mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
128 lines
5.1 KiB
PHP
128 lines
5.1 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../../../bootstrap.php';
|
|
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
|
error_log('[settings.php] ENTRY | method=' . $_SERVER['REQUEST_METHOD'] . ' | section=' . ($_POST['section'] ?? 'none') . ' | post_keys=' . implode(',', array_keys($_POST)));
|
|
AdminAuth::requireLogin();
|
|
|
|
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|
|
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
|
App::flash('error', "Erreur de sécurité : token invalide.");
|
|
header('Location: /admin/parametres.php');
|
|
exit;
|
|
}
|
|
|
|
require_once APP_ROOT . '/src/Database.php';
|
|
require_once APP_ROOT . '/src/SmtpRelay.php';
|
|
require_once APP_ROOT . '/src/PeerTubeService.php';
|
|
require_once APP_ROOT . '/src/AdminLogger.php';
|
|
$db = new Database();
|
|
$logger = AdminLogger::make();
|
|
|
|
$isHxRequest = (isset($_SERVER['HTTP_HX_REQUEST']) && $_SERVER['HTTP_HX_REQUEST'] === 'true');
|
|
$section = $_POST['section'] ?? '';
|
|
error_log('[settings.php] PROCESS | section=' . $section . ' | post_keys=' . implode(',', array_keys($_POST)));
|
|
|
|
if ($section === 'formulaire_restrictions') {
|
|
// HTMX may not send unchecked checkboxes even with hidden 0-value inputs;
|
|
// missing key means unchecked → treat as '0'.
|
|
$newValues = ['restricted_files_enabled' => empty($_POST['restricted_files_enabled']) ? '0' : '1'];
|
|
$db->setSetting('restricted_files_enabled', $newValues['restricted_files_enabled']);
|
|
$logger->logFormSettingsUpdate($newValues);
|
|
if (!$isHxRequest) {
|
|
App::flash('success', "Paramètres mis à jour.");
|
|
}
|
|
} elseif ($section === 'formulaire_acces') {
|
|
$allowed = [
|
|
'access_type_libre_enabled',
|
|
'access_type_interne_enabled',
|
|
'access_type_interdit_enabled',
|
|
];
|
|
$newValues = [];
|
|
foreach ($allowed as $key) {
|
|
$value = empty($_POST[$key]) ? '0' : '1';
|
|
$db->setSetting($key, $value);
|
|
$newValues[$key] = $value;
|
|
}
|
|
$logger->logFormSettingsUpdate($newValues);
|
|
if (!$isHxRequest) {
|
|
App::flash('success', "Degrés d'ouverture mis à jour.");
|
|
}
|
|
} elseif ($section === 'objet_types') {
|
|
$newValues = [
|
|
'objet_these_enabled' => empty($_POST['objet_these_enabled']) ? '0' : '1',
|
|
'objet_frart_enabled' => empty($_POST['objet_frart_enabled']) ? '0' : '1',
|
|
];
|
|
$db->setSetting('objet_these_enabled', $newValues['objet_these_enabled']);
|
|
$db->setSetting('objet_frart_enabled', $newValues['objet_frart_enabled']);
|
|
$logger->logObjetTypesUpdate($newValues);
|
|
if (!$isHxRequest) {
|
|
App::flash('success', "Types de travaux mis à jour.");
|
|
}
|
|
} elseif ($section === 'smtp') {
|
|
$smtpData = [
|
|
'host' => $_POST['smtp_host'] ?? '',
|
|
'port' => $_POST['smtp_port'] ?? 587,
|
|
'encryption' => $_POST['smtp_encryption'] ?? 'tls',
|
|
'username' => $_POST['smtp_username'] ?? '',
|
|
'from_email' => $_POST['smtp_from_email'] ?? '',
|
|
'from_name' => $_POST['smtp_from_name'] ?? 'XAMXAM',
|
|
'notify_email' => $_POST['smtp_notify_email'] ?? '',
|
|
];
|
|
// Only update password when user actually typed something.
|
|
$pwd = $_POST['smtp_password'] ?? '';
|
|
if ($pwd !== '') {
|
|
$smtpData['password'] = $pwd;
|
|
}
|
|
SmtpRelay::updateSettings($db, $smtpData);
|
|
|
|
// Immediately probe the server to validate credentials
|
|
$test = SmtpRelay::test($db);
|
|
$logger->logSmtpUpdate($test['ok']);
|
|
if ($test['ok']) {
|
|
App::flash('success', "Paramètres SMTP mis à jour — connexion validée ✓");
|
|
} else {
|
|
App::flash('error', "Paramètres sauvegardés, mais le test de connexion a échoué : " . $test['error']);
|
|
if ($test['field'] !== null) {
|
|
$_SESSION['_flash_smtp_field'] = $test['field'];
|
|
}
|
|
}
|
|
} elseif ($section === 'peertube') {
|
|
// Feature flag
|
|
$enabled = isset($_POST['peertube_upload_enabled']) ? '1' : '0';
|
|
$db->setSetting('peertube_upload_enabled', $enabled);
|
|
|
|
// Credentials — only overwrite password when user typed something
|
|
$data = [
|
|
'instance_url' => $_POST['peertube_instance_url'] ?? '',
|
|
'username' => $_POST['peertube_username'] ?? '',
|
|
'channel_id' => $_POST['peertube_channel_id'] ?? 1,
|
|
'privacy' => $_POST['peertube_privacy'] ?? 1,
|
|
];
|
|
$pwd = $_POST['peertube_password'] ?? '';
|
|
if ($pwd !== '') {
|
|
$data['password'] = $pwd;
|
|
}
|
|
PeerTubeService::updateSettings($db, $data);
|
|
$logger->logPeerTubeUpdate($enabled === '1');
|
|
App::flash('success', 'Paramètres PeerTube mis à jour.');
|
|
} else {
|
|
App::flash('error', "Section inconnue.");
|
|
}
|
|
|
|
if ($isHxRequest) {
|
|
// Auto-save from contenus.php — no CSRF rotation needed (token reused until full page load).
|
|
// Return empty 200 so hx-swap="none" is a no-op.
|
|
http_response_code(200);
|
|
exit;
|
|
}
|
|
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
|
|
|
// Redirect back to wherever the form came from, defaulting to parametres
|
|
$redirect = '/admin/parametres.php';
|
|
if (in_array($section, ['formulaire_restrictions', 'formulaire_acces', 'objet_types'], true)) {
|
|
$redirect = '/admin/contenus.php';
|
|
}
|
|
header('Location: ' . $redirect);
|
|
exit;
|