Actualiser api.php

api.php

@@ -4,96 +4,39 @@ header("Access-Control-Allow-Origin: *");
 header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
 header("Access-Control-Allow-Headers: Content-Type, Authorization");
 
-if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit;
-    http_response_code(200);
-    exit;
-}
 
 define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
 
-$host    = 'localhost';
+$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
-$db      = 'mon_cinema';
-$user    = 'root';
-$pass    = '';
-$charset = 'utf8mb4';
-$dsn     = "mysql:host=$host;dbname=$db;charset=$charset";
-
-try {
-    $pdo = new PDO($dsn, $user, $pass, [
     PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
-        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
-        PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8mb4 COLLATE utf8mb4_unicode_ci"
+]);
-    ]);
-} catch (\PDOException $e) {
-    echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]);
-    exit;
-}
-
-function encryptData($data) {
-    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
-    $encrypted = openssl_encrypt($data, 'aes-256-cbc', ENCRYPTION_KEY, 0, $iv);
-    return base64_encode($encrypted . '::' . $iv);
-}
-
-function decryptData($data) {
-    if (!$data) return '';
-    $decoded = base64_decode($data);
-    if (strpos($decoded, '::') === false) return '';
-    list($encrypted_data, $iv) = explode('::', $decoded, 2);
-    return openssl_decrypt($encrypted_data, 'aes-256-cbc', ENCRYPTION_KEY, 0, $iv);
-}
-
-function makeStableId($title, $year) {
-    $key  = strtolower(trim($title)) . '|' . trim($year);
-    return (abs(crc32($key)) % 2000000000) + 100000000;
-}
-
-function makeNewIdSafe() {
-    return (abs(crc32(uniqid('', true))) % 2000000000) + 100000000;
-}
-
-function convertRating($rawRating) {
-    return max(1, min(5, (int)round(floatval($rawRating))));
-}
 
 function checkAuth($pdo) {
-    $stmtCheck = $pdo->query("SELECT COUNT(*) as total FROM users");
+    $stmt = $pdo->query("SELECT COUNT(*) FROM users");
-    if ($stmtCheck->fetch()['total'] == 0) return true;
+    if ($stmt->fetchColumn() == 0) return;
-
     $token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
-    if (empty($token) && function_exists('apache_request_headers')) {
-        $headers = apache_request_headers();
-        $token = $headers['Authorization'] ?? '';
-    }
-
     if ($token !== md5(ENCRYPTION_KEY . 'session')) {
         http_response_code(403);
-        echo json_encode(["error" => "Accès interdit."]);
+        echo json_encode(["error" => "Non autorisé"]);
         exit;
     }
 }
 
-$method = $_SERVER['REQUEST_METHOD'];
 $action = $_GET['action'] ?? '';
+$data = json_decode(file_get_contents('php://input'), true) ?? [];
 
-switch ($method) {
+switch ($action) {
-    case 'GET':
+    case 'get_films':
-        if ($action === 'get_films') {
+        $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques")->fetchAll();
-            $critiques = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY created_at DESC")->fetchAll();
+        $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque")->fetchAll();
-            $videotheque = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY created_at DESC")->fetchAll();
+        echo json_encode(array_merge($crit, $video));
-            echo json_encode(array_merge($critiques, $videotheque), JSON_UNESCAPED_UNICODE);
-        } elseif ($action === 'check_security_status') {
-            $stmt = $pdo->query("SELECT COUNT(*) as total FROM users");
-            echo json_encode(["is_blank" => ($stmt->fetch()['total'] == 0)]);
-        }
         break;
 
-    case 'POST':
+    case 'login':
-        $data = json_decode(file_get_contents('php://input'), true) ?? [];
+        $stmt = $pdo->query("SELECT COUNT(*) FROM users");
-        
+        if ($stmt->fetchColumn() == 0) {
-        if ($action === 'login') {
-            $stmt = $pdo->query("SELECT COUNT(*) as total FROM users");
-            if ($stmt->fetch()['total'] == 0) {
             echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]);
         } else {
             $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
@@ -103,15 +46,28 @@ switch ($method) {
                 echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
             } else {
                 http_response_code(401);
-                    echo json_encode(["error" => "Mot de passe incorrect."]);
+                echo json_encode(["error" => "Erreur"]);
             }
         }
-        } elseif ($action === 'setup_admin' || $action === 'update_password') {
+        break;
+
+    case 'bulk_delete':
         checkAuth($pdo);
-            $pwd = $data['password'] ?? $data['new_password'] ?? '';
+        $ids = $data['ids'] ?? [];
-            $stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)");
+        $table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques';
-            $stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]);
+        if (!empty($ids)) {
+            $placeholders = implode(',', array_fill(0, count($ids), '?'));
+            $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)");
+            $stmt->execute($ids);
             echo json_encode(["success" => true]);
         }
         break;
+
+    case 'delete_film':
+        checkAuth($pdo);
+        $table = ($_GET['type'] === 'videotheque') ? 'videotheque' : 'critiques';
+        $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
+        $stmt->execute([$_GET['id']]);
+        echo json_encode(["success" => true]);
+        break;
 }