varlog/includes/ConfigRepo.php

<?php // includes/ConfigRepo.php
declare(strict_types=1);

function config_repo_get(): array {
    $pdo = db();
    $row = $pdo->query("SELECT * FROM app_config WHERE id=1")->fetch(PDO::FETCH_ASSOC);
    if (!$row) { return [
        'allow_password'=>true,'allow_oidc'=>false,'registrations_open'=>true,
        'oidc_issuer'=>null,'oidc_name'=>null,'oidc_client_id'=>null,'oidc_client_secret'=>null,'oidc_redirect_uri'=>null
    ]; }
    return $row;
}

function config_repo_save(array $in): void {
    $pdo = db();
    $sql = "INSERT INTO app_config
      (id, allow_password, allow_oidc, registrations_open, oidc_issuer, oidc_name, oidc_client_id, oidc_client_secret, oidc_redirect_uri, updated_at)
      VALUES (1,:pw,:oidc,:open,:iss,:name,:cid,:sec,:redir, now())
      ON CONFLICT (id) DO UPDATE SET
        allow_password=:pw, allow_oidc=:oidc, registrations_open=:open,
        oidc_issuer=:iss, oidc_name=:name, oidc_client_id=:cid, oidc_client_secret=:sec, oidc_redirect_uri=:redir,
        updated_at=now()";
    $stmt = $pdo->prepare($sql);
    $stmt->execute([
        ':pw'   => (bool)$in['allow_password'],
        ':oidc' => (bool)$in['allow_oidc'],
        ':open' => (bool)$in['registrations_open'],
        ':iss'  => trim((string)($in['oidc_issuer'] ?? '')) ?: null,
        ':name' => trim((string)($in['oidc_name'] ?? '')) ?: null,
        ':cid'  => trim((string)($in['oidc_client_id'] ?? '')) ?: null,
        ':sec'  => trim((string)($in['oidc_client_secret'] ?? '')) ?: null,
        ':redir'=> trim((string)($in['oidc_redirect_uri'] ?? '')) ?: null,
    ]);
}

/**
 * Met à jour le fichier .env en conservant les autres lignes.
 * $pairs = ['KEY'=>'value', ...] ; value null => supprime la clé.
 */
function env_set_pairs(string $envPath, array $pairs): void {
    if (!is_file($envPath)) { file_put_contents($envPath, ""); }
    $lines = file($envPath, FILE_IGNORE_NEW_LINES);
    $map   = [];
    foreach ($lines as $i => $line) {
        if (preg_match('/^\s*#/', $line) || trim($line)==='') { $map[$i] = $line; continue; }
        if (!str_contains($line, '=')) { $map[$i] = $line; continue; }
        [$k,$v] = explode('=', $line, 2);
        $k = trim($k);
        if ($k==='') { $map[$i] = $line; continue; }
        if (array_key_exists($k, $pairs)) {
            if ($pairs[$k] === null) { $map[$i] = null; } // supprimé
            else { $map[$i] = $k.'='.env_quote((string)$pairs[$k]); }
            unset($pairs[$k]);
        } else {
            $map[$i] = $line;
        }
    }
    // append keys restantes
    foreach ($pairs as $k=>$v) {
        if ($v === null) continue;
        $map[] = $k.'='.env_quote((string)$v);
    }
    // re-écriture
    $out = [];
    foreach ($map as $line) { if ($line === null) continue; $out[] = $line; }
    file_put_contents($envPath, implode(PHP_EOL, $out).PHP_EOL);
}

function env_quote(string $v): string {
    if ($v === '' || preg_match('/\s|[#"\'=]/', $v)) {
        // met entre guillemets et échappe
        $v = str_replace(['\\','"'], ['\\\\','\\"'], $v);
        return "\"$v\"";
    }
    return $v;
}

function ensure_admin(): void {
    // adapte à ton système
    if (empty($_SESSION['user']['is_admin'])) {
        http_response_code(403);
        exit('Forbidden');
    }
}