mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
c8a3cc0ff2
Remove five presentational classes from admin forms and replace with structural CSS selectors scoped to .admin-form: - .admin-form-row → .admin-form > div:not(.admin-submit-wrap) Grid layout (260px label col + 1fr input col) applied directly to div children of the form; submit-wrap div excluded via :not(). - .admin-label → .admin-form > div:not(.admin-submit-wrap) > label Scoped to the direct label child of each form row div; does not bleed into nested checkbox labels inside .admin-checkbox-list. - .admin-input / .admin-select / .admin-textarea → .admin-form input:not([type=checkbox|radio|file|hidden|submit]) → .admin-form select → .admin-form textarea Also extended to .admin-inline-form input/select (tags page) so the tags table inputs retain identical base styling and focus colour. Templates updated: add.php, edit.php, login.php, account.php, pages-edit.php, import.php, tags.php, templates/partials/form/jury-fieldset.php — all class= attributes for the five removed classes stripped. import.php: added 'admin-form' class alongside 'admin-import-area' so its single file-input row gets the grid row treatment; submit div was already using admin-submit-wrap so it is correctly excluded. No visual change — selectors target the same elements as before.
Admin Panel Structure
This directory contains the admin panel for managing Post-ERG thesis database.
Directory Structure
public/admin/
├── index.php # List all theses (main page)
├── add.php # Add new thesis form
├── edit.php # Edit existing thesis form
├── import.php # CSV import form
├── thanks.php # Thank you page after submission
├── actions/ # Backend processing scripts (no HTML output)
│ ├── formulaire.php # Process thesis submission from add.php
│ └── publish.php # Toggle publish/unpublish status
├── inc/ # Shared templates
│ ├── head.php # HTML head, CSS, navigation
│ └── footer.php # HTML footer
└── data/ # Upload directory (not in git)
├── theses/ # PDF files
└── covers/ # Cover images
File Types
User-Facing Templates (Root Directory)
Files that display HTML to users:
- index.php - Lists all theses with filters and bulk actions
- add.php - Form to add a new thesis
- edit.php - Form to edit an existing thesis
- import.php - CSV import interface
- thanks.php - Success confirmation page
Backend Scripts (actions/)
Files that process forms and redirect (no HTML output):
- formulaire.php - Processes thesis submission from add.php
- publish.php - Handles publish/unpublish actions
Shared Templates (inc/)
Reusable HTML components:
- head.php - HTML head, CSS links, navigation menu
- footer.php - HTML footer
Workflow
Adding a Thesis
- User visits
add.php(displays form) - User submits form to
actions/formulaire.php(processes data) - On success, redirects to
thanks.php?id=123 - On error, redirects back to
add.phpwith error message
Publishing/Unpublishing
- User clicks publish/unpublish button in
index.php - Form submits to
actions/publish.php(processes action) - Redirects back to
index.phpwith success/error message
Security
- All pages require HTTP Basic Auth (configured in nginx) — primary layer
- All pages require PHP session auth (
AdminAuth::requireLogin()) — defence-in-depth - CSRF tokens protect all forms
- File uploads validated and sanitized
- Database queries use prepared statements
- Upload directory outside public/ in production
See nginx/PHP_AUTH_LAYER.md for details on the dual-auth architecture.
Templates
The inc/ folder contains shared templates:
head.php- Included at the top of each page (DOCTYPE, CSS, nav)footer.php- Included at the bottom of each page (closing tags)
Usage:
<?php include "inc/head.php" ?>
<!-- Page content here -->
<?php include "inc/footer.php" ?>
URL Structure
/admin/- List theses (index.php)/admin/add.php- Add new thesis/admin/edit.php?id=123- Edit thesis #123/admin/import.php- Import CSV/admin/thanks.php?id=123- Thank you page
Backend actions (not directly accessed):
/admin/actions/formulaire.php- Form processor/admin/actions/publish.php- Publish toggle
Development
Adding a New Page
- Create the template in
/admin/yourpage.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
$pageTitle = "Your Page Title";
?>
<?php include "inc/head.php" ?>
<!-- Your content here -->
<?php include "inc/footer.php" ?>
- Add navigation link in
inc/head.phpif needed
Adding a New Action
- Create the script in
/admin/actions/youraction.php:
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../lib/AdminAuth.php';
AdminAuth::requireLogin();
// Verify CSRF token
if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
$_SESSION['error'] = "Security error";
header('Location: ../index.php');
exit;
}
// Process action...
// Redirect
header('Location: ../yourpage.php');
exit;
- Create form in template that posts to
actions/youraction.php
Notes
- Bootstrap path from actions/:
__DIR__ . "/../../config/bootstrap.php" - Redirects from actions/: use
../prefix (e.g.,../index.php) - Database class:
require_once __DIR__ . '/../../lib/Database.php' - All forms must include CSRF token from
$_SESSION['csrf_token']