mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
592b1183db
All admin action files (account, tag, page, edit, visibility, maintenance,
publish, formulaire) now call App::flash('error'|'success', ...) instead of
writing to raw per-page session keys ($_SESSION['error'], 'admin_error',
'edit_error', 'admin_success', 'edit_success', 'form_error').
All admin display pages (add, edit, account, tags, pages, index) now include
templates/partials/flash-messages.php instead of manually reading and
unsetting the legacy session keys and inlining their own alert HTML.
App::consumeFlash() already drained all legacy key variants as a safety net,
so the partial works correctly whether called from pages that were already
migrated or any remaining stragglers. No behaviour change for end users.
108 lines
4.7 KiB
PHP
108 lines
4.7 KiB
PHP
<?php
|
|
require_once __DIR__ . "/../../config/bootstrap.php";
|
|
require_once __DIR__ . '/../../src/AdminAuth.php';
|
|
AdminAuth::requireLogin();
|
|
|
|
$pageTitle = "Compte administrateur";
|
|
|
|
$credentialsFile = APP_ROOT . '/config/admin_credentials.php';
|
|
$hasPassword = defined('ADMIN_PASSWORD_HASH');
|
|
|
|
// Flash messages are consumed by the flash-messages partial below.
|
|
|
|
if (empty($_SESSION['csrf_token'])) {
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
|
}
|
|
?>
|
|
<?php $isAdmin = true; $bodyClass = 'admin-body'; require_once APP_ROOT . '/templates/head.php'; ?>
|
|
<?php include APP_ROOT . '/templates/header.php'; ?>
|
|
|
|
<main id="main-content">
|
|
<h1>Compte administrateur</h1>
|
|
|
|
<?php include APP_ROOT . '/templates/partials/flash-messages.php'; ?>
|
|
|
|
<!-- Status info -->
|
|
<div class="admin-account-status">
|
|
<div class="admin-account-status__row">
|
|
<span class="admin-account-status__label">Authentification PHP</span>
|
|
<?php $badgeType = 'ok'; $badgeValue = $hasPassword; $badgeOkLabel = 'Active'; $badgeWarnLabel = 'Non configurée'; include APP_ROOT . '/templates/partials/status-badge.php'; ?>
|
|
</div>
|
|
<div class="admin-account-status__row">
|
|
<span class="admin-account-status__label">Fichier de configuration</span>
|
|
<code class="admin-account-status__code">config/admin_credentials.php</code>
|
|
<?php $badgeType = 'ok'; $badgeValue = file_exists($credentialsFile); $badgeOkLabel = 'Présent'; $badgeWarnLabel = 'Absent'; include APP_ROOT . '/templates/partials/status-badge.php'; ?>
|
|
</div>
|
|
<?php if (!$hasPassword): ?>
|
|
<p class="admin-account-status__note">
|
|
Aucun mot de passe PHP configuré. Le formulaire ci-dessous créera
|
|
<code>config/admin_credentials.php</code> avec un hash bcrypt.
|
|
</p>
|
|
<?php endif; ?>
|
|
</div>
|
|
|
|
<!-- Password change form -->
|
|
<h2 class="admin-section-title"><?= $hasPassword ? 'Changer le mot de passe' : 'Définir le mot de passe' ?></h2>
|
|
|
|
<form method="post" action="/admin/actions/account.php" class="admin-form" autocomplete="off">
|
|
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
|
|
|
<?php if ($hasPassword): ?>
|
|
<div>
|
|
<label for="current_password">Mot de passe actuel</label>
|
|
<div>
|
|
<input type="password" id="current_password"
|
|
name="current_password" required autocomplete="current-password">
|
|
</div>
|
|
</div>
|
|
<?php endif; ?>
|
|
|
|
<div>
|
|
<label for="new_password">Nouveau mot de passe</label>
|
|
<div>
|
|
<input type="password" id="new_password"
|
|
name="new_password" required autocomplete="new-password"
|
|
minlength="12">
|
|
<small>Minimum 12 caractères.</small>
|
|
</div>
|
|
</div>
|
|
|
|
<div>
|
|
<label for="confirm_password">Confirmer le mot de passe</label>
|
|
<div>
|
|
<input type="password" id="confirm_password"
|
|
name="confirm_password" required autocomplete="new-password">
|
|
</div>
|
|
</div>
|
|
|
|
<div class="admin-submit-wrap">
|
|
<button type="submit" class="admin-btn">
|
|
<?= $hasPassword ? 'Mettre à jour le mot de passe' : 'Définir le mot de passe' ?>
|
|
</button>
|
|
</div>
|
|
</form>
|
|
|
|
<?php if ($hasPassword): ?>
|
|
<!-- Danger zone: remove password -->
|
|
<h2 class="admin-section-title admin-section-title--danger">Zone de danger</h2>
|
|
<div class="admin-danger-zone">
|
|
<div class="admin-danger-zone__description">
|
|
<strong>Supprimer la configuration du mot de passe PHP</strong><br>
|
|
<small>
|
|
Supprime <code>config/admin_credentials.php</code>. L'accès admin
|
|
dépendra uniquement de l'authentification nginx Basic Auth si elle est configurée.
|
|
</small>
|
|
</div>
|
|
<form method="post" action="/admin/actions/account.php"
|
|
onsubmit="return confirm('Supprimer le fichier de mot de passe PHP ? L\'accès admin ne sera protégé que par nginx Basic Auth.')">
|
|
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
|
<input type="hidden" name="action" value="remove_credentials">
|
|
<input type="hidden" name="current_password_remove" id="current_password_remove" value="">
|
|
<button type="submit" class="admin-btn admin-btn--danger">Supprimer le fichier</button>
|
|
</form>
|
|
</div>
|
|
<?php endif; ?>
|
|
</main>
|
|
|
|
<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>
|