mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
eb67e6d499
Create the central App helper that eliminates ~170 lines of duplicated bootstrap/auth/CSRF preamble across 24 page and action handler files. src/App.php provides: - boot(): loads Database + ensures CSRF token (public pages) - adminGuard(): requires AdminAuth login + boot (admin pages) - verifyCsrf() / rotateCsrf(): centralised CSRF lifecycle - flash() / consumeFlash(): unified flash messages with legacy key drain (error, success, admin_error, admin_success, edit_error, edit_success, form_error all consumed transparently for incremental migration) - redirect(): flash + Location header + exit in one call - render(): head → header → content → footer pipeline with auto admin footer selection App.php is auto-loaded from config/bootstrap.php so all existing pages get the class for free without any changes. templates/partials/flash-messages.php uses App::consumeFlash() to replace the 5+ copy-pasted flash blocks across admin templates. All existing tests pass. No existing page files modified — this is a non-breaking addition that enables incremental controller extraction.
48 lines
1.6 KiB
PHP
48 lines
1.6 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Simple configuration for website
|
|
*/
|
|
|
|
// Define application root
|
|
define('APP_ROOT', dirname(__DIR__));
|
|
|
|
// Storage directory for uploaded files — intentionally outside the webroot
|
|
// so no uploaded content is ever directly web-accessible (items #3 & #4).
|
|
// Files are served through public/media.php which validates paths and MIME types.
|
|
define('STORAGE_ROOT', '/var/www/posterg/storage');
|
|
|
|
// Error reporting
|
|
if (php_sapi_name() === 'cli-server') {
|
|
// Development mode
|
|
error_reporting(E_ALL);
|
|
ini_set('display_errors', '1');
|
|
} else {
|
|
// Production mode
|
|
error_reporting(E_ALL);
|
|
ini_set('display_errors', '0');
|
|
ini_set('log_errors', '1');
|
|
}
|
|
|
|
// Load admin credentials if available (defines ADMIN_PASSWORD_HASH for AdminAuth)
|
|
if (file_exists(APP_ROOT . '/config/admin_credentials.php')) {
|
|
require_once APP_ROOT . '/config/admin_credentials.php';
|
|
}
|
|
|
|
// Central application helper (boot, auth guard, CSRF, flash, render)
|
|
require_once APP_ROOT . '/src/App.php';
|
|
|
|
// Maintenance mode gate — block public pages; allow /admin/ through.
|
|
// The flag file lives in storage/ (outside webroot) to avoid web exposure.
|
|
define('MAINTENANCE_FLAG', APP_ROOT . '/storage/maintenance.flag');
|
|
if (file_exists(MAINTENANCE_FLAG)) {
|
|
// Allow admin panel through (by path prefix) and the maintenance page itself
|
|
$requestPath = $_SERVER['REQUEST_URI'] ?? '';
|
|
$isAdmin = str_starts_with($requestPath, '/admin');
|
|
$isMaintenance = str_contains($requestPath, 'maintenance.php');
|
|
if (!$isAdmin && !$isMaintenance) {
|
|
require APP_ROOT . '/public/maintenance.php';
|
|
exit();
|
|
}
|
|
}
|