PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
3a8ffa6afede9642b4b1929b80179ae8a8e2a571
xamxam/public/admin/account.php
Pontoporeia 42af4644c5 perf+a11y: WAL mode for SQLite, skip links, :focus-visible, .sr-only 
SQLite performance (Database::__construct):
- PRAGMA journal_mode = WAL: eliminates full-DB read locks on write, safe
  for concurrent PHP-FPM workers
- PRAGMA synchronous = NORMAL: durable on commit without full fsync per write
- PRAGMA cache_size = -8000: ~8 MB page cache per connection

Accessibility foundation (WCAG 2.1 AA):
- common.css: add .sr-only utility, .skip-link (hidden until focused),
  global :focus-visible (2px purple outline, 2px offset),
  prefers-reduced-motion guard; remove bare outline:none from
  .site-search__input
- admin.css: same :focus-visible, skip-link, and motion guard scoped to
  admin purple; remove outline:none from .admin-input/.admin-select/
  .admin-textarea and .admin-filters select (both had :focus border rules
  already, so focus is still visually communicated)
- search.css: remove outline:none from .search-filter-select (already has
  :focus border-color rule)
- All 5 public pages (index, search, tfe, apropos, licence): add
  <a href="#main-content" class="skip-link"> as first child of <body>;
  add id="main-content" to <main>
- templates/admin/head.php: same skip link; aria-label="Navigation admin"
  on <nav>; id="main-content" on all 10 admin <main> elements

All 4 test suites pass (unit, integration, security, rate-limit).
2026-03-27 13:45:01 +01:00

122 lines
5.3 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../src/AdminAuth.php';
AdminAuth::requireLogin();
$pageTitle = "Compte administrateur";
$credentialsFile = APP_ROOT . '/config/admin_credentials.php';
$hasPassword = defined('ADMIN_PASSWORD_HASH');
$success = $_SESSION['success'] ?? null;
$error = $_SESSION['error'] ?? null;
unset($_SESSION['success'], $_SESSION['error']);
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
?>
<?php require_once APP_ROOT . '/templates/admin/head.php'; ?>
<main class="admin-main" id="main-content">
<h1 class="admin-page-title">Compte administrateur</h1>
<?php if ($error): ?>
<div class="admin-alert admin-alert--error">⚠ <?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<?php if ($success): ?>
<div class="admin-alert admin-alert--success">✓ <?= htmlspecialchars($success) ?></div>
<?php endif; ?>
<!-- Status info -->
<div class="admin-account-status">
<div class="admin-account-status__row">
<span class="admin-account-status__label">Authentification PHP</span>
<?php if ($hasPassword): ?>
<span class="status-badge status-published">Active</span>
<?php else: ?>
<span class="status-badge status-pending">Non configurée</span>
<?php endif; ?>
</div>
<div class="admin-account-status__row">
<span class="admin-account-status__label">Fichier de configuration</span>
<code class="admin-account-status__code">config/admin_credentials.php</code>
<?php if (file_exists($credentialsFile)): ?>
<span class="status-badge status-published">Présent</span>
<?php else: ?>
<span class="status-badge status-pending">Absent</span>
<?php endif; ?>
</div>
<?php if (!$hasPassword): ?>
<p class="admin-account-status__note">
Aucun mot de passe PHP configuré. Le formulaire ci-dessous créera
<code>config/admin_credentials.php</code> avec un hash bcrypt.
</p>
<?php endif; ?>
</div>
<!-- Password change form -->
<h2 class="admin-section-title"><?= $hasPassword ? 'Changer le mot de passe' : 'Définir le mot de passe' ?></h2>
<form method="post" action="/admin/actions/account.php" class="admin-form" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<?php if ($hasPassword): ?>
<div class="admin-form-row">
<label class="admin-label" for="current_password">Mot de passe actuel</label>
<div>
<input class="admin-input" type="password" id="current_password"
name="current_password" required autocomplete="current-password">
</div>
</div>
<?php endif; ?>
<div class="admin-form-row">
<label class="admin-label" for="new_password">Nouveau mot de passe</label>
<div>
<input class="admin-input" type="password" id="new_password"
name="new_password" required autocomplete="new-password"
minlength="12">
<p class="admin-field-hint">Minimum 12 caractères.</p>
</div>
</div>
<div class="admin-form-row">
<label class="admin-label" for="confirm_password">Confirmer le mot de passe</label>
<div>
<input class="admin-input" type="password" id="confirm_password"
name="confirm_password" required autocomplete="new-password">
</div>
</div>
<div class="admin-submit-wrap">
<button type="submit" class="admin-btn">
<?= $hasPassword ? 'Mettre à jour le mot de passe' : 'Définir le mot de passe' ?>
</button>
</div>
</form>
<?php if ($hasPassword): ?>
<!-- Danger zone: remove password -->
<h2 class="admin-section-title admin-section-title--danger" style="margin-top:3rem;">Zone de danger</h2>
<div class="admin-danger-zone">
<div class="admin-danger-zone__description">
<strong>Supprimer la configuration du mot de passe PHP</strong><br>
<span style="color:var(--admin-text-muted);font-size:.9rem;">
Supprime <code>config/admin_credentials.php</code>. L'accès admin
dépendra uniquement de l'authentification nginx Basic Auth si elle est configurée.
</span>
</div>
<form method="post" action="/admin/actions/account.php"
onsubmit="return confirm('Supprimer le fichier de mot de passe PHP ? L\'accès admin ne sera protégé que par nginx Basic Auth.')">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="remove_credentials">
<input type="hidden" name="current_password_remove" id="current_password_remove" value="">
<button type="submit" class="admin-btn admin-btn--danger">Supprimer le fichier</button>
</form>
</div>
<?php endif; ?>
</main>
<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink