mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
048a14bc2e
Mirrors the mots-clé tag-search system: dropdown suggestions from existing languages via HTMX, pill display with bin-icon remove buttons, 'Créer' option for new languages. Replaces the plain text input. - New partial: templates/partials/form/language-search.php - New fragment: public/partage/language-search-fragment.php - Admin wrapper: public/admin/language-search-fragment.php - Updated language-autre-fragment to return just the required asterisk indicator - Updated both controllers to handle language_autre as array (pill-based) with backward-compatible string path - Updated edit form to compute selectedOtherLanguages from DB - Registered new route in partage/index.php - Fix CSV importer: split comma-separated language column into individual entries - Add htmx active search to admin index, title line-clamp, predefined languages only in checkboxes - Admin index: filter form now uses htmx triggers (input delay:300ms on search, change on selects) to actively search without page reload - Sort links include hx-push-url for back-button support - Added loading indicator bar (.admin-search-indicator) - Title column: line-clamp at 2 lines with overflow hidden, native title attr tooltip for full text - Language checkboxes now show only 3 predefined languages (Français, Anglais, Néerlandais); all others go via the Autre langue search component - Added Database::getPredefinedLanguages() and excluded predefined from language-search-fragment suggestions - Included hidden sort/dir inputs in table-wrap so sort state preserved across filter changes - Fix language-search: block 'Créer' for predefined languages in dropdown The 'Créer' option in the language-search dropdown now also checks against the predefined set (français, anglais, néerlandais) to avoid offering creation of languages that already exist as checkboxes.
Admin Panel Structure
This directory contains the admin panel for managing XAMXAM thesis database.
Directory Structure
public/admin/
├── index.php # List all theses (main page)
├── add.php # Add new thesis form
├── edit.php # Edit existing thesis form
├── import.php # CSV import form
├── recapitulatif.php # Recap page after submission
├── actions/ # Backend processing scripts (no HTML output)
│ ├── formulaire.php # Process thesis submission from add.php
│ └── publish.php # Toggle publish/unpublish status
├── inc/ # Shared templates
│ ├── head.php # HTML head, CSS, navigation
│ └── footer.php # HTML footer
└── data/ # Upload directory (not in git)
├── theses/ # PDF files
└── covers/ # Cover images
File Types
User-Facing Templates (Root Directory)
Files that display HTML to users:
- index.php - Lists all theses with filters and bulk actions
- add.php - Form to add a new thesis
- edit.php - Form to edit an existing thesis
- import.php - CSV import interface
- recapitulatif.php - Success confirmation page
Backend Scripts (actions/)
Files that process forms and redirect (no HTML output):
- formulaire.php - Processes thesis submission from add.php
- publish.php - Handles publish/unpublish actions
Shared Templates (inc/)
Reusable HTML components:
- head.php - HTML head, CSS links, navigation menu
- footer.php - HTML footer
Workflow
Adding a Thesis
- User visits
add.php(displays form) - User submits form to
actions/formulaire.php(processes data) - On success, redirects to
recapitulatif.php?id=123 - On error, redirects back to
add.phpwith error message
Publishing/Unpublishing
- User clicks publish/unpublish button in
index.php - Form submits to
actions/publish.php(processes action) - Redirects back to
index.phpwith success/error message
Security
- All pages require HTTP Basic Auth (configured in nginx) — primary layer
- All pages require PHP session auth (
AdminAuth::requireLogin()) — defence-in-depth - CSRF tokens protect all forms
- File uploads validated and sanitized
- Database queries use prepared statements
- Upload directory outside public/ in production
See nginx/PHP_AUTH_LAYER.md for details on the dual-auth architecture.
Templates
The inc/ folder contains shared templates:
head.php- Included at the top of each page (DOCTYPE, CSS, nav)footer.php- Included at the bottom of each page (closing tags)
Usage:
<?php include "inc/head.php" ?>
<!-- Page content here -->
<?php include "inc/footer.php" ?>
URL Structure
/admin/- List theses (index.php)/admin/add.php- Add new thesis/admin/edit.php?id=123- Edit thesis #123/admin/import.php- Import CSV/admin/recapitulatif.php?id=123- Recap page
Backend actions (not directly accessed):
/admin/actions/formulaire.php- Form processor/admin/actions/publish.php- Publish toggle
Development
Adding a New Page
- Create the template in
/admin/yourpage.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
$pageTitle = "Your Page Title";
?>
<?php include "inc/head.php" ?>
<!-- Your content here -->
<?php include "inc/footer.php" ?>
- Add navigation link in
inc/head.phpif needed
Adding a New Action
- Create the script in
/admin/actions/youraction.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
// Verify CSRF token
if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
$_SESSION['error'] = "Security error";
header('Location: ../index.php');
exit;
}
// Process action...
// Redirect
header('Location: ../yourpage.php');
exit;
- Create form in template that posts to
actions/youraction.php
Notes
- Bootstrap path from actions/:
__DIR__ . "/../../config/bootstrap.php" - Redirects from actions/: use
../prefix (e.g.,../index.php) - Database class:
require_once __DIR__ . '/../../lib/Database.php' - All forms must include CSRF token from
$_SESSION['csrf_token']