PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement SQLite backup & data integrity plan (Phases 2-4)

Browse Source
This commit is contained in:
Pontoporeia
2026-05-11 01:08:46 +02:00
parent c0163ca4d5
commit 926659087f
18 changed files with 683 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
app/public/admin/actions/corbeille.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
error_log('[corbeille.php] ENTRY | method=' . $_SERVER['REQUEST_METHOD'] . ' | action=' . ($_POST['action'] ?? 'none'));
AdminAuth::requireLogin();
if ($_SERVER['REQUEST_METHOD'] !== 'POST'
|| !isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
http_response_code(403);
die("Accès refusé.");
}
require_once __DIR__ . '/../../../src/Database.php';
require_once __DIR__ . '/../../../src/AdminLogger.php';
require_once __DIR__ . '/../../../src/ErrorHandler.php';
try {
$db = new Database();
$logger = AdminLogger::make();
$action = $_POST['action'] ?? '';
switch ($action) {
case 'restore':
$thesisId = filter_var($_POST['thesis_id'] ?? '', FILTER_VALIDATE_INT);
if (!$thesisId) throw new Exception("ID invalide.");
$db->restoreThesis($thesisId);
$logger->logPublish(true, [$thesisId]); // log restore as an admin action
App::flash('success', "TFE restauré avec succès.");
break;
case 'hard_delete':
$thesisId = filter_var($_POST['thesis_id'] ?? '', FILTER_VALIDATE_INT);
if (!$thesisId) throw new Exception("ID invalide.");
$db->hardDeleteThesis($thesisId);
$logger->logDelete([$thesisId]);
App::flash('success', "TFE définitivement supprimé.");
break;
case 'empty_trash':
$trashed = $db->getTrashedTheses();
foreach ($trashed as $t) {
$db->hardDeleteThesis((int)$t['id']);
$logger->logDelete([(int)$t['id']]);
}
App::flash('success', "Corbeille vidée (" . count($trashed) . " TFE supprimés définitivement).");
break;
default:
throw new Exception("Action inconnue.");
}
} catch (Exception $e) {
ErrorHandler::log('corbeille', $e);
App::flash('error', ErrorHandler::userMessage($e));
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Location: /admin/index.php?tab=trash');
exit;

2
app/public/admin/actions/settings.php
View File

@@ -22,6 +22,8 @@ $isHxRequest = (isset($_SERVER['HTTP_HX_REQUEST']) && $_SERVER['HTTP_HX_REQUEST'
$section = $_POST['section'] ?? '';
if ($section === 'formulaire') {
// hx-include targets the wrapper div, so all checkboxes in the fieldset
// are submitted together — including unchecked ones (absent from POST).
$allowed = [
'access_type_libre_enabled',
'access_type_interne_enabled',