PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 08:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d588ae004d459fc73a308ace36ca1aae9d5c002c
xamxam/app/public/admin/actions/acces-etudiante.php
Pontoporeia d588ae004d Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration 
Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())
2026-06-15 15:56:52 +02:00

121 lines
4.7 KiB
PHP
Raw Blame History

<?php
/**
* Student-access link actions (create, toggle, set_password, archive).
*/
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
require_once __DIR__ . '/../../../src/ShareLink.php';
require_once __DIR__ . '/../../../src/AdminLogger.php';
App::adminGuard();
if ($_SERVER['REQUEST_METHOD'] !== 'POST'
|| !isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
http_response_code(403);
exit('CSRF token invalide.');
}
$action = $_POST['action'] ?? '';
$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
$shareLink = ShareLink::make();
$logger = AdminLogger::make();
switch ($action) {
case 'create':
$name = !empty($_POST['name']) ? trim($_POST['name']) : null;
$expiresRaw = !empty($_POST['expires_at']) ? trim($_POST['expires_at']) : null;
$expiresAt = null;
if ($expiresRaw) {
$expiresAt = date('Y-m-d H:i:s', strtotime($expiresRaw));
if ($expiresAt <= date('Y-m-d H:i:s')) {
App::redirect('/admin/acces.php', error: "La date d'expiration doit être dans le futur.");
}
}
$objetRaw = $_POST['objet_restriction'] ?? ['tfe'];
$validObjet = ['tfe', 'thèse', 'frart'];
$selected = is_array($objetRaw) ? array_intersect($objetRaw, $validObjet) : [];
$objetRestriction = !empty($selected) ? implode(',', $selected) : 'tfe';
$lockedYearRaw = $_POST['locked_year'] ?? null;
$lockedYear = null;
if ($lockedYearRaw !== null && $lockedYearRaw !== '') {
$lockedYear = filter_var($lockedYearRaw, FILTER_VALIDATE_INT);
if ($lockedYear === false || $lockedYear < 2000 || $lockedYear > ((int)date('Y') + 3)) {
$lockedYear = null;
}
}
$link = $shareLink->create(1, $expiresAt, $objetRestriction, $name, $lockedYear);
$logger->logLinkCreate(
$link['slug'] ?? '',
true, // Always has password
$expiresAt,
$objetRestriction
);
// Flash the generated password and slug for display in the modal
$_SESSION['_flash_new_link_slug'] = $link['slug'] ?? '';
$_SESSION['_flash_new_link_password'] = $link['_plain_password'] ?? '';
App::redirect('/admin/acces.php', success: 'Lien d\'accès créé.');
break;
case 'toggle':
if ($id > 0) {
$nowActive = $shareLink->toggleActive($id);
$logger->logLinkToggle($id, $nowActive);
App::redirect('/admin/acces.php', success: 'Statut du lien modifié.');
} else {
App::redirect('/admin/acces.php', error: 'Lien introuvable.');
}
break;
case 'set_password':
if ($id > 0) {
$password = isset($_POST['password']) && $_POST['password'] !== '' ? trim($_POST['password']) : null;
$shareLink->setPassword($id, $password);
$logger->logLinkPasswordChange($id, $password === null);
App::redirect('/admin/acces.php', success: 'Mot de passe mis à jour.');
} else {
App::redirect('/admin/acces.php', error: 'Lien introuvable.');
}
break;
case 'archive':
if ($id > 0) {
$shareLink->archive($id);
$logger->logLinkArchive($id);
App::redirect('/admin/acces.php', success: 'Lien archivé.');
} else {
App::redirect('/admin/acces.php', error: 'Lien introuvable.');
}
break;
case 'delete':
if ($id > 0) {
$shareLink->delete($id);
App::redirect('/admin/acces.php', success: 'Lien supprimé définitivement.');
} else {
App::redirect('/admin/acces.php', error: 'Lien introuvable.');
}
break;
case 'update':
if ($id > 0) {
$name = isset($_POST['name']) ? trim($_POST['name']) : null;
$expiresRaw = isset($_POST['expires_at']) ? trim($_POST['expires_at']) : null;
// locked_year: null=not sent (keep), ""=clear, otherwise year string
$lockedYearRaw = $_POST['locked_year'] ?? null;
$lockedYear = null; // default: not sent → don't change
if ($lockedYearRaw !== null) {
$lockedYear = $lockedYearRaw; // pass through: "" for clear, "2026" for set
}
$shareLink->update($id, $name, $expiresRaw, $lockedYear);
App::redirect('/admin/acces.php', success: 'Lien mis à jour.');
} else {
App::redirect('/admin/acces.php', error: 'Lien introuvable.');
}
break;
default:
App::redirect('/admin/acces.php', error: 'Action inconnue.');
break;
}
Reference in New Issue View Git Blame Copy Permalink