mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
467aced734
Phase 1: Consolidate shared infrastructure - Create shared/ directory for common code - Consolidate Database.php from front-backend and formulaire into unified shared/Database.php - Smart path detection for test.db vs posterg.db - Secure search with wildcard escaping and input validation - Support both singleton and direct instantiation patterns - Full CRUD methods for admin functionality - Move RateLimit.php to shared/ (30 requests/min) - Update all require paths across apps to use shared/ Phase 2: Reorganize directory structure - Rename front-backend/ → apps/public/ - Rename formulaire/ → apps/admin/ - Rename db/ → database/ - Update all file paths for new structure - Create root .gitignore excluding databases, cache, logs Implement secure search feature - Add apps/public/search.php with full-text search across theses - Search filters: query, year, orientation, AP program, keywords - Security features: - SQL injection prevention (prepared statements) - Wildcard injection prevention (escape % and _) - Input validation (max 200 chars, year range 1900-2100) - Rate limiting (30 req/min per IP) - Pagination limited to 100 results/page - XSS protection (htmlspecialchars on output) Add comprehensive test suite - Create apps/public/tests/ with proper structure - tests/Integration/SearchTest.php - 12 search scenarios - tests/Security/SecurityTest.php - vulnerability testing - tests/Unit/RateLimitTest.php - rate limit behavior - Create database/fixtures/CreateTestDatabase.php - Add apps/public/run-tests.php test runner - All tests passing (4/4 suites) Update deployment configuration - Rename justfile 'sync' recipe to 'deploy' - Create deploy group with separate deploy-public and deploy-admin - Add test-deploy recipe for test database - Exclude *.db, tests/, cache/, *.md from production deploy - Deploy shared/ to both public and admin locations Stats: +4482 insertions, -654 deletions across 72 files
296 lines
8.9 KiB
PHP
296 lines
8.9 KiB
PHP
<?php
|
|
// Configure error reporting
|
|
ini_set('display_errors', 0);
|
|
ini_set('log_errors', 1);
|
|
ini_set('error_log', 'error.log');
|
|
|
|
require __DIR__ . '/../../shared/Database.php';
|
|
|
|
// Security: Validate thesis ID parameter
|
|
$thesisId = null;
|
|
$thesis = null;
|
|
$files = [];
|
|
$error = null;
|
|
|
|
if (isset($_GET['id'])) {
|
|
$thesisId = filter_var($_GET['id'], FILTER_VALIDATE_INT);
|
|
|
|
if ($thesisId !== false && $thesisId > 0) {
|
|
try {
|
|
$db = new Database();
|
|
$pdo = $db->getPDO();
|
|
|
|
// Get thesis data
|
|
$thesis = $db->getThesis($thesisId);
|
|
|
|
if (!$thesis) {
|
|
$error = "TFE non trouvé.";
|
|
} else {
|
|
// Get associated files
|
|
$stmt = $pdo->prepare("
|
|
SELECT file_type, file_name, file_size, mime_type, uploaded_at
|
|
FROM thesis_files
|
|
WHERE thesis_id = ?
|
|
ORDER BY file_type, uploaded_at
|
|
");
|
|
$stmt->execute([$thesisId]);
|
|
$files = $stmt->fetchAll();
|
|
}
|
|
} catch (Exception $e) {
|
|
error_log("Error loading thesis: " . $e->getMessage());
|
|
$error = "Erreur lors de la lecture des données.";
|
|
}
|
|
} else {
|
|
error_log("Invalid thesis ID: " . $_GET['id']);
|
|
$error = "Identifiant invalide.";
|
|
}
|
|
} else {
|
|
$error = "Aucun identifiant spécifié.";
|
|
}
|
|
|
|
// Helper function to format file size
|
|
function formatFileSize($bytes) {
|
|
if ($bytes >= 1073741824) {
|
|
return number_format($bytes / 1073741824, 2) . ' GB';
|
|
} elseif ($bytes >= 1048576) {
|
|
return number_format($bytes / 1048576, 2) . ' MB';
|
|
} elseif ($bytes >= 1024) {
|
|
return number_format($bytes / 1024, 2) . ' KB';
|
|
} else {
|
|
return $bytes . ' bytes';
|
|
}
|
|
}
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
<html lang="fr">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Merci - Post-ERG</title>
|
|
<link rel="stylesheet" href="assets/normalize.css">
|
|
<link rel="stylesheet" href="assets/simple.css">
|
|
<link rel="stylesheet" href="assets/posterg.css">
|
|
<link rel="shortcut icon" href="assets/icon.svg" type="image/svg">
|
|
</head>
|
|
<body>
|
|
<header>
|
|
<h1>Merci</h1>
|
|
<?php if ($thesis): ?>
|
|
<nav style="margin-top: 1rem;">
|
|
<a href="list.php">Liste des TFE</a> |
|
|
<a href="edit.php?id=<?php echo $thesisId; ?>">✏️ Modifier ce TFE</a>
|
|
</nav>
|
|
<?php endif; ?>
|
|
</header>
|
|
|
|
<main>
|
|
<?php if ($error): ?>
|
|
<div class="error">
|
|
<p>⚠️ <?php echo htmlspecialchars($error); ?></p>
|
|
<p><a href="index.php">Retour au formulaire</a></p>
|
|
</div>
|
|
|
|
<?php elseif ($thesis): ?>
|
|
<p>d'avoir soumis votre TFE. Les informations ont été enregistrées et sont en attente de traitement.</p>
|
|
|
|
<div class="thesis-info">
|
|
<h2>Récapitulatif de votre soumission</h2>
|
|
|
|
<h3>Informations de base</h3>
|
|
<dl>
|
|
<dt>Identifiant:</dt>
|
|
<dd><strong><?php echo htmlspecialchars($thesis['identifier']); ?></strong></dd>
|
|
|
|
<dt>Titre:</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['title']); ?></dd>
|
|
|
|
<?php if ($thesis['subtitle']): ?>
|
|
<dt>Sous-titre:</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['subtitle']); ?></dd>
|
|
<?php endif; ?>
|
|
|
|
<dt>Auteur·ice(s):</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['authors']); ?></dd>
|
|
|
|
<dt>Année:</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['year']); ?></dd>
|
|
</dl>
|
|
|
|
<h3>Détails académiques</h3>
|
|
<dl>
|
|
<dt>Orientation:</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['orientation'] ?? 'Non spécifié'); ?></dd>
|
|
|
|
<dt>Atelier Pratique:</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['ap_program'] ?? 'Non spécifié'); ?></dd>
|
|
|
|
<dt>Finalité:</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['finality_type'] ?? 'Non spécifié'); ?></dd>
|
|
|
|
<?php if ($thesis['supervisors']): ?>
|
|
<dt>Promoteur·ice(s):</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['supervisors']); ?></dd>
|
|
<?php endif; ?>
|
|
</dl>
|
|
|
|
<h3>Contenu</h3>
|
|
<dl>
|
|
<?php if ($thesis['synopsis']): ?>
|
|
<dt>Synopsis:</dt>
|
|
<dd><?php echo nl2br(htmlspecialchars($thesis['synopsis'])); ?></dd>
|
|
<?php endif; ?>
|
|
|
|
<?php if ($thesis['languages']): ?>
|
|
<dt>Langue(s):</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['languages']); ?></dd>
|
|
<?php endif; ?>
|
|
|
|
<?php if ($thesis['formats']): ?>
|
|
<dt>Format(s):</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['formats']); ?></dd>
|
|
<?php endif; ?>
|
|
|
|
<?php if ($thesis['keywords']): ?>
|
|
<dt>Mots-clés:</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['keywords']); ?></dd>
|
|
<?php endif; ?>
|
|
|
|
<?php if ($thesis['file_size_info']): ?>
|
|
<dt>Durée/Taille:</dt>
|
|
<dd><?php echo htmlspecialchars($thesis['file_size_info']); ?></dd>
|
|
<?php endif; ?>
|
|
|
|
<?php if ($thesis['baiu_link']): ?>
|
|
<dt>Lien:</dt>
|
|
<dd><a href="<?php echo htmlspecialchars($thesis['baiu_link']); ?>" target="_blank" rel="noopener">
|
|
<?php echo htmlspecialchars($thesis['baiu_link']); ?>
|
|
</a></dd>
|
|
<?php endif; ?>
|
|
</dl>
|
|
|
|
<?php if (!empty($files)): ?>
|
|
<h3>Fichiers téléversés</h3>
|
|
<table>
|
|
<thead>
|
|
<tr>
|
|
<th>Type</th>
|
|
<th>Nom du fichier</th>
|
|
<th>Taille</th>
|
|
<th>Date</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php foreach ($files as $file): ?>
|
|
<tr>
|
|
<td><?php echo htmlspecialchars($file['file_type']); ?></td>
|
|
<td><?php echo htmlspecialchars($file['file_name']); ?></td>
|
|
<td><?php echo formatFileSize($file['file_size']); ?></td>
|
|
<td><?php echo date('d/m/Y H:i', strtotime($file['uploaded_at'])); ?></td>
|
|
</tr>
|
|
<?php endforeach; ?>
|
|
</tbody>
|
|
</table>
|
|
<?php endif; ?>
|
|
|
|
<h3>Statut de publication</h3>
|
|
<p><strong>⏳ En attente</strong> - Votre TFE ne sera publié qu'après la soutenance et l'ajout éventuel d'une note contextuelle par le jury.</p>
|
|
|
|
<p class="submitted-date">
|
|
Soumis le <?php echo date('d/m/Y à H:i', strtotime($thesis['submitted_at'])); ?>
|
|
</p>
|
|
</div>
|
|
|
|
<p><a href="index.php">Soumettre un autre TFE</a></p>
|
|
|
|
<?php else: ?>
|
|
<p>Aucune donnée à afficher.</p>
|
|
<p><a href="index.php">Retour au formulaire</a></p>
|
|
<?php endif; ?>
|
|
</main>
|
|
|
|
<footer>
|
|
<p>Formulaire Post-ERG</p>
|
|
</footer>
|
|
</body>
|
|
</html>
|
|
|
|
<style>
|
|
.thesis-info {
|
|
background: #f5f5f5;
|
|
padding: 2rem;
|
|
border-radius: 8px;
|
|
margin: 2rem 0;
|
|
}
|
|
|
|
.thesis-info h2 {
|
|
margin-top: 0;
|
|
border-bottom: 2px solid #333;
|
|
padding-bottom: 0.5rem;
|
|
}
|
|
|
|
.thesis-info h3 {
|
|
margin-top: 2rem;
|
|
margin-bottom: 1rem;
|
|
color: #555;
|
|
}
|
|
|
|
.thesis-info dl {
|
|
display: grid;
|
|
grid-template-columns: 200px 1fr;
|
|
gap: 0.5rem 1rem;
|
|
margin-bottom: 1.5rem;
|
|
}
|
|
|
|
.thesis-info dt {
|
|
font-weight: bold;
|
|
color: #666;
|
|
}
|
|
|
|
.thesis-info dd {
|
|
margin: 0;
|
|
}
|
|
|
|
.thesis-info table {
|
|
width: 100%;
|
|
margin-top: 1rem;
|
|
}
|
|
|
|
.thesis-info table th {
|
|
text-align: left;
|
|
background: #ddd;
|
|
padding: 0.5rem;
|
|
}
|
|
|
|
.thesis-info table td {
|
|
padding: 0.5rem;
|
|
border-bottom: 1px solid #ddd;
|
|
}
|
|
|
|
.submitted-date {
|
|
margin-top: 2rem;
|
|
font-style: italic;
|
|
color: #666;
|
|
}
|
|
|
|
.error {
|
|
background: #fee;
|
|
border: 2px solid #c00;
|
|
padding: 1.5rem;
|
|
border-radius: 8px;
|
|
color: #c00;
|
|
}
|
|
|
|
@media (max-width: 768px) {
|
|
.thesis-info dl {
|
|
grid-template-columns: 1fr;
|
|
gap: 0.25rem;
|
|
}
|
|
|
|
.thesis-info dt {
|
|
margin-top: 1rem;
|
|
}
|
|
}
|
|
</style>
|