Create PHP news site with admin dashboard and Shopee ad flow

[huzely]

Summary

• Build public news site with slug-based routing, multi-theme UI, Shopee overlay ad flow, and caching
• Add Vietnamese admin panel for login, CRUD bài viết, cài đặt, thống kê, copy link, và đổi theme/logo/banner
• Implement PDO database schema, tracking API với rate-limit, Telegram queue, và cơ chế lỗi/log thân thiện

Testing

• php -l public_html/index.php
• php -l public_html/config.php
• php -l public_html/api/stats.php
• php -l public_html/api/track.php
• php -l public_html/error.php
• php -l public_html/post.php
• php -l public_html/bots/telegram/webhook.php
• php -l public_html/admin/stats.php
• php -l public_html/admin/login.php
• php -l public_html/admin/post_delete.php
• php -l public_html/admin/post_copy.php
• php -l public_html/admin/posts.php
• php -l public_html/admin/post_add.php
• php -l public_html/admin/logout.php
• php -l public_html/admin/includes/header.php
• php -l public_html/admin/includes/auth_check.php
• php -l public_html/admin/includes/footer.php
• php -l public_html/admin/dashboard.php
• php -l public_html/admin/post_edit.php
• php -l public_html/admin/settings.php
• php -l public_html/lib/helpers.php
• php -l public_html/lib/telegram.php
• php -l public_html/lib/slugify.php
• php -l public_html/lib/rate_limit.php
• php -l public_html/lib/cache.php
• php -l public_html/lib/error_handler.php
• php -l public_html/lib/db.php
• php -l public_html/lib/csrf.php
• php -l public_html/lib/auth.php
• php -l public_html/includes/menu.php
• php -l public_html/includes/header.php
• php -l public_html/includes/footer.php

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Protect post deletion with CSRF-checked POST

The delete endpoint removes articles directly on a GET request without validating a CSRF token. Any site that an authenticated admin visits can trigger /admin/post_delete.php?id=... via an image or link and silently delete content. Side-effecting actions should require a POST with verify_csrf (like the other admin forms) to prevent cross-site deletions.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Avoid duplicate session_start causing 500s

Both auth.php and csrf.php call session_start() unconditionally; admin pages include both, so the second call raises a notice every request. With error_handler.php converting notices into 500 responses (and rendering the error page), the admin screens and login will return HTTP 500 with error output before rendering. Guard session initialization (e.g., check session_status() === PHP_SESSION_NONE) so the session is started only once.

Useful? React with 👍 / 👎.