PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); function checkAuth($pdo) { $stmt = $pdo->query("SELECT COUNT(*) FROM users"); if ($stmt->fetchColumn() == 0) return; $token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); echo json_encode(["error" => "Non autorisé"]); exit; } } $action = $_GET['action'] ?? ''; $data = json_decode(file_get_contents('php://input'), true) ?? []; switch ($action) { case 'get_films': $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques")->fetchAll(); $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque")->fetchAll(); echo json_encode(array_merge($crit, $video)); break; case 'login': $stmt = $pdo->query("SELECT COUNT(*) FROM users"); if ($stmt->fetchColumn() == 0) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]); } else { $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'"); $stmt->execute(); $user = $stmt->fetch(); if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]); } else { http_response_code(401); echo json_encode(["error" => "Erreur"]); } } break; case 'bulk_delete': checkAuth($pdo); $ids = $data['ids'] ?? []; $table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques'; if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); $stmt->execute($ids); echo json_encode(["success" => true]); } break; case 'delete_film': checkAuth($pdo); $table = ($_GET['type'] === 'videotheque') ? 'videotheque' : 'critiques'; $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); $stmt->execute([$_GET['id']]); echo json_encode(["success" => true]); break; }