PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: mandatory auto-generated passwords for share links + admin password copy/regeneration + password gate rate limiting

Browse Source
This commit is contained in:
Pontoporeia
2026-05-12 13:50:13 +02:00
parent 8bb0b3a1f2
commit 9152b120e8
15 changed files with 294 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/public/admin/acces.php
View File

@@ -29,7 +29,12 @@ extract($vars);
$pageTitle = 'Accès';
$isAdmin = true;
$bodyClass = 'admin-body';
$extraJs = ['/assets/js/app/clipboard.js'];
$extraJs = ['/assets/js/app/clipboard.js', '/assets/js/app/acces-password.js'];
// Flash data for newly created/updated links (password display in modals)
$newLinkSlug = $_SESSION['_flash_new_link_slug'] ?? null;
$newLinkPassword = $_SESSION['_flash_new_link_password'] ?? null;
unset($_SESSION['_flash_new_link_slug'], $_SESSION['_flash_new_link_password']);
require_once APP_ROOT . '/templates/head.php';
echo '<link rel="stylesheet" href="/assets/css/file-access.css">';

11
app/public/admin/actions/acces-etudiante.php
View File

@@ -26,7 +26,6 @@ $logger = AdminLogger::make();
switch ($action) {
case 'create':
$name = !empty($_POST['name']) ? trim($_POST['name']) : null;
$password = !empty($_POST['password']) ? trim($_POST['password']) : null;
$expiresRaw = !empty($_POST['expires_at']) ? trim($_POST['expires_at']) : null;
$expiresAt = null;
if ($expiresRaw) {
@@ -39,13 +38,16 @@ switch ($action) {
$validObjet = ['tfe', 'thèse', 'frart'];
$selected = is_array($objetRaw) ? array_intersect($objetRaw, $validObjet) : [];
$objetRestriction = !empty($selected) ? implode(',', $selected) : 'tfe';
$link = $shareLink->create(1, $password, $expiresAt, $objetRestriction, $name);
$link = $shareLink->create(1, $expiresAt, $objetRestriction, $name);
$logger->logLinkCreate(
$link['slug'] ?? '',
$password !== null,
true, // Always has password
$expiresAt,
$objetRestriction
);
// Flash the generated password and slug for display in the modal
$_SESSION['_flash_new_link_slug'] = $link['slug'] ?? '';
$_SESSION['_flash_new_link_password'] = $link['_plain_password'] ?? '';
App::redirect('/admin/acces.php', success: 'Lien d\'accès créé.');
break;
@@ -83,9 +85,8 @@ switch ($action) {
case 'update':
if ($id > 0) {
$name = isset($_POST['name']) ? trim($_POST['name']) : null;
$password = isset($_POST['password']) ? trim($_POST['password']) : null;
$expiresRaw = isset($_POST['expires_at']) ? trim($_POST['expires_at']) : null;
$shareLink->update($id, $name, $password, $expiresRaw);
$shareLink->update($id, $name, $expiresRaw);
App::redirect('/admin/acces.php', success: 'Lien mis à jour.');
} else {
App::redirect('/admin/acces.php', error: 'Lien introuvable.');