Cedric/mon-petit-cinema
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualiser api.php

Browse Source
This commit is contained in:
Cedric
2026-06-18 14:10:31 +02:00
parent 7020bbea7c
commit 15876601fc
1 changed files with 70 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api.php
+69 -97
View File
@@ -3,66 +3,48 @@ header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit;
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
]);
try {
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
]);
} catch (\PDOException $e) {
echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]);
exit;
}
function makeStableId($title, $year) {
$key = strtolower(trim($title)) . '|' . trim($year);
return (abs(crc32($key)) % 2000000000) + 100000000;
}
function checkAuth($pdo) {
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
if ($stmt->fetchColumn() == 0) return;
$stmtCheck = $pdo->query("SELECT COUNT(*) FROM users");
if ($stmtCheck->fetchColumn() == 0) return true; // Laisse passer si aucun admin n'est défini
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if ($token !== md5(ENCRYPTION_KEY . 'session')) {
http_response_code(403);
echo json_encode(["error" => "Non autorisé"]);
echo json_encode(["error" => "Accès interdit."]);
exit;
}
}
function saveFilm($pdo, $data, $isUpdate = false) {
$type = $data['type'] ?? 'critique';
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
$allowedFields = [
'title', 'year', 'director', 'poster',
'rating', 'review', 'streaming',
'format', 'length', 'publisher', 'aspect_ratio', 'ean_isbn13', 'number_of_discs', 'description'
];
$fields = [];
$values = [];
foreach ($allowedFields as $field) {
if (array_key_exists($field, $data)) {
$fields[] = $field;
$values[] = $data[$field];
}
}
if ($isUpdate && !empty($data['id'])) {
$setClause = implode('=?,', $fields) . '=?';
$values[] = $data['id'];
$stmt = $pdo->prepare("UPDATE $table SET $setClause WHERE id = ?");
$stmt->execute($values);
} else {
$placeholders = implode(',', array_fill(0, count($fields), '?'));
$columns = implode(',', $fields);
$stmt = $pdo->prepare("INSERT INTO $table ($columns) VALUES ($placeholders)");
$stmt->execute($values);
}
echo json_encode(["success" => true]);
}
$action = $_GET['action'] ?? '';
$data = json_decode(file_get_contents('php://input'), true) ?? [];
switch ($action) {
case 'get_films':
$crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques")->fetchAll();
$video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque")->fetchAll();
echo json_encode(array_merge($crit, $video));
case 'check_security_status':
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]);
break;
case 'login':
@@ -77,16 +59,55 @@ switch ($action) {
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
} else {
http_response_code(401);
echo json_encode(["error" => "Erreur"]);
echo json_encode(["error" => "Mot de passe incorrect."]);
}
}
break;
case 'setup_admin':
case 'update_password':
checkAuth($pdo);
$pwd = $data['password'] ?? $data['new_password'] ?? '';
$stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)");
$stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]);
echo json_encode(["success" => true]);
break;
case 'get_films':
$crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY created_at DESC")->fetchAll();
$video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY created_at DESC")->fetchAll();
echo json_encode(array_merge($crit, $video));
break;
case 'save_film':
checkAuth($pdo);
$type = $data['type'] ?? 'critique';
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
$id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'], $data['year'] ?? '0000');
if ($type === 'critique') {
$stmt = $pdo->prepare("REPLACE INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['rating'], $data['review'], $data['streaming']]);
} else {
$stmt = $pdo->prepare("REPLACE INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['format'], $data['length'], $data['publisher'], $data['ean_isbn13'], $data['number_of_discs'], $data['aspect_ratio'], $data['description']]);
}
echo json_encode(["success" => true]);
break;
case 'delete_film':
checkAuth($pdo);
$table = ($_GET['type'] === 'videotheque') ? 'videotheque' : 'critiques';
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
$stmt->execute([$_GET['id']]);
echo json_encode(["success" => true]);
break;
case 'bulk_delete':
checkAuth($pdo);
$ids = $data['ids'] ?? [];
$type = $data['type'] ?? 'critique'; // BUG CORRIGÉ : Vérification de l'existence
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
$table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques';
if (!empty($ids)) {
$placeholders = implode(',', array_fill(0, count($ids), '?'));
$stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)");
@@ -94,53 +115,4 @@ switch ($action) {
echo json_encode(["success" => true]);
}
break;
case 'delete_film':
checkAuth($pdo);
$type = $_GET['type'] ?? 'critique'; // BUG CORRIGÉ : Vérification de l'existence
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
$stmt->execute([$_GET['id']]);
echo json_encode(["success" => true]);
break;
case 'add_film':
checkAuth($pdo);
saveFilm($pdo, $data, false);
break;
case 'update_film':
checkAuth($pdo);
saveFilm($pdo, $data, true);
break;
case 'change_password':
checkAuth($pdo);
$pass = $data['password'] ?? '';
if ($pass) {
$hash = password_hash($pass, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE users SET password_hash = ? WHERE username = 'admin'");
$stmt->execute([$hash]);
}
echo json_encode(["success" => true]);
break;
case 'import_csv':
checkAuth($pdo);
if (isset($_FILES['file'])) {
$file = $_FILES['file']['tmp_name'];
$type = $_POST['type'] ?? 'critique';
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
if (($handle = fopen($file, "r")) !== FALSE) {
$header = fgetcsv($handle, 0, ",");
while (($row = fgetcsv($handle, 0, ",")) !== FALSE) {
$rowData = array_combine($header, $row);
saveFilm($pdo, array_merge($rowData, ['type' => $type]), false);
}
fclose($handle);
}
echo json_encode(["success" => true]);
}
break;
}