h2>Administration</h2>
+            <?php if ($error): ?>
+                <p class="toast" role="alert" data-type="error">⚠ <?= htmlspecialchars($error) ?></p>
+            <?php endif; ?>
+            <form method="post" action="/admin/login.php" class="admin-form">
+                <div>
+                    <label for="password">Mot de passe</label>
+                    <input type="password" id="password" name="password" required autofocus>
+                </div>
+                <div class="admin-form-footer">
+                    <button type="submit" class="admin-btn">Se connecter</button>
+                </div>
+            </form>
+        </div>
+    </div>
+    </main>
+
+<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>