Cedric/mon-petit-cinema
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualiser api.php

Browse Source
This commit is contained in:
Cedric
2026-06-18 17:00:40 +02:00
parent db48dbdf73
commit 49e4eb1e7c
1 changed files with 16 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api.php
+2 -9
View File
@@ -4,7 +4,6 @@ header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS"); header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization"); header("Access-Control-Allow-Headers: Content-Type, Authorization");
// NOUVEAU : Interdire formellement au navigateur de mettre en cache les requêtes API
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Pragma: no-cache"); header("Pragma: no-cache");
@@ -16,6 +15,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!'); define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
try { try {
// Vérifiez bien que "root" et "" correspondent aux identifiants de votre base de données locale
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [ $pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
@@ -67,7 +67,6 @@ function checkAuth($pdo) {
$stmtCheck = $pdo->query("SELECT COUNT(*) FROM users"); $stmtCheck = $pdo->query("SELECT COUNT(*) FROM users");
if ($stmtCheck->fetchColumn() == 0) return true; if ($stmtCheck->fetchColumn() == 0) return true;
// NOUVEAU : Récupération du token sécurisée contre les serveurs Apache récalcitrants
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; $token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (empty($token) && function_exists('apache_request_headers')) { if (empty($token) && function_exists('apache_request_headers')) {
$headers = apache_request_headers(); $headers = apache_request_headers();
@@ -152,7 +151,7 @@ switch ($action) {
echo json_encode(["success" => true]); echo json_encode(["success" => true]);
break; break;
case 'delete_film': case 'delete_film':
checkAuth($pdo); checkAuth($pdo);
$type = $_GET['type'] ?? 'critique'; $type = $_GET['type'] ?? 'critique';
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
@@ -166,13 +165,7 @@ case 'delete_film':
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
$stmt->execute([$id]); $stmt->execute([$id]);
if ($stmt->rowCount() === 0) {
http_response_code(404);
echo json_encode(["error" => "Aucun enregistrement trouvé avec cet ID."]);
} else {
echo json_encode(["success" => true]); echo json_encode(["success" => true]);
}
break; break;
case 'bulk_delete': case 'bulk_delete':