<?php
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization");

header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Pragma: no-cache");

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit;
}

define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');

try {
    // Vérifiez bien que "root" et "" correspondent aux identifiants de votre base de données locale
    $pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
    ]);

    $pdo->exec("CREATE TABLE IF NOT EXISTS users (
        id INT PRIMARY KEY,
        username VARCHAR(50) NOT NULL,
        password_hash VARCHAR(255) NOT NULL
    )");

    $pdo->exec("CREATE TABLE IF NOT EXISTS critiques (
        id BIGINT PRIMARY KEY,
        title VARCHAR(255) NOT NULL,
        year VARCHAR(10),
        director VARCHAR(255),
        poster TEXT,
        rating INT DEFAULT 3,
        review TEXT,
        streaming VARCHAR(255)
    )");

    $pdo->exec("CREATE TABLE IF NOT EXISTS videotheque (
        id BIGINT PRIMARY KEY,
        title VARCHAR(255) NOT NULL,
        year VARCHAR(10),
        director VARCHAR(255),
        poster TEXT,
        format VARCHAR(50),
        length VARCHAR(50),
        publisher VARCHAR(255),
        ean_isbn13 VARCHAR(50),
        number_of_discs INT DEFAULT 1,
        aspect_ratio VARCHAR(50),
        description TEXT
    )");

} catch (\PDOException $e) {
    echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]);
    exit;
}

function makeStableId($title, $year) {
    $key  = strtolower(trim($title ?? '')) . '|' . trim($year ?? '');
    return (abs(crc32($key)) % 2000000000) + 100000000;
}

function checkAuth($pdo) {
    $stmtCheck = $pdo->query("SELECT COUNT(*) FROM users");
    if ($stmtCheck->fetchColumn() == 0) return true; 

    $token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
    if (empty($token) && function_exists('apache_request_headers')) {
        $headers = apache_request_headers();
        $token = $headers['Authorization'] ?? $headers['authorization'] ?? '';
    }

    if ($token !== md5(ENCRYPTION_KEY . 'session')) {
        http_response_code(403);
        echo json_encode(["error" => "Accès interdit."]);
        exit;
    }
}

$action = $_GET['action'] ?? '';
$data = json_decode(file_get_contents('php://input'), true) ?? [];

switch ($action) {
    case 'check_security_status':
        $stmt = $pdo->query("SELECT COUNT(*) FROM users");
        echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]);
        break;

    case 'login':
        $stmt = $pdo->query("SELECT COUNT(*) FROM users");
        if ($stmt->fetchColumn() == 0) {
            echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]);
        } else {
            $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
            $stmt->execute();
            $user = $stmt->fetch();
            if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) {
                echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
            } else {
                http_response_code(401);
                echo json_encode(["error" => "Mot de passe incorrect."]);
            }
        }
        break;

    case 'setup_admin':
    case 'update_password':
        checkAuth($pdo);
        $pwd = $data['password'] ?? $data['new_password'] ?? '';
        $stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)");
        $stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]);
        echo json_encode(["success" => true]);
        break;

    case 'get_films':
        $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY id DESC")->fetchAll();
        $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY id DESC")->fetchAll();
        echo json_encode(array_merge($crit, $video));
        break;

    case 'save_film':
        checkAuth($pdo);
        $type = $data['type'] ?? 'critique';
        
        $id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'] ?? '', $data['year'] ?? '0000');
        
        if ($type === 'critique') {
            $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) 
                    VALUES (?, ?, ?, ?, ?, ?, ?, ?) 
                    ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)";
            $stmt = $pdo->prepare($sql);
            $stmt->execute([
                $id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', 
                $data['poster'] ?? '', $data['rating'] ?? 3, $data['review'] ?? '', $data['streaming'] ?? ''
            ]);
        } else {
            $sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) 
                    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) 
                    ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)";
            $stmt = $pdo->prepare($sql);
            $stmt->execute([
                $id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', 
                $data['poster'] ?? '', $data['format'] ?? '', $data['length'] ?? '', 
                $data['publisher'] ?? '', $data['ean_isbn13'] ?? '', $data['number_of_discs'] ?? 1, 
                $data['aspect_ratio'] ?? '', $data['description'] ?? ''
            ]);
        }
        echo json_encode(["success" => true]);
        break;

    case 'delete_film':
        checkAuth($pdo);
        $type = $_GET['type'] ?? 'critique';
        $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
        $id = $_GET['id'] ?? null;
    
        if (!$id) {
            http_response_code(400);
            echo json_encode(["error" => "ID manquant."]);
            break;
        }
    
        $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
        $stmt->execute([$id]);
        echo json_encode(["success" => true]);
        break;

    case 'bulk_delete':
        checkAuth($pdo);
        $ids = $data['ids'] ?? [];
        $type = $data['type'] ?? 'critique'; 
        $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
        
        if (!empty($ids)) {
            $placeholders = implode(',', array_fill(0, count($ids), '?'));
            $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)");
            $stmt->execute($ids);
            echo json_encode(["success" => true]);
        } else {
            http_response_code(400);
            echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]);
        }
        break;

    case 'import_csv':
        checkAuth($pdo);
        if (isset($_FILES['csv_file'])) {
            $file = $_FILES['csv_file']['tmp_name'];
            $type = $_POST['type'] ?? 'critique';
            
            if (($handle = fopen($file, "r")) !== FALSE) {
                $header = fgetcsv($handle, 0, ",");
                // Nettoyage des headers (suppression des espaces ou caractères cachés)
                $header = array_map('trim', $header);

                while (($row = fgetcsv($handle, 0, ",")) !== FALSE) {
                    if (count($row) !== count($header)) continue;
                    $rowData = array_combine($header, $row);
                    
                    // Récupération des données avec valeurs par défaut si colonnes manquantes
                    $title  = $rowData['Name'] ?? $rowData['title'] ?? 'Sans titre';
                    $year   = $rowData['Year'] ?? $rowData['year'] ?? '0000';
                    $rating = isset($rowData['Rating']) ? (int)round($rowData['Rating'] * 1) : 3;
                    $review = $rowData['Review'] ?? $rowData['review'] ?? '';
                    $id     = makeStableId($title, $year);
                    
                    if ($type === 'critique') {
                        // On utilise les colonnes de la BDD. 
                        // Note : ON DUPLICATE KEY UPDATE ne mettra à jour que les champs fournis.
                        $stmt = $pdo->prepare("INSERT INTO critiques (id, title, year, rating, review) 
                                               VALUES (?, ?, ?, ?, ?) 
                                               ON DUPLICATE KEY UPDATE 
                                               rating = VALUES(rating), 
                                               review = IF(VALUES(review) != '', VALUES(review), review)");
                        $stmt->execute([$id, $title, $year, $rating, $review]);
                    } else {
                        // Pour la vidéothèque, on importe les champs disponibles
                        $stmt = $pdo->prepare("INSERT INTO videotheque (id, title, year) VALUES (?, ?, ?) 
                                               ON DUPLICATE KEY UPDATE title=VALUES(title)");
                        $stmt->execute([$id, $title, $year]);
                    }
                }
                fclose($handle);
            }
            echo json_encode(["success" => true]);
        } else {
            http_response_code(400);
            echo json_encode(["error" => "Aucun fichier reçu."]);
        }
        break;
}