mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
fe1f8629ea
- Updated 6 admin templates: add.php, edit.php, login.php, account.php,
import.php, pages-edit.php — replaced <div class="admin-submit-wrap">
with <div class="admin-form-footer">
- Updated 8 CSS selectors in admin.css:
- .admin-form-footer { margin-top/padding-top } (was .admin-submit-wrap)
- .admin-form > div:not(.admin-form-footer) grid exclusion guard (×3)
- .admin-login-box .admin-form > div:not(.admin-form-footer) overrides (×2)
- .admin-login-box .admin-form-footer compact spacing override
- No visual change; purely a semantic rename to a descriptive class name
- Also marked status-badge.php partial and WCAG 1.3.1 badge tasks as
already-done in todo/02-php-components.md and todo/04-accessibility.md
(partial + CSS were fully implemented but todo had not been updated)
110 lines
4.7 KiB
PHP
110 lines
4.7 KiB
PHP
<?php
|
|
require_once __DIR__ . "/../../config/bootstrap.php";
|
|
require_once __DIR__ . '/../../src/AdminAuth.php';
|
|
AdminAuth::requireLogin();
|
|
|
|
$pageTitle = "Compte administrateur";
|
|
|
|
$credentialsFile = APP_ROOT . '/config/admin_credentials.php';
|
|
$hasPassword = defined('ADMIN_PASSWORD_HASH');
|
|
|
|
// Flash messages are consumed by the flash-messages partial below.
|
|
|
|
if (empty($_SESSION['csrf_token'])) {
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
|
}
|
|
?>
|
|
<?php $isAdmin = true; $bodyClass = 'admin-body'; require_once APP_ROOT . '/templates/head.php'; ?>
|
|
<?php include APP_ROOT . '/templates/header.php'; ?>
|
|
|
|
<main id="main-content">
|
|
<h1>Compte administrateur</h1>
|
|
|
|
<?php include APP_ROOT . '/templates/partials/flash-messages.php'; ?>
|
|
|
|
<!-- Status info -->
|
|
<dl class="admin-account-status">
|
|
<div class="admin-account-status__row">
|
|
<dt class="admin-account-status__label">Authentification PHP</dt>
|
|
<dd><?php $badgeType = 'ok'; $badgeValue = $hasPassword; $badgeOkLabel = 'Active'; $badgeWarnLabel = 'Non configurée'; include APP_ROOT . '/templates/partials/status-badge.php'; ?></dd>
|
|
</div>
|
|
<div class="admin-account-status__row">
|
|
<dt class="admin-account-status__label">Fichier de configuration</dt>
|
|
<dd>
|
|
<code class="admin-account-status__code">config/admin_credentials.php</code>
|
|
<?php $badgeType = 'ok'; $badgeValue = file_exists($credentialsFile); $badgeOkLabel = 'Présent'; $badgeWarnLabel = 'Absent'; include APP_ROOT . '/templates/partials/status-badge.php'; ?>
|
|
</dd>
|
|
</div>
|
|
<?php if (!$hasPassword): ?>
|
|
<p class="admin-account-status__note">
|
|
Aucun mot de passe PHP configuré. Le formulaire ci-dessous créera
|
|
<code>config/admin_credentials.php</code> avec un hash bcrypt.
|
|
</p>
|
|
<?php endif; ?>
|
|
</dl>
|
|
|
|
<!-- Password change form -->
|
|
<h2 class="admin-section-title"><?= $hasPassword ? 'Changer le mot de passe' : 'Définir le mot de passe' ?></h2>
|
|
|
|
<form method="post" action="/admin/actions/account.php" class="admin-form" autocomplete="off">
|
|
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
|
|
|
<?php if ($hasPassword): ?>
|
|
<div>
|
|
<label for="current_password">Mot de passe actuel</label>
|
|
<div>
|
|
<input type="password" id="current_password"
|
|
name="current_password" required autocomplete="current-password">
|
|
</div>
|
|
</div>
|
|
<?php endif; ?>
|
|
|
|
<div>
|
|
<label for="new_password">Nouveau mot de passe</label>
|
|
<div>
|
|
<input type="password" id="new_password"
|
|
name="new_password" required autocomplete="new-password"
|
|
minlength="12">
|
|
<small>Minimum 12 caractères.</small>
|
|
</div>
|
|
</div>
|
|
|
|
<div>
|
|
<label for="confirm_password">Confirmer le mot de passe</label>
|
|
<div>
|
|
<input type="password" id="confirm_password"
|
|
name="confirm_password" required autocomplete="new-password">
|
|
</div>
|
|
</div>
|
|
|
|
<div class="admin-form-footer">
|
|
<button type="submit" class="admin-btn">
|
|
<?= $hasPassword ? 'Mettre à jour le mot de passe' : 'Définir le mot de passe' ?>
|
|
</button>
|
|
</div>
|
|
</form>
|
|
|
|
<?php if ($hasPassword): ?>
|
|
<!-- Danger zone: remove password -->
|
|
<h2 class="admin-section-title admin-section-title--danger">Zone de danger</h2>
|
|
<div class="admin-danger-zone">
|
|
<p class="admin-danger-zone__description">
|
|
<strong>Supprimer la configuration du mot de passe PHP</strong><br>
|
|
<small>
|
|
Supprime <code>config/admin_credentials.php</code>. L'accès admin
|
|
dépendra uniquement de l'authentification nginx Basic Auth si elle est configurée.
|
|
</small>
|
|
</p>
|
|
<form method="post" action="/admin/actions/account.php"
|
|
onsubmit="return confirm('Supprimer le fichier de mot de passe PHP ? L\'accès admin ne sera protégé que par nginx Basic Auth.')">
|
|
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
|
<input type="hidden" name="action" value="remove_credentials">
|
|
<input type="hidden" name="current_password_remove" id="current_password_remove" value="">
|
|
<button type="submit" class="admin-btn admin-btn--danger">Supprimer le fichier</button>
|
|
</form>
|
|
</div>
|
|
<?php endif; ?>
|
|
</main>
|
|
|
|
<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>
|