Cedric/mon-petit-cinema
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9eed8a2305751ef65416a5c9c27871d6ff87cc35
mon-petit-cinema/api.php
T
Cedric f6affaf42b Actualiser api.php
2026-06-18 12:52:14 +02:00

73 lines
2.8 KiB
PHP
Raw Blame History

<?php
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit;
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
]);
function checkAuth($pdo) {
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
if ($stmt->fetchColumn() == 0) return;
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if ($token !== md5(ENCRYPTION_KEY . 'session')) {
http_response_code(403);
echo json_encode(["error" => "Non autorisé"]);
exit;
}
}
$action = $_GET['action'] ?? '';
$data = json_decode(file_get_contents('php://input'), true) ?? [];
switch ($action) {
case 'get_films':
$crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques")->fetchAll();
$video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque")->fetchAll();
echo json_encode(array_merge($crit, $video));
break;
case 'login':
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
if ($stmt->fetchColumn() == 0) {
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]);
} else {
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
$stmt->execute();
$user = $stmt->fetch();
if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) {
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
} else {
http_response_code(401);
echo json_encode(["error" => "Erreur"]);
}
}
break;
case 'bulk_delete':
checkAuth($pdo);
$ids = $data['ids'] ?? [];
$table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques';
if (!empty($ids)) {
$placeholders = implode(',', array_fill(0, count($ids), '?'));
$stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)");
$stmt->execute($ids);
echo json_encode(["success" => true]);
}
break;
case 'delete_film':
checkAuth($pdo);
$table = ($_GET['type'] === 'videotheque') ? 'videotheque' : 'critiques';
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
$stmt->execute([$_GET['id']]);
echo json_encode(["success" => true]);
break;
}
Reference in New Issue View Git Blame Copy Permalink