hasRight($userId, 'superuser'); } if (!$canAdmin) { Feedback::flash('SECURITY', 'PERMISSION_DENIED'); header('Location: ' . $app_root); exit; } // Handle actions $action = $_POST['action'] ?? ''; if ($action !== '') { if (!$security->verifyCsrfToken($_POST['csrf_token'] ?? '')) { Feedback::flash('SECURITY', 'CSRF_INVALID'); header('Location: ' . $app_root . '?page=admin-tools'); exit; } try { if ($action === 'maintenance_on') { require_once __DIR__ . '/../core/Maintenance.php'; $msg = trim($_POST['maintenance_message'] ?? ''); \App\Core\Maintenance::enable($msg); Feedback::flash('NOTICE', 'DEFAULT', 'Maintenance mode enabled.', true); } elseif ($action === 'maintenance_off') { require_once __DIR__ . '/../core/Maintenance.php'; \App\Core\Maintenance::disable(); Feedback::flash('NOTICE', 'DEFAULT', 'Maintenance mode disabled.', true); } elseif ($action === 'migrate_up') { require_once __DIR__ . '/../core/MigrationRunner.php'; $migrationsDir = __DIR__ . '/../../doc/database/migrations'; $runner = new \App\Core\MigrationRunner($db, $migrationsDir); $applied = $runner->applyPendingMigrations(); if (empty($applied)) { Feedback::flash('NOTICE', 'DEFAULT', 'No pending migrations.', true); } else { Feedback::flash('NOTICE', 'DEFAULT', 'Applied migrations: ' . implode(', ', $applied), true); } } } catch (Throwable $e) { Feedback::flash('ERROR', 'DEFAULT', 'Action failed: ' . $e->getMessage(), false); } header('Location: ' . $app_root . '?page=admin-tools'); exit; } // Prepare data for view require_once __DIR__ . '/../core/Maintenance.php'; $maintenance_enabled = \App\Core\Maintenance::isEnabled(); $maintenance_message = \App\Core\Maintenance::getMessage(); require_once __DIR__ . '/../core/MigrationRunner.php'; $migrationsDir = __DIR__ . '/../../doc/database/migrations'; $pending = []; $applied = []; try { $runner = new \App\Core\MigrationRunner($db, $migrationsDir); $pending = $runner->listPendingMigrations(); $applied = $runner->listAppliedMigrations(); } catch (Throwable $e) { // show error in the page $migration_error = $e->getMessage(); } // CSRF token $csrf_token = $security->generateCsrfToken(); // Get any new feedback messages include __DIR__ . '/../helpers/feedback.php'; // Load the template include __DIR__ . '/../templates/admin-tools.php';