mon-petit-cinema/admin/login.html

<!DOCTYPE html>
<html lang="fr">
<head>
    <meta charset="UTF-8">
    <title>Connexion | Administration</title>
    <link rel="stylesheet" href="../css/admin.css">
    <style>
        body { background-color: #0a0a0a; display: flex; align-items: center; justify-content: center; min-height: 100vh; padding: 20px; }
    </style>
</head>
<body>

<div class="login-wrap">
    <h2>Mon <span>Cinéma</span></h2>

    <div id="login-form-block">
        <input type="password" id="login-pwd" placeholder="Mot de passe" onkeydown="if(event.key==='Enter') doLogin()">
        <button class="btn btn-gold" onclick="doLogin()">Se connecter</button>
    </div>

    <div id="blank-setup-block" style="display:none;">
        <p style="color: #aaaab8; margin-bottom: 1.5rem; font-size: 0.9rem;">
            Système initialisé. Cliquez pour définir votre accès.
        </p>
        <button class="btn btn-gold" onclick="doLoginBlank()">Initialiser le compte</button>
    </div>
</div>

<script>
    const API_URL = '../api.php';

        document.addEventListener('DOMContentLoaded', async () => {
            const formBlock  = document.getElementById('login-form-block');
            const blankBlock = document.getElementById('blank-setup-block');

            try {
                const res = await fetch(`${API_URL}?action=check_security_status`);
                const data = await res.json();
                
                if (data.is_blank === true) {
                    formBlock.style.display  = 'none';
                    blankBlock.style.display = 'block';
                } else {
                    formBlock.style.display  = 'block';
                    blankBlock.style.display = 'none';
                }
            } catch(e) {
                console.error("Erreur API :", e);
                alert("Erreur de connexion au serveur.");
            }
        });

        async function doLoginBlank() { await performLogin(""); }
        async function doLogin() { 
            const pwd = document.getElementById('login-pwd').value; 
            await performLogin(pwd); 
        }

        async function performLogin(pwd) {
            try {
                const res = await fetch(`${API_URL}?action=login`, {
                    method: 'POST',
                    headers: { 'Content-Type': 'application/json' },
                    body: JSON.stringify({ password: pwd })
                });
                const data = await res.json();
                if (data.success) {
                    localStorage.setItem('token', data.token);
                    if (data.blank === true) {
                        const newPwd = prompt("Définissez votre mot de passe (min 4 caractères) :");
                        if (newPwd && newPwd.length >= 4) {
                            await fetch(`${API_URL}?action=setup_admin`, {
                                method: 'POST',
                                headers: { 'Content-Type': 'application/json', 'Authorization': data.token },
                                body: JSON.stringify({ password: newPwd })
                            });
                        }
                    }
                    window.location.href = 'dashboard.html';
                } else {
                    alert("Erreur : " + (data.error || "Mot de passe incorrect"));
                }
            } catch(e) {
                alert("Erreur technique : " + e.message);
            }
        }
    </script>
</body>
</html>