PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8mb4 COLLATE utf8mb4_unicode_ci" ]); } catch (\PDOException $e) { echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); exit; } function encryptData($data) { $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); $encrypted = openssl_encrypt($data, 'aes-256-cbc', ENCRYPTION_KEY, 0, $iv); return base64_encode($encrypted . '::' . $iv); } function decryptData($data) { if (!$data) return ''; $decoded = base64_decode($data); if (strpos($decoded, '::') === false) return ''; list($encrypted_data, $iv) = explode('::', $decoded, 2); return openssl_decrypt($encrypted_data, 'aes-256-cbc', ENCRYPTION_KEY, 0, $iv); } function makeStableId($title, $year) { $key = strtolower(trim($title)) . '|' . trim($year); return (abs(crc32($key)) % 2000000000) + 100000000; } function makeNewIdSafe() { return (abs(crc32(uniqid('', true))) % 2000000000) + 100000000; } function convertRating($rawRating) { return max(1, min(5, (int)round(floatval($rawRating)))); } function checkAuth($pdo) { $stmtCheck = $pdo->query("SELECT COUNT(*) as total FROM users"); if ($stmtCheck->fetch()['total'] == 0) return true; $token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; if (empty($token) && function_exists('apache_request_headers')) { $headers = apache_request_headers(); $token = $headers['Authorization'] ?? ''; } if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); echo json_encode(["error" => "Accès interdit."]); exit; } } $method = $_SERVER['REQUEST_METHOD']; $action = $_GET['action'] ?? ''; switch ($method) { case 'GET': if ($action === 'get_films') { $critiques = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY created_at DESC")->fetchAll(); $videotheque = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY created_at DESC")->fetchAll(); echo json_encode(array_merge($critiques, $videotheque), JSON_UNESCAPED_UNICODE); } elseif ($action === 'check_security_status') { $stmt = $pdo->query("SELECT COUNT(*) as total FROM users"); echo json_encode(["is_blank" => ($stmt->fetch()['total'] == 0)]); } break; case 'POST': $data = json_decode(file_get_contents('php://input'), true) ?? []; if ($action === 'login') { $stmt = $pdo->query("SELECT COUNT(*) as total FROM users"); if ($stmt->fetch()['total'] == 0) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]); } else { $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'"); $stmt->execute(); $user = $stmt->fetch(); if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]); } else { http_response_code(401); echo json_encode(["error" => "Mot de passe incorrect."]); } } } elseif ($action === 'setup_admin' || $action === 'update_password') { checkAuth($pdo); $pwd = $data['password'] ?? $data['new_password'] ?? ''; $stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)"); $stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]); echo json_encode(["success" => true]); } break; }