mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
f18e3381ea
The file had accumulated severe corruption in its lower half (garbled selector text, variable names spliced into property values, orphaned declarations, broken nesting) alongside hardcoded hex colours throughout. Rewrote the entire file cleanly: - Every colour is now a var() referencing a token defined in variables.css: --accent-primary/secondary/foreground, --accent-blue/green/yellow/red, --bg-secondary/tertiary, --border-primary, --text-primary/secondary/tertiary, --error, --warning, --success, --accent-muted. - Zero raw hex values remain in admin.css. - Removed the corrupted/dead CSS from the bottom half and reconstructed all selectors from what the templates actually use (audited via grep). - Fixed structural issues: broken border shorthand, nested rules that were not valid CSS, orphaned declaration blocks. - New/restored rules: .admin-maintenance-bar (was corrupted), .status-access variants (was corrupted), .admin-section-title--danger, .admin-danger-zone, .admin-account-status (all reconstructed cleanly). - .admin-btn--warning and .admin-btn--danger now use var(--accent-yellow) and var(--accent-red) instead of hardcoded dark hex values. - .admin-btn-remove hover now uses var(--error) instead of #e55. - .admin-btn-unpublish now uses var(--bg-secondary)/var(--text-tertiary) instead of hardcoded grey hex values. - select option background colours removed (browser chrome, not styleable cross-platform). Templates: replace 4 inline var(--admin-text-muted) with var(--text-secondary) in index.php, thanks.php, import.php.
posterg
Répertoire des travaux de fin d'études de l'ERG (École de Recherche Graphique).
Requirements
- PHP 8.4
- SQLite3 (
php8.4-sqlite3) - nginx (production)
Project structure
posterg/
├── public/ # DocumentRoot — web-accessible only
│ ├── admin/ # Admin panel (session-authenticated)
│ ├── assets/ # CSS, fonts, icons
│ ├── media.php # Controlled file serving (covers, PDFs)
│ └── *.php # Public pages (index, search, tfe, apropos)
├── src/ # PHP classes (not web-accessible)
│ ├── AdminAuth.php
│ ├── Database.php
│ ├── RateLimit.php
│ └── config.php
├── templates/ # Shared PHP template partials
├── config/ # Bootstrap and credentials (not web-accessible)
├── storage/ # Database and uploaded files (not web-accessible)
│ ├── schema.sql
│ ├── test.db
│ └── fixtures/
├── tests/
├── scripts/ # Dev and server management scripts
│ ├── setup-dev.sh
│ ├── deploy-server.sh # Run on server with sudo to apply nginx config
│ └── manage-admin-users.sh # Run on server with sudo to manage htpasswd
└── nginx/ # nginx config and reference files
└── posterg.conf
Uploaded files (PDFs, covers) live in storage/ — outside the webroot — and are
served exclusively through public/media.php, which validates paths and MIME types.
Development
just setup # first-time: installs dev dependencies
just serve # http://localhost:8000 (public) and /admin/
just test # run test suite
Admin credentials in development are set via config/admin_credentials.php
(see config/admin_credentials.example.php).
Deployment
Files are pushed to the server with rsync — there is no repo on the remote.
just deploy # rsync app files → posterg:/var/www/posterg/
just deploy-db # push local test.db → remote (only if remote DB is absent)
deploy-db refuses to run if a database already exists on the server, to avoid
accidental overwrites of production data.
First-time server setup
ssh posterg
sudo mkdir -p /var/www/posterg
sudo chown www-data:posterg /var/www/posterg
sudo chmod 775 /var/www/posterg
exit
Then deploy once, copy nginx config, and apply:
just deploy
rsync -v nginx/posterg.conf posterg:/tmp/posterg.conf
ssh posterg "sudo bash /var/www/posterg/scripts/deploy-server.sh"
ssh posterg "sudo systemctl reload nginx"
Admin users (htpasswd)
ssh posterg "sudo bash /var/www/posterg/scripts/manage-admin-users.sh"
Security notes
- Admin panel protected by nginx
auth_basic+ PHP session (AdminAuth) - Uploads stored outside webroot, served via controlled
media.php - Rate limiting on public search (
src/RateLimit.php) - See
docs/TODO.SECURITY.mdfor outstanding items