From 8c7f78bb95e18334e56924a07f5006fc05e16767 Mon Sep 17 00:00:00 2001
From: rubisalpha <ilyasso.menut05@gmail.com>
Date: Thu, 30 Oct 2025 11:47:27 +0000
Subject: [PATCH] Ajouter admin/edit.php

---
 admin/edit.php | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 admin/edit.php

diff --git a/admin/edit.php b/admin/edit.php
new file mode 100644
index 0000000..ca4193a
--- /dev/null
+++ b/admin/edit.php
@@ -0,0 +1,42 @@
+<?php
+require_once __DIR__ . '/auth.php';
+$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
+if ($id <= 0) { header('Location: /admin/dashboard.php'); exit; }
+$stmt = $pdo->prepare('SELECT * FROM articles WHERE id = :id');
+$stmt->execute(['id' => $id]);
+$article = $stmt->fetch();
+if (!$article) { header('Location: /admin/dashboard.php'); exit; }
+$errors = [];
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    if (!verify_csrf($_POST['csrf'] ?? '')) { $errors[] = 'Jeton CSRF invalide.'; }
+    $titre = trim($_POST['titre'] ?? '');
+    $contenu = trim($_POST['contenu'] ?? '');
+    if (!$titre) $errors[] = 'Le titre est requis.';
+    if (!$contenu) $errors[] = 'Le contenu est requis.';
+    if (empty($errors)) {
+        $stmt = $pdo->prepare('UPDATE articles SET titre = :titre, contenu = :contenu WHERE id = :id');
+        $stmt->execute(['titre'=>$titre, 'contenu'=>$contenu, 'id'=>$id]);
+        flash_set('success', 'Article modifié.');
+        header('Location: /admin/dashboard.php'); exit;
+    }
+}
+$token = csrf_token();
+?>
+<!doctype html>
+<html><head><meta charset="utf-8"><title>Modifier</title>
+<link rel="stylesheet" href="/public/assets/style.css"></head>
+<body>
+<h1>Modifier l'article #<?php echo $id; ?></h1>
+<?php if ($errors): ?><ul class="message error"><?php foreach($errors as $e) echo "<li>".esc($e)."</li>"; ?></ul><?php endif; ?>
+<form method="post" id="editForm">
+    <input type="hidden" name="csrf" value="<?php echo $token; ?>">
+    <div><label>Titre<br><input type="text" name="titre" value="<?php echo esc($article['titre']); ?>" required></label></div>
+    <div><label>Contenu<br><textarea name="contenu" rows="10" required><?php echo esc($article['contenu']); ?></textarea></label></div>
+    <button type="submit">Enregistrer</button>
+</form>
+<script>
+document.getElementById('editForm').addEventListener('submit', function(e){
+    if(!this.titre.value.trim() || !this.contenu.value.trim()){ alert('Remplis tous les champs'); e.preventDefault(); }
+});
+</script>
+</body></html>