From 11199ee774f3580f8d312939a6094176d5fa0f74 Mon Sep 17 00:00:00 2001
From: Cedric <cedric.chagnaud@gmail.com>
Date: Fri, 19 Jun 2026 10:13:36 +0200
Subject: [PATCH] Actualiser api.php

---
 api.php | 88 ++++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 52 insertions(+), 36 deletions(-)

diff --git a/api.php b/api.php
index dc2dc05..dfc1fed 100644
--- a/api.php
+++ b/api.php
@@ -19,7 +19,7 @@ try {
         PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
     ]);
     
-    // Création des tables si elles n'existent pas
+    // Création des tables (ajout de la table config)
     $pdo->exec("CREATE TABLE IF NOT EXISTS users (
         id INT PRIMARY KEY, username VARCHAR(50) NOT NULL, password_hash VARCHAR(255) NOT NULL
     )");
@@ -64,17 +64,23 @@ function checkAuth($pdo) {
 
 // ── FONCTIONS TMDB & CHIFFREMENT ──
 
-function tmdbHttpGet($url) {
-    if (function_exists('curl_init')) {
-        $ch = curl_init();
-        curl_setopt($ch, CURLOPT_URL, $url);
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($ch, CURLOPT_TIMEOUT, 5);
-        $res = curl_exec($ch);
-        curl_close($ch);
-        return $res;
+function encryptData($data) {
+    $iv = openssl_random_pseudo_bytes(16);
+    $key = hash('sha256', ENCRYPTION_KEY, true);
+    $encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
+    return base64_encode($encrypted . '::' . $iv);
+}
+
+function decryptData($encryptedStr) {
+    $decoded = base64_decode($encryptedStr);
+    if (strpos($decoded, '::') !== false) {
+        list($encData, $iv) = explode('::', $decoded, 2);
+    } else {
+        return null;
     }
-    return @file_get_contents($url);
+    $key = hash('sha256', ENCRYPTION_KEY, true);
+    $iv = substr($iv, 0, 16);
+    return openssl_decrypt($encData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
 }
 
 function getTmdbApiKey($pdo) {
@@ -82,31 +88,21 @@ function getTmdbApiKey($pdo) {
     $stmt->execute();
     $row = $stmt->fetch();
     if (!$row) return null;
-    
-    $encrypted = $row['key_value'];
-    $decoded = base64_decode($encrypted);
-    
-    // Séparation des données et du IV (format base64(data::iv))
-    if (strpos($decoded, '::') !== false) {
-        list($encData, $iv) = explode('::', $decoded, 2);
-    } else {
-        $encData = $decoded;
-        $iv = str_repeat("\0", 16);
-    }
-    
-    // ⚠️ ADAPTEZ CETTE PARTIE SI VOTRE MÉTHODE DE CHIFFREMENT CÔTÉ FRONT EST DIFFÉRENTE
-    $key = hash('sha256', ENCRYPTION_KEY, true); 
-    $iv = substr($iv, 0, 16);
-    
-    $decrypted = openssl_decrypt($encData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
-    return $decrypted ?: null;
+    return decryptData($row['key_value']);
 }
 
 function fetchTmdbData($title, $year, $apiKey) {
     if (empty($apiKey) || empty($title)) return null;
 
     $searchUrl = "https://api.themoviedb.org/3/search/movie?api_key={$apiKey}&query=" . urlencode($title) . "&year={$year}&language=fr-FR";
-    $searchRes = tmdbHttpGet($searchUrl);
+    $searchRes = @file_get_contents($searchUrl);
+    if (!$searchRes && function_exists('curl_init')) {
+        $ch = curl_init($searchUrl);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_TIMEOUT, 5);
+        $searchRes = curl_exec($ch);
+        curl_close($ch);
+    }
     if (!$searchRes) return null;
     
     $searchData = json_decode($searchRes, true);
@@ -116,9 +112,16 @@ function fetchTmdbData($title, $year, $apiKey) {
     $movieId = $movie['id'];
     $poster = !empty($movie['poster_path']) ? "https://image.tmdb.org/t/p/w500" . $movie['poster_path'] : '';
     
-    // Récupération du réalisateur
     $creditsUrl = "https://api.themoviedb.org/3/movie/{$movieId}/credits?api_key={$apiKey}&language=fr-FR";
-    $creditsRes = tmdbHttpGet($creditsUrl);
+    $creditsRes = @file_get_contents($creditsUrl);
+    if (!$creditsRes && function_exists('curl_init')) {
+        $ch = curl_init($creditsUrl);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_TIMEOUT, 5);
+        $creditsRes = curl_exec($ch);
+        curl_close($ch);
+    }
+    
     $director = '';
     if ($creditsRes) {
         $creditsData = json_decode($creditsRes, true);
@@ -132,10 +135,7 @@ function fetchTmdbData($title, $year, $apiKey) {
         }
     }
     
-    return [
-        'director' => $director,
-        'poster' => $poster
-    ];
+    return ['director' => $director, 'poster' => $poster];
 }
 
 // ── ROUTEUR PRINCIPAL ──
@@ -175,6 +175,22 @@ switch ($action) {
         echo json_encode(["success" => true]);
         break;
 
+    // ── NOUVELLE ACTION : SAUVEGARDE DE LA CLÉ EN BASE ──
+    case 'save_config':
+        checkAuth($pdo);
+        $keyName = $data['key_name'] ?? '';
+        $keyValue = $data['key_value'] ?? '';
+        if ($keyName === 'tmdb_api_key' && !empty($keyValue)) {
+            $encryptedValue = encryptData($keyValue);
+            $stmt = $pdo->prepare("REPLACE INTO config (key_name, key_value) VALUES (?, ?)");
+            $stmt->execute([$keyName, $encryptedValue]);
+            echo json_encode(["success" => true]);
+        } else {
+            http_response_code(400);
+            echo json_encode(["error" => "Données invalides."]);
+        }
+        break;
+
     case 'get_films':
         $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY id DESC")->fetchAll();
         $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY id DESC")->fetchAll();