367 lines
19 KiB
PHP
367 lines
19 KiB
PHP
<?php
|
|
header("Content-Type: application/json; charset=UTF-8");
|
|
header("Access-Control-Allow-Origin: *");
|
|
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
|
|
header("Access-Control-Allow-Headers: Content-Type, Authorization");
|
|
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
|
|
header("Pragma: no-cache");
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
|
http_response_code(200);
|
|
exit;
|
|
}
|
|
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
|
|
try {
|
|
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
|
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
|
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
|
|
]);
|
|
|
|
// Création des tables (rating changé en DECIMAL(3,1) pour accepter les notes Letterboxd comme 2.5, 3.5)
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS users (
|
|
id INT PRIMARY KEY, username VARCHAR(50) NOT NULL, password_hash VARCHAR(255) NOT NULL
|
|
)");
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS config (
|
|
key_name VARCHAR(50) PRIMARY KEY, key_value TEXT NOT NULL
|
|
)");
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS critiques (
|
|
id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255),
|
|
poster TEXT, rating DECIMAL(3,1) DEFAULT 3.0, review TEXT, streaming VARCHAR(255)
|
|
)");
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS videotheque (
|
|
id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255),
|
|
poster TEXT, format VARCHAR(50), length VARCHAR(50), publisher VARCHAR(255), ean_isbn13 VARCHAR(50),
|
|
number_of_discs INT DEFAULT 1, aspect_ratio VARCHAR(50), description TEXT
|
|
)");
|
|
} catch (\PDOException $e) {
|
|
echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]);
|
|
exit;
|
|
}
|
|
|
|
function makeStableId($title, $year) {
|
|
$key = strtolower(trim($title ?? '')) . '|' . trim($year ?? '');
|
|
return (abs(crc32($key)) % 2000000000) + 100000000;
|
|
}
|
|
|
|
function checkAuth($pdo) {
|
|
$stmtCheck = $pdo->query("SELECT COUNT(*) FROM users");
|
|
if ($stmtCheck->fetchColumn() == 0) return true;
|
|
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
|
|
if (empty($token) && function_exists('apache_request_headers')) {
|
|
$headers = apache_request_headers();
|
|
$token = $headers['Authorization'] ?? $headers['authorization'] ?? '';
|
|
}
|
|
if ($token !== md5(ENCRYPTION_KEY . 'session')) {
|
|
http_response_code(403);
|
|
echo json_encode(["error" => "Accès interdit."]);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
function encryptData($data) {
|
|
$iv = openssl_random_pseudo_bytes(16);
|
|
$key = hash('sha256', ENCRYPTION_KEY, true);
|
|
$encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
|
|
return base64_encode($encrypted . '::' . $iv);
|
|
}
|
|
|
|
function decryptData($encryptedStr) {
|
|
$decoded = base64_decode($encryptedStr);
|
|
if (strpos($decoded, '::') !== false) {
|
|
list($encData, $iv) = explode('::', $decoded, 2);
|
|
} else {
|
|
return null;
|
|
}
|
|
$key = hash('sha256', ENCRYPTION_KEY, true);
|
|
$iv = substr($iv, 0, 16);
|
|
return openssl_decrypt($encData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
|
|
}
|
|
|
|
function getTmdbApiKey($pdo) {
|
|
$stmt = $pdo->prepare("SELECT key_value FROM config WHERE key_name = 'tmdb_api_key'");
|
|
$stmt->execute();
|
|
$row = $stmt->fetch();
|
|
if (!$row) return null;
|
|
return decryptData($row['key_value']);
|
|
}
|
|
|
|
function fetchTmdbData($title, $year, $apiKey) {
|
|
if (empty($apiKey) || empty($title)) return null;
|
|
$searchUrl = "https://api.themoviedb.org/3/search/movie?api_key={$apiKey}&query=" . urlencode($title) . "&year={$year}&language=fr-FR";
|
|
$searchRes = @file_get_contents($searchUrl);
|
|
if (!$searchRes && function_exists('curl_init')) {
|
|
$ch = curl_init($searchUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $searchRes = curl_exec($ch); curl_close($ch);
|
|
}
|
|
if (!$searchRes) return null;
|
|
$searchData = json_decode($searchRes, true);
|
|
if (empty($searchData['results'])) return null;
|
|
|
|
$movie = $searchData['results'][0];
|
|
$movieId = $movie['id'];
|
|
$poster = !empty($movie['poster_path']) ? "https://image.tmdb.org/t/p/w500" . $movie['poster_path'] : '';
|
|
|
|
// Récupération Réalisateur
|
|
$creditsUrl = "https://api.themoviedb.org/3/movie/{$movieId}/credits?api_key={$apiKey}&language=fr-FR";
|
|
$creditsRes = @file_get_contents($creditsUrl);
|
|
if (!$creditsRes && function_exists('curl_init')) {
|
|
$ch = curl_init($creditsUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $creditsRes = curl_exec($ch); curl_close($ch);
|
|
}
|
|
$director = '';
|
|
if ($creditsRes) {
|
|
$creditsData = json_decode($creditsRes, true);
|
|
if (!empty($creditsData['crew'])) {
|
|
foreach ($creditsData['crew'] as $crew) {
|
|
if ($crew['job'] === 'Director' || $crew['job'] === 'Directing') { $director = $crew['name']; break; }
|
|
}
|
|
}
|
|
}
|
|
|
|
// 🎬 Récupération Streaming (France)
|
|
$streaming = '';
|
|
$watchUrl = "https://api.themoviedb.org/3/movie/{$movieId}/watch/providers?api_key={$apiKey}";
|
|
$watchRes = @file_get_contents($watchUrl);
|
|
if (!$watchRes && function_exists('curl_init')) {
|
|
$ch = curl_init($watchUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $watchRes = curl_exec($ch); curl_close($ch);
|
|
}
|
|
if ($watchRes) {
|
|
$watchData = json_decode($watchRes, true);
|
|
$frProviders = $watchData['results']['FR'] ?? [];
|
|
$platforms = [];
|
|
if (!empty($frProviders['flatrate'])) { foreach ($frProviders['flatrate'] as $p) $platforms[] = $p['provider_name']; }
|
|
if (empty($platforms)) {
|
|
if (!empty($frProviders['rent'])) { foreach ($frProviders['rent'] as $p) $platforms[] = $p['provider_name'] . ' (loc.)'; }
|
|
if (!empty($frProviders['buy'])) { foreach ($frProviders['buy'] as $p) $platforms[] = $p['provider_name'] . ' (achat)'; }
|
|
}
|
|
if (!empty($platforms)) $streaming = implode(', ', array_unique($platforms));
|
|
}
|
|
|
|
return ['director' => $director, 'poster' => $poster, 'streaming' => $streaming];
|
|
}
|
|
|
|
// ── ROUTEUR PRINCIPAL ──
|
|
$action = $_GET['action'] ?? '';
|
|
$data = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
switch ($action) {
|
|
case 'check_security_status':
|
|
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
|
|
echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]);
|
|
break;
|
|
|
|
case 'login':
|
|
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
|
|
if ($stmt->fetchColumn() == 0) {
|
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]);
|
|
} else {
|
|
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
|
|
$stmt->execute();
|
|
$user = $stmt->fetch();
|
|
if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) {
|
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode(["error" => "Mot de passe incorrect."]);
|
|
}
|
|
}
|
|
break;
|
|
|
|
case 'setup_admin':
|
|
case 'update_password':
|
|
checkAuth($pdo);
|
|
$pwd = $data['password'] ?? $data['new_password'] ?? '';
|
|
$stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)");
|
|
$stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]);
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'save_config':
|
|
checkAuth($pdo);
|
|
$keyName = $data['key_name'] ?? '';
|
|
$keyValue = $data['key_value'] ?? '';
|
|
if ($keyName === 'tmdb_api_key' && !empty($keyValue)) {
|
|
$encryptedValue = encryptData($keyValue);
|
|
$stmt = $pdo->prepare("REPLACE INTO config (key_name, key_value) VALUES (?, ?)");
|
|
$stmt->execute([$keyName, $encryptedValue]);
|
|
echo json_encode(["success" => true]);
|
|
} else {
|
|
http_response_code(400);
|
|
echo json_encode(["error" => "Données invalides."]);
|
|
}
|
|
break;
|
|
|
|
case 'get_films':
|
|
$crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY id DESC")->fetchAll();
|
|
$video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY id DESC")->fetchAll();
|
|
echo json_encode(array_merge($crit, $video));
|
|
break;
|
|
|
|
case 'save_film':
|
|
checkAuth($pdo);
|
|
$type = $data['type'] ?? 'critique';
|
|
$id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'] ?? '', $data['year'] ?? '0000');
|
|
|
|
if (empty($data['director']) || empty($data['poster']) || empty($data['streaming'])) {
|
|
$apiKey = getTmdbApiKey($pdo);
|
|
$tmdbData = fetchTmdbData($data['title'] ?? '', $data['year'] ?? '', $apiKey);
|
|
if ($tmdbData) {
|
|
if (empty($data['director'])) $data['director'] = $tmdbData['director'];
|
|
if (empty($data['poster'])) $data['poster'] = $tmdbData['poster'];
|
|
if (empty($data['streaming'])) {
|
|
$data['streaming'] = !empty($tmdbData['streaming'])
|
|
? $tmdbData['streaming']
|
|
: 'Disponible en support physique ou Cinéma';
|
|
}
|
|
} elseif (empty($data['streaming'])) {
|
|
$data['streaming'] = 'Disponible en support physique ou Cinéma';
|
|
}
|
|
}
|
|
|
|
if ($type === 'critique') {
|
|
$sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
|
|
ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([
|
|
$id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '',
|
|
$data['poster'] ?? '', $data['rating'] ?? 3.0, $data['review'] ?? '', $data['streaming'] ?? ''
|
|
]);
|
|
} else {
|
|
$sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
|
ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([
|
|
$id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '',
|
|
$data['poster'] ?? '', $data['format'] ?? '', $data['length'] ?? '',
|
|
$data['publisher'] ?? '', $data['ean_isbn13'] ?? '', $data['number_of_discs'] ?? 1,
|
|
$data['aspect_ratio'] ?? '', $data['description'] ?? ''
|
|
]);
|
|
}
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'delete_film':
|
|
checkAuth($pdo);
|
|
$type = $_GET['type'] ?? 'critique';
|
|
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
|
|
$id = $_GET['id'] ?? null;
|
|
if (!$id) { http_response_code(400); echo json_encode(["error" => "ID manquant."]); break; }
|
|
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'bulk_delete':
|
|
checkAuth($pdo);
|
|
$ids = $data['ids'] ?? [];
|
|
$type = $data['type'] ?? 'critique';
|
|
$table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
|
|
if (!empty($ids)) {
|
|
$placeholders = implode(',', array_fill(0, count($ids), '?'));
|
|
$stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)");
|
|
$stmt->execute($ids);
|
|
echo json_encode(["success" => true]);
|
|
} else {
|
|
http_response_code(400);
|
|
echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]);
|
|
}
|
|
break;
|
|
|
|
case 'import_csv':
|
|
checkAuth($pdo);
|
|
if (isset($_FILES['csv_file'])) {
|
|
$file = $_FILES['csv_file']['tmp_name'];
|
|
$type = $_POST['type'] ?? 'critique';
|
|
$tmdbApiKey = getTmdbApiKey($pdo);
|
|
|
|
try {
|
|
if (($handle = fopen($file, "r")) !== FALSE) {
|
|
$header = fgetcsv($handle, 0, ",");
|
|
if (!$header) throw new Exception("Impossible de lire l'en-tête du CSV.");
|
|
|
|
// 🧹 Nettoyage du BOM UTF-8 (très fréquent sur les exports Letterboxd/Excel)
|
|
$header[0] = str_replace("\xEF\xBB\xBF", '', $header[0]);
|
|
$header = array_map('trim', $header);
|
|
|
|
$imported = 0;
|
|
while (($row = fgetcsv($handle, 0, ",")) !== FALSE) {
|
|
if (count($row) !== count($header)) continue; // Ignore les lignes vides ou mal formées
|
|
|
|
$rowData = array_combine($header, $row);
|
|
$title = $rowData['Name'] ?? $rowData['title'] ?? 'Sans titre';
|
|
$year = $rowData['Year'] ?? $rowData['year'] ?? '0000';
|
|
$director = $rowData['Director'] ?? $rowData['director'] ?? '';
|
|
$poster = $rowData['Poster'] ?? $rowData['poster'] ?? $rowData['image'] ?? '';
|
|
|
|
// 🔍 RÉCUPÉRATION AUTO TMDB (toujours appelé pour récupérer le streaming)
|
|
$tmdbData = fetchTmdbData($title, $year, $tmdbApiKey);
|
|
if ($tmdbData) {
|
|
if (empty($director)) $director = $tmdbData['director'];
|
|
if (empty($poster)) $poster = $tmdbData['poster'];
|
|
}
|
|
|
|
$id = makeStableId($title, $year);
|
|
|
|
if ($type === 'critique') {
|
|
// 🌟 Conservation de la précision Letterboxd (2.5, 3.5, etc.)
|
|
$rating = isset($rowData['Rating']) && $rowData['Rating'] !== '' ? (float)$rowData['Rating'] : 3.0;
|
|
$review = $rowData['Review'] ?? $rowData['review'] ?? '';
|
|
$csvStreaming = $rowData['Streaming'] ?? $rowData['streaming'] ?? '';
|
|
|
|
// Si le CSV ne fournit pas l'info, on utilise celle de TMDB ou le message par défaut
|
|
if (!empty($csvStreaming)) {
|
|
$streaming = $csvStreaming;
|
|
} elseif (!empty($tmdbData['streaming'])) {
|
|
$streaming = $tmdbData['streaming'];
|
|
} else {
|
|
$streaming = 'Disponible en support physique ou Cinéma';
|
|
}
|
|
|
|
$sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
|
|
ON DUPLICATE KEY UPDATE
|
|
rating = VALUES(rating),
|
|
review = IF(VALUES(review) != '', VALUES(review), review),
|
|
director = IF(VALUES(director) != '', VALUES(director), director),
|
|
poster = IF(VALUES(poster) != '', VALUES(poster), poster),
|
|
streaming = IF(VALUES(streaming) != '', VALUES(streaming), streaming)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$id, $title, $year, $director, $poster, $rating, $review, $streaming]);
|
|
} else {
|
|
$format = $rowData['format'] ?? $rowData['Format'] ?? '';
|
|
$length = $rowData['length'] ?? $rowData['Length'] ?? '';
|
|
$publisher = $rowData['publisher'] ?? $rowData['Publisher'] ?? '';
|
|
$ean = $rowData['ean_isbn13'] ?? $rowData['EAN'] ?? '';
|
|
$discs = $rowData['number_of_discs'] ?? 1;
|
|
$aspect = $rowData['aspect_ratio'] ?? '';
|
|
$desc = $rowData['description'] ?? $rowData['Description'] ?? '';
|
|
$sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
|
ON DUPLICATE KEY UPDATE
|
|
director = IF(VALUES(director) != '', VALUES(director), director),
|
|
poster = IF(VALUES(poster) != '', VALUES(poster), poster),
|
|
format = IF(VALUES(format) != '', VALUES(format), format),
|
|
length = IF(VALUES(length) != '', VALUES(length), length),
|
|
publisher = IF(VALUES(publisher) != '', VALUES(publisher), publisher),
|
|
ean_isbn13 = IF(VALUES(ean_isbn13) != '', VALUES(ean_isbn13), ean_isbn13),
|
|
number_of_discs = IF(VALUES(number_of_discs) != 1, VALUES(number_of_discs), number_of_discs),
|
|
aspect_ratio = IF(VALUES(aspect_ratio) != '', VALUES(aspect_ratio), aspect_ratio),
|
|
description = IF(VALUES(description) != '', VALUES(description), description)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$id, $title, $year, $director, $poster, $format, $length, $publisher, $ean, $discs, $aspect, $desc]);
|
|
}
|
|
$imported++;
|
|
}
|
|
fclose($handle);
|
|
echo json_encode(["success" => true, "imported" => $imported]);
|
|
} else {
|
|
throw new Exception("Impossible d'ouvrir le fichier.");
|
|
}
|
|
} catch (Exception $e) {
|
|
http_response_code(500);
|
|
echo json_encode(["error" => "Erreur lors de l'import : " . $e->getMessage()]);
|
|
}
|
|
} else {
|
|
http_response_code(400);
|
|
echo json_encode(["error" => "Aucun fichier reçu."]);
|
|
}
|
|
break;
|
|
} |