Cedric/mon-petit-cinema
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualiser api.php

Browse Source
This commit is contained in:
Cedric
2026-06-18 16:56:43 +02:00
parent 27ba709f02
commit a5e4f90982
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api.php
+12 -2
View File
@@ -4,6 +4,10 @@ header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS"); header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization"); header("Access-Control-Allow-Headers: Content-Type, Authorization");
// NOUVEAU : Interdire formellement au navigateur de mettre en cache les requêtes API
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Pragma: no-cache");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200); http_response_code(200);
exit; exit;
@@ -17,7 +21,6 @@ try {
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
]); ]);
// Création automatique des tables si elles n'existent pas
$pdo->exec("CREATE TABLE IF NOT EXISTS users ( $pdo->exec("CREATE TABLE IF NOT EXISTS users (
id INT PRIMARY KEY, id INT PRIMARY KEY,
username VARCHAR(50) NOT NULL, username VARCHAR(50) NOT NULL,
@@ -64,7 +67,13 @@ function checkAuth($pdo) {
$stmtCheck = $pdo->query("SELECT COUNT(*) FROM users"); $stmtCheck = $pdo->query("SELECT COUNT(*) FROM users");
if ($stmtCheck->fetchColumn() == 0) return true; if ($stmtCheck->fetchColumn() == 0) return true;
// NOUVEAU : Récupération du token sécurisée contre les serveurs Apache récalcitrants
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; $token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (empty($token) && function_exists('apache_request_headers')) {
$headers = apache_request_headers();
$token = $headers['Authorization'] ?? $headers['authorization'] ?? '';
}
if ($token !== md5(ENCRYPTION_KEY . 'session')) { if ($token !== md5(ENCRYPTION_KEY . 'session')) {
http_response_code(403); http_response_code(403);
echo json_encode(["error" => "Accès interdit."]); echo json_encode(["error" => "Accès interdit."]);
@@ -142,7 +151,7 @@ switch ($action) {
} }
echo json_encode(["success" => true]); echo json_encode(["success" => true]);
break; break;
case 'delete_film': case 'delete_film':
checkAuth($pdo); checkAuth($pdo);
$type = $_GET['type'] ?? 'critique'; $type = $_GET['type'] ?? 'critique';
@@ -178,6 +187,7 @@ case 'delete_film':
$stmt->execute($ids); $stmt->execute($ids);
echo json_encode(["success" => true]); echo json_encode(["success" => true]);
} else { } else {
http_response_code(400);
echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]); echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]);
} }
break; break;