PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } catch (\PDOException $e) { echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); exit; } function makeStableId($title, $year) { $key = strtolower(trim($title)) . '|' . trim($year); return (abs(crc32($key)) % 2000000000) + 100000000; } function checkAuth($pdo) { $stmtCheck = $pdo->query("SELECT COUNT(*) FROM users"); if ($stmtCheck->fetchColumn() == 0) return true; // Laisse passer si aucun admin n'est défini $token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); echo json_encode(["error" => "Accès interdit."]); exit; } } $action = $_GET['action'] ?? ''; $data = json_decode(file_get_contents('php://input'), true) ?? []; switch ($action) { case 'check_security_status': $stmt = $pdo->query("SELECT COUNT(*) FROM users"); echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]); break; case 'login': $stmt = $pdo->query("SELECT COUNT(*) FROM users"); if ($stmt->fetchColumn() == 0) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]); } else { $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'"); $stmt->execute(); $user = $stmt->fetch(); if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]); } else { http_response_code(401); echo json_encode(["error" => "Mot de passe incorrect."]); } } break; case 'setup_admin': case 'update_password': checkAuth($pdo); $pwd = $data['password'] ?? $data['new_password'] ?? ''; $stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)"); $stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]); echo json_encode(["success" => true]); break; case 'get_films': $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY created_at DESC")->fetchAll(); $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY created_at DESC")->fetchAll(); echo json_encode(array_merge($crit, $video)); break; case 'save_film': checkAuth($pdo); $type = $data['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; $id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'], $data['year'] ?? '0000'); if ($type === 'critique') { $stmt = $pdo->prepare("REPLACE INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['rating'], $data['review'], $data['streaming']]); } else { $stmt = $pdo->prepare("REPLACE INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['format'], $data['length'], $data['publisher'], $data['ean_isbn13'], $data['number_of_discs'], $data['aspect_ratio'], $data['description']]); } echo json_encode(["success" => true]); break; case 'delete_film': checkAuth($pdo); $table = ($_GET['type'] === 'videotheque') ? 'videotheque' : 'critiques'; $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); $stmt->execute([$_GET['id']]); echo json_encode(["success" => true]); break; case 'bulk_delete': checkAuth($pdo); $ids = $data['ids'] ?? []; $table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques'; if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); $stmt->execute($ids); echo json_encode(["success" => true]); } break; }