mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
79eddf5d5a
1. note_intention: Delete old file only when a genuinely new upload arrives
(32-char hex file_id), not when the FilePond pool preserves an existing
file by sending its DB integer ID. Previously the DB integer ID
triggered $hasNewNote=true, which deleted the existing note_intention
from disk+DB, then handleFilePondSingleFile couldn't re-process it
because the regex requires a hex pattern. Same fix applied to cover.
2. All file deletions now use deleteThesisFileToTrash() which renames
files to tmp/_trash/ instead of unlinking. The trash preserves
original filenames prefixed with DB id for traceability. Skips
website URLs and PeerTube refs (no disk file).
3. Storage prefix changed from theses/ to documents/ to reflect that
the folder holds all document types (determined by file_type in DB).
MediaController visibility gate supports both prefixes for backward
compat with existing files.
4. File browser + relink feature for orphaned files:
- /admin/fragments/file-browser.php — HTMX tree browser for
storage/documents/ and storage/theses/
- /admin/actions/filepond/relink.php — POST endpoint that inserts
a thesis_files row pointing to existing on-disk file
- Per-pool "📂 Relier" buttons (edit mode only)
- JS: XamxamOpenFileBrowser / XamxamRelinkFile with FilePond integration
- CSS: .relink-modal dialog + .file-browser tree styles
Admin Panel Structure
This directory contains the admin panel for managing XAMXAM thesis database.
Directory Structure
public/admin/
├── index.php # List all theses (main page)
├── add.php # Add new thesis form
├── edit.php # Edit existing thesis form
├── import.php # CSV import form
├── recapitulatif.php # Recap page after submission
├── actions/ # Backend processing scripts (no HTML output)
│ ├── formulaire.php # Process thesis submission from add.php
│ └── publish.php # Toggle publish/unpublish status
├── inc/ # Shared templates
│ ├── head.php # HTML head, CSS, navigation
│ └── footer.php # HTML footer
└── data/ # Upload directory (not in git)
├── theses/ # PDF files
└── covers/ # Cover images
File Types
User-Facing Templates (Root Directory)
Files that display HTML to users:
- index.php - Lists all theses with filters and bulk actions
- add.php - Form to add a new thesis
- edit.php - Form to edit an existing thesis
- import.php - CSV import interface
- recapitulatif.php - Success confirmation page
Backend Scripts (actions/)
Files that process forms and redirect (no HTML output):
- formulaire.php - Processes thesis submission from add.php
- publish.php - Handles publish/unpublish actions
Shared Templates (inc/)
Reusable HTML components:
- head.php - HTML head, CSS links, navigation menu
- footer.php - HTML footer
Workflow
Adding a Thesis
- User visits
add.php(displays form) - User submits form to
actions/formulaire.php(processes data) - On success, redirects to
recapitulatif.php?id=123 - On error, redirects back to
add.phpwith error message
Publishing/Unpublishing
- User clicks publish/unpublish button in
index.php - Form submits to
actions/publish.php(processes action) - Redirects back to
index.phpwith success/error message
Security
- All pages require HTTP Basic Auth (configured in nginx) — primary layer
- All pages require PHP session auth (
AdminAuth::requireLogin()) — defence-in-depth - CSRF tokens protect all forms
- File uploads validated and sanitized
- Database queries use prepared statements
- Upload directory outside public/ in production
See nginx/PHP_AUTH_LAYER.md for details on the dual-auth architecture.
Templates
The inc/ folder contains shared templates:
head.php- Included at the top of each page (DOCTYPE, CSS, nav)footer.php- Included at the bottom of each page (closing tags)
Usage:
<?php include "inc/head.php" ?>
<!-- Page content here -->
<?php include "inc/footer.php" ?>
URL Structure
/admin/- List theses (index.php)/admin/add.php- Add new thesis/admin/edit.php?id=123- Edit thesis #123/admin/import.php- Import CSV/admin/recapitulatif.php?id=123- Recap page
Backend actions (not directly accessed):
/admin/actions/formulaire.php- Form processor/admin/actions/publish.php- Publish toggle
Development
Adding a New Page
- Create the template in
/admin/yourpage.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
$pageTitle = "Your Page Title";
?>
<?php include "inc/head.php" ?>
<!-- Your content here -->
<?php include "inc/footer.php" ?>
- Add navigation link in
inc/head.phpif needed
Adding a New Action
- Create the script in
/admin/actions/youraction.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
// Verify CSRF token
if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
$_SESSION['error'] = "Security error";
header('Location: ../index.php');
exit;
}
// Process action...
// Redirect
header('Location: ../yourpage.php');
exit;
- Create form in template that posts to
actions/youraction.php
Notes
- Bootstrap path from actions/:
__DIR__ . "/../../config/bootstrap.php" - Redirects from actions/: use
../prefix (e.g.,../index.php) - Database class:
require_once __DIR__ . '/../../lib/Database.php' - All forms must include CSRF token from
$_SESSION['csrf_token']