xamxam/app/public/admin/actions/formulaire.php

<?php
// Bootstrap application
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';

ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', APP_ROOT . '/../error.log');

AdminAuth::requireLogin();

// Verify CSRF token
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
    || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
    error_log(sprintf(
        'CSRF token validation failed in formulaire.php — POST token: %s, SESSION token: %s',
        $_POST['csrf_token'] ?? '(missing)',
        $_SESSION['csrf_token'] ?? '(missing)'
    ));
    die('Erreur de sécurité : token invalide. Veuillez recharger le formulaire.');
}

error_log('FILES array: ' . print_r($_FILES, true));

require_once APP_ROOT . '/src/Controllers/ThesisCreateController.php';
require_once APP_ROOT . '/src/AppLogger.php';

$logger     = new AppLogger();
$authorName = $_POST['auteurice'] ?? 'unknown';

try {
    $ctrl     = ThesisCreateController::make();
    $thesisId = $ctrl->submit($_POST, $_FILES);

    $identifier = $ctrl->getIdentifier($thesisId);
    $logger->logSubmission('admin', $thesisId, $identifier, $authorName);

    unset($_SESSION['csrf_token']);

    $redirect = '../recapitulatif.php?id=' . $thesisId;
    header('Location: ' . $redirect);
    exit();

} catch (Exception $e) {
    $logger->logError('admin', $e->getMessage(), [
        'author'   => $authorName,
        'post_keys' => array_keys($_POST),
    ]);

    error_log('ThesisCreateController error: ' . $e->getMessage());

    App::flash('error', $e->getMessage());
    $_SESSION['form_data'] = $_POST;

    $redirect = '../add.php';

    $autofocusField = ThesisCreateController::autofocusFieldForError($e->getMessage());
    if ($autofocusField !== null) {
        App::flashAutofocus($autofocusField);
    }

    header('Location: ' . $redirect);
    exit();
}