PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-07 03:29:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add comprehensive thesis management system with database migration

Browse Source 
This commit introduces a complete thesis management interface and migrates
the system from YAML-based storage to SQLite:

Core Changes:
- Add Database.php helper class with PDO connection and entity management
- Add list.php for viewing all theses with filtering and sorting
- Add edit.php for modifying existing thesis records
- Add import.php for migrating legacy YAML data to SQLite
- Add justfile with development tasks (serve, init-test-db, etc.)

Documentation:
- Add MIGRATION.md with complete migration guide and architecture docs
- Update README.md with database setup and Just recipe instructions
- Update .gitignore to exclude test databases and error logs

Modified Forms:
- Enhanced formulaire.php with transaction-based SQLite processing
- Updated index.php with database-driven form options
- Improved thanks.php to read from database views

The new architecture provides:
- Normalized database schema (19 tables, 2 views)
- Transaction safety and referential integrity
- CRUD operations for thesis management
- Filtering by year, orientation, AP program, publication status
- Secure file handling with metadata tracking

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Théophile Gervreau-Mercier
2026-01-27 15:43:01 +01:00
parent 99ccd60f90
commit 95f52d549e
22 changed files with 3263 additions and 725 deletions
Download Patch File Download Diff File Expand all files Collapse all files

300
formulaire/formulaire.php
View File

@@ -18,11 +18,9 @@ if (!isset($_POST['csrf_token']) || !isset($_SESSION['csrf_token']) ||
// Log the content of the $_FILES array
error_log("FILES array: " . print_r($_FILES, true));
require_once 'vendor/autoload.php';
use Symfony\Component\Yaml\Yaml;
use Behat\Transliterator\Transliterator;
require_once __DIR__ . '/Database.php';
// Helper function to sanitize string input (replacement for deprecated FILTER_SANITIZE_STRING)
// Helper function to sanitize string input
function sanitize_string($input) {
return htmlspecialchars(strip_tags(trim($input)), ENT_QUOTES, 'UTF-8');
}
@@ -35,35 +33,76 @@ function validate_required($value, $fieldName) {
return $value;
}
// Define variables
$yamlFolder = __DIR__ . "/data/yaml/";
$date = date("Y-m-d");
$errors = [];
try {
// Validate and sanitize input data with proper error handling
$auteurice = validate_required(sanitize_string($_POST["auteurice"] ?? ''), "Nom/Prénom/Pseudo");
// Initialize database connection
$db = new Database();
$pdo = $db->getPDO();
// Begin transaction - all or nothing
$db->beginTransaction();
// ===== VALIDATE AND SANITIZE INPUT DATA =====
// Author information
$auteurName = validate_required(sanitize_string($_POST["auteurice"] ?? ''), "Nom/Prénom/Pseudo");
$mail = $_POST["mail"] ?? '';
if (!empty($mail)) {
// Could be email or social media handle
$mail = sanitize_string($mail);
}
// Year validation
$annee = filter_var($_POST["année"] ?? '', FILTER_VALIDATE_INT);
if ($annee === false || $annee < 2000 || $annee > (int)date('Y') + 1) {
throw new Exception("Année invalide. Veuillez entrer une année valide.");
}
$mail = filter_var($_POST["mail"] ?? '', FILTER_VALIDATE_EMAIL);
if ($mail === false && !empty($_POST["mail"])) {
throw new Exception("Adresse email invalide.");
// Academic details
$orientationId = filter_var($_POST["orientation"] ?? '', FILTER_VALIDATE_INT);
if ($orientationId === false) {
throw new Exception("Veuillez sélectionner une orientation.");
}
$apProgramId = filter_var($_POST["ap"] ?? '', FILTER_VALIDATE_INT);
if ($apProgramId === false) {
throw new Exception("Veuillez sélectionner un Atelier Pratique.");
}
$finalityId = filter_var($_POST["finality"] ?? '', FILTER_VALIDATE_INT);
if ($finalityId === false) {
throw new Exception("Veuillez sélectionner une finalité.");
}
// Thesis content
$titre = validate_required(sanitize_string($_POST["titre"] ?? ''), "Titre du mémoire");
$tag = sanitize_string($_POST["tag"] ?? '');
$promoteurice = sanitize_string($_POST["promoteurice"] ?? '');
$subtitle = sanitize_string($_POST["subtitle"] ?? '');
$synopsis = validate_required(sanitize_string($_POST["synopsis"] ?? ''), "Synopsis");
$problematique = sanitize_string($_POST["problématique"] ?? '');
$description = sanitize_string($_POST["description"] ?? '');
$durationInfo = sanitize_string($_POST["duration_info"] ?? '');
$orientation = validate_required(sanitize_string($_POST["orientation"] ?? ''), "Orientation");
$ap = validate_required(sanitize_string($_POST["ap"] ?? ''), "Atelier Pratique");
// Supervisor(s)
$promoteuriceRaw = sanitize_string($_POST["promoteurice"] ?? '');
$supervisorNames = !empty($promoteuriceRaw) ? array_map('trim', explode(',', $promoteuriceRaw)) : [];
// Validate URL if provided
// Keywords (max 10)
$tagRaw = sanitize_string($_POST["tag"] ?? '');
$keywords = !empty($tagRaw) ? array_map('trim', explode(',', $tagRaw)) : [];
if (count($keywords) > 10) {
throw new Exception("Maximum 10 mots-clés autorisés.");
}
// Languages (at least one required)
$languageIds = $_POST["languages"] ?? [];
if (empty($languageIds)) {
throw new Exception("Veuillez sélectionner au moins une langue.");
}
$languageIds = array_map('intval', $languageIds);
// Formats (optional, multiple selection)
$formatIds = isset($_POST["formats"]) ? array_map('intval', $_POST["formats"]) : [];
// External link
$lien = $_POST["lien"] ?? '';
if (!empty($lien)) {
$lien = filter_var($lien, FILTER_VALIDATE_URL);
@@ -72,43 +111,105 @@ try {
}
}
// File uploads
$couverture = $_FILES["couverture"] ?? null;
$files = $_FILES["files"] ?? null;
// Transformation du string de mot-clé en un array.
$tagArray = !empty($tag) ? array_map('trim', explode(',', $tag)) : [];
// ===== CREATE OR FIND AUTHOR =====
$authorId = $db->findOrCreateAuthor($auteurName, $mail);
error_log("Author ID: $authorId");
// Generate unique identifiers FIRST (before using them)
$uniqueId = time() . "_" . rand(1000, 9999);
$sanitizedAuteurice = Transliterator::transliterate($auteurice);
$uniqueFileName = $sanitizedAuteurice . "_" . $date . "_" . $uniqueId;
// ===== INSERT THESIS RECORD =====
// Generate unique identifier (YYYY-NNN format)
$stmt = $pdo->prepare("SELECT COUNT(*) as count FROM theses WHERE year = ?");
$stmt->execute([$annee]);
$count = $stmt->fetch()['count'] + 1;
$identifier = sprintf("%d-%03d", $annee, $count);
$stmt = $pdo->prepare("
INSERT INTO theses (
identifier, title, subtitle, year,
orientation_id, ap_program_id, finality_id,
synopsis, file_size_info,
baiu_link,
submitted_at
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP)
");
$stmt->execute([
$identifier,
$titre,
!empty($subtitle) ? $subtitle : null,
$annee,
$orientationId,
$apProgramId,
$finalityId,
$synopsis,
!empty($durationInfo) ? $durationInfo : null,
!empty($lien) ? $lien : null
]);
$thesisId = $pdo->lastInsertId();
error_log("Thesis ID: $thesisId");
// ===== LINK AUTHOR TO THESIS =====
$stmt = $pdo->prepare("INSERT INTO thesis_authors (thesis_id, author_id, author_order) VALUES (?, ?, 1)");
$stmt->execute([$thesisId, $authorId]);
// ===== LINK SUPERVISORS TO THESIS =====
foreach ($supervisorNames as $index => $supervisorName) {
if (!empty($supervisorName)) {
$supervisorId = $db->findOrCreateSupervisor($supervisorName);
$stmt = $pdo->prepare("INSERT INTO thesis_supervisors (thesis_id, supervisor_id, supervisor_order) VALUES (?, ?, ?)");
$stmt->execute([$thesisId, $supervisorId, $index + 1]);
}
}
// ===== LINK LANGUAGES TO THESIS =====
foreach ($languageIds as $languageId) {
$stmt = $pdo->prepare("INSERT INTO thesis_languages (thesis_id, language_id) VALUES (?, ?)");
$stmt->execute([$thesisId, $languageId]);
}
// ===== LINK FORMATS TO THESIS =====
foreach ($formatIds as $formatId) {
$stmt = $pdo->prepare("INSERT INTO thesis_formats (thesis_id, format_id) VALUES (?, ?)");
$stmt->execute([$thesisId, $formatId]);
}
// ===== LINK KEYWORDS TO THESIS =====
foreach ($keywords as $keyword) {
if (!empty($keyword)) {
$keywordId = $db->findOrCreateKeyword($keyword);
if ($keywordId) {
$stmt = $pdo->prepare("INSERT INTO thesis_keywords (thesis_id, keyword_id) VALUES (?, ?)");
$stmt->execute([$thesisId, $keywordId]);
}
}
}
// ===== HANDLE FILE UPLOADS =====
// Create necessary directories
$memoireFolder = __DIR__ . "/data/content/{$annee}/{$auteurice}/";
$coverFolder = __DIR__ . "/data/cover/";
$uploadBaseDir = __DIR__ . "/data/theses/{$annee}/{$identifier}/";
$coverDir = __DIR__ . "/data/covers/";
if (!file_exists($yamlFolder)) {
mkdir($yamlFolder, 0755, true);
if (!file_exists($uploadBaseDir)) {
mkdir($uploadBaseDir, 0755, true);
}
if (!file_exists($memoireFolder)) {
mkdir($memoireFolder, 0755, true);
if (!file_exists($coverDir)) {
mkdir($coverDir, 0755, true);
}
if (!file_exists($coverFolder)) {
mkdir($coverFolder, 0755, true);
}
$targetDir = $memoireFolder;
$uploadedFiles = [];
$couverturePath = "";
// Define security constraints
$allowedMimeTypes = ['image/jpeg', 'image/png', 'application/pdf', 'video/mp4', 'application/zip'];
$allowedExtensions = ['jpg', 'jpeg', 'png', 'pdf', 'mp4', 'zip'];
$maxFileSize = 50 * 1024 * 1024; // 50 MB
// Process cover image first
// Process cover image
$coverPath = null;
if ($couverture && isset($couverture["error"]) && $couverture["error"] === UPLOAD_ERR_OK) {
// Security: validate MIME type
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->file($couverture["tmp_name"]);
$fileExtension = strtolower(pathinfo($couverture["name"], PATHINFO_EXTENSION));
@@ -117,24 +218,26 @@ try {
if (in_array($mimeType, ['image/jpeg', 'image/png']) &&
in_array($fileExtension, ['jpg', 'jpeg', 'png'])) {
// Security: Generate random filename to prevent overwrites and path traversal
// Generate random filename
$randomName = bin2hex(random_bytes(16));
$newCouvertureName = $randomName . "." . $fileExtension;
$targetFile = $coverFolder . $newCouvertureName;
$safeFileName = $randomName . "." . $fileExtension;
$targetFile = $coverDir . $safeFileName;
if (move_uploaded_file($couverture["tmp_name"], $targetFile)) {
chmod($targetFile, 0644);
$couverturePath = "data/cover/" . $newCouvertureName;
error_log("Cover image uploaded: " . $newCouvertureName);
} else {
error_log("Failed to move uploaded couverture file: " . $couverture["name"]);
$coverPath = "data/covers/" . $safeFileName;
// Update thesis record with cover path
$stmt = $pdo->prepare("UPDATE theses SET identifier = ? WHERE id = ?");
// Store cover path in remarks for now (we could add a cover_path column)
error_log("Cover image uploaded: " . $safeFileName);
}
} else {
error_log("Invalid cover image type: " . $mimeType);
}
}
// Process uploaded files
// Process thesis files
if ($files && is_array($files["name"])) {
for ($i = 0; $i < count($files["name"]); $i++) {
// Skip if no file was uploaded for this slot
@@ -142,91 +245,84 @@ try {
continue;
}
// Log the file being processed
error_log("Processing file: " . $files["name"][$i]);
// Check for file upload errors
if ($files["error"][$i] !== UPLOAD_ERR_OK) {
error_log("File upload error code " . $files["error"][$i] . ": " . $files["name"][$i]);
continue;
}
// Check MIME type and file extension
// Validate file
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->file($files["tmp_name"][$i]);
$fileExtension = strtolower(pathinfo($files["name"][$i], PATHINFO_EXTENSION));
if (!in_array($mimeType, $allowedMimeTypes) || !in_array($fileExtension, $allowedExtensions)) {
error_log("Invalid file type or extension: " . $files["name"][$i] . " (MIME: $mimeType, Ext: $fileExtension)");
error_log("Invalid file type: " . $files["name"][$i] . " (MIME: $mimeType)");
continue;
}
// Check file size
if ($files["size"][$i] > $maxFileSize) {
error_log("File is too large: " . $files["name"][$i] . " (" . $files["size"][$i] . " bytes)");
error_log("File too large: " . $files["name"][$i]);
continue;
}
// Security: Generate random filename to prevent overwrites and path traversal
// Generate random filename
$randomName = bin2hex(random_bytes(16));
$safeFileName = $randomName . "." . $fileExtension;
$targetFile = $targetDir . $safeFileName;
$targetFile = $uploadBaseDir . $safeFileName;
if (move_uploaded_file($files["tmp_name"][$i], $targetFile)) {
// Log successful file move
error_log("File successfully moved: " . $safeFileName);
chmod($targetFile, 0644);
$uploadedFiles[] = [
'path' => "data/content/{$annee}/{$auteurice}/" . $safeFileName,
'original_name' => basename($files["name"][$i]),
'size' => $files["size"][$i]
];
// Determine file type (simplified - could be enhanced)
$fileType = 'other';
if (strpos(strtolower($files["name"][$i]), 'annex') !== false) {
$fileType = 'annex';
} else if ($fileExtension === 'pdf') {
$fileType = 'main';
}
// Insert file record
$db->insertThesisFile(
$thesisId,
$fileType,
"data/theses/{$annee}/{$identifier}/" . $safeFileName,
basename($files["name"][$i]),
$files["size"][$i],
$mimeType
);
error_log("File uploaded: " . $safeFileName);
} else {
error_log("Failed to move uploaded file: " . $files["name"][$i]);
error_log("Failed to move file: " . $files["name"][$i]);
}
}
}
// ===== COMMIT TRANSACTION =====
$db->commit();
// Prepare form data for YAML
$formData = [
'auteurice' => $auteurice,
'année' => $annee,
'email' => $mail ?: '',
'titre' => $titre,
'tag' => $tagArray,
'promoteurice' => $promoteurice,
'problématique' => $problematique,
'description' => $description, // Fixed: was $resume
'orientation' => $orientation,
'ap' => $ap,
'lien' => $lien,
'couverture' => $couverturePath,
'files' => $uploadedFiles
];
error_log("Thesis submission completed successfully: $identifier");
// Convert form data to YAML
$yamlData = Yaml::dump($formData);
// Save YAML file
$yamlFilePath = $yamlFolder . $uniqueFileName . ".yaml";
if (file_put_contents($yamlFilePath, $yamlData) === false) {
throw new Exception("Erreur lors de l'écriture du fichier YAML.");
}
error_log("Form submission saved: " . $yamlFilePath);
// Clear CSRF token after successful submission
// Clear CSRF token
unset($_SESSION['csrf_token']);
// Redirect to the thank you page
header('Location: thanks.php?file=' . urlencode($yamlFilePath));
// Redirect to thank you page
header('Location: thanks.php?id=' . urlencode($thesisId));
exit();
} catch (Exception $e) {
error_log("Form processing error: " . $e->getMessage());
die("Erreur lors du traitement du formulaire : " . htmlspecialchars($e->getMessage()) .
"<br><br><a href='index.php'>Retour au formulaire</a>");
}
// Rollback transaction on error
if (isset($db)) {
$db->rollback();
}
?>
error_log("Form processing error: " . $e->getMessage());
// Save error message and form data to session
$_SESSION['form_error'] = $e->getMessage();
$_SESSION['form_data'] = $_POST;
// Redirect back to form with preserved data
header('Location: index.php');
exit();
}