mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-07 03:29:19 +02:00
ca5983075d
- AdminLogger: JSON-lines → /var/log/xamxam.log (prod) / storage/logs/admin.log (dev) + best-effort DB mirror to admin_audit_log table - DB: admin_audit_log table, share_links.is_archived column - ShareLink: archive() replaces delete(), toggleActive() returns new state, listActive()/listArchived() split, validateLink blocks archived slugs - All action handlers wired: publish, unpublish, visibility, delete, csv/db export, tfe add/edit, tags, pages, apropos, form-help, access-request, maintenance, settings (formulaire toggles, objet types, smtp update), smtp-test - acces.php: archive button replaces delete; collapsible archived links section - setup-server.sh: provision /var/log/xamxam.log (www-data:xamxam 640)
87 lines
2.9 KiB
PHP
87 lines
2.9 KiB
PHP
<?php
|
||
// Bootstrap application
|
||
require_once __DIR__ . '/../../../bootstrap.php';
|
||
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
||
|
||
ini_set('display_errors', 0);
|
||
ini_set('log_errors', 1);
|
||
ini_set('error_log', APP_ROOT . '/../error.log');
|
||
|
||
AdminAuth::requireLogin();
|
||
|
||
// Verify CSRF token
|
||
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|
||
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
||
error_log(sprintf(
|
||
'CSRF token validation failed in formulaire.php - POST token: %s, SESSION token: %s',
|
||
$_POST['csrf_token'] ?? '(missing)',
|
||
$_SESSION['csrf_token'] ?? '(missing)'
|
||
));
|
||
die('Erreur de sécurité : token invalide. Veuillez recharger le formulaire.');
|
||
}
|
||
|
||
error_log('FILES array: ' . print_r($_FILES, true));
|
||
|
||
require_once APP_ROOT . '/src/Controllers/ThesisCreateController.php';
|
||
require_once APP_ROOT . '/src/AppLogger.php';
|
||
require_once APP_ROOT . '/src/AdminLogger.php';
|
||
require_once APP_ROOT . '/src/DuplicateThesisException.php';
|
||
|
||
$logger = new AppLogger();
|
||
$adminLogger = AdminLogger::make();
|
||
$authorName = $_POST['auteurice'] ?? 'unknown';
|
||
|
||
try {
|
||
$ctrl = ThesisCreateController::make();
|
||
$thesisId = $ctrl->submit($_POST, $_FILES);
|
||
|
||
$identifier = $ctrl->getIdentifier($thesisId);
|
||
$logger->logSubmission('admin', $thesisId, $identifier, $authorName);
|
||
$adminLogger->logAdd($thesisId, $identifier, $authorName);
|
||
|
||
unset($_SESSION['csrf_token']);
|
||
|
||
$redirect = '../recapitulatif.php?id=' . $thesisId;
|
||
header('Location: ' . $redirect);
|
||
exit();
|
||
|
||
} catch (DuplicateThesisException $e) {
|
||
$logger->logDuplicate('admin', $authorName, $e->existingThesisId, $e->existingIdentifier);
|
||
|
||
error_log('ThesisCreateController duplicate: ' . $e->getMessage());
|
||
|
||
// Build a warning with a clickable link to the existing thesis.
|
||
$existingUrl = htmlspecialchars('/admin/edit.php?id=' . $e->existingThesisId);
|
||
$existingRef = htmlspecialchars($e->existingIdentifier . ' - ' . $e->existingTitle . ' (' . $e->existingYear . ')');
|
||
$warningHtml = 'Doublon détecté : un TFE très similaire existe déjà.'
|
||
. '<br><a href="' . $existingUrl . '">' . $existingRef . '</a>'
|
||
. '<br>Vérifiez avant de soumettre à nouveau.';
|
||
|
||
App::flash('warning', $warningHtml);
|
||
$_SESSION['form_data'] = $_POST;
|
||
|
||
header('Location: ../add.php');
|
||
exit();
|
||
|
||
} catch (Exception $e) {
|
||
$logger->logError('admin', $e->getMessage(), [
|
||
'author' => $authorName,
|
||
'post_keys' => array_keys($_POST),
|
||
]);
|
||
|
||
error_log('ThesisCreateController error: ' . $e->getMessage());
|
||
|
||
App::flash('error', $e->getMessage());
|
||
$_SESSION['form_data'] = $_POST;
|
||
|
||
$redirect = '../add.php';
|
||
|
||
$autofocusField = ThesisCreateController::autofocusFieldForError($e->getMessage());
|
||
if ($autofocusField !== null) {
|
||
App::flashAutofocus($autofocusField);
|
||
}
|
||
|
||
header('Location: ' . $redirect);
|
||
exit();
|
||
}
|