# Admin Panel Structure

This directory contains the admin panel for managing Post-ERG thesis database.

## Directory Structure

```
public/admin/
├── index.php          # List all theses (main page)
├── add.php            # Add new thesis form
├── edit.php           # Edit existing thesis form
├── import.php         # CSV import form
├── thanks.php         # Thank you page after submission
├── actions/           # Backend processing scripts (no HTML output)
│   ├── formulaire.php # Process thesis submission from add.php
│   └── publish.php    # Toggle publish/unpublish status
├── inc/               # Shared templates
│   ├── head.php       # HTML head, CSS, navigation
│   └── footer.php     # HTML footer
└── data/              # Upload directory (not in git)
    ├── theses/        # PDF files
    └── covers/        # Cover images
```

## File Types

### User-Facing Templates (Root Directory)
Files that display HTML to users:
- **index.php** - Lists all theses with filters and bulk actions
- **add.php** - Form to add a new thesis
- **edit.php** - Form to edit an existing thesis
- **import.php** - CSV import interface
- **thanks.php** - Success confirmation page

### Backend Scripts (actions/)
Files that process forms and redirect (no HTML output):
- **formulaire.php** - Processes thesis submission from add.php
- **publish.php** - Handles publish/unpublish actions

### Shared Templates (inc/)
Reusable HTML components:
- **head.php** - HTML head, CSS links, navigation menu
- **footer.php** - HTML footer

## Workflow

### Adding a Thesis
1. User visits `add.php` (displays form)
2. User submits form to `actions/formulaire.php` (processes data)
3. On success, redirects to `thanks.php?id=123`
4. On error, redirects back to `add.php` with error message

### Publishing/Unpublishing
1. User clicks publish/unpublish button in `index.php`
2. Form submits to `actions/publish.php` (processes action)
3. Redirects back to `index.php` with success/error message

## Security

- All pages require HTTP Basic Auth (configured in nginx)
- CSRF tokens protect all forms
- File uploads validated and sanitized
- Database queries use prepared statements
- Upload directory outside public/ in production

## Templates

The `inc/` folder contains shared templates:
- `head.php` - Included at the top of each page (DOCTYPE, CSS, nav)
- `footer.php` - Included at the bottom of each page (closing tags)

Usage:
```php
<?php include "inc/head.php" ?>
<!-- Page content here -->
<?php include "inc/footer.php" ?>
```

## URL Structure

- `/admin/` - List theses (index.php)
- `/admin/add.php` - Add new thesis
- `/admin/edit.php?id=123` - Edit thesis #123
- `/admin/import.php` - Import CSV
- `/admin/thanks.php?id=123` - Thank you page

Backend actions (not directly accessed):
- `/admin/actions/formulaire.php` - Form processor
- `/admin/actions/publish.php` - Publish toggle

## Development

### Adding a New Page

1. Create the template in `/admin/yourpage.php`:
```php
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
session_start();
$pageTitle = "Your Page Title";
?>
<?php include "inc/head.php" ?>

<!-- Your content here -->

<?php include "inc/footer.php" ?>
```

2. Add navigation link in `inc/head.php` if needed

### Adding a New Action

1. Create the script in `/admin/actions/youraction.php`:
```php
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
session_start();

// Verify CSRF token
if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
    $_SESSION['error'] = "Security error";
    header('Location: ../index.php');
    exit;
}

// Process action...

// Redirect
header('Location: ../yourpage.php');
exit;
```

2. Create form in template that posts to `actions/youraction.php`

## Notes

- Bootstrap path from actions/: `__DIR__ . "/../../config/bootstrap.php"`
- Redirects from actions/: use `../` prefix (e.g., `../index.php`)
- Database class: `require_once __DIR__ . '/../../lib/Database.php'`
- All forms must include CSRF token from `$_SESSION['csrf_token']`