146 lines
5.4 KiB
PHP
146 lines
5.4 KiB
PHP
<?php
|
|
header("Content-Type: application/json; charset=UTF-8");
|
|
header("Access-Control-Allow-Origin: *");
|
|
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
|
|
header("Access-Control-Allow-Headers: Content-Type, Authorization");
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit;
|
|
|
|
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
|
|
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
|
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
|
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
|
|
]);
|
|
|
|
function checkAuth($pdo) {
|
|
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
|
|
if ($stmt->fetchColumn() == 0) return;
|
|
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
|
|
if ($token !== md5(ENCRYPTION_KEY . 'session')) {
|
|
http_response_code(403);
|
|
echo json_encode(["error" => "Non autorisé"]);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
function saveFilm($pdo, $data, $isUpdate = false) {
|
|
$type = $data['type'] ?? 'critique';
|
|
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
|
|
|
|
$allowedFields = [
|
|
'title', 'year', 'director', 'poster',
|
|
'rating', 'review', 'streaming',
|
|
'format', 'length', 'publisher', 'aspect_ratio', 'ean_isbn13', 'number_of_discs', 'description'
|
|
];
|
|
|
|
$fields = [];
|
|
$values = [];
|
|
foreach ($allowedFields as $field) {
|
|
if (array_key_exists($field, $data)) {
|
|
$fields[] = $field;
|
|
$values[] = $data[$field];
|
|
}
|
|
}
|
|
|
|
if ($isUpdate && !empty($data['id'])) {
|
|
$setClause = implode('=?,', $fields) . '=?';
|
|
$values[] = $data['id'];
|
|
$stmt = $pdo->prepare("UPDATE $table SET $setClause WHERE id = ?");
|
|
$stmt->execute($values);
|
|
} else {
|
|
$placeholders = implode(',', array_fill(0, count($fields), '?'));
|
|
$columns = implode(',', $fields);
|
|
$stmt = $pdo->prepare("INSERT INTO $table ($columns) VALUES ($placeholders)");
|
|
$stmt->execute($values);
|
|
}
|
|
echo json_encode(["success" => true]);
|
|
}
|
|
|
|
$action = $_GET['action'] ?? '';
|
|
$data = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
|
|
switch ($action) {
|
|
case 'get_films':
|
|
$crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques")->fetchAll();
|
|
$video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque")->fetchAll();
|
|
echo json_encode(array_merge($crit, $video));
|
|
break;
|
|
|
|
case 'login':
|
|
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
|
|
if ($stmt->fetchColumn() == 0) {
|
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]);
|
|
} else {
|
|
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
|
|
$stmt->execute();
|
|
$user = $stmt->fetch();
|
|
if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) {
|
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode(["error" => "Erreur"]);
|
|
}
|
|
}
|
|
break;
|
|
|
|
case 'bulk_delete':
|
|
checkAuth($pdo);
|
|
$ids = $data['ids'] ?? [];
|
|
$type = $data['type'] ?? 'critique'; // BUG CORRIGÉ : Vérification de l'existence
|
|
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
|
|
if (!empty($ids)) {
|
|
$placeholders = implode(',', array_fill(0, count($ids), '?'));
|
|
$stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)");
|
|
$stmt->execute($ids);
|
|
echo json_encode(["success" => true]);
|
|
}
|
|
break;
|
|
|
|
case 'delete_film':
|
|
checkAuth($pdo);
|
|
$type = $_GET['type'] ?? 'critique'; // BUG CORRIGÉ : Vérification de l'existence
|
|
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
|
|
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
|
|
$stmt->execute([$_GET['id']]);
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'add_film':
|
|
checkAuth($pdo);
|
|
saveFilm($pdo, $data, false);
|
|
break;
|
|
|
|
case 'update_film':
|
|
checkAuth($pdo);
|
|
saveFilm($pdo, $data, true);
|
|
break;
|
|
|
|
case 'change_password':
|
|
checkAuth($pdo);
|
|
$pass = $data['password'] ?? '';
|
|
if ($pass) {
|
|
$hash = password_hash($pass, PASSWORD_DEFAULT);
|
|
$stmt = $pdo->prepare("UPDATE users SET password_hash = ? WHERE username = 'admin'");
|
|
$stmt->execute([$hash]);
|
|
}
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'import_csv':
|
|
checkAuth($pdo);
|
|
if (isset($_FILES['file'])) {
|
|
$file = $_FILES['file']['tmp_name'];
|
|
$type = $_POST['type'] ?? 'critique';
|
|
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
|
|
|
|
if (($handle = fopen($file, "r")) !== FALSE) {
|
|
$header = fgetcsv($handle, 0, ",");
|
|
while (($row = fgetcsv($handle, 0, ",")) !== FALSE) {
|
|
$rowData = array_combine($header, $row);
|
|
saveFilm($pdo, array_merge($rowData, ['type' => $type]), false);
|
|
}
|
|
fclose($handle);
|
|
}
|
|
echo json_encode(["success" => true]);
|
|
}
|
|
break;
|
|
} |