TODO

Admin area cleanup

Combine acces-etudiante.php + file-access.php into acces.php (two <section> blocks)
Move system.php content into parametres.php (system section + logs section)
Use <section> for sections, <fieldset> only where form fields are present
Redirect legacy URLs (acces-etudiante.php, file-access.php, system.php) with 301
Update action redirects to point to new pages
Update admin nav header (merged 3 items → 2)

Fix $enabledAccessTypes undefined / array_map() TypeError on edit page — controller was fetching getAccessTypes() instead of getEnabledFormAccessTypes() and returning it under the wrong key
Fix fatal TypeError: old() called with wrong arity in jury-fieldset.php partial under partage context — removed ?: null coercions so $juryPresident/$juryPromoteur are '' not null, keeping $addMode false
Fix $formData destroyed by included partials (fieldset-academic.php, fieldset-metadata.php, fieldset-licence-explanation.php were incorrectly unsetting $formData/wrong variable in caller scope)

Migration 005: add sort_order column to form_help_blocks
Database::getAllFormHelpBlocks() — ORDER BY sort_order, expose sort_order in returned data
Database::reorderFormHelpBlocks(array $keys) — persist new order
actions/form-help-reorder.php — HTMX POST handler (CSRF-protected, 204 response)
templates/admin/contenus.php — replace table with two-panel layout:
- Left: SortableJS + htmx drag-and-drop card list
- Right: static form structure reference (fieldsets + inputs)
CSS in admin.css: .fhb-* classes for layout, cards, ghost/chosen/drag states
schema.sql — updated form_help_blocks DDL with sort_order
Vendor SortableJS 1.15.2 into assets/js/sortable.min.js (remove CDN dependency)

Fix missing favicon tags in partage/recapitulatif.php
Fix fatal Class "SmtpRelay" not found in StudentEmail.php — add require_once SmtpRelay.php before StudentEmail.php in partage/index.php
Add missing favicon tags to all three <head> blocks in partage/index.php (error page, password gate, main form)

Rename nginx/posterg.conf → nginx/xamxam.conf (+ .conf.reference)
Update nginx conf: server_name, log paths, htpasswd path, header comments
Update justfile: SSH host alias, group, DB filename, conf path, tmp paths
Update scripts/deploy-server.sh: group, conf paths, site names, URLs
Update scripts/setup-server.sh: APP_DIR, APP_GROUP, comments
Update scripts/manage-admin-users.sh: htpasswd path
Update scripts/migrate.sh: DB filename
Update scripts/setup-dev.sh: DB filename
Update scripts/copy_crash_logs.sh: log filenames, hostname
Update README.md: SSH host, paths, DB name
Update nginx/README.md, nginx/SETUP.md, and all nginx/docs/*.md
Update PHP source: Database.php, SystemController.php, MediaController.php, LiveReloadController.php, SmtpRelay.php, live-reload.php, export actions
Update app/migrations/run.php, app/tests/README.md, app/storage/README.md
Replace all remaining "Post-ERG" branding with "XAMXAM" (scripts, PHP source, schema, docs)
deploy-server.sh: remove legacy sites-enabled/posterg symlink to fix duplicate limit_req_zone nginx error
deploy-server.sh: auto-migrate .htpasswd-posterg → .htpasswd-xamxam if new file absent
deploy-server.sh: auto-migrate posterg.db → xamxam.db if new DB missing/empty; remove legacy file
deploy-server.sh: clean up legacy posterg nginx configs and prune old backups
Rename local storage/posterg.db → storage/xamxam.db

Get LDAP server hostname, port, service-account DN+password, base DN, user attr, group DN from client
Verify TCP reachability from XAMXAM VM to LDAP server (port 636)
See docs/LDAP_AUTH_PLAN.md for full phase-by-phase plan

Enable TLS peer verification (verify_peer, verify_peer_name, peer_name) on both smtpSend and smtpProbe — removes MITM vulnerability from verify_peer: false
Add caBundlePath() — resolves system CA bundle path (php.ini → Debian/RHEL/Alpine candidates → PHP built-in fallback)
Set SSL context options explicitly on socket before stream_socket_enable_crypto() for STARTTLS (both probe and send paths)
Add sanitiseEnvelope() — strips CR/LF from envelope addresses to prevent SMTP command injection
Fix RFC 5321 §4.5.2 dot-stuffing: replace preg_replace with correct CRLF-normalise → str_replace("\r\n.", "\r\n..") sequence

Migration 006: add notify_email column to smtp_settings
SmtpRelay::getSettings() — include notify_email in SELECT + defaults
SmtpRelay::updateSettings() — persist notify_email
SmtpRelay::getNotifyEmail() — returns notify_email ?? from_email
request-access.php — use getNotifyEmail() instead of from_email for admin notifications
actions/settings.php — wire smtp_notify_email POST field
Template: add "Adresse de notification admin" field to SMTP form
schema.sql — updated DDL

Add SmtpProbeException with field property for structured error classification
Add SmtpRelay::test() — returns {ok, error, field} with field = input id to highlight
smtpProbe() throws typed exceptions per failure point:
- connect fail → name resolution error → smtp_host
- connect fail → port refused → smtp_port
- connect fail → timeout → smtp_host
- bad greeting / timeout after connect → smtp_host / smtp_port
- STARTTLS not supported / TLS negotiation fail → smtp_encryption
- AUTH rejected, code 535 → smtp_password; other auth failures → smtp_username
actions/settings.php: store $_SESSION['_flash_smtp_field'] on probe failure
parametres.php controller: consume + clear _flash_smtp_field into $smtpErrorField
Template: aria-invalid, aria-describedby, inline <small class="param-field-error"> per field
JS: scroll + focus the offending field on page load
CSS: red border-bottom on [aria-invalid], .param-field-error error text style

Make column headings sticky/non-scrollable; only ul scrolls per column
Remove padding from .search-main and .repertoire-index
Minimal horizontal padding inside columns (var(--space-2xs))
Align all column headings to the same baseline row (2-row grid via display: contents)

Move semantic HTML element baseline styles into common.css
- fieldset (background, border, padding, radius)
- legend (font, weight, color, transform)
- small (size, color, display, margin)
- table, th, td (collapse, sizing, spacing)
- dialog + ::backdrop
- details > summary
Remove duplicated rules from admin.css, form.css, system.css, file-access.css
Fix file-access.css to use real design tokens (was using undefined --border, --surface, --accent, etc.)
Remove redundant @import url("./variables.css") from admin.css, system.css, file-access.css