mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
feat: extract MediaController, wire into Dispatcher, delete media.php
This commit is contained in:
Pontoporeia
@@ -1,13 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Admin PHP-level password for the session auth guard (defence-in-depth).
|
||||
*
|
||||
* Copy this file to admin_credentials.php and set a real hash.
|
||||
*
|
||||
* Generate a hash:
|
||||
* php -r "echo password_hash('your-password', PASSWORD_DEFAULT);"
|
||||
*
|
||||
* Then uncomment and paste the result below:
|
||||
*/
|
||||
|
||||
// define('ADMIN_PASSWORD_HASH', '$2y$12$...');
|
||||
@@ -1,47 +0,0 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Simple configuration for website
|
||||
*/
|
||||
|
||||
// Define application root
|
||||
define('APP_ROOT', dirname(__DIR__));
|
||||
|
||||
// Storage directory for uploaded files — intentionally outside the webroot
|
||||
// so no uploaded content is ever directly web-accessible (items #3 & #4).
|
||||
// Files are served through public/media.php which validates paths and MIME types.
|
||||
define('STORAGE_ROOT', '/var/www/posterg/storage');
|
||||
|
||||
// Error reporting
|
||||
if (php_sapi_name() === 'cli-server') {
|
||||
// Development mode
|
||||
error_reporting(E_ALL);
|
||||
ini_set('display_errors', '1');
|
||||
} else {
|
||||
// Production mode
|
||||
error_reporting(E_ALL);
|
||||
ini_set('display_errors', '0');
|
||||
ini_set('log_errors', '1');
|
||||
}
|
||||
|
||||
// Load admin credentials if available (defines ADMIN_PASSWORD_HASH for AdminAuth)
|
||||
if (file_exists(APP_ROOT . '/config/admin_credentials.php')) {
|
||||
require_once APP_ROOT . '/config/admin_credentials.php';
|
||||
}
|
||||
|
||||
// Central application helper (boot, auth guard, CSRF, flash, render)
|
||||
require_once APP_ROOT . '/src/App.php';
|
||||
|
||||
// Maintenance mode gate — block public pages; allow /admin/ through.
|
||||
// The flag file lives in storage/ (outside webroot) to avoid web exposure.
|
||||
define('MAINTENANCE_FLAG', APP_ROOT . '/storage/maintenance.flag');
|
||||
if (file_exists(MAINTENANCE_FLAG)) {
|
||||
// Allow admin panel through (by path prefix) and the maintenance page itself
|
||||
$requestPath = $_SERVER['REQUEST_URI'] ?? '';
|
||||
$isAdmin = str_starts_with($requestPath, '/admin');
|
||||
$isMaintenance = str_contains($requestPath, 'maintenance.php');
|
||||
if (!$isAdmin && !$isMaintenance) {
|
||||
require APP_ROOT . '/public/maintenance.php';
|
||||
exit();
|
||||
}
|
||||
}
|
||||
49
config/config.php
Normal file
49
config/config.php
Normal file
@@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Configuration for Post-ERG thesis database
|
||||
* Central location for database paths and environment settings
|
||||
*/
|
||||
|
||||
// Database paths relative to repository root
|
||||
define('DB_ROOT', __DIR__ . '/..');
|
||||
|
||||
// Local dev database (php -S, never committed)
|
||||
define('DB_TEST_PATH', DB_ROOT . '/storage/test.db');
|
||||
|
||||
// Production database (nginx/php-fpm on server)
|
||||
define('DB_PROD_PATH', DB_ROOT . '/storage/posterg.db');
|
||||
|
||||
/**
|
||||
* Determine which database to use.
|
||||
*
|
||||
* - php built-in server (php -S …) → storage/test.db (local dev)
|
||||
* - everything else (nginx/fpm) → storage/posterg.db (production)
|
||||
*
|
||||
* The DB_ENV env-var can still override either way:
|
||||
* DB_ENV=test → force test.db
|
||||
* DB_ENV=prod → force posterg.db
|
||||
*/
|
||||
function getDatabasePath(): string {
|
||||
$env = getenv('DB_ENV');
|
||||
if ($env === 'test') {
|
||||
return DB_TEST_PATH;
|
||||
}
|
||||
if ($env === 'prod') {
|
||||
return DB_PROD_PATH;
|
||||
}
|
||||
|
||||
// Auto-detect: php built-in CLI server == local development
|
||||
if (php_sapi_name() === 'cli-server') {
|
||||
return DB_TEST_PATH;
|
||||
}
|
||||
|
||||
return DB_PROD_PATH;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if running in local dev mode
|
||||
*/
|
||||
function isTestMode(): bool {
|
||||
return getDatabasePath() === DB_TEST_PATH;
|
||||
}
|
||||
@@ -1,26 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Router script for PHP built-in development server (php -S).
|
||||
*
|
||||
* Routes /partage/<slug> to public/partage/index.php, since the built-in
|
||||
* server has no URL rewriting like nginx's try_files.
|
||||
*/
|
||||
|
||||
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
|
||||
|
||||
// Route /partage/<slug> and /partage/<slug>/<action> to the partage entry
|
||||
if (preg_match('#^/partage(/.*)?$#', $uri)) {
|
||||
$_SERVER['SCRIPT_NAME'] = '/partage/index.php';
|
||||
require __DIR__ . '/../public/partage/index.php';
|
||||
return true;
|
||||
}
|
||||
|
||||
// Route /tfe/<...> to tfe.php
|
||||
if (preg_match('#^/tfe(/.*)?$#', $uri)) {
|
||||
$_SERVER['SCRIPT_NAME'] = '/tfe.php';
|
||||
require __DIR__ . '/../public/tfe.php';
|
||||
return true;
|
||||
}
|
||||
|
||||
// Default: serve static files if they exist
|
||||
return false;
|
||||
Reference in New Issue
Block a user