From 0110e266e8093647335aa9d694b4536e2db12625 Mon Sep 17 00:00:00 2001
From: Cedric <cedric.chagnaud@gmail.com>
Date: Thu, 18 Jun 2026 14:03:30 +0200
Subject: [PATCH] Actualiser api.php

---
 api.php | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 80 insertions(+), 7 deletions(-)

diff --git a/api.php b/api.php
index 5b09efa..b42a637 100644
--- a/api.php
+++ b/api.php
@@ -3,11 +3,9 @@ header("Content-Type: application/json; charset=UTF-8");
 header("Access-Control-Allow-Origin: *");
 header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
 header("Access-Control-Allow-Headers: Content-Type, Authorization");
-
 if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit;
 
 define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
-
 $pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
     PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
     PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
@@ -24,6 +22,39 @@ function checkAuth($pdo) {
     }
 }
 
+function saveFilm($pdo, $data, $isUpdate = false) {
+    $type = $data['type'] ?? 'critique';
+    $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
+    
+    $allowedFields = [
+        'title', 'year', 'director', 'poster', 
+        'rating', 'review', 'streaming', 
+        'format', 'length', 'publisher', 'aspect_ratio', 'ean_isbn13', 'number_of_discs', 'description'
+    ];
+    
+    $fields = [];
+    $values = [];
+    foreach ($allowedFields as $field) {
+        if (array_key_exists($field, $data)) {
+            $fields[] = $field;
+            $values[] = $data[$field];
+        }
+    }
+    
+    if ($isUpdate && !empty($data['id'])) {
+        $setClause = implode('=?,', $fields) . '=?';
+        $values[] = $data['id'];
+        $stmt = $pdo->prepare("UPDATE $table SET $setClause WHERE id = ?");
+        $stmt->execute($values);
+    } else {
+        $placeholders = implode(',', array_fill(0, count($fields), '?'));
+        $columns = implode(',', $fields);
+        $stmt = $pdo->prepare("INSERT INTO $table ($columns) VALUES ($placeholders)");
+        $stmt->execute($values);
+    }
+    echo json_encode(["success" => true]);
+}
+
 $action = $_GET['action'] ?? '';
 $data = json_decode(file_get_contents('php://input'), true) ?? [];
 
@@ -33,7 +64,7 @@ switch ($action) {
         $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque")->fetchAll();
         echo json_encode(array_merge($crit, $video));
         break;
-
+        
     case 'login':
         $stmt = $pdo->query("SELECT COUNT(*) FROM users");
         if ($stmt->fetchColumn() == 0) {
@@ -50,11 +81,12 @@ switch ($action) {
             }
         }
         break;
-
+        
     case 'bulk_delete':
         checkAuth($pdo);
         $ids = $data['ids'] ?? [];
-        $table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques';
+        $type = $data['type'] ?? 'critique'; // BUG CORRIGÉ : Vérification de l'existence
+        $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
         if (!empty($ids)) {
             $placeholders = implode(',', array_fill(0, count($ids), '?'));
             $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)");
@@ -62,12 +94,53 @@ switch ($action) {
             echo json_encode(["success" => true]);
         }
         break;
-
+        
     case 'delete_film':
         checkAuth($pdo);
-        $table = ($_GET['type'] === 'videotheque') ? 'videotheque' : 'critiques';
+        $type = $_GET['type'] ?? 'critique'; // BUG CORRIGÉ : Vérification de l'existence
+        $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
         $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
         $stmt->execute([$_GET['id']]);
         echo json_encode(["success" => true]);
         break;
+
+    case 'add_film':
+        checkAuth($pdo);
+        saveFilm($pdo, $data, false);
+        break;
+
+    case 'update_film':
+        checkAuth($pdo);
+        saveFilm($pdo, $data, true);
+        break;
+
+    case 'change_password':
+        checkAuth($pdo);
+        $pass = $data['password'] ?? '';
+        if ($pass) {
+            $hash = password_hash($pass, PASSWORD_DEFAULT);
+            $stmt = $pdo->prepare("UPDATE users SET password_hash = ? WHERE username = 'admin'");
+            $stmt->execute([$hash]);
+        }
+        echo json_encode(["success" => true]);
+        break;
+
+    case 'import_csv':
+        checkAuth($pdo);
+        if (isset($_FILES['file'])) {
+            $file = $_FILES['file']['tmp_name'];
+            $type = $_POST['type'] ?? 'critique';
+            $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
+            
+            if (($handle = fopen($file, "r")) !== FALSE) {
+                $header = fgetcsv($handle, 0, ",");
+                while (($row = fgetcsv($handle, 0, ",")) !== FALSE) {
+                    $rowData = array_combine($header, $row);
+                    saveFilm($pdo, array_merge($rowData, ['type' => $type]), false);
+                }
+                fclose($handle);
+            }
+            echo json_encode(["success" => true]);
+        }
+        break;
 }
\ No newline at end of file