From a6df3c8c0e345ad34cc8b2aa2ce50d23c039e302 Mon Sep 17 00:00:00 2001
From: Pontoporeia <pontoporeia@happyngreen.fr>
Date: Thu, 16 Apr 2026 12:00:28 +0200
Subject: [PATCH] fix: /partage/<slug> routing (regex delimiter + nginx
 location)

---
 TODO.md                                       |  36 +--
 config/router.php                             |  26 ++
 justfile                                      |   2 +-
 nginx/posterg.conf                            |   5 +
 public/admin/acces-etudiante.php              | 201 +++++++++++++++
 ...student-access.php => acces-etudiante.php} |  18 +-
 public/admin/student-access.php               | 244 ------------------
 public/partage/index.php                      |   2 +-
 src/ShareLink.php                             |   6 +-
 storage/posterg.db                            | Bin 237568 -> 253952 bytes
 templates/header.php                          |   2 +-
 11 files changed, 254 insertions(+), 288 deletions(-)
 create mode 100644 config/router.php
 create mode 100644 public/admin/acces-etudiante.php
 rename public/admin/actions/{student-access.php => acces-etudiante.php} (67%)
 delete mode 100644 public/admin/student-access.php

diff --git a/TODO.md b/TODO.md
index 379b2ab..42fd016 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,33 +1,7 @@
 # TODO
 
-- [x] Make thanks.php respect student mode (no header, centered "add new form" button)
-  - [x] Add hidden input `student_mode` in add.php form when in student mode
-  - [x] Append `mode=student` to thanks redirect in formulaire.php
-  - [x] Update thanks.php to detect student mode, hide header, show centered button
-- [x] Cleanup public/admin/add.php — standardise fieldsets and add licence explanation sections from docs PDF
-  - [x] Organise all fields into `<fieldset>/<legend>` blocks: Informations du TFE, Composition du jury, Cadre académique, Fichiers, Métadonnées complémentaires
-  - [x] Remove double-wrapping of jury-fieldset (it has its own `<fieldset>`)
-  - [x] Add "Degrés d'ouverture et licences" section (Libre / Interne / Interdit + Généralités) wrapped in `if ($studentMode)` — hidden in admin
-
-- [x] Migrate student mode form to shareable links system (/partage/<form-url>)
-  - [x] Create `share_links` database table (id, slug YYYYMMDD-random, password_hash, is_active, usage_count, created_by, created_at, expires_at nullable)
-  - [x] Create `ShareLink` model — generate slugs, validate, verify password, CRUD
-  - [x] Create `public/partage/index.php` — public form page (no auth required, validates link active + password if set)
-  - [x] Create `public/partage/.htaccess` — RewriteRule to route all partage paths to index.php
-  - [x] Create `public/partage/thanks.php` — post-submission confirmation page
-  - [x] Move student-specific licence explanation fieldset to partage form template
-  - [x] Share-link specific CSRF token (session-scoped `share_csrf_<slug>`) instead of session CSRF
-
-- [x] Create admin page for managing student access links
-  - [x] Create `public/admin/student-access.php` — "Accès étudiant·e" page
-  - [x] Link to new page from admin navigation
-  - [x] Implement list view of all share links with status (active/disabled, password set, usage count, created date)
-  - [x] Implement create new link modal/form (optional expiration, password)
-  - [x] Implement toggle active/disabled status per link
-  - [x] Implement password set/change/clear per link
-  - [x] Implement delete link action
-  - [x] Copy-to-clipboard button for full partage URL
-
-- [x] Security and validation considerations
-  - [x] Rate limiting on form submissions per share link — integrate RateLimit into partage index.php POST handler
-  - [x] Add flash messages / error handling for invalid/disabled/password-protected links — replace plain die() with styled error pages and flash messages
+## Completed
+- [x] Fix share link slug regex mismatch (base64 chars vs base32 pattern)
+- [x] Fix regex delimiter clash (`/` inside `[...]` broke the pattern) → switched to `#` delimiter
+- [x] Add PHP dev server router for /partage/<slug> URL rewriting
+- [x] Add nginx location block for /partage/ pretty URLs
diff --git a/config/router.php b/config/router.php
new file mode 100644
index 0000000..148ace7
--- /dev/null
+++ b/config/router.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * Router script for PHP built-in development server (php -S).
+ *
+ * Routes /partage/<slug> to public/partage/index.php, since the built-in
+ * server has no URL rewriting like nginx's try_files.
+ */
+
+$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+
+// Route /partage/<slug> and /partage/<slug>/<action> to the partage entry
+if (preg_match('#^/partage(/.*)?$#', $uri)) {
+    $_SERVER['SCRIPT_NAME'] = '/partage/index.php';
+    require __DIR__ . '/../public/partage/index.php';
+    return true;
+}
+
+// Route /tfe/<...> to tfe.php
+if (preg_match('#^/tfe(/.*)?$#', $uri)) {
+    $_SERVER['SCRIPT_NAME'] = '/tfe.php';
+    require __DIR__ . '/../public/tfe.php';
+    return true;
+}
+
+// Default: serve static files if they exist
+return false;
diff --git a/justfile b/justfile
index 97172ab..227f8c3 100644
--- a/justfile
+++ b/justfile
@@ -13,7 +13,7 @@ setup:
 
 [group('dev')]
 serve: migrate
-    @php -S 127.0.0.1:8000 -t public/ 2>&1 | stdbuf -oL grep -E '(Development Server|\[200\])' | stdbuf -oL grep -v 'live-reload\.php' || true
+    @php -S 127.0.0.1:8000 -t public/ config/router.php 2>&1 | stdbuf -oL grep -E '(Development Server|\[200\])' | stdbuf -oL grep -v 'live-reload\.php' || true
 
 [group('dev')]
 stop:
diff --git a/nginx/posterg.conf b/nginx/posterg.conf
index bcdc030..899be36 100644
--- a/nginx/posterg.conf
+++ b/nginx/posterg.conf
@@ -151,6 +151,11 @@ server {
         try_files $uri $uri/ =404;
     }
 
+    # Share-link (partage) — rewrite pretty URLs to index.php
+    location /partage/ {
+        try_files $uri /partage/index.php$is_args$args;
+    }
+
     # Search endpoint - rate limiting
     location = /search.php {
         limit_req zone=search burst=10 nodelay;
diff --git a/public/admin/acces-etudiante.php b/public/admin/acces-etudiante.php
new file mode 100644
index 0000000..af4c91a
--- /dev/null
+++ b/public/admin/acces-etudiante.php
@@ -0,0 +1,201 @@
+<?php
+require_once __DIR__ . '/../../config/bootstrap.php';
+require_once __DIR__ . '/../../src/AdminAuth.php';
+require_once __DIR__ . '/../../src/ShareLink.php';
+
+App::adminGuard();
+
+$shareLink = ShareLink::make();
+$links = $shareLink->listAll();
+
+$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
+$baseUrl  = $protocol . '://' . ($_SERVER['HTTP_HOST'] ?? 'localhost');
+$pageTitle = 'Accès étudiant·e';
+$isAdmin   = true;
+$bodyClass = 'admin-body';
+?>
+<?php require_once APP_ROOT . '/templates/head.php'; ?>
+    <?php include APP_ROOT . '/templates/header.php'; ?>
+
+<main id="main-content">
+    <?php include APP_ROOT . '/templates/partials/flash-messages.php'; ?>
+
+    <div class="admin-list-toolbar">
+        <h1>Accès étudiant·e</h1>
+        <div class="admin-list-toolbar__right">
+            <button type="button" class="admin-btn admin-btn--sm" id="open-create-dialog">
+                ＋ Créer un lien
+            </button>
+        </div>
+    </div>
+
+    <?php if (empty($links)): ?>
+        <p class="admin-empty">Aucun lien d'accès créé. Cliquez sur « Créer un lien » pour générer un lien partageable.</p>
+    <?php else: ?>
+    <table>
+        <thead>
+            <tr>
+                <th scope="col">Lien</th>
+                <th scope="col">Statut</th>
+                <th scope="col">Mot de passe</th>
+                <th scope="col">Utilisations</th>
+                <th scope="col">Expiration</th>
+                <th scope="col">Créé le</th>
+                <th scope="col">Actions</th>
+            </tr>
+        </thead>
+        <tbody>
+            <?php foreach ($links as $link): ?>
+                <?php
+                    $isExpired = $link['expires_at'] !== null && strtotime($link['expires_at']) < time();
+                    $isActive  = (bool)$link['is_active'] && !$isExpired;
+                    $statusLabel = $isExpired ? 'Expiré' : ($link['is_active'] ? 'Actif' : 'Désactivé');
+                    if ($isExpired) {
+                        $statusClass = 'status-badge status-pending';
+                    } elseif ($link['is_active']) {
+                        $statusClass = 'status-badge status-published';
+                    } else {
+                        $statusClass = 'status-badge';
+                        $statusClass .= ' style="background:var(--error-muted-bg);color:var(--error);"';
+                    }
+                    $fullUrl = $baseUrl . '/partage/' . htmlspecialchars($link['slug']);
+                    $created = date('d/m/Y H:i', strtotime($link['created_at']));
+                    $expires = $link['expires_at'] ? date('d/m/Y', strtotime($link['expires_at'])) : '—';
+                    $hasPassword = !empty($link['password_hash']);
+                ?>
+                <tr>
+                    <td>
+                        <code style="font-size:var(--step--2);color:var(--text-secondary);"><?= htmlspecialchars($link['slug']) ?></code>
+                        <input type="hidden" id="url-<?= $link['id'] ?>" value="<?= $fullUrl ?>">
+                    </td>
+                    <td>
+                        <?php if ($isExpired): ?>
+                            <span class="status-badge status-pending"><?= $statusLabel ?></span>
+                        <?php elseif ($link['is_active']): ?>
+                            <span class="status-badge status-published"><?= $statusLabel ?></span>
+                        <?php else: ?>
+                            <span style="display:inline-block;padding:var(--space-3xs) var(--space-2xs);border-radius:3px;font-size:var(--step--2);font-weight:500;letter-spacing:0.04em;background:var(--error-muted-bg);color:var(--error);"><?= $statusLabel ?></span>
+                        <?php endif; ?>
+                    </td>
+                    <td><?= $hasPassword ? '🔒 Oui' : 'Non' ?></td>
+                    <td style="text-align:center;"><?= intval($link['usage_count']) ?></td>
+                    <td><?= $expires ?></td>
+                    <td><?= $created ?></td>
+                    <td>
+                        <div class="admin-actions">
+                            <button type="button" class="admin-btn-sm admin-btn-view"
+                                    onclick="copyUrl(<?= $link['id'] ?>)" title="Copier l'URL">
+                                Copier
+                            </button>
+                            <form method="post" action="actions/acces-etudiante.php" class="publish-form">
+                                <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
+                                <input type="hidden" name="action" value="toggle">
+                                <input type="hidden" name="id" value="<?= $link['id'] ?>">
+                                <button type="submit"
+                                        class="admin-btn-sm <?= $link['is_active'] ? 'admin-btn-unpublish' : 'admin-btn-publish' ?>"
+                                        title="<?= $link['is_active'] ? 'Désactiver' : 'Activer' ?>">
+                                    <?= $link['is_active'] ? '⏸' : '▶' ?>
+                                </button>
+                            </form>
+                            <button type="button" class="admin-btn-sm admin-btn-edit"
+                                    onclick="openPasswordDialog(<?= $link['id'] ?>, <?= $hasPassword ? 'true' : 'false' ?>)"
+                                    title="Modifier le mot de passe">
+                                🔑
+                            </button>
+                            <form method="post" action="actions/acces-etudiante.php" class="publish-form"
+                                  onsubmit="return confirm('Supprimer ce lien ? Les soumissions via ce lien seront bloquées.')">
+                                <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
+                                <input type="hidden" name="action" value="delete">
+                                <input type="hidden" name="id" value="<?= $link['id'] ?>">
+                                <button type="submit" class="admin-btn-sm admin-btn-delete" title="Supprimer">
+                                    🗑
+                                </button>
+                            </form>
+                        </div>
+                    </td>
+                </tr>
+            <?php endforeach; ?>
+        </tbody>
+    </table>
+    <?php endif; ?>
+</main>
+
+<!-- ═══════════════════════ CREATE DIALOG ═══════════════════════ -->
+<dialog id="create-dialog" class="admin-dialog" aria-labelledby="create-dialog-title">
+    <div class="admin-dialog__header">
+        <h2 id="create-dialog-title">Créer un lien d'accès</h2>
+        <button type="button" class="admin-dialog__close" aria-label="Fermer"
+                onclick="document.getElementById('create-dialog').close()">&#x2715;</button>
+    </div>
+    <form method="post" action="actions/acces-etudiante.php" class="admin-form">
+        <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
+        <input type="hidden" name="action" value="create">
+        <div>
+            <label for="create-password">Mot de passe (optionnel)</label>
+            <input type="password" id="create-password" name="password" autocomplete="new-password">
+            <small>Laissez vide pour un lien sans mot de passe.</small>
+        </div>
+        <div>
+            <label for="create-expires">Expiration (optionnel)</label>
+            <input type="datetime-local" id="create-expires" name="expires_at">
+            <small>Laissez vide pour qu'il n'expire jamais.</small>
+        </div>
+        <div class="admin-form-footer">
+            <button type="submit" class="admin-btn">Créer le lien</button>
+            <button type="button" class="admin-btn-secondary"
+                    onclick="document.getElementById('create-dialog').close()">Annuler</button>
+        </div>
+    </form>
+</dialog>
+
+<!-- ═══════════════════════ PASSWORD DIALOG ═══════════════════════ -->
+<dialog id="password-dialog" class="admin-dialog" aria-labelledby="password-dialog-title">
+    <div class="admin-dialog__header">
+        <h2 id="password-dialog-title">Mot de passe</h2>
+        <button type="button" class="admin-dialog__close" aria-label="Fermer"
+                onclick="document.getElementById('password-dialog').close()">&#x2715;</button>
+    </div>
+    <form method="post" action="actions/acces-etudiante.php" class="admin-form">
+        <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
+        <input type="hidden" name="action" value="set_password">
+        <input type="hidden" name="id" id="password-link-id" value="">
+        <div>
+            <label for="password-input">Nouveau mot de passe</label>
+            <input type="password" id="password-input" name="password" autocomplete="new-password">
+            <small>Laissez vide pour supprimer le mot de passe.</small>
+            <p id="password-current-info" style="font-size:var(--step--2);color:var(--text-secondary);margin-top:var(--space-2xs);"></p>
+        </div>
+        <div class="admin-form-footer">
+            <button type="submit" class="admin-btn">Enregistrer</button>
+            <button type="button" class="admin-btn-secondary"
+                    onclick="document.getElementById('password-dialog').close()">Annuler</button>
+        </div>
+    </form>
+</dialog>
+
+<script>
+document.getElementById('open-create-dialog').addEventListener('click', () => {
+    document.getElementById('create-dialog').showModal();
+});
+
+function copyUrl(id) {
+    const input = document.getElementById('url-' + id);
+    navigator.clipboard.writeText(input.value).then(() => {
+        const btn = event.target.closest('button');
+        const orig = btn.textContent;
+        btn.textContent = '✓ Copié';
+        setTimeout(() => { btn.textContent = orig; }, 1200);
+    });
+}
+
+function openPasswordDialog(id, hasPassword) {
+    document.getElementById('password-link-id').value = id;
+    const info = document.getElementById('password-current-info');
+    info.textContent = hasPassword
+        ? 'Un mot de passe est actuellement configuré. Entrez-en un nouveau ou laissez vide pour le supprimer.'
+        : 'Aucun mot de passe configuré.';
+    document.getElementById('password-dialog').showModal();
+}
+</script>
+
+<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>
diff --git a/public/admin/actions/student-access.php b/public/admin/actions/acces-etudiante.php
similarity index 67%
rename from public/admin/actions/student-access.php
rename to public/admin/actions/acces-etudiante.php
index a6095e4..0323ff3 100644
--- a/public/admin/actions/student-access.php
+++ b/public/admin/actions/acces-etudiante.php
@@ -28,19 +28,19 @@ switch ($action) {
             // datetime-local gives "YYYY-MM-DDTHH:MM"
             $expiresAt = date('Y-m-d H:i:s', strtotime($expiresRaw));
             if ($expiresAt <= date('Y-m-d H:i:s')) {
-                App::redirect('/admin/student-access.php', error: "La date d'expiration doit être dans le futur.");
+                App::redirect('/admin/acces-etudiante.php', error: "La date d'expiration doit être dans le futur.");
             }
         }
         $shareLink->create(1, $password, $expiresAt);
-        App::redirect('/admin/student-access.php', success: 'Lien d\'accès créé.');
+        App::redirect('/admin/acces-etudiante.php', success: 'Lien d\'accès créé.');
         break;
 
     case 'toggle':
         if ($id > 0) {
             $shareLink->toggleActive($id);
-            App::redirect('/admin/student-access.php', success: 'Statut du lien modifié.');
+            App::redirect('/admin/acces-etudiante.php', success: 'Statut du lien modifié.');
         } else {
-            App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
+            App::redirect('/admin/acces-etudiante.php', error: 'Lien introuvable.');
         }
         break;
 
@@ -48,22 +48,22 @@ switch ($action) {
         if ($id > 0) {
             $password = isset($_POST['password']) && $_POST['password'] !== '' ? trim($_POST['password']) : null;
             $shareLink->setPassword($id, $password);
-            App::redirect('/admin/student-access.php', success: 'Mot de passe mis à jour.');
+            App::redirect('/admin/acces-etudiante.php', success: 'Mot de passe mis à jour.');
         } else {
-            App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
+            App::redirect('/admin/acces-etudiante.php', error: 'Lien introuvable.');
         }
         break;
 
     case 'delete':
         if ($id > 0) {
             $shareLink->delete($id);
-            App::redirect('/admin/student-access.php', success: 'Lien supprimé.');
+            App::redirect('/admin/acces-etudiante.php', success: 'Lien supprimé.');
         } else {
-            App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
+            App::redirect('/admin/acces-etudiante.php', error: 'Lien introuvable.');
         }
         break;
 
     default:
-        App::redirect('/admin/student-access.php', error: 'Action inconnue.');
+        App::redirect('/admin/acces-etudiante.php', error: 'Action inconnue.');
         break;
 }
diff --git a/public/admin/student-access.php b/public/admin/student-access.php
deleted file mode 100644
index 8196418..0000000
--- a/public/admin/student-access.php
+++ /dev/null
@@ -1,244 +0,0 @@
-<?php
-require_once __DIR__ . '/../../config/bootstrap.php';
-require_once __DIR__ . '/../../src/AdminAuth.php';
-require_once __DIR__ . '/../../src/ShareLink.php';
-
-App::adminGuard();
-
-require_once __DIR__ . '/../../src/ShareLink.php';
-
-$shareLink = ShareLink::make();
-$links = $shareLink->listAll();
-$flash = App::consumeFlash();
-
-$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
-$baseUrl  = $protocol . '://' . ($_SERVER['HTTP_HOST'] ?? 'localhost');
-$pageTitle = 'Accès étudiant·e';
-$isAdmin   = true;
-$bodyClass = 'admin-body';
-?>
-<?php require_once APP_ROOT . '/templates/head.php'; ?>
-    <?php include APP_ROOT . '/templates/header.php'; ?>
-
-<style>
-.access-main { padding: 2rem; max-width: 960px; }
-.access-toolbar { display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 1rem; margin-bottom: 1.5rem; }
-.access-toolbar h1 { margin: 0; font-size: 1.5rem; }
-.access-btn { display: inline-flex; align-items: center; gap: .4rem; padding: .5rem 1rem; border: none; border-radius: 6px; cursor: pointer; font-size: .875rem; background: #2563eb; color: #fff; text-decoration: none; }
-.access-btn:hover { background: #1d4ed8; }
-.access-btn--secondary { background: #f1f5f9; color: #334155; border: 1px solid #cbd5e1; }
-.access-btn--secondary:hover { background: #e2e8f0; }
-.access-btn--danger { background: #fee2e2; color: #b91c1c; }
-.access-btn--danger:hover { background: #fca5a5; }
-.access-btn--sm { padding: .3rem .6rem; font-size: .8rem; }
-
-.access-table { width: 100%; border-collapse: collapse; margin-top: 1rem; }
-.access-table th, .access-table td { padding: .6rem .8rem; text-align: left; border-bottom: 1px solid #e2e8f0; vertical-align: middle; }
-.access-table th { font-size: .8rem; text-transform: uppercase; letter-spacing: .04em; color: #64748b; background: #f8fafc; }
-.access-table th:first-child { border-radius: 6px 0 0 0; }
-.access-table th:last-child { border-radius: 0 6px 0 0; }
-.access-table tbody tr:hover { background: #f8fafc; }
-.access-slug { font-family: ui-monospace, SFMono-Regular, monospace; font-size: .85rem; }
-.access-url-input { display: none; margin-top: .25rem; padding: .35rem .5rem; font-size: .8rem; border: 1px solid #cbd5e1; border-radius: 4px; width: 100%; max-width: 320px; font-family: ui-monospace, SFMono-Regular, monospace; }
-.access-url-input.visible { display: inline-block; }
-.access-badge { display: inline-block; padding: .15rem .5rem; border-radius: 9999px; font-size: .75rem; font-weight: 500; background: #dcfce7; color: #166534; }
-.access-badge--disabled { background: #fee2e2; color: #b91c1c; }
-.access-badge--expired { background: #fef3c7; color: #92400e; }
-.access-act { display: flex; gap: .35rem; flex-wrap: wrap; }
-
-/* ── Create dialog ── */
-.access-dialog { border: none; border-radius: 12px; padding: 0; width: min(480px, 92vw); box-shadow: 0 20px 60px rgba(0,0,0,.18); max-height: 80vh; overflow: auto; }
-.access-dialog::backdrop { background: rgba(0,0,0,.35); }
-.access-dialog__header { display: flex; align-items: center; justify-content: space-between; padding: 1rem 1.5rem; border-bottom: 1px solid #e2e8f0; }
-.access-dialog__header h2 { margin: 0; font-size: 1.15rem; }
-.access-dialog__close { background: none; border: none; font-size: 1.4rem; cursor: pointer; color: #64748b; line-height: 1; }
-.access-dialog__body { padding: 1.5rem; }
-.access-dialog__body label { display: block; margin-bottom: 1rem; font-size: .9rem; }
-.access-dialog__body label input[type=text],
-.access-dialog__body label input[type=password],
-.access-dialog__body label input[type=datetime-local] { display: block; width: 100%; margin-top: .3rem; padding: .45rem .6rem; border: 1px solid #cbd5e1; border-radius: 6px; font-size: .9rem; box-sizing: border-box; }
-.access-dialog__body small { display: block; margin-top: .25rem; color: #64748b; }
-.access-dialog__footer { display: flex; justify-content: flex-end; gap: .5rem; padding: 1rem 1.5rem; border-top: 1px solid #e2e8f0; }
-
-.access-empty { text-align: center; padding: 3rem 1rem; color: #94a3b8; }
-.access-empty svg { width: 48px; height: 48px; margin-bottom: .75rem; opacity: .5; }
-</style>
-
-<main id="main-content" class="access-main">
-    <?php if ($flash['success']): ?>
-        <div class="flash flash--success"><?= htmlspecialchars($flash['success']) ?></div>
-    <?php endif; ?>
-    <?php if ($flash['error']): ?>
-        <div class="flash flash--error"><?= htmlspecialchars($flash['error']) ?></div>
-    <?php endif; ?>
-
-    <div class="access-toolbar">
-        <h1>Accès étudiant·e</h1>
-        <button type="button" class="access-btn" id="open-create-dialog">
-            ＋ Créer un lien
-        </button>
-    </div>
-
-    <?php if (empty($links)): ?>
-        <div class="access-empty">
-            <svg xmlns="http://www.w3.org/2000/svg" fill="none" stroke="currentColor" stroke-width="1.5" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" d="M13.19 8.688a4.5 4.5 0 0 1 1.242 7.244l-4.5 4.5a4.5 4.5 0 0 1-6.364-6.364l1.757-1.757m13.35-.622 1.757-1.757a4.5 4.5 0 0 0-6.364-6.364l-4.5 4.5a4.5 4.5 0 0 0 1.242 7.244"/></svg>
-            <p>Aucun lien d'accès créé.</p>
-            <p>Cliquez sur « Créer un lien » pour générer un lien partageable.</p>
-        </div>
-    <?php else: ?>
-    <table class="access-table">
-        <thead>
-            <tr>
-                <th scope="col">Lien</th>
-                <th scope="col">Statut</th>
-                <th scope="col">Mot de passe</th>
-                <th scope="col">Utilisations</th>
-                <th scope="col">Expiration</th>
-                <th scope="col">Créé le</th>
-                <th scope="col">Actions</th>
-            </tr>
-        </thead>
-        <tbody>
-            <?php foreach ($links as $link): ?>
-                <?php
-                    $isExpired = $link['expires_at'] !== null && strtotime($link['expires_at']) < time();
-                    $isActive  = (bool)$link['is_active'] && !$isExpired;
-                    $statusLabel = $isExpired ? 'Expiré' : ($link['is_active'] ? 'Actif' : 'Désactivé');
-                    $statusClass = $isExpired ? 'access-badge--expired' : ($link['is_active'] ? '' : 'access-badge--disabled');
-                    $fullUrl = $baseUrl . '/partage/' . htmlspecialchars($link['slug']);
-                    $created = date('d/m/Y H:i', strtotime($link['created_at']));
-                    $expires = $link['expires_at'] ? date('d/m/Y', strtotime($link['expires_at'])) : '—';
-                    $hasPassword = !empty($link['password_hash']);
-                ?>
-                <tr>
-                    <td>
-                        <span class="access-slug"><?= htmlspecialchars($link['slug']) ?></span>
-                        <input class="access-url-input" id="url-<?= $link['id'] ?>" value="<?= $fullUrl ?>" readonly>
-                    </td>
-                    <td><span class="access-badge <?= $statusClass ?>"><?= $statusLabel ?></span></td>
-                    <td><?= $hasPassword ? '🔒 Oui' : 'Non' ?></td>
-                    <td><?= intval($link['usage_count']) ?></td>
-                    <td><?= $expires ?></td>
-                    <td><?= $created ?></td>
-                    <td>
-                        <div class="access-act">
-                            <button type="button" class="access-btn access-btn--secondary access-btn--sm"
-                                    onclick="copyUrl(<?= $link['id'] ?>)" title="Copier l'URL">
-                                Copier
-                            </button>
-                            <form method="post" action="actions/student-access.php" style="display:inline;">
-                                <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
-                                <input type="hidden" name="action" value="toggle">
-                                <input type="hidden" name="id" value="<?= $link['id'] ?>">
-                                <button type="submit" class="access-btn access-btn--secondary access-btn--sm"
-                                        title="<?= $link['is_active'] ? 'Désactiver' : 'Activer' ?>">
-                                    <?= $link['is_active'] ? '⏸' : '▶' ?>
-                                </button>
-                            </form>
-                            <button type="button" class="access-btn access-btn--secondary access-btn--sm"
-                                    onclick="openPasswordDialog(<?= $link['id'] ?>, <?= $hasPassword ? 'true' : 'false' ?>)"
-                                    title="Modifier le mot de passe">
-                                🔑
-                            </button>
-                            <form method="post" action="actions/student-access.php" style="display:inline;"
-                                  onsubmit="return confirm('Supprimer ce lien ? Les soumissions via ce lien seront bloquées.')">
-                                <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
-                                <input type="hidden" name="action" value="delete">
-                                <input type="hidden" name="id" value="<?= $link['id'] ?>">
-                                <button type="submit" class="access-btn access-btn--danger access-btn--sm" title="Supprimer">
-                                    🗑
-                                </button>
-                            </form>
-                        </div>
-                    </td>
-                </tr>
-            <?php endforeach; ?>
-        </tbody>
-    </table>
-    <?php endif; ?>
-</main>
-
-<!-- ═══════════════════════ CREATE DIALOG ═══════════════════════ -->
-<dialog id="create-dialog" class="access-dialog">
-    <div class="access-dialog__header">
-        <h2>Créer un lien d'accès</h2>
-        <button type="button" class="access-dialog__close" onclick="document.getElementById('create-dialog').close()">&#x2715;</button>
-    </div>
-    <form method="post" action="actions/student-access.php">
-        <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
-        <input type="hidden" name="action" value="create">
-        <div class="access-dialog__body">
-            <label>
-                Mot de passe (optionnel)
-                <input type="password" name="password" autocomplete="new-password">
-                <small>Laissez vide pour un lien sans mot de passe.</small>
-            </label>
-            <label>
-                Expiration (optionnel)
-                <input type="datetime-local" name="expires_at">
-                <small>Laissez vide pour qu'il n'expire jamais.</small>
-            </label>
-        </div>
-        <div class="access-dialog__footer">
-            <button type="button" class="access-btn access-btn--secondary"
-                    onclick="document.getElementById('create-dialog').close()">Annuler</button>
-            <button type="submit" class="access-btn">Créer le lien</button>
-        </div>
-    </form>
-</dialog>
-
-<!-- ═══════════════════════ PASSWORD DIALOG ═══════════════════════ -->
-<dialog id="password-dialog" class="access-dialog">
-    <div class="access-dialog__header">
-        <h2>Mot de passe</h2>
-        <button type="button" class="access-dialog__close" onclick="document.getElementById('password-dialog').close()">&#x2715;</button>
-    </div>
-    <form method="post" action="actions/student-access.php">
-        <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
-        <input type="hidden" name="action" value="set_password">
-        <input type="hidden" name="id" id="password-link-id" value="">
-        <div class="access-dialog__body">
-            <label>
-                Nouveau mot de passe
-                <input type="password" name="password" autocomplete="new-password">
-                <small>Laissez vide pour supprimer le mot de passe.</small>
-            </label>
-            <p id="password-current-info" style="font-size:.85rem;color:#64748b;margin-top:.5rem;"></p>
-        </div>
-        <div class="access-dialog__footer">
-            <button type="button" class="access-btn access-btn--secondary"
-                    onclick="document.getElementById('password-dialog').close()">Annuler</button>
-            <button type="submit" class="access-btn">Enregistrer</button>
-        </div>
-    </form>
-</dialog>
-
-<script>
-document.getElementById('open-create-dialog').addEventListener('click', () => {
-    document.getElementById('create-dialog').showModal();
-});
-
-function copyUrl(id) {
-    const input = document.getElementById('url-' + id);
-    input.classList.toggle('visible');
-    if (input.classList.contains('visible')) {
-        input.select();
-        navigator.clipboard.writeText(input.value).then(() => {
-            // Brief visual feedback
-            input.style.outline = '2px solid #22c55e';
-            setTimeout(() => { input.style.outline = ''; }, 600);
-        });
-    }
-}
-
-function openPasswordDialog(id, hasPassword) {
-    document.getElementById('password-link-id').value = id;
-    const info = document.getElementById('password-current-info');
-    info.textContent = hasPassword
-        ? 'Un mot de passe est actuellement configuré. Entrez-en un nouveau ou laissez vide pour le supprimer.'
-        : 'Aucun mot de passe configuré.';
-    document.getElementById('password-dialog').showModal();
-}
-</script>
-
-<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>
diff --git a/public/partage/index.php b/public/partage/index.php
index 8ff726b..ca882fa 100644
--- a/public/partage/index.php
+++ b/public/partage/index.php
@@ -22,7 +22,7 @@ $slug  = $parts[0] ?? '';
 $action = $parts[1] ?? '';
 
 // Validate slug format: YYYYMMDD-XXXXXXXX (17 chars)
-if (!preg_match('/^\d{8}-[A-Z2-7]{8}$/', $slug)) {
+if (!preg_match('#^\d{8}-[A-Z0-9+/]{8}$#', $slug)) {
     App::boot();
     $_SESSION['_flash_error'] = 'Ce lien de partage n\'est pas valide.';
     header('Location: /');
diff --git a/src/ShareLink.php b/src/ShareLink.php
index ad41abe..f7c33b6 100644
--- a/src/ShareLink.php
+++ b/src/ShareLink.php
@@ -30,7 +30,11 @@ class ShareLink
     public static function generateSlug(): string
     {
         $date = date('Ymd');
-        $random = substr(strtoupper(rtrim(base64_encode(random_bytes(7)), '=')), 0, 8);
+        $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+        $random = '';
+        for ($i = 0; $i < 8; $i++) {
+            $random .= $chars[random_int(0, strlen($chars) - 1)];
+        }
         return $date . '-' . $random;
     }
 
diff --git a/storage/posterg.db b/storage/posterg.db
index ef76e47a6a7f87d99670f2ab3d6b1b712a38ef24..e9afeee88469b6656af47ee8eddcac70f15f895a 100644
GIT binary patch
delta 1123
zcmaJ=K}-`t6y538LW}Ik0Sgv&OfOVhvfBk>p%l<oLjonilAxD$+75I>yM>)ygcCHV
z2V<g*F?;Z!!o`b+UfhcZG+w-V@nm9*Cr>6EiN@I$n_`HQZ1QL4zxU?<|7L4X*xG}S
z16?tW;}Y!qyToc(2C>@hr_ghm{p&rqeE{tP2)rx6XP?*tH32-RR_<GG;;u2zc%R3A
zBVxUK1kT&f9|7{h-NU`&ET8DQD4d+^_}!7|2>38pYU{363id0}_1fzKpj!E5;{^X4
z*!yvpu;0tS<-DB13H_Z~r|h2KKX9M<dz=BER4cbO@r1`e6a*WpmM80KeqEsjtP`cE
zYRgoiMRTcTKX!F4HJM4FsdO^6fR0N>vuV@<=ywQ0_bw&c{J|i2aMr-tB566Ng$qrw
z(L?gg<dx}E3yCGIfvELq$Q9T`M^+?)u9fu?Hb&4*wq|CM$w*wsTE1LLgb^878bDDo
zIxG%K!x1bm#+IW#2fu<Ty;IinN&(XX%A^)D;Ul!o4dc(|^o<n*Ihms<-9JA)jmD5x
zZgL=<teUD$@^xmFDmZ7TYs5<21!p9w&dXRN25KCHk;vk_N}WD5KqkdYM9Gy+&2V7n
zHW?soma;@g<wZozT#it>Xck$REvb~MWsRaW6(ggdQsj)OuAS2fHb`E{Zm{WOQrA;+
zC_S4&X?EqK<uQ7kFR2<bDU+B=qJEt$5}jyF$2ke8nnIamU8k%!k`*VJhOFv3h^E7J
zL9)KW3TG7?D9JpLnVLy8J9i{->N#v2S!0riKwoHR+~c1LT3zFOZ(ob&q!xd~1<bYE
zdoush=jJ#NtyKoV=JI5lKNbX)wqq^ZXmkrl;=iVCr2lK%<|IR%?2USb1rC0M&!7s&
zVRyUmO?V@03k$VMLJ&h<UY12M*7|G)=xWh%UPK&>NW(}HN22nG6qDNdtFna@K49;r
wc??c_p__wW;Cr|WA3_t(!#M1N?po!C(BtQ2a15*0?o;^h6FXnUou8-v0QU$|xc~qF

delta 257
zcmZoTz~69yZ-TU-1p@<v6%fOK?nE79MvILJQ~BA9fnt)f&A<7#|K?}pEMVl^&f37Z
zk&p5CWI=($Z1ys2;=#Jp5B4+4Z=c`Kn7V*Xj9~=>&$j6t225H!-2b>kxTU!g8FJZ0
zfyy(suP|U*%gMx)yjf5no@u&mKcnsT&o)eapT&Wea4;WX;P>O_=1b($;LYPTW^rIX
z0#vt#dHWG#=DA$kL#&zRGfMD+RPr@5@So(L&7a9{&o9dNh;JKTGf-tVAFCk;v$OGZ
ug?MJ^?Th`G6B$J~_+=RQ@A4nwU(DabU&<fKZ^JJGRLa7?T_&FSi30%iY(NPB

diff --git a/templates/header.php b/templates/header.php
index 2694ae9..3a00a5b 100644
--- a/templates/header.php
+++ b/templates/header.php
@@ -21,7 +21,7 @@ $_thesisId     = $_GET['id'] ?? null;
             <li><a href="/admin/pages.php" <?= in_array($_currentPage, ['pages.php', 'pages-edit.php']) ? 'aria-current="page"' : '' ?>>Pages statiques</a></li>
             <li><a href="/admin/tags.php" <?= $_currentPage === 'tags.php' ? 'aria-current="page"' : '' ?>>Mots-clés</a></li>
             <li><a href="/admin/system.php" <?= in_array($_currentPage, ['system.php', 'status.php', 'logs.php']) ? 'aria-current="page"' : '' ?>>Système</a></li>
-            <li><a href="/admin/student-access.php" <?= $_currentPage === 'student-access.php' ? 'aria-current="page"' : '' ?>>Accès étudiant·e</a></li>
+            <li><a href="/admin/acces-etudiante.php" <?= $_currentPage === 'acces-etudiante.php' ? 'aria-current="page"' : '' ?>>Accès étudiant·e</a></li>
             <li><a href="/admin/parametres.php" <?= $_currentPage === 'parametres.php' ? 'aria-current="page"' : '' ?>>Paramètres</a></li>
             <?php if ($_thesisId && in_array($_currentPage, ['edit.php', 'thanks.php'])): ?>
             <li><a href="/admin/edit.php?id=<?= intval($_thesisId) ?>" <?= $_currentPage === 'edit.php' ? 'aria-current="page"' : '' ?>>Modifier</a></li>