mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
2e9ebfc684
Replace `storeAsFile:true` with a full async FilePond round-trip pipeline using opaque server-side file IDs.
* Added 4 new PHP endpoints under `/admin/actions/filepond/`:
* `process.php` — upload/process single file and return opaque `file_id`
* `revert.php` — delete pending tmp uploads before form submit
* `load.php` — stream existing files by DB ID for FilePond preload
* `remove.php` — soft-delete `thesis_files` rows
* `process.php` improvements:
* accept arbitrary FilePond field names instead of hardcoded `file`
* support PHP-nested multi-file queue inputs (`queue_file[tfe][]`)
* explicit unwrapping of nested `$_FILES` structures
* add `audio/mp3` to audio + `peertube_audio` MIME whitelists
* immediate upload of `peertube_*` files to PeerTube, returning `peertube:{uuid}` IDs
* extensive `error_log()` instrumentation for request, CSRF, MIME, upload, and save stages
* `revert.php` now accepts `peertube:` IDs without local cleanup
* `ThesisFileHandler`:
* add `handleFilePondQueueFiles()` + `handleFilePondSingleFile()`
* process async uploads from `storage/tmp/filepond/` via opaque `file_id`
* inline handling of `peertube:{uuid}` IDs with direct `thesis_files` insertion
* remove obsolete deferred PeerTube queue-processing flow
* `ThesisCreateController` + `ThesisEditController`:
* gate async path behind `filepond_mode=1`
* preserve legacy multipart flow as fallback
* `file-upload-filepond.js`:
* remove `storeAsFile:true`
* add `buildServerConfig()` for async endpoint wiring
* fix `syncOrderInput()` to use `serverId`
* add `onprocessfile` hook
* add `fileValidateSizeFilterItem` for per-extension size caps
* preload existing uploads via `data-existing-files` + `server.load`
* replace static `INPUT_ID_TO_TYPE` map with `data-queue-type`
* add extensive `console.log()` debugging across upload pipeline stages
* `upload-progress.js`:
* block form submission while uploads are pending
* update `collectFileNames()` to read processed FilePond items
* Templates/layout:
* add `data-queue-type`
* add `data-existing-files`
* add global CSRF meta tag outside admin-only context
* add `filepond_mode` hidden input
* add CSRF token/meta support for partage pages
* move website URL field below file upload block
* `.gitignore`: exclude `storage/tmp/` from version control
Admin Panel Structure
This directory contains the admin panel for managing XAMXAM thesis database.
Directory Structure
public/admin/
├── index.php # List all theses (main page)
├── add.php # Add new thesis form
├── edit.php # Edit existing thesis form
├── import.php # CSV import form
├── recapitulatif.php # Recap page after submission
├── actions/ # Backend processing scripts (no HTML output)
│ ├── formulaire.php # Process thesis submission from add.php
│ └── publish.php # Toggle publish/unpublish status
├── inc/ # Shared templates
│ ├── head.php # HTML head, CSS, navigation
│ └── footer.php # HTML footer
└── data/ # Upload directory (not in git)
├── theses/ # PDF files
└── covers/ # Cover images
File Types
User-Facing Templates (Root Directory)
Files that display HTML to users:
- index.php - Lists all theses with filters and bulk actions
- add.php - Form to add a new thesis
- edit.php - Form to edit an existing thesis
- import.php - CSV import interface
- recapitulatif.php - Success confirmation page
Backend Scripts (actions/)
Files that process forms and redirect (no HTML output):
- formulaire.php - Processes thesis submission from add.php
- publish.php - Handles publish/unpublish actions
Shared Templates (inc/)
Reusable HTML components:
- head.php - HTML head, CSS links, navigation menu
- footer.php - HTML footer
Workflow
Adding a Thesis
- User visits
add.php(displays form) - User submits form to
actions/formulaire.php(processes data) - On success, redirects to
recapitulatif.php?id=123 - On error, redirects back to
add.phpwith error message
Publishing/Unpublishing
- User clicks publish/unpublish button in
index.php - Form submits to
actions/publish.php(processes action) - Redirects back to
index.phpwith success/error message
Security
- All pages require HTTP Basic Auth (configured in nginx) — primary layer
- All pages require PHP session auth (
AdminAuth::requireLogin()) — defence-in-depth - CSRF tokens protect all forms
- File uploads validated and sanitized
- Database queries use prepared statements
- Upload directory outside public/ in production
See nginx/PHP_AUTH_LAYER.md for details on the dual-auth architecture.
Templates
The inc/ folder contains shared templates:
head.php- Included at the top of each page (DOCTYPE, CSS, nav)footer.php- Included at the bottom of each page (closing tags)
Usage:
<?php include "inc/head.php" ?>
<!-- Page content here -->
<?php include "inc/footer.php" ?>
URL Structure
/admin/- List theses (index.php)/admin/add.php- Add new thesis/admin/edit.php?id=123- Edit thesis #123/admin/import.php- Import CSV/admin/recapitulatif.php?id=123- Recap page
Backend actions (not directly accessed):
/admin/actions/formulaire.php- Form processor/admin/actions/publish.php- Publish toggle
Development
Adding a New Page
- Create the template in
/admin/yourpage.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
$pageTitle = "Your Page Title";
?>
<?php include "inc/head.php" ?>
<!-- Your content here -->
<?php include "inc/footer.php" ?>
- Add navigation link in
inc/head.phpif needed
Adding a New Action
- Create the script in
/admin/actions/youraction.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
// Verify CSRF token
if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
$_SESSION['error'] = "Security error";
header('Location: ../index.php');
exit;
}
// Process action...
// Redirect
header('Location: ../yourpage.php');
exit;
- Create form in template that posts to
actions/youraction.php
Notes
- Bootstrap path from actions/:
__DIR__ . "/../../config/bootstrap.php" - Redirects from actions/: use
../prefix (e.g.,../index.php) - Database class:
require_once __DIR__ . '/../../lib/Database.php' - All forms must include CSRF token from
$_SESSION['csrf_token']