xamxam/TODO.md

TODO

Admin area cleanup

• Combine acces-etudiante.php + file-access.php into acces.php (two <section> blocks)
• Move system.php content into parametres.php (system section + logs section)
• Use <section> for sections, <fieldset> only where form fields are present
• Redirect legacy URLs (acces-etudiante.php, file-access.php, system.php) with 301
• Update action redirects to point to new pages
• Update admin nav header (merged 3 items → 2)

Bug fixes

• Fix $enabledAccessTypes undefined / array_map() TypeError on edit page — controller was fetching getAccessTypes() instead of getEnabledFormAccessTypes() and returning it under the wrong key
• Fix fatal TypeError: old() called with wrong arity in jury-fieldset.php partial under partage context — removed ?: null coercions so $juryPresident/$juryPromoteur are '' not null, keeping $addMode false
• Fix $formData destroyed by included partials (fieldset-academic.php, fieldset-metadata.php, fieldset-licence-explanation.php were incorrectly unsetting $formData/wrong variable in caller scope)

Form help blocks — sortable admin UI

• Migration 005: add sort_order column to form_help_blocks
• Database::getAllFormHelpBlocks() — ORDER BY sort_order, expose sort_order in returned data
• Database::reorderFormHelpBlocks(array $keys) — persist new order
• actions/form-help-reorder.php — HTMX POST handler (CSRF-protected, 204 response)
• templates/admin/contenus.php — replace table with two-panel layout:
  • Left: SortableJS + htmx drag-and-drop card list
  • Right: static form structure reference (fieldsets + inputs)
• CSS in admin.css: .fhb-* classes for layout, cards, ghost/chosen/drag states
• schema.sql — updated form_help_blocks DDL with sort_order
• Vendor SortableJS 1.15.2 into assets/js/sortable.min.js (remove CDN dependency)

Bug fixes (continued)

• Fix missing favicon tags in partage/recapitulatif.php

• Fix fatal Class "SmtpRelay" not found in StudentEmail.php — add require_once SmtpRelay.php before StudentEmail.php in partage/index.php

• Add missing favicon tags to all three <head> blocks in partage/index.php (error page, password gate, main form)

Rename posterg → xamxam throughout codebase

• Rename nginx/posterg.conf → nginx/xamxam.conf (+ .conf.reference)
• Update nginx conf: server_name, log paths, htpasswd path, header comments
• Update justfile: SSH host alias, group, DB filename, conf path, tmp paths
• Update scripts/deploy-server.sh: group, conf paths, site names, URLs
• Update scripts/setup-server.sh: APP_DIR, APP_GROUP, comments
• Update scripts/manage-admin-users.sh: htpasswd path
• Update scripts/migrate.sh: DB filename
• Update scripts/setup-dev.sh: DB filename
• Update scripts/copy_crash_logs.sh: log filenames, hostname
• Update README.md: SSH host, paths, DB name
• Update nginx/README.md, nginx/SETUP.md, and all nginx/docs/*.md
• Update PHP source: Database.php, SystemController.php, MediaController.php, LiveReloadController.php, SmtpRelay.php, live-reload.php, export actions
• Update app/migrations/run.php, app/tests/README.md, app/storage/README.md
• Replace all remaining "Post-ERG" branding with "XAMXAM" (scripts, PHP source, schema, docs)
• deploy-server.sh: remove legacy sites-enabled/posterg symlink to fix duplicate limit_req_zone nginx error
• deploy-server.sh: auto-migrate .htpasswd-posterg → .htpasswd-xamxam if new file absent
• deploy-server.sh: auto-migrate posterg.db → xamxam.db if new DB missing/empty; remove legacy file
• deploy-server.sh: clean up legacy posterg nginx configs and prune old backups
• Rename local storage/posterg.db → storage/xamxam.db

LDAP auth migration (pending client access)

• Get LDAP server hostname, port, service-account DN+password, base DN, user attr, group DN from client
• Verify TCP reachability from XAMXAM VM to LDAP server (port 636)
• See docs/LDAP_AUTH_PLAN.md for full phase-by-phase plan

SMTP transport security hardening

• Enable TLS peer verification (verify_peer, verify_peer_name, peer_name) on both smtpSend and smtpProbe — removes MITM vulnerability from verify_peer: false
• Add caBundlePath() — resolves system CA bundle path (php.ini → Debian/RHEL/Alpine candidates → PHP built-in fallback)
• Set SSL context options explicitly on socket before stream_socket_enable_crypto() for STARTTLS (both probe and send paths)
• Add sanitiseEnvelope() — strips CR/LF from envelope addresses to prevent SMTP command injection
• Fix RFC 5321 §4.5.2 dot-stuffing: replace preg_replace with correct CRLF-normalise → str_replace("\r\n.", "\r\n..") sequence

SMTP notify_email fix

• Migration 006: add notify_email column to smtp_settings
• SmtpRelay::getSettings() — include notify_email in SELECT + defaults
• SmtpRelay::updateSettings() — persist notify_email
• SmtpRelay::getNotifyEmail() — returns notify_email ?? from_email
• request-access.php — use getNotifyEmail() instead of from_email for admin notifications
• actions/settings.php — wire smtp_notify_email POST field
• Template: add "Adresse de notification admin" field to SMTP form
• schema.sql — updated DDL

SMTP credential validation

• Add SmtpProbeException with field property for structured error classification
• Add SmtpRelay::test() — returns {ok, error, field} with field = input id to highlight
• smtpProbe() throws typed exceptions per failure point:
  • connect fail → name resolution error → smtp_host
  • connect fail → port refused → smtp_port
  • connect fail → timeout → smtp_host
  • bad greeting / timeout after connect → smtp_host / smtp_port
  • STARTTLS not supported / TLS negotiation fail → smtp_encryption
  • AUTH rejected, code 535 → smtp_password; other auth failures → smtp_username
• actions/settings.php: store $_SESSION['_flash_smtp_field'] on probe failure
• parametres.php controller: consume + clear _flash_smtp_field into $smtpErrorField
• Template: aria-invalid, aria-describedby, inline <small class="param-field-error"> per field
• JS: scroll + focus the offending field on page load
• CSS: red border-bottom on [aria-invalid], .param-field-error error text style

Répertoire layout

• Make column headings sticky/non-scrollable; only ul scrolls per column
• Remove padding from .search-main and .repertoire-index
• Minimal horizontal padding inside columns (var(--space-2xs))
• Align all column headings to the same baseline row (2-row grid via display: contents)

SMTP 550 recipient-rejected handling

• Add SmtpSendException — carries smtpCode + smtpResponse; isRecipientRejected() for 550–554
• smtpSend() $expect closure throws SmtpSendException (with code) instead of plain RuntimeException
• SmtpRelay::send() re-throws SmtpSendException so callers can react
• request-access.php (new auto-approve): catch 550 → roll back token + approval, return HTTP 422 with user-facing message
• request-access.php (resend path): catch 550 → return HTTP 422 instead of silent "access approved"
• StudentEmail::sendConfirmation(): catch SmtpSendException → log + return false (submission must not be aborted)
• admin/actions/access-request.php: catch SmtpSendException after approval → flash warning distinguishing recipient-rejected vs transient
• docs/SMTP_550_POSTFIX_FIX.md — report for Postfix admin (diagnosis, 3 fix options, verification steps)

CSS refactor

• Move semantic HTML element baseline styles into common.css
  • fieldset (background, border, padding, radius)
  • legend (font, weight, color, transform)
  • small (size, color, display, margin)
  • table, th, td (collapse, sizing, spacing)
  • dialog + ::backdrop
  • details > summary
• Remove duplicated rules from admin.css, form.css, system.css, file-access.css
• Fix file-access.css to use real design tokens (was using undefined --border, --surface, --accent, etc.)
• Remove redundant @import url("./variables.css") from admin.css, system.css, file-access.css