mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
c2eff75789
Add App::flashAutofocus(fieldName) and consumeAutofocus() to the thin App helper so action handlers can identify which field caused a validation error and the form page can move browser focus directly to it on reload. Changes: - src/App.php — flashAutofocus() stores field name in _flash_autofocus session key; consumeAutofocus() drains it and returns the name (or null) - actions/formulaire.php — catch block maps exception messages to field names (auteurice, titre, synopsis, année, orientation, ap, finality, languages, tag, lien) and calls App::flashAutofocus() - actions/edit.php — catch block maps common edit errors to field names and calls App::flashAutofocus() - add.php — consumes the hint via App::consumeAutofocus() into $autofocusField; withAutofocus() helper merges autofocus=>true into $attrs for every field include; synopsis textarea gets inline autofocus - edit.php — same pattern with inline ternary merges and textarea autofocus - templates/partials/form/text-field.php — $attrs loop now emits bare attribute names (no ="...") when value === true, supporting autofocus, disabled, readonly etc. without special-casing - templates/partials/form/select-field.php — same boolean-attr support added; $attrs variable initialised to [] when caller omits it Closes WCAG 3.3.1 autofocus item in todo/04-accessibility.md.
154 lines
5.4 KiB
PHP
154 lines
5.4 KiB
PHP
<?php
|
|
// Bootstrap application
|
|
require_once __DIR__ . "/../../../config/bootstrap.php";
|
|
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
|
|
|
// PHP-level auth guard (defence-in-depth behind nginx Basic Auth)
|
|
AdminAuth::requireLogin();
|
|
|
|
// Only handle POST requests
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: ../index.php');
|
|
exit();
|
|
}
|
|
|
|
// Verify CSRF token
|
|
if (!isset($_POST['csrf_token']) || !isset($_SESSION['csrf_token']) ||
|
|
!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
|
error_log("CSRF token validation failed in edit action");
|
|
die("Erreur de sécurité : token invalide. Veuillez recharger le formulaire.");
|
|
}
|
|
|
|
$thesisId = isset($_POST['thesis_id']) ? intval($_POST['thesis_id']) : 0;
|
|
if ($thesisId <= 0) {
|
|
die("ID de TFE invalide.");
|
|
}
|
|
|
|
require_once __DIR__ . '/../../../src/Database.php';
|
|
|
|
try {
|
|
$db = new Database();
|
|
|
|
$db->beginTransaction();
|
|
|
|
// Thesis metadata
|
|
$db->updateThesis($thesisId, [
|
|
'title' => trim($_POST['titre']),
|
|
'subtitle' => trim($_POST['subtitle'] ?? ''),
|
|
'year' => intval($_POST['année']),
|
|
'orientation_id' => intval($_POST['orientation']),
|
|
'ap_program_id' => intval($_POST['ap']),
|
|
'finality_id' => intval($_POST['finality']),
|
|
'synopsis' => trim($_POST['synopsis']),
|
|
'context_note' => trim($_POST['context_note'] ?? ''),
|
|
'file_size_info' => trim($_POST['duration_info'] ?? ''),
|
|
'baiu_link' => trim($_POST['lien'] ?? ''),
|
|
'license_id' => filter_var($_POST['license_id'] ?? '', FILTER_VALIDATE_INT) ?: null,
|
|
'access_type_id' => filter_var($_POST['access_type_id'] ?? '', FILTER_VALIDATE_INT) ?: null,
|
|
'is_published' => isset($_POST['is_published']),
|
|
]);
|
|
|
|
// Authors
|
|
$authorsRaw = trim($_POST['auteurice'] ?? '');
|
|
$authorEntries = [];
|
|
if (!empty($authorsRaw)) {
|
|
$names = array_map('trim', explode(',', $authorsRaw));
|
|
foreach ($names as $index => $name) {
|
|
if ($name !== '') {
|
|
$authorEntries[] = [
|
|
'name' => $name,
|
|
'email' => $index === 0 ? ($_POST['mail'] ?? null) : null,
|
|
];
|
|
}
|
|
}
|
|
}
|
|
$db->setThesisAuthors($thesisId, $authorEntries);
|
|
|
|
// Jury
|
|
$juryMembers = [];
|
|
if (!empty(trim($_POST['jury_president'] ?? ''))) {
|
|
$juryMembers[] = ['name' => trim($_POST['jury_president']), 'role' => 'president', 'is_external' => 0];
|
|
}
|
|
if (!empty(trim($_POST['jury_promoteur'] ?? ''))) {
|
|
$juryMembers[] = [
|
|
'name' => trim($_POST['jury_promoteur']),
|
|
'role' => 'promoteur',
|
|
'is_external' => isset($_POST['jury_promoteur_ext']) ? 1 : 0,
|
|
];
|
|
}
|
|
foreach ($_POST['jury_lecteurs'] ?? [] as $i => $name) {
|
|
$name = trim($name);
|
|
if ($name !== '') {
|
|
$juryMembers[] = [
|
|
'name' => $name,
|
|
'role' => 'lecteur',
|
|
'is_external' => isset($_POST['jury_lecteurs_ext'][$i]) ? 1 : 0,
|
|
];
|
|
}
|
|
}
|
|
$db->setThesisJury($thesisId, $juryMembers);
|
|
|
|
// Languages
|
|
$db->setThesisLanguages(
|
|
$thesisId,
|
|
isset($_POST['languages']) && is_array($_POST['languages']) ? $_POST['languages'] : []
|
|
);
|
|
|
|
// Formats
|
|
$db->setThesisFormats(
|
|
$thesisId,
|
|
isset($_POST['formats']) && is_array($_POST['formats']) ? $_POST['formats'] : []
|
|
);
|
|
|
|
// Tags
|
|
$keywordsRaw = trim($_POST['tag'] ?? '');
|
|
$editKeywords = !empty($keywordsRaw) ? array_map('trim', explode(',', $keywordsRaw)) : [];
|
|
$db->setThesisTags($thesisId, $editKeywords);
|
|
|
|
$db->commit();
|
|
|
|
// Banner upload/removal (after commit, outside transaction)
|
|
if (isset($_POST['remove_banner'])) {
|
|
$currentBannerPath = $db->getThesisBannerPath($thesisId);
|
|
if ($currentBannerPath && defined('STORAGE_ROOT')) {
|
|
$absPath = STORAGE_ROOT . '/' . $currentBannerPath;
|
|
if (file_exists($absPath)) {
|
|
unlink($absPath);
|
|
}
|
|
}
|
|
$db->setBannerPath($thesisId, null);
|
|
} else {
|
|
$db->handleBannerUpload($thesisId, $_FILES['banner'] ?? null);
|
|
}
|
|
|
|
// Regenerate CSRF token
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
|
|
|
// Flash success and redirect back to edit form
|
|
App::flash('success', "TFE mis à jour avec succès!");
|
|
header('Location: ../edit.php?id=' . $thesisId);
|
|
exit();
|
|
|
|
} catch (Exception $e) {
|
|
if (isset($db)) {
|
|
$db->rollback();
|
|
}
|
|
error_log("Edit action error: " . $e->getMessage());
|
|
|
|
App::flash('error', $e->getMessage());
|
|
|
|
// WCAG 3.3.1 — map error to the field that caused it so the form can autofocus it.
|
|
$msg = $e->getMessage();
|
|
$autofocusField = null;
|
|
if (str_contains($msg, 'titre') || str_contains($msg, 'Titre')) $autofocusField = 'titre';
|
|
elseif (str_contains($msg, 'année') || str_contains($msg, 'année')) $autofocusField = 'année';
|
|
elseif (str_contains($msg, 'synopsis') || str_contains($msg, 'Synopsis')) $autofocusField = 'synopsis';
|
|
elseif (str_contains($msg, 'auteur') || str_contains($msg, 'Auteur')) $autofocusField = 'auteurice';
|
|
if ($autofocusField !== null) {
|
|
App::flashAutofocus($autofocusField);
|
|
}
|
|
|
|
header('Location: ../edit.php?id=' . $thesisId);
|
|
exit();
|
|
}
|