From 15876601fc7fcde98a88be953e2648465fdb47ad Mon Sep 17 00:00:00 2001 From: Cedric Date: Thu, 18 Jun 2026 14:10:31 +0200 Subject: [PATCH] Actualiser api.php --- api.php | 168 +++++++++++++++++++++++--------------------------------- 1 file changed, 70 insertions(+), 98 deletions(-) diff --git a/api.php b/api.php index b42a637..70f2e26 100644 --- a/api.php +++ b/api.php @@ -3,68 +3,50 @@ header("Content-Type: application/json; charset=UTF-8"); header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS"); header("Access-Control-Allow-Headers: Content-Type, Authorization"); -if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit; + +if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { + http_response_code(200); + exit; +} define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!'); -$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [ - PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, - PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC -]); + +try { + $pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [ + PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, + PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC + ]); +} catch (\PDOException $e) { + echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); + exit; +} + +function makeStableId($title, $year) { + $key = strtolower(trim($title)) . '|' . trim($year); + return (abs(crc32($key)) % 2000000000) + 100000000; +} function checkAuth($pdo) { - $stmt = $pdo->query("SELECT COUNT(*) FROM users"); - if ($stmt->fetchColumn() == 0) return; + $stmtCheck = $pdo->query("SELECT COUNT(*) FROM users"); + if ($stmtCheck->fetchColumn() == 0) return true; // Laisse passer si aucun admin n'est défini + $token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); - echo json_encode(["error" => "Non autorisé"]); + echo json_encode(["error" => "Accès interdit."]); exit; } } -function saveFilm($pdo, $data, $isUpdate = false) { - $type = $data['type'] ?? 'critique'; - $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; - - $allowedFields = [ - 'title', 'year', 'director', 'poster', - 'rating', 'review', 'streaming', - 'format', 'length', 'publisher', 'aspect_ratio', 'ean_isbn13', 'number_of_discs', 'description' - ]; - - $fields = []; - $values = []; - foreach ($allowedFields as $field) { - if (array_key_exists($field, $data)) { - $fields[] = $field; - $values[] = $data[$field]; - } - } - - if ($isUpdate && !empty($data['id'])) { - $setClause = implode('=?,', $fields) . '=?'; - $values[] = $data['id']; - $stmt = $pdo->prepare("UPDATE $table SET $setClause WHERE id = ?"); - $stmt->execute($values); - } else { - $placeholders = implode(',', array_fill(0, count($fields), '?')); - $columns = implode(',', $fields); - $stmt = $pdo->prepare("INSERT INTO $table ($columns) VALUES ($placeholders)"); - $stmt->execute($values); - } - echo json_encode(["success" => true]); -} - $action = $_GET['action'] ?? ''; $data = json_decode(file_get_contents('php://input'), true) ?? []; switch ($action) { - case 'get_films': - $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques")->fetchAll(); - $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque")->fetchAll(); - echo json_encode(array_merge($crit, $video)); + case 'check_security_status': + $stmt = $pdo->query("SELECT COUNT(*) FROM users"); + echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]); break; - + case 'login': $stmt = $pdo->query("SELECT COUNT(*) FROM users"); if ($stmt->fetchColumn() == 0) { @@ -77,16 +59,55 @@ switch ($action) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]); } else { http_response_code(401); - echo json_encode(["error" => "Erreur"]); + echo json_encode(["error" => "Mot de passe incorrect."]); } } break; + + case 'setup_admin': + case 'update_password': + checkAuth($pdo); + $pwd = $data['password'] ?? $data['new_password'] ?? ''; + $stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)"); + $stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]); + echo json_encode(["success" => true]); + break; + + case 'get_films': + $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY created_at DESC")->fetchAll(); + $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY created_at DESC")->fetchAll(); + echo json_encode(array_merge($crit, $video)); + break; + + case 'save_film': + checkAuth($pdo); + $type = $data['type'] ?? 'critique'; + $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; + $id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'], $data['year'] ?? '0000'); + + if ($type === 'critique') { + $stmt = $pdo->prepare("REPLACE INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['rating'], $data['review'], $data['streaming']]); + } else { + $stmt = $pdo->prepare("REPLACE INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['format'], $data['length'], $data['publisher'], $data['ean_isbn13'], $data['number_of_discs'], $data['aspect_ratio'], $data['description']]); + } + echo json_encode(["success" => true]); + break; + + case 'delete_film': + checkAuth($pdo); + $table = ($_GET['type'] === 'videotheque') ? 'videotheque' : 'critiques'; + $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); + $stmt->execute([$_GET['id']]); + echo json_encode(["success" => true]); + break; + case 'bulk_delete': checkAuth($pdo); $ids = $data['ids'] ?? []; - $type = $data['type'] ?? 'critique'; // BUG CORRIGÉ : Vérification de l'existence - $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; + $table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques'; if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); @@ -94,53 +115,4 @@ switch ($action) { echo json_encode(["success" => true]); } break; - - case 'delete_film': - checkAuth($pdo); - $type = $_GET['type'] ?? 'critique'; // BUG CORRIGÉ : Vérification de l'existence - $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; - $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); - $stmt->execute([$_GET['id']]); - echo json_encode(["success" => true]); - break; - - case 'add_film': - checkAuth($pdo); - saveFilm($pdo, $data, false); - break; - - case 'update_film': - checkAuth($pdo); - saveFilm($pdo, $data, true); - break; - - case 'change_password': - checkAuth($pdo); - $pass = $data['password'] ?? ''; - if ($pass) { - $hash = password_hash($pass, PASSWORD_DEFAULT); - $stmt = $pdo->prepare("UPDATE users SET password_hash = ? WHERE username = 'admin'"); - $stmt->execute([$hash]); - } - echo json_encode(["success" => true]); - break; - - case 'import_csv': - checkAuth($pdo); - if (isset($_FILES['file'])) { - $file = $_FILES['file']['tmp_name']; - $type = $_POST['type'] ?? 'critique'; - $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; - - if (($handle = fopen($file, "r")) !== FALSE) { - $header = fgetcsv($handle, 0, ","); - while (($row = fgetcsv($handle, 0, ",")) !== FALSE) { - $rowData = array_combine($header, $row); - saveFilm($pdo, array_merge($rowData, ['type' => $type]), false); - } - fclose($handle); - } - echo json_encode(["success" => true]); - } - break; } \ No newline at end of file