mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
f18e3381ea
The file had accumulated severe corruption in its lower half (garbled selector text, variable names spliced into property values, orphaned declarations, broken nesting) alongside hardcoded hex colours throughout. Rewrote the entire file cleanly: - Every colour is now a var() referencing a token defined in variables.css: --accent-primary/secondary/foreground, --accent-blue/green/yellow/red, --bg-secondary/tertiary, --border-primary, --text-primary/secondary/tertiary, --error, --warning, --success, --accent-muted. - Zero raw hex values remain in admin.css. - Removed the corrupted/dead CSS from the bottom half and reconstructed all selectors from what the templates actually use (audited via grep). - Fixed structural issues: broken border shorthand, nested rules that were not valid CSS, orphaned declaration blocks. - New/restored rules: .admin-maintenance-bar (was corrupted), .status-access variants (was corrupted), .admin-section-title--danger, .admin-danger-zone, .admin-account-status (all reconstructed cleanly). - .admin-btn--warning and .admin-btn--danger now use var(--accent-yellow) and var(--accent-red) instead of hardcoded dark hex values. - .admin-btn-remove hover now uses var(--error) instead of #e55. - .admin-btn-unpublish now uses var(--bg-secondary)/var(--text-tertiary) instead of hardcoded grey hex values. - select option background colours removed (browser chrome, not styleable cross-platform). Templates: replace 4 inline var(--admin-text-muted) with var(--text-secondary) in index.php, thanks.php, import.php.
Admin Panel Structure
This directory contains the admin panel for managing Post-ERG thesis database.
Directory Structure
public/admin/
├── index.php # List all theses (main page)
├── add.php # Add new thesis form
├── edit.php # Edit existing thesis form
├── import.php # CSV import form
├── thanks.php # Thank you page after submission
├── actions/ # Backend processing scripts (no HTML output)
│ ├── formulaire.php # Process thesis submission from add.php
│ └── publish.php # Toggle publish/unpublish status
├── inc/ # Shared templates
│ ├── head.php # HTML head, CSS, navigation
│ └── footer.php # HTML footer
└── data/ # Upload directory (not in git)
├── theses/ # PDF files
└── covers/ # Cover images
File Types
User-Facing Templates (Root Directory)
Files that display HTML to users:
- index.php - Lists all theses with filters and bulk actions
- add.php - Form to add a new thesis
- edit.php - Form to edit an existing thesis
- import.php - CSV import interface
- thanks.php - Success confirmation page
Backend Scripts (actions/)
Files that process forms and redirect (no HTML output):
- formulaire.php - Processes thesis submission from add.php
- publish.php - Handles publish/unpublish actions
Shared Templates (inc/)
Reusable HTML components:
- head.php - HTML head, CSS links, navigation menu
- footer.php - HTML footer
Workflow
Adding a Thesis
- User visits
add.php(displays form) - User submits form to
actions/formulaire.php(processes data) - On success, redirects to
thanks.php?id=123 - On error, redirects back to
add.phpwith error message
Publishing/Unpublishing
- User clicks publish/unpublish button in
index.php - Form submits to
actions/publish.php(processes action) - Redirects back to
index.phpwith success/error message
Security
- All pages require HTTP Basic Auth (configured in nginx) — primary layer
- All pages require PHP session auth (
AdminAuth::requireLogin()) — defence-in-depth - CSRF tokens protect all forms
- File uploads validated and sanitized
- Database queries use prepared statements
- Upload directory outside public/ in production
See nginx/PHP_AUTH_LAYER.md for details on the dual-auth architecture.
Templates
The inc/ folder contains shared templates:
head.php- Included at the top of each page (DOCTYPE, CSS, nav)footer.php- Included at the bottom of each page (closing tags)
Usage:
<?php include "inc/head.php" ?>
<!-- Page content here -->
<?php include "inc/footer.php" ?>
URL Structure
/admin/- List theses (index.php)/admin/add.php- Add new thesis/admin/edit.php?id=123- Edit thesis #123/admin/import.php- Import CSV/admin/thanks.php?id=123- Thank you page
Backend actions (not directly accessed):
/admin/actions/formulaire.php- Form processor/admin/actions/publish.php- Publish toggle
Development
Adding a New Page
- Create the template in
/admin/yourpage.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
$pageTitle = "Your Page Title";
?>
<?php include "inc/head.php" ?>
<!-- Your content here -->
<?php include "inc/footer.php" ?>
- Add navigation link in
inc/head.phpif needed
Adding a New Action
- Create the script in
/admin/actions/youraction.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
// Verify CSRF token
if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
$_SESSION['error'] = "Security error";
header('Location: ../index.php');
exit;
}
// Process action...
// Redirect
header('Location: ../yourpage.php');
exit;
- Create form in template that posts to
actions/youraction.php
Notes
- Bootstrap path from actions/:
__DIR__ . "/../../config/bootstrap.php" - Redirects from actions/: use
../prefix (e.g.,../index.php) - Database class:
require_once __DIR__ . '/../../lib/Database.php' - All forms must include CSRF token from
$_SESSION['csrf_token']