PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: /partage/<slug> routing (regex delimiter + nginx location)

Browse Source
This commit is contained in:
Pontoporeia
2026-04-16 12:00:28 +02:00
parent b7be93e30b
commit a6df3c8c0e
11 changed files with 254 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
TODO.md
View File

@@ -1,33 +1,7 @@
# TODO
- [x] Make thanks.php respect student mode (no header, centered "add new form" button)
- [x] Add hidden input `student_mode` in add.php form when in student mode
- [x] Append `mode=student` to thanks redirect in formulaire.php
- [x] Update thanks.php to detect student mode, hide header, show centered button
- [x] Cleanup public/admin/add.php — standardise fieldsets and add licence explanation sections from docs PDF
- [x] Organise all fields into `<fieldset>/<legend>` blocks: Informations du TFE, Composition du jury, Cadre académique, Fichiers, Métadonnées complémentaires
- [x] Remove double-wrapping of jury-fieldset (it has its own `<fieldset>`)
- [x] Add "Degrés d'ouverture et licences" section (Libre / Interne / Interdit + Généralités) wrapped in `if ($studentMode)` — hidden in admin
- [x] Migrate student mode form to shareable links system (/partage/<form-url>)
- [x] Create `share_links` database table (id, slug YYYYMMDD-random, password_hash, is_active, usage_count, created_by, created_at, expires_at nullable)
- [x] Create `ShareLink` model — generate slugs, validate, verify password, CRUD
- [x] Create `public/partage/index.php` — public form page (no auth required, validates link active + password if set)
- [x] Create `public/partage/.htaccess` — RewriteRule to route all partage paths to index.php
- [x] Create `public/partage/thanks.php` — post-submission confirmation page
- [x] Move student-specific licence explanation fieldset to partage form template
- [x] Share-link specific CSRF token (session-scoped `share_csrf_<slug>`) instead of session CSRF
- [x] Create admin page for managing student access links
- [x] Create `public/admin/student-access.php` — "Accès étudiant·e" page
- [x] Link to new page from admin navigation
- [x] Implement list view of all share links with status (active/disabled, password set, usage count, created date)
- [x] Implement create new link modal/form (optional expiration, password)
- [x] Implement toggle active/disabled status per link
- [x] Implement password set/change/clear per link
- [x] Implement delete link action
- [x] Copy-to-clipboard button for full partage URL
- [x] Security and validation considerations
- [x] Rate limiting on form submissions per share link — integrate RateLimit into partage index.php POST handler
- [x] Add flash messages / error handling for invalid/disabled/password-protected links — replace plain die() with styled error pages and flash messages
## Completed
- [x] Fix share link slug regex mismatch (base64 chars vs base32 pattern)
- [x] Fix regex delimiter clash (`/` inside `[...]` broke the pattern) → switched to `#` delimiter
- [x] Add PHP dev server router for /partage/<slug> URL rewriting
- [x] Add nginx location block for /partage/ pretty URLs

26
config/router.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
/**
* Router script for PHP built-in development server (php -S).
*
* Routes /partage/<slug> to public/partage/index.php, since the built-in
* server has no URL rewriting like nginx's try_files.
*/
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
// Route /partage/<slug> and /partage/<slug>/<action> to the partage entry
if (preg_match('#^/partage(/.*)?$#', $uri)) {
$_SERVER['SCRIPT_NAME'] = '/partage/index.php';
require __DIR__ . '/../public/partage/index.php';
return true;
}
// Route /tfe/<...> to tfe.php
if (preg_match('#^/tfe(/.*)?$#', $uri)) {
$_SERVER['SCRIPT_NAME'] = '/tfe.php';
require __DIR__ . '/../public/tfe.php';
return true;
}
// Default: serve static files if they exist
return false;

2
justfile
View File

@@ -13,7 +13,7 @@ setup:
[group('dev')]
serve: migrate
@php -S 127.0.0.1:8000 -t public/ 2>&1 | stdbuf -oL grep -E '(Development Server|\[200\])' | stdbuf -oL grep -v 'live-reload\.php' || true
@php -S 127.0.0.1:8000 -t public/ config/router.php 2>&1 | stdbuf -oL grep -E '(Development Server|\[200\])' | stdbuf -oL grep -v 'live-reload\.php' || true
[group('dev')]
stop:

5
nginx/posterg.conf
View File

@@ -151,6 +151,11 @@ server {
try_files $uri $uri/ =404;
}
# Share-link (partage) — rewrite pretty URLs to index.php
location /partage/ {
try_files $uri /partage/index.php$is_args$args;
}
# Search endpoint - rate limiting
location = /search.php {
limit_req zone=search burst=10 nodelay;

201
public/admin/acces-etudiante.php Normal file
View File

@@ -0,0 +1,201 @@
<?php
require_once __DIR__ . '/../../config/bootstrap.php';
require_once __DIR__ . '/../../src/AdminAuth.php';
require_once __DIR__ . '/../../src/ShareLink.php';
App::adminGuard();
$shareLink = ShareLink::make();
$links = $shareLink->listAll();
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$baseUrl = $protocol . '://' . ($_SERVER['HTTP_HOST'] ?? 'localhost');
$pageTitle = 'Accès étudiant·e';
$isAdmin = true;
$bodyClass = 'admin-body';
?>
<?php require_once APP_ROOT . '/templates/head.php'; ?>
<?php include APP_ROOT . '/templates/header.php'; ?>
<main id="main-content">
<?php include APP_ROOT . '/templates/partials/flash-messages.php'; ?>
<div class="admin-list-toolbar">
<h1>Accès étudiant·e</h1>
<div class="admin-list-toolbar__right">
<button type="button" class="admin-btn admin-btn--sm" id="open-create-dialog">
Créer un lien
</button>
</div>
</div>
<?php if (empty($links)): ?>
<p class="admin-empty">Aucun lien d'accès créé. Cliquez sur « Créer un lien » pour générer un lien partageable.</p>
<?php else: ?>
<table>
<thead>
<tr>
<th scope="col">Lien</th>
<th scope="col">Statut</th>
<th scope="col">Mot de passe</th>
<th scope="col">Utilisations</th>
<th scope="col">Expiration</th>
<th scope="col">Créé le</th>
<th scope="col">Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($links as $link): ?>
<?php
$isExpired = $link['expires_at'] !== null && strtotime($link['expires_at']) < time();
$isActive = (bool)$link['is_active'] && !$isExpired;
$statusLabel = $isExpired ? 'Expiré' : ($link['is_active'] ? 'Actif' : 'Désactivé');
if ($isExpired) {
$statusClass = 'status-badge status-pending';
} elseif ($link['is_active']) {
$statusClass = 'status-badge status-published';
} else {
$statusClass = 'status-badge';
$statusClass .= ' style="background:var(--error-muted-bg);color:var(--error);"';
}
$fullUrl = $baseUrl . '/partage/' . htmlspecialchars($link['slug']);
$created = date('d/m/Y H:i', strtotime($link['created_at']));
$expires = $link['expires_at'] ? date('d/m/Y', strtotime($link['expires_at'])) : '—';
$hasPassword = !empty($link['password_hash']);
?>
<tr>
<td>
<code style="font-size:var(--step--2);color:var(--text-secondary);"><?= htmlspecialchars($link['slug']) ?></code>
<input type="hidden" id="url-<?= $link['id'] ?>" value="<?= $fullUrl ?>">
</td>
<td>
<?php if ($isExpired): ?>
<span class="status-badge status-pending"><?= $statusLabel ?></span>
<?php elseif ($link['is_active']): ?>
<span class="status-badge status-published"><?= $statusLabel ?></span>
<?php else: ?>
<span style="display:inline-block;padding:var(--space-3xs) var(--space-2xs);border-radius:3px;font-size:var(--step--2);font-weight:500;letter-spacing:0.04em;background:var(--error-muted-bg);color:var(--error);"><?= $statusLabel ?></span>
<?php endif; ?>
</td>
<td><?= $hasPassword ? '🔒 Oui' : 'Non' ?></td>
<td style="text-align:center;"><?= intval($link['usage_count']) ?></td>
<td><?= $expires ?></td>
<td><?= $created ?></td>
<td>
<div class="admin-actions">
<button type="button" class="admin-btn-sm admin-btn-view"
onclick="copyUrl(<?= $link['id'] ?>)" title="Copier l'URL">
Copier
</button>
<form method="post" action="actions/acces-etudiante.php" class="publish-form">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="toggle">
<input type="hidden" name="id" value="<?= $link['id'] ?>">
<button type="submit"
class="admin-btn-sm <?= $link['is_active'] ? 'admin-btn-unpublish' : 'admin-btn-publish' ?>"
title="<?= $link['is_active'] ? 'Désactiver' : 'Activer' ?>">
<?= $link['is_active'] ? '⏸' : '▶' ?>
</button>
</form>
<button type="button" class="admin-btn-sm admin-btn-edit"
onclick="openPasswordDialog(<?= $link['id'] ?>, <?= $hasPassword ? 'true' : 'false' ?>)"
title="Modifier le mot de passe">
🔑
</button>
<form method="post" action="actions/acces-etudiante.php" class="publish-form"
onsubmit="return confirm('Supprimer ce lien ? Les soumissions via ce lien seront bloquées.')">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="id" value="<?= $link['id'] ?>">
<button type="submit" class="admin-btn-sm admin-btn-delete" title="Supprimer">
🗑
</button>
</form>
</div>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
</main>
<!-- ═══════════════════════ CREATE DIALOG ═══════════════════════ -->
<dialog id="create-dialog" class="admin-dialog" aria-labelledby="create-dialog-title">
<div class="admin-dialog__header">
<h2 id="create-dialog-title">Créer un lien d'accès</h2>
<button type="button" class="admin-dialog__close" aria-label="Fermer"
onclick="document.getElementById('create-dialog').close()">&#x2715;</button>
</div>
<form method="post" action="actions/acces-etudiante.php" class="admin-form">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="create">
<div>
<label for="create-password">Mot de passe (optionnel)</label>
<input type="password" id="create-password" name="password" autocomplete="new-password">
<small>Laissez vide pour un lien sans mot de passe.</small>
</div>
<div>
<label for="create-expires">Expiration (optionnel)</label>
<input type="datetime-local" id="create-expires" name="expires_at">
<small>Laissez vide pour qu'il n'expire jamais.</small>
</div>
<div class="admin-form-footer">
<button type="submit" class="admin-btn">Créer le lien</button>
<button type="button" class="admin-btn-secondary"
onclick="document.getElementById('create-dialog').close()">Annuler</button>
</div>
</form>
</dialog>
<!-- ═══════════════════════ PASSWORD DIALOG ═══════════════════════ -->
<dialog id="password-dialog" class="admin-dialog" aria-labelledby="password-dialog-title">
<div class="admin-dialog__header">
<h2 id="password-dialog-title">Mot de passe</h2>
<button type="button" class="admin-dialog__close" aria-label="Fermer"
onclick="document.getElementById('password-dialog').close()">&#x2715;</button>
</div>
<form method="post" action="actions/acces-etudiante.php" class="admin-form">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="set_password">
<input type="hidden" name="id" id="password-link-id" value="">
<div>
<label for="password-input">Nouveau mot de passe</label>
<input type="password" id="password-input" name="password" autocomplete="new-password">
<small>Laissez vide pour supprimer le mot de passe.</small>
<p id="password-current-info" style="font-size:var(--step--2);color:var(--text-secondary);margin-top:var(--space-2xs);"></p>
</div>
<div class="admin-form-footer">
<button type="submit" class="admin-btn">Enregistrer</button>
<button type="button" class="admin-btn-secondary"
onclick="document.getElementById('password-dialog').close()">Annuler</button>
</div>
</form>
</dialog>
<script>
document.getElementById('open-create-dialog').addEventListener('click', () => {
document.getElementById('create-dialog').showModal();
});
function copyUrl(id) {
const input = document.getElementById('url-' + id);
navigator.clipboard.writeText(input.value).then(() => {
const btn = event.target.closest('button');
const orig = btn.textContent;
btn.textContent = '✓ Copié';
setTimeout(() => { btn.textContent = orig; }, 1200);
});
}
function openPasswordDialog(id, hasPassword) {
document.getElementById('password-link-id').value = id;
const info = document.getElementById('password-current-info');
info.textContent = hasPassword
? 'Un mot de passe est actuellement configuré. Entrez-en un nouveau ou laissez vide pour le supprimer.'
: 'Aucun mot de passe configuré.';
document.getElementById('password-dialog').showModal();
}
</script>
<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>

18
public/admin/actions/student-access.php → public/admin/actions/acces-etudiante.php
View File

@@ -28,19 +28,19 @@ switch ($action) {
// datetime-local gives "YYYY-MM-DDTHH:MM"
$expiresAt = date('Y-m-d H:i:s', strtotime($expiresRaw));
if ($expiresAt <= date('Y-m-d H:i:s')) {
App::redirect('/admin/student-access.php', error: "La date d'expiration doit être dans le futur.");
App::redirect('/admin/acces-etudiante.php', error: "La date d'expiration doit être dans le futur.");
}
}
$shareLink->create(1, $password, $expiresAt);
App::redirect('/admin/student-access.php', success: 'Lien d\'accès créé.');
App::redirect('/admin/acces-etudiante.php', success: 'Lien d\'accès créé.');
break;
case 'toggle':
if ($id > 0) {
$shareLink->toggleActive($id);
App::redirect('/admin/student-access.php', success: 'Statut du lien modifié.');
App::redirect('/admin/acces-etudiante.php', success: 'Statut du lien modifié.');
} else {
App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
App::redirect('/admin/acces-etudiante.php', error: 'Lien introuvable.');
}
break;
@@ -48,22 +48,22 @@ switch ($action) {
if ($id > 0) {
$password = isset($_POST['password']) && $_POST['password'] !== '' ? trim($_POST['password']) : null;
$shareLink->setPassword($id, $password);
App::redirect('/admin/student-access.php', success: 'Mot de passe mis à jour.');
App::redirect('/admin/acces-etudiante.php', success: 'Mot de passe mis à jour.');
} else {
App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
App::redirect('/admin/acces-etudiante.php', error: 'Lien introuvable.');
}
break;
case 'delete':
if ($id > 0) {
$shareLink->delete($id);
App::redirect('/admin/student-access.php', success: 'Lien supprimé.');
App::redirect('/admin/acces-etudiante.php', success: 'Lien supprimé.');
} else {
App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
App::redirect('/admin/acces-etudiante.php', error: 'Lien introuvable.');
}
break;
default:
App::redirect('/admin/student-access.php', error: 'Action inconnue.');
App::redirect('/admin/acces-etudiante.php', error: 'Action inconnue.');
break;
}

244
public/admin/student-access.php
View File

@@ -1,244 +0,0 @@
<?php
require_once __DIR__ . '/../../config/bootstrap.php';
require_once __DIR__ . '/../../src/AdminAuth.php';
require_once __DIR__ . '/../../src/ShareLink.php';
App::adminGuard();
require_once __DIR__ . '/../../src/ShareLink.php';
$shareLink = ShareLink::make();
$links = $shareLink->listAll();
$flash = App::consumeFlash();
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$baseUrl = $protocol . '://' . ($_SERVER['HTTP_HOST'] ?? 'localhost');
$pageTitle = 'Accès étudiant·e';
$isAdmin = true;
$bodyClass = 'admin-body';
?>
<?php require_once APP_ROOT . '/templates/head.php'; ?>
<?php include APP_ROOT . '/templates/header.php'; ?>
<style>
.access-main { padding: 2rem; max-width: 960px; }
.access-toolbar { display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 1rem; margin-bottom: 1.5rem; }
.access-toolbar h1 { margin: 0; font-size: 1.5rem; }
.access-btn { display: inline-flex; align-items: center; gap: .4rem; padding: .5rem 1rem; border: none; border-radius: 6px; cursor: pointer; font-size: .875rem; background: #2563eb; color: #fff; text-decoration: none; }
.access-btn:hover { background: #1d4ed8; }
.access-btn--secondary { background: #f1f5f9; color: #334155; border: 1px solid #cbd5e1; }
.access-btn--secondary:hover { background: #e2e8f0; }
.access-btn--danger { background: #fee2e2; color: #b91c1c; }
.access-btn--danger:hover { background: #fca5a5; }
.access-btn--sm { padding: .3rem .6rem; font-size: .8rem; }
.access-table { width: 100%; border-collapse: collapse; margin-top: 1rem; }
.access-table th, .access-table td { padding: .6rem .8rem; text-align: left; border-bottom: 1px solid #e2e8f0; vertical-align: middle; }
.access-table th { font-size: .8rem; text-transform: uppercase; letter-spacing: .04em; color: #64748b; background: #f8fafc; }
.access-table th:first-child { border-radius: 6px 0 0 0; }
.access-table th:last-child { border-radius: 0 6px 0 0; }
.access-table tbody tr:hover { background: #f8fafc; }
.access-slug { font-family: ui-monospace, SFMono-Regular, monospace; font-size: .85rem; }
.access-url-input { display: none; margin-top: .25rem; padding: .35rem .5rem; font-size: .8rem; border: 1px solid #cbd5e1; border-radius: 4px; width: 100%; max-width: 320px; font-family: ui-monospace, SFMono-Regular, monospace; }
.access-url-input.visible { display: inline-block; }
.access-badge { display: inline-block; padding: .15rem .5rem; border-radius: 9999px; font-size: .75rem; font-weight: 500; background: #dcfce7; color: #166534; }
.access-badge--disabled { background: #fee2e2; color: #b91c1c; }
.access-badge--expired { background: #fef3c7; color: #92400e; }
.access-act { display: flex; gap: .35rem; flex-wrap: wrap; }
/* ── Create dialog ── */
.access-dialog { border: none; border-radius: 12px; padding: 0; width: min(480px, 92vw); box-shadow: 0 20px 60px rgba(0,0,0,.18); max-height: 80vh; overflow: auto; }
.access-dialog::backdrop { background: rgba(0,0,0,.35); }
.access-dialog__header { display: flex; align-items: center; justify-content: space-between; padding: 1rem 1.5rem; border-bottom: 1px solid #e2e8f0; }
.access-dialog__header h2 { margin: 0; font-size: 1.15rem; }
.access-dialog__close { background: none; border: none; font-size: 1.4rem; cursor: pointer; color: #64748b; line-height: 1; }
.access-dialog__body { padding: 1.5rem; }
.access-dialog__body label { display: block; margin-bottom: 1rem; font-size: .9rem; }
.access-dialog__body label input[type=text],
.access-dialog__body label input[type=password],
.access-dialog__body label input[type=datetime-local] { display: block; width: 100%; margin-top: .3rem; padding: .45rem .6rem; border: 1px solid #cbd5e1; border-radius: 6px; font-size: .9rem; box-sizing: border-box; }
.access-dialog__body small { display: block; margin-top: .25rem; color: #64748b; }
.access-dialog__footer { display: flex; justify-content: flex-end; gap: .5rem; padding: 1rem 1.5rem; border-top: 1px solid #e2e8f0; }
.access-empty { text-align: center; padding: 3rem 1rem; color: #94a3b8; }
.access-empty svg { width: 48px; height: 48px; margin-bottom: .75rem; opacity: .5; }
</style>
<main id="main-content" class="access-main">
<?php if ($flash['success']): ?>
<div class="flash flash--success"><?= htmlspecialchars($flash['success']) ?></div>
<?php endif; ?>
<?php if ($flash['error']): ?>
<div class="flash flash--error"><?= htmlspecialchars($flash['error']) ?></div>
<?php endif; ?>
<div class="access-toolbar">
<h1>Accès étudiant·e</h1>
<button type="button" class="access-btn" id="open-create-dialog">
Créer un lien
</button>
</div>
<?php if (empty($links)): ?>
<div class="access-empty">
<svg xmlns="http://www.w3.org/2000/svg" fill="none" stroke="currentColor" stroke-width="1.5" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" d="M13.19 8.688a4.5 4.5 0 0 1 1.242 7.244l-4.5 4.5a4.5 4.5 0 0 1-6.364-6.364l1.757-1.757m13.35-.622 1.757-1.757a4.5 4.5 0 0 0-6.364-6.364l-4.5 4.5a4.5 4.5 0 0 0 1.242 7.244"/></svg>
<p>Aucun lien d'accès créé.</p>
<p>Cliquez sur « Créer un lien » pour générer un lien partageable.</p>
</div>
<?php else: ?>
<table class="access-table">
<thead>
<tr>
<th scope="col">Lien</th>
<th scope="col">Statut</th>
<th scope="col">Mot de passe</th>
<th scope="col">Utilisations</th>
<th scope="col">Expiration</th>
<th scope="col">Créé le</th>
<th scope="col">Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($links as $link): ?>
<?php
$isExpired = $link['expires_at'] !== null && strtotime($link['expires_at']) < time();
$isActive = (bool)$link['is_active'] && !$isExpired;
$statusLabel = $isExpired ? 'Expiré' : ($link['is_active'] ? 'Actif' : 'Désactivé');
$statusClass = $isExpired ? 'access-badge--expired' : ($link['is_active'] ? '' : 'access-badge--disabled');
$fullUrl = $baseUrl . '/partage/' . htmlspecialchars($link['slug']);
$created = date('d/m/Y H:i', strtotime($link['created_at']));
$expires = $link['expires_at'] ? date('d/m/Y', strtotime($link['expires_at'])) : '—';
$hasPassword = !empty($link['password_hash']);
?>
<tr>
<td>
<span class="access-slug"><?= htmlspecialchars($link['slug']) ?></span>
<input class="access-url-input" id="url-<?= $link['id'] ?>" value="<?= $fullUrl ?>" readonly>
</td>
<td><span class="access-badge <?= $statusClass ?>"><?= $statusLabel ?></span></td>
<td><?= $hasPassword ? '🔒 Oui' : 'Non' ?></td>
<td><?= intval($link['usage_count']) ?></td>
<td><?= $expires ?></td>
<td><?= $created ?></td>
<td>
<div class="access-act">
<button type="button" class="access-btn access-btn--secondary access-btn--sm"
onclick="copyUrl(<?= $link['id'] ?>)" title="Copier l'URL">
Copier
</button>
<form method="post" action="actions/student-access.php" style="display:inline;">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="toggle">
<input type="hidden" name="id" value="<?= $link['id'] ?>">
<button type="submit" class="access-btn access-btn--secondary access-btn--sm"
title="<?= $link['is_active'] ? 'Désactiver' : 'Activer' ?>">
<?= $link['is_active'] ? '⏸' : '▶' ?>
</button>
</form>
<button type="button" class="access-btn access-btn--secondary access-btn--sm"
onclick="openPasswordDialog(<?= $link['id'] ?>, <?= $hasPassword ? 'true' : 'false' ?>)"
title="Modifier le mot de passe">
🔑
</button>
<form method="post" action="actions/student-access.php" style="display:inline;"
onsubmit="return confirm('Supprimer ce lien ? Les soumissions via ce lien seront bloquées.')">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="id" value="<?= $link['id'] ?>">
<button type="submit" class="access-btn access-btn--danger access-btn--sm" title="Supprimer">
🗑
</button>
</form>
</div>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
</main>
<!-- ═══════════════════════ CREATE DIALOG ═══════════════════════ -->
<dialog id="create-dialog" class="access-dialog">
<div class="access-dialog__header">
<h2>Créer un lien d'accès</h2>
<button type="button" class="access-dialog__close" onclick="document.getElementById('create-dialog').close()">&#x2715;</button>
</div>
<form method="post" action="actions/student-access.php">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="create">
<div class="access-dialog__body">
<label>
Mot de passe (optionnel)
<input type="password" name="password" autocomplete="new-password">
<small>Laissez vide pour un lien sans mot de passe.</small>
</label>
<label>
Expiration (optionnel)
<input type="datetime-local" name="expires_at">
<small>Laissez vide pour qu'il n'expire jamais.</small>
</label>
</div>
<div class="access-dialog__footer">
<button type="button" class="access-btn access-btn--secondary"
onclick="document.getElementById('create-dialog').close()">Annuler</button>
<button type="submit" class="access-btn">Créer le lien</button>
</div>
</form>
</dialog>
<!-- ═══════════════════════ PASSWORD DIALOG ═══════════════════════ -->
<dialog id="password-dialog" class="access-dialog">
<div class="access-dialog__header">
<h2>Mot de passe</h2>
<button type="button" class="access-dialog__close" onclick="document.getElementById('password-dialog').close()">&#x2715;</button>
</div>
<form method="post" action="actions/student-access.php">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="set_password">
<input type="hidden" name="id" id="password-link-id" value="">
<div class="access-dialog__body">
<label>
Nouveau mot de passe
<input type="password" name="password" autocomplete="new-password">
<small>Laissez vide pour supprimer le mot de passe.</small>
</label>
<p id="password-current-info" style="font-size:.85rem;color:#64748b;margin-top:.5rem;"></p>
</div>
<div class="access-dialog__footer">
<button type="button" class="access-btn access-btn--secondary"
onclick="document.getElementById('password-dialog').close()">Annuler</button>
<button type="submit" class="access-btn">Enregistrer</button>
</div>
</form>
</dialog>
<script>
document.getElementById('open-create-dialog').addEventListener('click', () => {
document.getElementById('create-dialog').showModal();
});
function copyUrl(id) {
const input = document.getElementById('url-' + id);
input.classList.toggle('visible');
if (input.classList.contains('visible')) {
input.select();
navigator.clipboard.writeText(input.value).then(() => {
// Brief visual feedback
input.style.outline = '2px solid #22c55e';
setTimeout(() => { input.style.outline = ''; }, 600);
});
}
}
function openPasswordDialog(id, hasPassword) {
document.getElementById('password-link-id').value = id;
const info = document.getElementById('password-current-info');
info.textContent = hasPassword
? 'Un mot de passe est actuellement configuré. Entrez-en un nouveau ou laissez vide pour le supprimer.'
: 'Aucun mot de passe configuré.';
document.getElementById('password-dialog').showModal();
}
</script>
<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>

2
public/partage/index.php
View File

@@ -22,7 +22,7 @@ $slug = $parts[0] ?? '';
$action = $parts[1] ?? '';
// Validate slug format: YYYYMMDD-XXXXXXXX (17 chars)
if (!preg_match('/^\d{8}-[A-Z2-7]{8}$/', $slug)) {
if (!preg_match('#^\d{8}-[A-Z0-9+/]{8}$#', $slug)) {
App::boot();
$_SESSION['_flash_error'] = 'Ce lien de partage n\'est pas valide.';
header('Location: /');

6
src/ShareLink.php
View File

@@ -30,7 +30,11 @@ class ShareLink
public static function generateSlug(): string
{
$date = date('Ymd');
$random = substr(strtoupper(rtrim(base64_encode(random_bytes(7)), '=')), 0, 8);
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
$random = '';
for ($i = 0; $i < 8; $i++) {
$random .= $chars[random_int(0, strlen($chars) - 1)];
}
return $date . '-' . $random;
}

BIN
storage/posterg.db
View File

Binary file not shown.

2
templates/header.php
View File

@@ -21,7 +21,7 @@ $_thesisId = $_GET['id'] ?? null;
<li><a href="/admin/pages.php" <?= in_array($_currentPage, ['pages.php', 'pages-edit.php']) ? 'aria-current="page"' : '' ?>>Pages statiques</a></li>
<li><a href="/admin/tags.php" <?= $_currentPage === 'tags.php' ? 'aria-current="page"' : '' ?>>Mots-clés</a></li>
<li><a href="/admin/system.php" <?= in_array($_currentPage, ['system.php', 'status.php', 'logs.php']) ? 'aria-current="page"' : '' ?>>Système</a></li>
<li><a href="/admin/student-access.php" <?= $_currentPage === 'student-access.php' ? 'aria-current="page"' : '' ?>>Accès étudiant·e</a></li>
<li><a href="/admin/acces-etudiante.php" <?= $_currentPage === 'acces-etudiante.php' ? 'aria-current="page"' : '' ?>>Accès étudiant·e</a></li>
<li><a href="/admin/parametres.php" <?= $_currentPage === 'parametres.php' ? 'aria-current="page"' : '' ?>>Paramètres</a></li>
<?php if ($_thesisId && in_array($_currentPage, ['edit.php', 'thanks.php'])): ?>
<li><a href="/admin/edit.php?id=<?= intval($_thesisId) ?>" <?= $_currentPage === 'edit.php' ? 'aria-current="page"' : '' ?>>Modifier</a></li>