PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); // Création des tables (rating changé en DECIMAL(3,1) pour accepter les notes Letterboxd comme 2.5, 3.5) $pdo->exec("CREATE TABLE IF NOT EXISTS users ( id INT PRIMARY KEY, username VARCHAR(50) NOT NULL, password_hash VARCHAR(255) NOT NULL )"); $pdo->exec("CREATE TABLE IF NOT EXISTS config ( key_name VARCHAR(50) PRIMARY KEY, key_value TEXT NOT NULL )"); $pdo->exec("CREATE TABLE IF NOT EXISTS critiques ( id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, rating DECIMAL(3,1) DEFAULT 3.0, review TEXT, streaming VARCHAR(255) )"); $pdo->exec("CREATE TABLE IF NOT EXISTS videotheque ( id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, format VARCHAR(50), length VARCHAR(50), publisher VARCHAR(255), ean_isbn13 VARCHAR(50), number_of_discs INT DEFAULT 1, aspect_ratio VARCHAR(50), description TEXT )"); } catch (\PDOException $e) { echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); exit; } function makeStableId($title, $year) { $key = strtolower(trim($title ?? '')) . '|' . trim($year ?? ''); return (abs(crc32($key)) % 2000000000) + 100000000; } function checkAuth($pdo) { $stmtCheck = $pdo->query("SELECT COUNT(*) FROM users"); if ($stmtCheck->fetchColumn() == 0) return true; $token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; if (empty($token) && function_exists('apache_request_headers')) { $headers = apache_request_headers(); $token = $headers['Authorization'] ?? $headers['authorization'] ?? ''; } if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); echo json_encode(["error" => "Accès interdit."]); exit; } } function encryptData($data) { $iv = openssl_random_pseudo_bytes(16); $key = hash('sha256', ENCRYPTION_KEY, true); $encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv); return base64_encode($encrypted . '::' . $iv); } function decryptData($encryptedStr) { $decoded = base64_decode($encryptedStr); if (strpos($decoded, '::') !== false) { list($encData, $iv) = explode('::', $decoded, 2); } else { return null; } $key = hash('sha256', ENCRYPTION_KEY, true); $iv = substr($iv, 0, 16); return openssl_decrypt($encData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv); } function getTmdbApiKey($pdo) { $stmt = $pdo->prepare("SELECT key_value FROM config WHERE key_name = 'tmdb_api_key'"); $stmt->execute(); $row = $stmt->fetch(); if (!$row) return null; return decryptData($row['key_value']); } function fetchTmdbData($title, $year, $apiKey) { if (empty($apiKey) || empty($title)) return null; $searchUrl = "https://api.themoviedb.org/3/search/movie?api_key={$apiKey}&query=" . urlencode($title) . "&year={$year}&language=fr-FR"; $searchRes = @file_get_contents($searchUrl); if (!$searchRes && function_exists('curl_init')) { $ch = curl_init($searchUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $searchRes = curl_exec($ch); curl_close($ch); } if (!$searchRes) return null; $searchData = json_decode($searchRes, true); if (empty($searchData['results'])) return null; $movie = $searchData['results'][0]; $movieId = $movie['id']; $poster = !empty($movie['poster_path']) ? "https://image.tmdb.org/t/p/w500" . $movie['poster_path'] : ''; $creditsUrl = "https://api.themoviedb.org/3/movie/{$movieId}/credits?api_key={$apiKey}&language=fr-FR"; $creditsRes = @file_get_contents($creditsUrl); if (!$creditsRes && function_exists('curl_init')) { $ch = curl_init($creditsUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $creditsRes = curl_exec($ch); curl_close($ch); } $director = ''; if ($creditsRes) { $creditsData = json_decode($creditsRes, true); if (!empty($creditsData['crew'])) { foreach ($creditsData['crew'] as $crew) { if ($crew['job'] === 'Director' || $crew['job'] === 'Directing') { $director = $crew['name']; break; } } } } // 🎬 NOUVEAU : Récupération des plateformes de streaming (France) $streaming = ''; $watchUrl = "https://api.themoviedb.org/3/movie/{$movieId}/watch/providers?api_key={$apiKey}"; $watchRes = @file_get_contents($watchUrl); if (!$watchRes && function_exists('curl_init')) { $ch = curl_init($watchUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $watchRes = curl_exec($ch); curl_close($ch); } if ($watchRes) { $watchData = json_decode($watchRes, true); $frProviders = $watchData['results']['FR'] ?? []; $platforms = []; // On récupère les plateformes d'abonnement (flatrate) en priorité if (!empty($frProviders['flatrate'])) { foreach ($frProviders['flatrate'] as $p) { $platforms[] = $p['provider_name']; } } // Puis location (rent) et achat (buy) si pas de flatrate if (empty($platforms)) { if (!empty($frProviders['rent'])) { foreach ($frProviders['rent'] as $p) { $platforms[] = $p['provider_name'] . ' (location)'; } } if (!empty($frProviders['buy'])) { foreach ($frProviders['buy'] as $p) { $platforms[] = $p['provider_name'] . ' (achat)'; } } } if (!empty($platforms)) { $streaming = implode(', ', array_unique($platforms)); } } return ['director' => $director, 'poster' => $poster, 'streaming' => $streaming]; } // ── ROUTEUR PRINCIPAL ── $action = $_GET['action'] ?? ''; $data = json_decode(file_get_contents('php://input'), true) ?? []; switch ($action) { case 'check_security_status': $stmt = $pdo->query("SELECT COUNT(*) FROM users"); echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]); break; case 'login': $stmt = $pdo->query("SELECT COUNT(*) FROM users"); if ($stmt->fetchColumn() == 0) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]); } else { $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'"); $stmt->execute(); $user = $stmt->fetch(); if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]); } else { http_response_code(401); echo json_encode(["error" => "Mot de passe incorrect."]); } } break; case 'setup_admin': case 'update_password': checkAuth($pdo); $pwd = $data['password'] ?? $data['new_password'] ?? ''; $stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)"); $stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]); echo json_encode(["success" => true]); break; case 'save_config': checkAuth($pdo); $keyName = $data['key_name'] ?? ''; $keyValue = $data['key_value'] ?? ''; if ($keyName === 'tmdb_api_key' && !empty($keyValue)) { $encryptedValue = encryptData($keyValue); $stmt = $pdo->prepare("REPLACE INTO config (key_name, key_value) VALUES (?, ?)"); $stmt->execute([$keyName, $encryptedValue]); echo json_encode(["success" => true]); } else { http_response_code(400); echo json_encode(["error" => "Données invalides."]); } break; case 'get_films': $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY id DESC")->fetchAll(); $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY id DESC")->fetchAll(); echo json_encode(array_merge($crit, $video)); break; case 'save_film': checkAuth($pdo); $type = $data['type'] ?? 'critique'; $id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'] ?? '', $data['year'] ?? '0000'); if (empty($data['director']) || empty($data['poster'])) { $apiKey = getTmdbApiKey($pdo); $tmdbData = fetchTmdbData($data['title'] ?? '', $data['year'] ?? '', $apiKey); if ($tmdbData) { if (empty($data['director'])) $data['director'] = $tmdbData['director']; if (empty($data['poster'])) $data['poster'] = $tmdbData['poster']; } } if ($type === 'critique') { $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)"; $stmt = $pdo->prepare($sql); $stmt->execute([ $id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['rating'] ?? 3.0, $data['review'] ?? '', $data['streaming'] ?? '' ]); } else { $sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)"; $stmt = $pdo->prepare($sql); $stmt->execute([ $id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['format'] ?? '', $data['length'] ?? '', $data['publisher'] ?? '', $data['ean_isbn13'] ?? '', $data['number_of_discs'] ?? 1, $data['aspect_ratio'] ?? '', $data['description'] ?? '' ]); } echo json_encode(["success" => true]); break; case 'delete_film': checkAuth($pdo); $type = $_GET['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; $id = $_GET['id'] ?? null; if (!$id) { http_response_code(400); echo json_encode(["error" => "ID manquant."]); break; } $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); $stmt->execute([$id]); echo json_encode(["success" => true]); break; case 'bulk_delete': checkAuth($pdo); $ids = $data['ids'] ?? []; $type = $data['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); $stmt->execute($ids); echo json_encode(["success" => true]); } else { http_response_code(400); echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]); } break; case 'import_csv': checkAuth($pdo); if (isset($_FILES['csv_file'])) { $file = $_FILES['csv_file']['tmp_name']; $type = $_POST['type'] ?? 'critique'; $tmdbApiKey = getTmdbApiKey($pdo); try { if (($handle = fopen($file, "r")) !== FALSE) { $header = fgetcsv($handle, 0, ","); if (!$header) throw new Exception("Impossible de lire l'en-tête du CSV."); // 🧹 Nettoyage du BOM UTF-8 (très fréquent sur les exports Letterboxd/Excel) $header[0] = str_replace("\xEF\xBB\xBF", '', $header[0]); $header = array_map('trim', $header); $imported = 0; while (($row = fgetcsv($handle, 0, ",")) !== FALSE) { if (count($row) !== count($header)) continue; // Ignore les lignes vides ou mal formées $rowData = array_combine($header, $row); $title = $rowData['Name'] ?? $rowData['title'] ?? 'Sans titre'; $year = $rowData['Year'] ?? $rowData['year'] ?? '0000'; $director = $rowData['Director'] ?? $rowData['director'] ?? ''; $poster = $rowData['Poster'] ?? $rowData['poster'] ?? $rowData['image'] ?? ''; if (empty($director) || empty($poster)) { $tmdbData = fetchTmdbData($title, $year, $tmdbApiKey); if ($tmdbData) { if (empty($director)) $director = $tmdbData['director']; if (empty($poster)) $poster = $tmdbData['poster']; } } $id = makeStableId($title, $year); if ($type === 'critique') { // 🌟 Conservation de la précision Letterboxd (2.5, 3.5, etc.) $rating = isset($rowData['Rating']) && $rowData['Rating'] !== '' ? (float)$rowData['Rating'] : 3.0; $review = $rowData['Review'] ?? $rowData['review'] ?? ''; $streaming = $rowData['Streaming'] ?? $rowData['streaming'] ?? 'Disponible en support physique ou Cinéma'; $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE rating = VALUES(rating), review = IF(VALUES(review) != '', VALUES(review), review), director = IF(VALUES(director) != '', VALUES(director), director), poster = IF(VALUES(poster) != '', VALUES(poster), poster), streaming = IF(VALUES(streaming) != '', VALUES(streaming), streaming)"; $stmt = $pdo->prepare($sql); $stmt->execute([$id, $title, $year, $director, $poster, $rating, $review, $streaming]); } else { $format = $rowData['format'] ?? $rowData['Format'] ?? ''; $length = $rowData['length'] ?? $rowData['Length'] ?? ''; $publisher = $rowData['publisher'] ?? $rowData['Publisher'] ?? ''; $ean = $rowData['ean_isbn13'] ?? $rowData['EAN'] ?? ''; $discs = $rowData['number_of_discs'] ?? 1; $aspect = $rowData['aspect_ratio'] ?? ''; $desc = $rowData['description'] ?? $rowData['Description'] ?? ''; $sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE director = IF(VALUES(director) != '', VALUES(director), director), poster = IF(VALUES(poster) != '', VALUES(poster), poster), format = IF(VALUES(format) != '', VALUES(format), format), length = IF(VALUES(length) != '', VALUES(length), length), publisher = IF(VALUES(publisher) != '', VALUES(publisher), publisher), ean_isbn13 = IF(VALUES(ean_isbn13) != '', VALUES(ean_isbn13), ean_isbn13), number_of_discs = IF(VALUES(number_of_discs) != 1, VALUES(number_of_discs), number_of_discs), aspect_ratio = IF(VALUES(aspect_ratio) != '', VALUES(aspect_ratio), aspect_ratio), description = IF(VALUES(description) != '', VALUES(description), description)"; $stmt = $pdo->prepare($sql); $stmt->execute([$id, $title, $year, $director, $poster, $format, $length, $publisher, $ean, $discs, $aspect, $desc]); } $imported++; } fclose($handle); echo json_encode(["success" => true, "imported" => $imported]); } else { throw new Exception("Impossible d'ouvrir le fichier."); } } catch (Exception $e) { http_response_code(500); echo json_encode(["error" => "Erreur lors de l'import : " . $e->getMessage()]); } } else { http_response_code(400); echo json_encode(["error" => "Aucun fichier reçu."]); } break; }