xamxam/TODO.md at 150099dc3ce596fa77e8908de272f6e42d03995f

Make thanks.php respect student mode (no header, centered "add new form" button)

Cleanup public/admin/add.php — standardise fieldsets and add licence explanation sections from docs PDF

Organise all fields into <fieldset>/<legend> blocks: Informations du TFE, Composition du jury, Cadre académique, Fichiers, Métadonnées complémentaires
Remove double-wrapping of jury-fieldset (it has its own <fieldset>)
Add "Degrés d'ouverture et licences" section (Libre / Interne / Interdit + Généralités) wrapped in if ($studentMode) — hidden in admin

Migrate student mode form to shareable links system (/partage/)

Create share_links database table (id, slug YYYYMMDD-random, password_hash, is_active, usage_count, created_by, created_at, expires_at nullable)
Create ShareLink model — generate slugs, validate, verify password, CRUD
Create public/partage/index.php — public form page (no auth required, validates link active + password if set)
Create public/partage/.htaccess — RewriteRule to route all partage paths to index.php
Create public/partage/thanks.php — post-submission confirmation page
Move student-specific licence explanation fieldset to partage form template
Share-link specific CSRF token (session-scoped share_csrf_<slug>) instead of session CSRF

Create admin page for managing student access links

Create public/admin/student-access.php — "Accès étudiant·e" page
Link to new page from admin navigation
Implement list view of all share links with status (active/disabled, password set, usage count, created date)
Implement create new link modal/form (optional expiration, password)
Implement toggle active/disabled status per link
Implement password set/change/clear per link
Implement delete link action
Copy-to-clipboard button for full partage URL

Security and validation considerations

Rate limiting on form submissions per share link
Add flash messages / error handling for invalid/disabled/password-protected links

TODO