xamxam/app/public/admin/actions/formulaire.php

<?php
// Bootstrap application
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';

ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', APP_ROOT . '/../error.log');

AdminAuth::requireLogin();

// Verify CSRF token
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
    || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
    error_log(sprintf(
        'CSRF token validation failed in formulaire.php — POST token: %s, SESSION token: %s',
        $_POST['csrf_token'] ?? '(missing)',
        $_SESSION['csrf_token'] ?? '(missing)'
    ));
    die('Erreur de sécurité : token invalide. Veuillez recharger le formulaire.');
}

error_log('FILES array: ' . print_r($_FILES, true));

require_once APP_ROOT . '/src/Controllers/ThesisCreateController.php';
require_once APP_ROOT . '/src/AppLogger.php';
require_once APP_ROOT . '/src/DuplicateThesisException.php';

$logger     = new AppLogger();
$authorName = $_POST['auteurice'] ?? 'unknown';

try {
    $ctrl     = ThesisCreateController::make();
    $thesisId = $ctrl->submit($_POST, $_FILES);

    $identifier = $ctrl->getIdentifier($thesisId);
    $logger->logSubmission('admin', $thesisId, $identifier, $authorName);

    unset($_SESSION['csrf_token']);

    $redirect = '../recapitulatif.php?id=' . $thesisId;
    header('Location: ' . $redirect);
    exit();

} catch (DuplicateThesisException $e) {
    $logger->logDuplicate('admin', $authorName, $e->existingThesisId, $e->existingIdentifier);

    error_log('ThesisCreateController duplicate: ' . $e->getMessage());

    // Build a warning with a clickable link to the existing thesis.
    $existingUrl  = htmlspecialchars('/admin/edit.php?id=' . $e->existingThesisId);
    $existingRef  = htmlspecialchars($e->existingIdentifier . ' — ' . $e->existingTitle . ' (' . $e->existingYear . ')');
    $warningHtml  = 'Doublon détecté : un TFE très similaire existe déjà. '
                  . '<a href="' . $existingUrl . '" style="color:inherit;text-decoration:underline">' . $existingRef . '</a>'
                  . ' Vérifiez avant de soumettre à nouveau.';

    App::flash('warning', $warningHtml);
    $_SESSION['form_data'] = $_POST;

    header('Location: ../add.php');
    exit();

} catch (Exception $e) {
    $logger->logError('admin', $e->getMessage(), [
        'author'   => $authorName,
        'post_keys' => array_keys($_POST),
    ]);

    error_log('ThesisCreateController error: ' . $e->getMessage());

    App::flash('error', $e->getMessage());
    $_SESSION['form_data'] = $_POST;

    $redirect = '../add.php';

    $autofocusField = ThesisCreateController::autofocusFieldForError($e->getMessage());
    if ($autofocusField !== null) {
        App::flashAutofocus($autofocusField);
    }

    header('Location: ' . $redirect);
    exit();
}