PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); // NOUVEAU : Création automatique des tables si elles n'existent pas // Cela évite les erreurs SQL lors de la toute première exécution de l'application $pdo->exec("CREATE TABLE IF NOT EXISTS users ( id INT PRIMARY KEY, username VARCHAR(50) NOT NULL, password_hash VARCHAR(255) NOT NULL )"); $pdo->exec("CREATE TABLE IF NOT EXISTS critiques ( id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, rating INT DEFAULT 3, review TEXT, streaming VARCHAR(255) )"); $pdo->exec("CREATE TABLE IF NOT EXISTS videotheque ( id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, format VARCHAR(50), length VARCHAR(50), publisher VARCHAR(255), ean_isbn13 VARCHAR(50), number_of_discs INT DEFAULT 1, aspect_ratio VARCHAR(50), description TEXT )"); } catch (\PDOException $e) { echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); exit; } // CORRECTION : Protection contre les valeurs nulles function makeStableId($title, $year) { $key = strtolower(trim($title ?? '')) . '|' . trim($year ?? ''); return (abs(crc32($key)) % 2000000000) + 100000000; } function checkAuth($pdo) { $stmtCheck = $pdo->query("SELECT COUNT(*) FROM users"); if ($stmtCheck->fetchColumn() == 0) return true; $token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); echo json_encode(["error" => "Accès interdit."]); exit; } } $action = $_GET['action'] ?? ''; $data = json_decode(file_get_contents('php://input'), true) ?? []; switch ($action) { case 'check_security_status': $stmt = $pdo->query("SELECT COUNT(*) FROM users"); echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]); break; case 'login': $stmt = $pdo->query("SELECT COUNT(*) FROM users"); if ($stmt->fetchColumn() == 0) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]); } else { $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'"); $stmt->execute(); $user = $stmt->fetch(); if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]); } else { http_response_code(401); echo json_encode(["error" => "Mot de passe incorrect."]); } } break; case 'setup_admin': case 'update_password': checkAuth($pdo); $pwd = $data['password'] ?? $data['new_password'] ?? ''; $stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)"); $stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]); echo json_encode(["success" => true]); break; case 'get_films': $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY id DESC")->fetchAll(); $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY id DESC")->fetchAll(); echo json_encode(array_merge($crit, $video)); break; case 'save_film': checkAuth($pdo); $type = $data['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; // CORRECTION : Protection avec `?? ''` sur les champs title et year $id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'] ?? '', $data['year'] ?? '0000'); if ($type === 'critique') { $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)"; $stmt = $pdo->prepare($sql); $stmt->execute([ $id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['rating'] ?? 3, $data['review'] ?? '', $data['streaming'] ?? '' ]); } else { $sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)"; $stmt = $pdo->prepare($sql); $stmt->execute([ $id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['format'] ?? '', $data['length'] ?? '', $data['publisher'] ?? '', $data['ean_isbn13'] ?? '', $data['number_of_discs'] ?? 1, $data['aspect_ratio'] ?? '', $data['description'] ?? '' ]); } echo json_encode(["success" => true]); break; case 'delete_film': checkAuth($pdo); $type = $_GET['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; $id = $_GET['id'] ?? null; if (!$id) { http_response_code(400); echo json_encode(["error" => "ID manquant."]); break; } $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); $stmt->execute([$id]); echo json_encode(["success" => true]); break; case 'bulk_delete': checkAuth($pdo); $ids = $data['ids'] ?? []; // CORRECTION : Protection sur type pour éviter un warning PHP $type = $data['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); $stmt->execute($ids); echo json_encode(["success" => true]); } else { echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]); } break; case 'import_csv': checkAuth($pdo); if (isset($_FILES['csv_file'])) { $file = $_FILES['csv_file']['tmp_name']; $type = $_POST['type'] ?? 'critique'; if (($handle = fopen($file, "r")) !== FALSE) { $header = fgetcsv($handle, 0, ","); while (($row = fgetcsv($handle, 0, ",")) !== FALSE) { $rowData = array_combine($header, $row); $id = !empty($rowData['id']) ? $rowData['id'] : makeStableId($rowData['title'] ?? '', $rowData['year'] ?? '0000'); if ($type === 'critique') { $stmt = $pdo->prepare("INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)"); $stmt->execute([$id, $rowData['title']??'', $rowData['year']??'', $rowData['director']??'', $rowData['poster']??'', $rowData['rating']??3, $rowData['review']??'', $rowData['streaming']??'']); } else { $stmt = $pdo->prepare("INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)"); $stmt->execute([$id, $rowData['title']??'', $rowData['year']??'', $rowData['director']??'', $rowData['poster']??'', $rowData['format']??'', $rowData['length']??'', $rowData['publisher']??'', $rowData['ean_isbn13']??'', $rowData['number_of_discs']??1, $rowData['aspect_ratio']??'', $rowData['description']??'']); } } fclose($handle); } echo json_encode(["success" => true]); } else { http_response_code(400); echo json_encode(["error" => "Aucun fichier reçu."]); } break; }