Cedric Abonnel
184 lines
6.1 KiB
PHP
184 lines
6.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
define('BASE_PATH', realpath(__DIR__ . '/../'));
|
|
|
|
if (session_status() === PHP_SESSION_NONE) {
|
|
$isHttps = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
|
|
session_set_cookie_params(['lifetime' => 0, 'path' => '/', 'secure' => $isHttps, 'httponly' => true, 'samesite' => 'Lax']);
|
|
session_start();
|
|
}
|
|
|
|
require_once BASE_PATH . '/src/helpers.php';
|
|
require_once BASE_PATH . '/src/auth.php';
|
|
require_once BASE_PATH . '/config/config.php';
|
|
require_once BASE_PATH . '/src/ArticleManager.php';
|
|
|
|
$articles = new ArticleManager(BASE_PATH . '/data');
|
|
|
|
$action = $_GET['action'] ?? 'list';
|
|
$uuid = $_GET['uuid'] ?? '';
|
|
$slug = $_GET['slug'] ?? '';
|
|
|
|
switch ($action) {
|
|
|
|
case 'create':
|
|
requireAuth();
|
|
|
|
$title = $_POST['title'] ?? '';
|
|
$content = $_POST['content'] ?? '';
|
|
$postSlug = $_POST['slug'] ?? '';
|
|
$published = isset($_POST['published']);
|
|
$published_at = str_replace('T', ' ', $_POST['published_at'] ?? date('Y-m-d H:i:s'));
|
|
$errors = [];
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
if (trim($title) === '') {
|
|
$errors[] = 'Le titre est obligatoire.';
|
|
}
|
|
if (empty($errors)) {
|
|
$newUuid = $articles->create($title, $content, $published, $postSlug, $published_at, currentUserEmail() ?? '');
|
|
|
|
foreach ($_FILES['files']['tmp_name'] ?? [] as $i => $tmpName) {
|
|
if ($_FILES['files']['error'][$i] === UPLOAD_ERR_OK) {
|
|
$articles->addFile($newUuid, [
|
|
'name' => $_FILES['files']['name'][$i],
|
|
'tmp_name' => $tmpName,
|
|
'error' => $_FILES['files']['error'][$i],
|
|
]);
|
|
}
|
|
}
|
|
|
|
header('Location: /');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
$formAction = '/?action=create';
|
|
$action = 'create';
|
|
include BASE_PATH . '/templates/post_form.php';
|
|
break;
|
|
|
|
case 'view':
|
|
$article = $slug !== '' ? $articles->getBySlug($slug) : null;
|
|
if (!$article) {
|
|
http_response_code(404);
|
|
echo 'Article introuvable.';
|
|
exit;
|
|
}
|
|
|
|
if (!$article['published']) {
|
|
$author = $article['author'] ?? '';
|
|
$currentEmail = currentUserEmail() ?? '';
|
|
$canView = ($author !== '' && $currentEmail === $author)
|
|
|| ($author === '' && isAdmin());
|
|
if (!$canView) {
|
|
http_response_code(404);
|
|
echo 'Article introuvable.';
|
|
exit;
|
|
}
|
|
}
|
|
|
|
$files = $articles->getFiles($article['uuid']);
|
|
|
|
// Résout les chemins de fichiers relatifs dans le contenu
|
|
$rawContent = $articles->resolveFileUrls($article['uuid'], $article['content']);
|
|
|
|
include BASE_PATH . '/templates/post_view.php';
|
|
break;
|
|
|
|
case 'edit':
|
|
requireAuth();
|
|
|
|
$article = $articles->getByUuid($uuid);
|
|
if (!$article) {
|
|
http_response_code(404);
|
|
echo 'Article introuvable.';
|
|
exit;
|
|
}
|
|
|
|
$title = $_POST['title'] ?? $article['title'];
|
|
$content = $_POST['content'] ?? $article['content'];
|
|
$postSlug = $_POST['slug'] ?? $article['slug'];
|
|
$published = isset($_POST['published']) ? true : $article['published'];
|
|
$published_at = $_POST['published_at']
|
|
?? date('Y-m-d\TH:i', strtotime((string)($article['published_at'] ?? 'now')));
|
|
$errors = [];
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
if (trim($title) === '') {
|
|
$errors[] = 'Le titre est obligatoire.';
|
|
}
|
|
if (empty($errors)) {
|
|
$articles->update(
|
|
$uuid,
|
|
$title,
|
|
$content,
|
|
$published,
|
|
$_POST['slug'] ?? '',
|
|
str_replace('T', ' ', $_POST['published_at'] ?? ''),
|
|
$_POST['revision_comment'] ?? ''
|
|
);
|
|
|
|
foreach ($_FILES['files']['tmp_name'] ?? [] as $i => $tmpName) {
|
|
if ($_FILES['files']['error'][$i] === UPLOAD_ERR_OK) {
|
|
$articles->addFile($uuid, [
|
|
'name' => $_FILES['files']['name'][$i],
|
|
'tmp_name' => $tmpName,
|
|
'error' => $_FILES['files']['error'][$i],
|
|
]);
|
|
}
|
|
}
|
|
|
|
$updated = $articles->getByUuid($uuid);
|
|
header('Location: /post/' . rawurlencode($updated['slug'] ?? $uuid));
|
|
exit;
|
|
}
|
|
}
|
|
|
|
$formAction = '/?action=edit&uuid=' . rawurlencode($uuid);
|
|
$action = 'edit';
|
|
$existingFiles = $articles->getFiles($uuid);
|
|
include BASE_PATH . '/templates/post_form.php';
|
|
break;
|
|
|
|
case 'delete':
|
|
requireAuth();
|
|
if ($uuid !== '') {
|
|
$articles->delete($uuid);
|
|
}
|
|
header('Location: /');
|
|
exit;
|
|
|
|
case 'about':
|
|
include BASE_PATH . '/templates/about.php';
|
|
break;
|
|
|
|
case 'legal':
|
|
include BASE_PATH . '/templates/legal.php';
|
|
break;
|
|
|
|
case 'contact':
|
|
include BASE_PATH . '/templates/contact.php';
|
|
break;
|
|
|
|
case 'licenses':
|
|
include BASE_PATH . '/templates/licenses.php';
|
|
break;
|
|
|
|
case 'list':
|
|
default:
|
|
$currentEmail = currentUserEmail() ?? '';
|
|
$posts = array_values(array_filter($articles->getAll(), static function (array $a) use ($currentEmail): bool {
|
|
if ($a['published']) {
|
|
return true;
|
|
}
|
|
$author = $a['author'] ?? '';
|
|
return ($author !== '' && $currentEmail === $author)
|
|
|| ($author === '' && isAdmin());
|
|
}));
|
|
include BASE_PATH . '/templates/post_list.php';
|
|
break;
|
|
}
|