Actualiser api.php
This commit is contained in:
@@ -4,114 +4,70 @@ header("Access-Control-Allow-Origin: *");
|
|||||||
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
|
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
|
||||||
header("Access-Control-Allow-Headers: Content-Type, Authorization");
|
header("Access-Control-Allow-Headers: Content-Type, Authorization");
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit;
|
||||||
http_response_code(200);
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
|
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
|
||||||
|
|
||||||
$host = 'localhost';
|
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
|
||||||
$db = 'mon_cinema';
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||||
$user = 'root';
|
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
|
||||||
$pass = '';
|
]);
|
||||||
$charset = 'utf8mb4';
|
|
||||||
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
|
|
||||||
|
|
||||||
try {
|
|
||||||
$pdo = new PDO($dsn, $user, $pass, [
|
|
||||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
|
||||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
|
||||||
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8mb4 COLLATE utf8mb4_unicode_ci"
|
|
||||||
]);
|
|
||||||
} catch (\PDOException $e) {
|
|
||||||
echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]);
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
function encryptData($data) {
|
|
||||||
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
|
|
||||||
$encrypted = openssl_encrypt($data, 'aes-256-cbc', ENCRYPTION_KEY, 0, $iv);
|
|
||||||
return base64_encode($encrypted . '::' . $iv);
|
|
||||||
}
|
|
||||||
|
|
||||||
function decryptData($data) {
|
|
||||||
if (!$data) return '';
|
|
||||||
$decoded = base64_decode($data);
|
|
||||||
if (strpos($decoded, '::') === false) return '';
|
|
||||||
list($encrypted_data, $iv) = explode('::', $decoded, 2);
|
|
||||||
return openssl_decrypt($encrypted_data, 'aes-256-cbc', ENCRYPTION_KEY, 0, $iv);
|
|
||||||
}
|
|
||||||
|
|
||||||
function makeStableId($title, $year) {
|
|
||||||
$key = strtolower(trim($title)) . '|' . trim($year);
|
|
||||||
return (abs(crc32($key)) % 2000000000) + 100000000;
|
|
||||||
}
|
|
||||||
|
|
||||||
function makeNewIdSafe() {
|
|
||||||
return (abs(crc32(uniqid('', true))) % 2000000000) + 100000000;
|
|
||||||
}
|
|
||||||
|
|
||||||
function convertRating($rawRating) {
|
|
||||||
return max(1, min(5, (int)round(floatval($rawRating))));
|
|
||||||
}
|
|
||||||
|
|
||||||
function checkAuth($pdo) {
|
function checkAuth($pdo) {
|
||||||
$stmtCheck = $pdo->query("SELECT COUNT(*) as total FROM users");
|
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
|
||||||
if ($stmtCheck->fetch()['total'] == 0) return true;
|
if ($stmt->fetchColumn() == 0) return;
|
||||||
|
|
||||||
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
|
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
|
||||||
if (empty($token) && function_exists('apache_request_headers')) {
|
|
||||||
$headers = apache_request_headers();
|
|
||||||
$token = $headers['Authorization'] ?? '';
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($token !== md5(ENCRYPTION_KEY . 'session')) {
|
if ($token !== md5(ENCRYPTION_KEY . 'session')) {
|
||||||
http_response_code(403);
|
http_response_code(403);
|
||||||
echo json_encode(["error" => "Accès interdit."]);
|
echo json_encode(["error" => "Non autorisé"]);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$method = $_SERVER['REQUEST_METHOD'];
|
|
||||||
$action = $_GET['action'] ?? '';
|
$action = $_GET['action'] ?? '';
|
||||||
|
$data = json_decode(file_get_contents('php://input'), true) ?? [];
|
||||||
|
|
||||||
switch ($method) {
|
switch ($action) {
|
||||||
case 'GET':
|
case 'get_films':
|
||||||
if ($action === 'get_films') {
|
$crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques")->fetchAll();
|
||||||
$critiques = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY created_at DESC")->fetchAll();
|
$video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque")->fetchAll();
|
||||||
$videotheque = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY created_at DESC")->fetchAll();
|
echo json_encode(array_merge($crit, $video));
|
||||||
echo json_encode(array_merge($critiques, $videotheque), JSON_UNESCAPED_UNICODE);
|
break;
|
||||||
} elseif ($action === 'check_security_status') {
|
|
||||||
$stmt = $pdo->query("SELECT COUNT(*) as total FROM users");
|
case 'login':
|
||||||
echo json_encode(["is_blank" => ($stmt->fetch()['total'] == 0)]);
|
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
|
||||||
|
if ($stmt->fetchColumn() == 0) {
|
||||||
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]);
|
||||||
|
} else {
|
||||||
|
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
|
||||||
|
$stmt->execute();
|
||||||
|
$user = $stmt->fetch();
|
||||||
|
if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) {
|
||||||
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
|
||||||
|
} else {
|
||||||
|
http_response_code(401);
|
||||||
|
echo json_encode(["error" => "Erreur"]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'POST':
|
case 'bulk_delete':
|
||||||
$data = json_decode(file_get_contents('php://input'), true) ?? [];
|
checkAuth($pdo);
|
||||||
|
$ids = $data['ids'] ?? [];
|
||||||
if ($action === 'login') {
|
$table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques';
|
||||||
$stmt = $pdo->query("SELECT COUNT(*) as total FROM users");
|
if (!empty($ids)) {
|
||||||
if ($stmt->fetch()['total'] == 0) {
|
$placeholders = implode(',', array_fill(0, count($ids), '?'));
|
||||||
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]);
|
$stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)");
|
||||||
} else {
|
$stmt->execute($ids);
|
||||||
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
|
|
||||||
$stmt->execute();
|
|
||||||
$user = $stmt->fetch();
|
|
||||||
if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) {
|
|
||||||
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
|
|
||||||
} else {
|
|
||||||
http_response_code(401);
|
|
||||||
echo json_encode(["error" => "Mot de passe incorrect."]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} elseif ($action === 'setup_admin' || $action === 'update_password') {
|
|
||||||
checkAuth($pdo);
|
|
||||||
$pwd = $data['password'] ?? $data['new_password'] ?? '';
|
|
||||||
$stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)");
|
|
||||||
$stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]);
|
|
||||||
echo json_encode(["success" => true]);
|
echo json_encode(["success" => true]);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'delete_film':
|
||||||
|
checkAuth($pdo);
|
||||||
|
$table = ($_GET['type'] === 'videotheque') ? 'videotheque' : 'critiques';
|
||||||
|
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
|
||||||
|
$stmt->execute([$_GET['id']]);
|
||||||
|
echo json_encode(["success" => true]);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user