155 lines
8.1 KiB
PHP
155 lines
8.1 KiB
PHP
<?php
|
|
header("Content-Type: application/json; charset=UTF-8");
|
|
header("Access-Control-Allow-Origin: *");
|
|
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
|
|
header("Access-Control-Allow-Headers: Content-Type, Authorization");
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
|
http_response_code(200);
|
|
exit;
|
|
}
|
|
|
|
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
|
|
|
|
try {
|
|
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
|
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
|
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
|
|
]);
|
|
} catch (\PDOException $e) {
|
|
echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]);
|
|
exit;
|
|
}
|
|
|
|
function makeStableId($title, $year) {
|
|
$key = strtolower(trim($title)) . '|' . trim($year);
|
|
return (abs(crc32($key)) % 2000000000) + 100000000;
|
|
}
|
|
|
|
function checkAuth($pdo) {
|
|
$stmtCheck = $pdo->query("SELECT COUNT(*) FROM users");
|
|
if ($stmtCheck->fetchColumn() == 0) return true;
|
|
|
|
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
|
|
if ($token !== md5(ENCRYPTION_KEY . 'session')) {
|
|
http_response_code(403);
|
|
echo json_encode(["error" => "Accès interdit."]);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
$action = $_GET['action'] ?? '';
|
|
$data = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
|
|
switch ($action) {
|
|
case 'check_security_status':
|
|
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
|
|
echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]);
|
|
break;
|
|
|
|
case 'login':
|
|
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
|
|
if ($stmt->fetchColumn() == 0) {
|
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]);
|
|
} else {
|
|
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
|
|
$stmt->execute();
|
|
$user = $stmt->fetch();
|
|
if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) {
|
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode(["error" => "Mot de passe incorrect."]);
|
|
}
|
|
}
|
|
break;
|
|
|
|
case 'setup_admin':
|
|
case 'update_password':
|
|
checkAuth($pdo);
|
|
$pwd = $data['password'] ?? $data['new_password'] ?? '';
|
|
$stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)");
|
|
$stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]);
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'get_films':
|
|
$crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY created_at DESC")->fetchAll();
|
|
$video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY created_at DESC")->fetchAll();
|
|
echo json_encode(array_merge($crit, $video));
|
|
break;
|
|
|
|
case 'save_film':
|
|
checkAuth($pdo);
|
|
$type = $data['type'] ?? 'critique';
|
|
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
|
|
|
|
$id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'], $data['year'] ?? '0000');
|
|
|
|
// BUG CORRIGÉ : Utilisation de ON DUPLICATE KEY UPDATE pour ne pas écraser les colonnes comme 'created_at'
|
|
if ($type === 'critique') {
|
|
$sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
|
|
ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['rating'], $data['review'], $data['streaming']]);
|
|
} else {
|
|
$sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
|
ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['format'], $data['length'], $data['publisher'], $data['ean_isbn13'], $data['number_of_discs'], $data['aspect_ratio'], $data['description']]);
|
|
}
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'delete_film':
|
|
checkAuth($pdo);
|
|
$table = ($_GET['type'] === 'videotheque') ? 'videotheque' : 'critiques';
|
|
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
|
|
$stmt->execute([$_GET['id']]);
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'bulk_delete':
|
|
checkAuth($pdo);
|
|
$ids = $data['ids'] ?? [];
|
|
$table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques';
|
|
if (!empty($ids)) {
|
|
$placeholders = implode(',', array_fill(0, count($ids), '?'));
|
|
$stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)");
|
|
$stmt->execute($ids);
|
|
echo json_encode(["success" => true]);
|
|
}
|
|
break;
|
|
|
|
// BUG CORRIGÉ : Ajout de l'endpoint manquant pour l'import CSV
|
|
case 'import_csv':
|
|
checkAuth($pdo);
|
|
if (isset($_FILES['csv_file'])) {
|
|
$file = $_FILES['csv_file']['tmp_name'];
|
|
$type = $_POST['type'] ?? 'critique';
|
|
|
|
if (($handle = fopen($file, "r")) !== FALSE) {
|
|
$header = fgetcsv($handle, 0, ",");
|
|
while (($row = fgetcsv($handle, 0, ",")) !== FALSE) {
|
|
$rowData = array_combine($header, $row);
|
|
$id = !empty($rowData['id']) ? $rowData['id'] : makeStableId($rowData['title'] ?? '', $rowData['year'] ?? '0000');
|
|
|
|
if ($type === 'critique') {
|
|
$stmt = $pdo->prepare("INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)");
|
|
$stmt->execute([$id, $rowData['title']??'', $rowData['year']??'', $rowData['director']??'', $rowData['poster']??'', $rowData['rating']??3, $rowData['review']??'', $rowData['streaming']??'']);
|
|
} else {
|
|
$stmt = $pdo->prepare("INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)");
|
|
$stmt->execute([$id, $rowData['title']??'', $rowData['year']??'', $rowData['director']??'', $rowData['poster']??'', $rowData['format']??'', $rowData['length']??'', $rowData['publisher']??'', $rowData['ean_isbn13']??'', $rowData['number_of_discs']??1, $rowData['aspect_ratio']??'', $rowData['description']??'']);
|
|
}
|
|
}
|
|
fclose($handle);
|
|
}
|
|
echo json_encode(["success" => true]);
|
|
} else {
|
|
http_response_code(400);
|
|
echo json_encode(["error" => "Aucun fichier reçu."]);
|
|
}
|
|
break;
|
|
} |