Add contact form DB storage and hidden staff inbox

- contact.php now inserts submissions into MySQL via PDO prepared statements; raw values stored (htmlspecialchars moved to output only) - www/includes/db.php: shared PDO helper with auto-migration that adds the is_read column to existing deployments without a full DB reset - docker/mysql/init.sql: added is_read TINYINT column to contacts table for fresh deploys - www/pages/admin-inbox.php: self-contained staff inbox at /staff-portal with session-based password login, per-message mark-as-read, and mark-all-read; unread count shown in browser tab title - index.php: routes /staff-portal before public header/footer so the admin page is fully standalone - docker-compose.yml: ADMIN_PASS env var wired to web container Set ADMIN_PASS in .env (gitignored) before deploying. If the DB volume already exists, the auto-migration in db.php will add the is_read column automatically on first request. https://claude.ai/code/session_015wpwmheufcxkBuXivrSHhd
2026-03-01 03:05:18 +00:00
parent 6b44fe8b4c
commit 40e3f73aaf
6 changed files with 304 additions and 10 deletions
--- a/www/includes/db.php
+++ b/www/includes/db.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * Returns a shared PDO connection to the MySQL database.
+ * Also ensures the `is_read` column exists (added after initial deploy).
+ */
+function get_db(): PDO {
+    static $pdo = null;
+    if ($pdo !== null) return $pdo;
+
+    $host = getenv('DB_HOST') ?: 'db';
+    $name = getenv('DB_NAME') ?: 'alwisp';
+    $user = getenv('DB_USER') ?: '';
+    $pass = getenv('DB_PASS') ?: '';
+
+    $pdo = new PDO(
+        "mysql:host=$host;dbname=$name;charset=utf8mb4",
+        $user, $pass,
+        [
+            PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+        ]
+    );
+
+    // Auto-migrate: add is_read if the DB was initialised before this column existed
+    $col_exists = $pdo->query(
+        "SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS
+         WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'contacts' AND COLUMN_NAME = 'is_read'"
+    )->fetchColumn();
+
+    if (!$col_exists) {
+        $pdo->exec("ALTER TABLE contacts ADD COLUMN is_read TINYINT(1) NOT NULL DEFAULT 0");
+    }
+
+    return $pdo;
+}