Ajouter admin/edit.php
This commit is contained in:
42
admin/edit.php
Normal file
42
admin/edit.php
Normal file
@@ -0,0 +1,42 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/auth.php';
|
||||
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
|
||||
if ($id <= 0) { header('Location: /admin/dashboard.php'); exit; }
|
||||
$stmt = $pdo->prepare('SELECT * FROM articles WHERE id = :id');
|
||||
$stmt->execute(['id' => $id]);
|
||||
$article = $stmt->fetch();
|
||||
if (!$article) { header('Location: /admin/dashboard.php'); exit; }
|
||||
$errors = [];
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if (!verify_csrf($_POST['csrf'] ?? '')) { $errors[] = 'Jeton CSRF invalide.'; }
|
||||
$titre = trim($_POST['titre'] ?? '');
|
||||
$contenu = trim($_POST['contenu'] ?? '');
|
||||
if (!$titre) $errors[] = 'Le titre est requis.';
|
||||
if (!$contenu) $errors[] = 'Le contenu est requis.';
|
||||
if (empty($errors)) {
|
||||
$stmt = $pdo->prepare('UPDATE articles SET titre = :titre, contenu = :contenu WHERE id = :id');
|
||||
$stmt->execute(['titre'=>$titre, 'contenu'=>$contenu, 'id'=>$id]);
|
||||
flash_set('success', 'Article modifié.');
|
||||
header('Location: /admin/dashboard.php'); exit;
|
||||
}
|
||||
}
|
||||
$token = csrf_token();
|
||||
?>
|
||||
<!doctype html>
|
||||
<html><head><meta charset="utf-8"><title>Modifier</title>
|
||||
<link rel="stylesheet" href="/public/assets/style.css"></head>
|
||||
<body>
|
||||
<h1>Modifier l'article #<?php echo $id; ?></h1>
|
||||
<?php if ($errors): ?><ul class="message error"><?php foreach($errors as $e) echo "<li>".esc($e)."</li>"; ?></ul><?php endif; ?>
|
||||
<form method="post" id="editForm">
|
||||
<input type="hidden" name="csrf" value="<?php echo $token; ?>">
|
||||
<div><label>Titre<br><input type="text" name="titre" value="<?php echo esc($article['titre']); ?>" required></label></div>
|
||||
<div><label>Contenu<br><textarea name="contenu" rows="10" required><?php echo esc($article['contenu']); ?></textarea></label></div>
|
||||
<button type="submit">Enregistrer</button>
|
||||
</form>
|
||||
<script>
|
||||
document.getElementById('editForm').addEventListener('submit', function(e){
|
||||
if(!this.titre.value.trim() || !this.contenu.value.trim()){ alert('Remplis tous les champs'); e.preventDefault(); }
|
||||
});
|
||||
</script>
|
||||
</body></html>
|
||||
Reference in New Issue
Block a user