PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-07 03:29:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ea48f4a5f582307434407eb06d8afb8480ae6221
xamxam/templates/admin/head.php
Pontoporeia 20a633c0e2 Add admin account page for PHP password management 
Implements the admin user management UI as a self-contained PHP password
change/set flow — no SSH or sudo required.

- public/admin/account.php: shows auth status (PHP hash present, credentials
  file path), password change form (requires current password when one exists,
  min 12 chars, confirm field), and a danger-zone form to delete the
  credentials file entirely
- public/admin/actions/account.php: CSRF-guarded POST handler; verifies
  current password via AdminAuth::login() before accepting a new one;
  generates bcrypt (cost 12) hash; writes config/admin_credentials.php
  atomically via a temp file + rename; regenerates session on success;
  redirects to /admin/login.php when credentials are deleted
- templates/admin/head.php: 'Compte' nav link added (active on account.php)
- public/assets/admin.css: .admin-account-status, .admin-section-title,
  .admin-field-hint, .admin-danger-zone component styles added

Note: the nginx htpasswd flow (manage-admin-users.sh) requires root on the
server and is intentionally kept as a CLI-only operation.
2026-03-24 15:52:00 +01:00

42 lines
2.4 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title><?= htmlspecialchars($pageTitle ?? 'Admin') ?> Posterg</title>
<link rel="icon" type="image/svg+xml" href="/assets/admin_favicon.svg">
<link rel="stylesheet" href="/assets/modern-normalize.min.css">
<link rel="stylesheet" href="/assets/admin.css">
<?php if (php_sapi_name() === 'cli-server'): ?>
<script>
(function poll(){
fetch('/live-reload.php').then(r=>r.json()).then(d=>{
if(d.changed) location.reload(); else setTimeout(poll,1000);
}).catch(()=>setTimeout(poll,2000));
})();
</script>
<?php endif; ?>
</head>
<body class="admin-body">
<nav class="admin-nav">
<a href="/admin/" class="admin-nav__logo">Posterg</a>
<?php
$currentPage = basename($_SERVER['PHP_SELF']);
$thesisId = $_GET['id'] ?? null;
?>
<a href="/admin/" class="admin-nav__link <?= $currentPage === 'index.php' ? 'active' : '' ?>">Liste des TFE</a>
<a href="/admin/add.php" class="admin-nav__link <?= $currentPage === 'add.php' ? 'active' : '' ?>">Ajouter un TFE</a>
<a href="/admin/import.php" class="admin-nav__link <?= $currentPage === 'import.php' ? 'active' : '' ?>">Importer une liste de TFE</a>
<a href="/admin/pages.php" class="admin-nav__link <?= in_array($currentPage, ['pages.php','pages-edit.php']) ? 'active' : '' ?>">Pages statiques</a>
<a href="/admin/tags.php" class="admin-nav__link <?= $currentPage === 'tags.php' ? 'active' : '' ?>">Mots-clés</a>
<a href="/admin/status.php" class="admin-nav__link <?= $currentPage === 'status.php' ? 'active' : '' ?>">Statut</a>
<a href="/admin/logs.php" class="admin-nav__link <?= $currentPage === 'logs.php' ? 'active' : '' ?>">Journaux</a>
<a href="/admin/account.php" class="admin-nav__link <?= $currentPage === 'account.php' ? 'active' : '' ?>">Compte</a>
<?php if ($thesisId && in_array($currentPage, ['edit.php', 'thanks.php'])): ?>
<a href="/admin/edit.php?id=<?= intval($thesisId) ?>" class="admin-nav__link <?= $currentPage === 'edit.php' ? 'active' : '' ?>">Modifier</a>
<?php endif; ?>
<?php if (defined('ADMIN_PASSWORD_HASH')): ?>
<a href="/admin/logout.php" class="admin-nav__link" style="margin-left:auto;opacity:.6;">Déconnexion</a>
<?php endif; ?>
</nav>
Reference in New Issue View Git Blame Copy Permalink