diff --git a/api.php b/api.php index e350efa..bdfa5fd 100644 --- a/api.php +++ b/api.php @@ -4,11 +4,10 @@ header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS"); header("Access-Control-Allow-Headers: Content-Type, Authorization"); header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); - if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit; } define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!'); -define('CACHE_TTL', 604800); // 7 jours +define('CACHE_TTL', 604800); try { $pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [ @@ -22,14 +21,9 @@ try { $pdo->exec("CREATE TABLE IF NOT EXISTS cache_api (cache_key VARCHAR(120) PRIMARY KEY, data TEXT NOT NULL, source VARCHAR(20) NOT NULL, created_at INT NOT NULL)"); } catch (\PDOException $e) { echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); exit; } -// ── FONCTIONS UTILITAIRES ── function makeStableId($type, $title, $year) { - // 🔥 CORRECTION CRITIQUE : On ajoute le $type dans le sel du hash. - // Ainsi, "Matrix" en critique et "Matrix" en vidéothèque auront des ID totalement différents. - $base = strtolower(trim($type ?? '')) . '|' . strtolower(trim($title ?? '')) . '|' . trim($year ?? ''); - return (abs(crc32($base)) % 2000000000) + 100000000; + return (abs(crc32(strtolower(trim($type ?? '')) . '|' . strtolower(trim($title ?? '')) . '|' . trim($year ?? ''))) % 2000000000) + 100000000; } - function checkAuth($pdo) { if ($pdo->query("SELECT COUNT(*) FROM users")->fetchColumn() == 0) return true; $token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; @@ -39,27 +33,23 @@ function checkAuth($pdo) { } if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); echo json_encode(["error" => "Accès interdit."]); exit; } } - function encryptData($data) { $iv = openssl_random_pseudo_bytes(16); $key = hash('sha256', ENCRYPTION_KEY, true); return base64_encode(openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv) . '::' . $iv); } - +function decryptData($str) { + $decoded = base64_decode($str); + if (strpos($decoded, '::') === false) return null; + list($enc, $iv) = explode('::', $decoded, 2); + return openssl_decrypt($enc, 'AES-256-CBC', hash('sha256', ENCRYPTION_KEY, true), OPENSSL_RAW_DATA, substr($iv, 0, 16)); +} function getTmdbApiKey($pdo) { $stmt = $pdo->prepare("SELECT key_value FROM config WHERE key_name = 'tmdb_api_key'"); $stmt->execute(); $row = $stmt->fetch(); - return $row ? json_decode(decryptData($row['key_value']), true) : null; // Supposé que c'est stocké en JSON ou brut + return $row ? decryptData($row['key_value']) : null; } - -function decryptData($str) { - $decoded = base64_decode($str); - if (strpos($decoded, '::') === false) return $str; // Fallback - list($enc, $iv) = explode('::', $decoded, 2); - return openssl_decrypt($enc, 'AES-256-CBC', hash('sha256', ENCRYPTION_KEY, true), OPENSSL_RAW_DATA, substr($iv, 0, 16)); -} - function httpGet($url, $timeout = 5) { if (!function_exists('curl_init')) { $ctx = stream_context_create(['http' => ['timeout' => $timeout, 'user_agent' => 'MonCinema/5.0']]); @@ -71,7 +61,6 @@ function httpGet($url, $timeout = 5) { curl_close($ch); return $res ?: null; } - function getCache($pdo, $key) { try { $stmt = $pdo->prepare("SELECT data FROM cache_api WHERE cache_key = ? AND created_at > ?"); @@ -80,21 +69,18 @@ function getCache($pdo, $key) { return $row ? json_decode($row['data'], true) : null; } catch (\Exception $e) { return null; } } - function setCache($pdo, $key, $data, $source) { try { $stmt = $pdo->prepare("REPLACE INTO cache_api (cache_key, data, source, created_at) VALUES (?, ?, ?, ?)"); $stmt->execute([$key, json_encode($data), $source, time()]); - } catch (\Exception $e) { /* ignore */ } + } catch (\Exception $e) { } } - function cleanTitle($title) { $clean = preg_replace('/\s*[\[\(].*?[\]\)]\s*/', '', $title); $clean = preg_replace('/\s*-\s*(Édition|Edition|Collector|Simple|Spéciale|Digibook|Ultimate|Intégrale|Combo|SteelBook|Boîtier).*$/i', '', $clean); $clean = preg_replace('/(blu-ray|bluray|dvd|4k|ultra hd|combo|vhs|bdrip).*$/i', '', $clean); return trim(preg_replace('/\s{2,}/', ' ', $clean)); } - function detectFormat($title, $desc = '') { $t = strtoupper($title . ' ' . $desc); if (strpos($t, '4K') !== false || strpos($t, 'UHD') !== false) return '4K Ultra HD'; @@ -102,68 +88,45 @@ function detectFormat($title, $desc = '') { if (strpos($t, 'DVD') !== false) return 'DVD'; if (strpos($t, 'VHS') !== false) return 'VHS'; if (strpos($t, 'COFFRET') !== false || strpos($t, 'TRILOGIE') !== false) return 'Coffret'; - return 'Support Physique'; + return 'Blu-ray'; } - function extractYear($dateStr) { if (preg_match('/(\d{4})/', $dateStr, $m)) return $m[1]; return ''; } - function fetchTMDBFull($title, $year, $apiKey, $pdo) { if (empty($apiKey) || empty($title)) return null; $cleanTitle = cleanTitle($title); $cacheKey = 'tmdb_full_' . md5(strtolower($cleanTitle) . '|' . $year); $cached = getCache($pdo, $cacheKey); if ($cached) return $cached; - $searchUrl = "https://api.themoviedb.org/3/search/movie?api_key={$apiKey}&query=" . urlencode($cleanTitle) . "&year={$year}&language=fr-FR"; $searchRes = httpGet($searchUrl, 5); if (!$searchRes) return null; $searchData = json_decode($searchRes, true); - if (empty($searchData['results'])) { $searchUrl2 = "https://api.themoviedb.org/3/search/movie?api_key={$apiKey}&query=" . urlencode($cleanTitle) . "&language=fr-FR"; $searchRes2 = httpGet($searchUrl2, 5); - if ($searchRes2) { - $searchData2 = json_decode($searchRes2, true); - if (!empty($searchData2['results'])) $searchData = $searchData2; - } + if ($searchRes2) { $searchData2 = json_decode($searchRes2, true); if (!empty($searchData2['results'])) $searchData = $searchData2; } } if (empty($searchData['results'])) return null; $movieId = $searchData['results'][0]['id']; - $detailsUrl = "https://api.themoviedb.org/3/movie/{$movieId}?api_key={$apiKey}&append_to_response=credits,watch/providers&language=fr-FR"; $detailsRes = httpGet($detailsUrl, 5); if (!$detailsRes) return null; $details = json_decode($detailsRes, true); - $director = ''; - if (!empty($details['credits']['crew'])) { - foreach ($details['credits']['crew'] as $crew) { - if ($crew['job'] === 'Director') { $director = $crew['name']; break; } - } - } - + if (!empty($details['credits']['crew'])) { foreach ($details['credits']['crew'] as $crew) { if ($crew['job'] === 'Director') { $director = $crew['name']; break; } } } $streaming = ''; $frProviders = $details['watch/providers']['results']['FR'] ?? []; $platforms = []; if (!empty($frProviders['flatrate'])) { foreach ($frProviders['flatrate'] as $p) $platforms[] = $p['provider_name']; } if (!empty($platforms)) $streaming = implode(', ', array_unique($platforms)); - - $result = [ - 'title' => $details['title'] ?? '', - 'year' => !empty($details['release_date']) ? substr($details['release_date'], 0, 4) : '', - 'director' => $director, - 'poster' => !empty($details['poster_path']) ? "https://image.tmdb.org/t/p/w500" . $details['poster_path'] : '', - 'length' => !empty($details['runtime']) ? $details['runtime'] . ' min' : '', - 'streaming' => $streaming - ]; + $result = ['title' => $details['title'] ?? '', 'year' => !empty($details['release_date']) ? substr($details['release_date'], 0, 4) : '', 'director' => $director, 'poster' => !empty($details['poster_path']) ? "https://image.tmdb.org/t/p/w500" . $details['poster_path'] : '', 'length' => !empty($details['runtime']) ? $details['runtime'] . ' min' : '', 'streaming' => $streaming]; setCache($pdo, $cacheKey, $result, 'tmdb'); return $result; } -// ── ROUTEUR PRINCIPAL ── $action = $_GET['action'] ?? ''; $data = json_decode(file_get_contents('php://input'), true) ?? []; @@ -171,7 +134,6 @@ switch ($action) { case 'check_security_status': echo json_encode(["is_blank" => ($pdo->query("SELECT COUNT(*) FROM users")->fetchColumn() == 0)]); break; - case 'login': if ($pdo->query("SELECT COUNT(*) FROM users")->fetchColumn() == 0) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]); @@ -183,7 +145,6 @@ switch ($action) { } else { http_response_code(401); echo json_encode(["error" => "Mot de passe incorrect."]); } } break; - case 'setup_admin': case 'update_password': checkAuth($pdo); $pwd = $data['password'] ?? $data['new_password'] ?? ''; @@ -191,20 +152,12 @@ switch ($action) { $stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]); echo json_encode(["success" => true]); break; - case 'get_config_keys': checkAuth($pdo); - $keys = ['tmdb_api_key']; - $result = []; - foreach ($keys as $k) { - $stmt = $pdo->prepare("SELECT key_value FROM config WHERE key_name = ?"); - $stmt->execute([$k]); - $row = $stmt->fetch(); - $result[$k] = $row ? '••••••••' : ''; - } - echo json_encode($result); + $stmt = $pdo->prepare("SELECT key_value FROM config WHERE key_name = 'tmdb_api_key'"); + $stmt->execute(); $row = $stmt->fetch(); + echo json_encode(['tmdb_api_key' => $row ? '••••••••' : '']); break; - case 'save_config': checkAuth($pdo); $keyName = $data['key_name'] ?? ''; @@ -213,22 +166,17 @@ switch ($action) { $stmt = $pdo->prepare("REPLACE INTO config (key_name, key_value) VALUES (?, ?)"); $stmt->execute([$keyName, encryptData($keyValue)]); echo json_encode(["success" => true]); - } else { - http_response_code(400); echo json_encode(["error" => "Données invalides."]); - } + } else { http_response_code(400); echo json_encode(["error" => "Données invalides."]); } break; - case 'get_films': $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY id DESC")->fetchAll(); $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY id DESC")->fetchAll(); echo json_encode(array_merge($crit, $video)); break; - case 'save_film': checkAuth($pdo); $type = $data['type'] ?? 'critique'; $id = !empty($data['id']) ? $data['id'] : makeStableId($type, $data['title'] ?? '', $data['year'] ?? '0000'); - if ($type === 'critique') { $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)"; $stmt = $pdo->prepare($sql); @@ -240,7 +188,6 @@ switch ($action) { } echo json_encode(["success" => true]); break; - case 'delete_film': checkAuth($pdo); $type = $_GET['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; @@ -249,61 +196,46 @@ switch ($action) { $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); $stmt->execute([$id]); echo json_encode(["success" => true]); break; - case 'bulk_delete': checkAuth($pdo); $ids = $data['ids'] ?? []; $type = $data['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); $stmt->execute($ids); echo json_encode(["success" => true]); } else { http_response_code(400); echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]); } break; - case 'import_batch': checkAuth($pdo); $items = $data['items'] ?? []; - $type = $data['type'] ?? 'videotheque'; // 🔥 Strictement défini par le frontend + $type = $data['type'] ?? 'videotheque'; $tmdbApiKey = getTmdbApiKey($pdo); $imported = 0; - $pdo->beginTransaction(); - foreach ($items as $row) { - $title = $row['title'] ?? $row['Name'] ?? 'Sans titre'; - $year = extractYear($row['publish_date'] ?? $row['Year'] ?? $row['year'] ?? ''); - $id = makeStableId($type, $title, $year); // 🔥 ID isolé par type - + foreach ($items as $rowData) { + $title = $rowData['title'] ?? $rowData['Name'] ?? $rowData['Title'] ?? 'Sans titre'; + $publishDate = $rowData['publish_date'] ?? $rowData['Year'] ?? $rowData['year'] ?? $rowData['Date'] ?? ''; + $year = extractYear($publishDate); + $id = makeStableId($type, $title, $year); + if ($type === 'critique') { - $rating = isset($row['Rating']) && $row['Rating'] !== '' ? (float)$row['Rating'] : (isset($row['rating']) ? (float)$row['rating'] : 3.0); - $review = $row['Review'] ?? $row['review'] ?? ''; - $streaming = $row['Streaming'] ?? $row['streaming'] ?? ''; - - if ($tmdbApiKey && empty($row['director'])) { - $tmdb = fetchTMDBFull($title, $year, $tmdbApiKey, $pdo); - if ($tmdb) { - if (empty($row['director'])) $row['director'] = $tmdb['director']; - if (empty($row['poster'])) $row['poster'] = $tmdb['poster']; - } + $rating = isset($rowData['Rating']) && $rowData['Rating'] !== '' ? (float)$rowData['Rating'] : (isset($rowData['rating']) ? (float)$rowData['rating'] : 3.0); + $review = $rowData['Review'] ?? $rowData['review'] ?? ''; + $director = ''; $poster = ''; + if ($tmdbApiKey && !empty($title)) { + $tmdbData = fetchTMDBFull($title, $year, $tmdbApiKey, $pdo); + if ($tmdbData) { $director = $tmdbData['director']; $poster = $tmdbData['poster']; if(empty($year)) $year = $tmdbData['year']; } } - - $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE rating=VALUES(rating), review=IF(VALUES(review)!='',VALUES(review),review), director=IF(VALUES(director)!='',VALUES(director),director), poster=IF(VALUES(poster)!='',VALUES(poster),poster), streaming=IF(VALUES(streaming)!='',VALUES(streaming),streaming)"; + $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE rating=VALUES(rating), review=IF(VALUES(review)!='',VALUES(review),review), director=IF(VALUES(director)!='',VALUES(director),director), poster=IF(VALUES(poster)!='',VALUES(poster),poster)"; $stmt = $pdo->prepare($sql); - $stmt->execute([$id, $title, $year, $row['director'] ?? '', $row['poster'] ?? '', $rating, $review, $streaming]); + $stmt->execute([$id, $title, $year, $director, $poster, $rating, $review, '']); } else { - // Vidéothèque - $firstName = $row['first_name'] ?? ''; - $lastName = $row['last_name'] ?? ''; - $creators = $row['creators'] ?? ''; + $firstName = $rowData['first_name'] ?? ''; $lastName = $rowData['last_name'] ?? ''; $creators = $rowData['creators'] ?? ''; $director = !empty($firstName) && !empty($lastName) ? trim("$firstName $lastName") : $creators; - - $ean = $row['ean_isbn13'] ?? $row['EAN'] ?? ''; - $publisher = $row['publisher'] ?? ''; - $length = $row['length'] ?? ''; - $discs = $row['number_of_discs'] ?? 1; - $aspect = $row['aspect_ratio'] ?? ''; - $desc = $row['description'] ?? ''; + $ean = $rowData['ean_isbn13'] ?? $rowData['EAN'] ?? ''; + $publisher = $rowData['publisher'] ?? ''; $length = $rowData['length'] ?? ''; $discs = $rowData['number_of_discs'] ?? 1; + $aspect = $rowData['aspect_ratio'] ?? ''; $desc = $rowData['description'] ?? ''; $format = detectFormat($title, $desc); - - $sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE director=IF(VALUES(director)!='',VALUES(director),director), poster=IF(VALUES(poster)!='',VALUES(poster),poster), format=IF(VALUES(format)!='',VALUES(format),format), length=IF(VALUES(length)!='',VALUES(length),length), publisher=IF(VALUES(publisher)!='',VALUES(publisher),publisher), ean_isbn13=IF(VALUES(ean_isbn13)!='',VALUES(ean_isbn13),ean_isbn13), number_of_discs=IF(VALUES(number_of_discs)!=1,VALUES(number_of_discs),number_of_discs), aspect_ratio=IF(VALUES(aspect_ratio)!='',VALUES(aspect_ratio),aspect_ratio), description=IF(VALUES(description)!='',VALUES(description),description)"; + $sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE director=IF(VALUES(director)!='',VALUES(director),director), format=IF(VALUES(format)!='',VALUES(format),format), length=IF(VALUES(length)!='',VALUES(length),length), publisher=IF(VALUES(publisher)!='',VALUES(publisher),publisher), ean_isbn13=IF(VALUES(ean_isbn13)!='',VALUES(ean_isbn13),ean_isbn13), number_of_discs=IF(VALUES(number_of_discs)!=1,VALUES(number_of_discs),number_of_discs), aspect_ratio=IF(VALUES(aspect_ratio)!='',VALUES(aspect_ratio),aspect_ratio), description=IF(VALUES(description)!='',VALUES(description),description)"; $stmt = $pdo->prepare($sql); - $stmt->execute([$id, $title, $year, $director, $row['poster'] ?? '', $format, $length, $publisher, $ean, $discs, $aspect, $desc]); + $stmt->execute([$id, $title, $year, $director, '', $format, $length, $publisher, $ean, $discs, $aspect, $desc]); } $imported++; }