PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); $pdo->exec("CREATE TABLE IF NOT EXISTS users (id INT PRIMARY KEY, username VARCHAR(50) NOT NULL, password_hash VARCHAR(255) NOT NULL)"); $pdo->exec("CREATE TABLE IF NOT EXISTS config (key_name VARCHAR(50) PRIMARY KEY, key_value TEXT NOT NULL)"); $pdo->exec("CREATE TABLE IF NOT EXISTS critiques (id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, rating DECIMAL(3,1) DEFAULT 3.0, review TEXT, streaming VARCHAR(255))"); try { $pdo->exec("ALTER TABLE critiques MODIFY COLUMN rating DECIMAL(3,1) DEFAULT 3.0"); } catch (\Exception $e) {} $pdo->exec("CREATE TABLE IF NOT EXISTS videotheque (id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, format VARCHAR(50), length VARCHAR(50), publisher VARCHAR(255), ean_isbn13 VARCHAR(50), number_of_discs INT DEFAULT 1, aspect_ratio VARCHAR(50), description TEXT, actors TEXT)"); try { $pdo->exec("ALTER TABLE videotheque ADD COLUMN actors TEXT AFTER description"); } catch (\Exception $e) {} } catch (\PDOException $e) { echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); exit; } // ── FONCTIONS UTILITAIRES ── function makeStableId($type, $title, $year) { return (abs(crc32(strtolower(trim($type ?? '')) . '|' . strtolower(trim($title ?? '')) . '|' . trim($year ?? ''))) % 2000000000) + 100000000; } function checkAuth($pdo) { if ($pdo->query("SELECT COUNT(*) FROM users")->fetchColumn() == 0) return true; $token = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; if (empty($token) && function_exists('apache_request_headers')) { $headers = apache_request_headers(); $token = $headers['Authorization'] ?? $headers['authorization'] ?? ''; } if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); echo json_encode(["error" => "Accès interdit."]); exit; } } function encryptData($data) { $iv = openssl_random_pseudo_bytes(16); $key = hash('sha256', ENCRYPTION_KEY, true); return base64_encode(openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv) . '::' . $iv); } function decryptData($str) { $decoded = base64_decode($str); if ($decoded === false || strpos($decoded, '::') === false) return null; list($enc, $iv) = explode('::', $decoded, 2); return openssl_decrypt($enc, 'AES-256-CBC', hash('sha256', ENCRYPTION_KEY, true), OPENSSL_RAW_DATA, substr($iv, 0, 16)); } function getTmdbApiKey($pdo) { $stmt = $pdo->prepare("SELECT key_value FROM config WHERE key_name = 'tmdb_api_key'"); $stmt->execute(); $row = $stmt->fetch(); return $row ? decryptData($row['key_value']) : null; } function httpGet($url, $timeout = 5, $ua = null) { if (!$ua) $ua = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'; if (!function_exists('curl_init')) { $ctx = stream_context_create(['http' => ['timeout' => $timeout, 'user_agent' => $ua]]); $res = @file_get_contents($url, false, $ctx); return $res ?: null; } $ch = curl_init($url); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => $timeout, CURLOPT_CONNECTTIMEOUT => 3, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_USERAGENT => $ua, CURLOPT_FOLLOWLOCATION => true, CURLOPT_REFERER => 'https://www.cinemapassion.com/', CURLOPT_HTTPHEADER => ['Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language: fr-FR,fr;q=0.8'], ]); $res = curl_exec($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); return ($code === 200 && is_string($res) && strlen($res) > 0) ? $res : null; } function cleanTitle($title) { $clean = preg_replace('/\s*[\[\(].*?[\]\)]\s*/', '', $title); $clean = preg_replace('/\s*-\s*(Édition|Edition|Collector|Simple|Spéciale|Digibook|Ultimate|Intégrale|Combo|SteelBook|Boîtier).*$/i', '', $clean); $clean = preg_replace('/(blu-ray|bluray|dvd|4k|ultra hd|combo|vhs|bdrip).*$/i', '', $clean); return trim(preg_replace('/\s{2,}/', ' ', $clean)); } function detectFormat($title, $desc = '') { $t = strtoupper($title . ' ' . $desc); if (strpos($t, '4K') !== false || strpos($t, 'UHD') !== false) return '4K Ultra HD'; if (strpos($t, 'BLU-RAY') !== false || strpos($t, 'BLURAY') !== false) return 'Blu-ray'; if (strpos($t, 'DVD') !== false) return 'DVD'; if (strpos($t, 'VHS') !== false) return 'VHS'; if (strpos($t, 'COFFRET') !== false || strpos($t, 'TRILOGIE') !== false) return 'Coffret'; return 'Blu-ray'; } // ── FONCTION POUR RÉCUPÉRER LES AFFICHES DEPUIS TMDB ── function fetchPosterTMDB($title, $year = '', $pdo = null) { $defaultPoster = 'assets/img/default_physical_media.jpg'; $cleanTitle = cleanTitle($title); if (empty($cleanTitle)) { return ['poster' => $defaultPoster, 'title' => $cleanTitle, 'format' => 'Blu-ray']; } $tmdbKey = getTmdbApiKey($pdo); if (!$tmdbKey) { error_log("TMDB: ❌ Clé API non configurée"); return ['poster' => $defaultPoster, 'title' => $cleanTitle, 'format' => 'Blu-ray']; } // ÉTAPE 1 : Recherche du film $searchUrl = "https://api.themoviedb.org/3/search/movie?api_key={$tmdbKey}&query=" . urlencode($cleanTitle); if (!empty($year)) { $searchUrl .= "&year={$year}"; } $searchUrl .= "&language=fr-FR"; $searchRes = httpGet($searchUrl, 5); $searchData = $searchRes ? json_decode($searchRes, true) : []; // Si pas de résultat avec l'année, on réessaie sans if (empty($searchData['results']) && !empty($year)) { $searchUrl = "https://api.themoviedb.org/3/search/movie?api_key={$tmdbKey}&query=" . urlencode($cleanTitle) . "&language=fr-FR"; $searchRes = httpGet($searchUrl, 5); $searchData = $searchRes ? json_decode($searchRes, true) : []; } if (empty($searchData['results'])) { error_log("TMDB: ❌ Film non trouvé pour '{$cleanTitle}'"); return ['poster' => $defaultPoster, 'title' => $cleanTitle, 'format' => 'Blu-ray']; } // ÉTAPE 2 : Récupérer le poster du premier résultat $posterPath = $searchData['results'][0]['poster_path'] ?? ''; if (!empty($posterPath)) { $posterUrl = "https://image.tmdb.org/t/p/w500" . $posterPath; error_log("TMDB: ✅ Affiche trouvée pour '{$cleanTitle}' → {$posterUrl}"); return [ 'poster' => $posterUrl, 'title' => $cleanTitle, 'format' => 'Blu-ray' ]; } error_log("TMDB: ❌ Film trouvé mais pas d'affiche pour '{$cleanTitle}'"); return ['poster' => $defaultPoster, 'title' => $cleanTitle, 'format' => 'Blu-ray']; } // ── ROUTEUR PRINCIPAL ── $action = $_GET['action'] ?? ''; $data = json_decode(file_get_contents('php://input'), true) ?? []; switch ($action) { case 'check_security_status': echo json_encode(["is_blank" => ($pdo->query("SELECT COUNT(*) FROM users")->fetchColumn() == 0)]); break; case 'login': if ($pdo->query("SELECT COUNT(*) FROM users")->fetchColumn() == 0) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]); } else { $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'"); $stmt->execute(); $user = $stmt->fetch(); if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]); } else { http_response_code(401); echo json_encode(["error" => "Mot de passe incorrect."]); } } break; case 'setup_admin': case 'update_password': checkAuth($pdo); $pwd = $data['password'] ?? $data['new_password'] ?? ''; $stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)"); $stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]); echo json_encode(["success" => true]); break; case 'get_config_keys': checkAuth($pdo); $stmt = $pdo->prepare("SELECT key_name, key_value FROM config WHERE key_name IN ('tmdb_api_key', 'fanart_api_key')"); $stmt->execute(); $rows = $stmt->fetchAll(); $config = []; foreach ($rows as $row) { $config[$row['key_name']] = $row['key_value'] ? '••••••••' : ''; } if (!isset($config['tmdb_api_key'])) $config['tmdb_api_key'] = ''; if (!isset($config['fanart_api_key'])) $config['fanart_api_key'] = ''; echo json_encode($config); break; case 'save_config': checkAuth($pdo); $keyName = $data['key_name'] ?? ''; $keyValue = $data['key_value'] ?? ''; if (in_array($keyName, ['tmdb_api_key', 'fanart_api_key']) && !empty($keyValue)) { $stmt = $pdo->prepare("REPLACE INTO config (key_name, key_value) VALUES (?, ?)"); $stmt->execute([$keyName, encryptData($keyValue)]); echo json_encode(["success" => true]); } else { http_response_code(400); echo json_encode(["error" => "Données invalides."]); } break; case 'get_films': $sql = " SELECT id, title, year, director, poster, rating, review, NULL AS description, streaming, 'critique' AS type FROM critiques UNION ALL SELECT id, title, year, director, poster, NULL AS rating, NULL AS review, description, NULL AS streaming, 'videotheque' AS type FROM videotheque ORDER BY id DESC "; $result = $pdo->query($sql)->fetchAll(); foreach ($result as $row) { if ($row['rating'] !== null) { $ratingVal = (float)$row['rating']; $row['rating'] = ($ratingVal == floor($ratingVal)) ? (int)$ratingVal : $ratingVal; } } unset($row); echo json_encode($result); break; case 'save_film': checkAuth($pdo); $type = $data['type'] ?? 'critique'; $id = !empty($data['id']) ? $data['id'] : makeStableId($type, $data['title'] ?? '', $data['year'] ?? '0000'); if ($type === 'critique' && (empty($data['director']) || empty($data['poster']))) { $tmdbData = fetchTMDBFull($data['title'] ?? '', $data['year'] ?? '', getTmdbApiKey($pdo), $pdo); if ($tmdbData) { if (empty($data['director'])) $data['director'] = $tmdbData['director']; if (empty($data['poster'])) $data['poster'] = $tmdbData['poster']; } } if ($type === 'critique') { $streaming = $data['streaming'] ?? ''; if (empty($streaming)) $streaming = 'Support physique / Cinéma'; $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)"; $stmt = $pdo->prepare($sql); $stmt->execute([$id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['rating'] ?? 3.0, $data['review'] ?? '', $streaming]); } else { // ✅ NOUVEAU : Utiliser TMDB if (empty($data['poster']) && !empty($data['title'])) { $tmdbData = fetchPosterTMDB($data['title'], $data['year'] ?? '', $pdo); if (!empty($tmdbData['poster']) && $tmdbData['poster'] !== 'assets/img/default_physical_media.jpg') { $data['poster'] = $tmdbData['poster']; } } $sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description, actors) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=IF(VALUES(director)!='', VALUES(director), director), poster=IF(VALUES(poster)!='', VALUES(poster), poster), format=IF(VALUES(format)!='', VALUES(format), format), length=IF(VALUES(length)!='', VALUES(length), length), publisher=IF(VALUES(publisher)!='', VALUES(publisher), publisher), ean_isbn13=IF(VALUES(ean_isbn13)!='', VALUES(ean_isbn13), ean_isbn13), number_of_discs=IF(VALUES(number_of_discs)!=1, VALUES(number_of_discs), number_of_discs), aspect_ratio=IF(VALUES(aspect_ratio)!='', VALUES(aspect_ratio), aspect_ratio), description=IF(VALUES(description)!='', VALUES(description), description), actors=IF(VALUES(actors)!='', VALUES(actors), actors)"; $stmt = $pdo->prepare($sql); $stmt->execute([$id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['format'] ?? '', $data['length'] ?? '', $data['publisher'] ?? '', $data['ean_isbn13'] ?? '', $data['number_of_discs'] ?? 1, $data['aspect_ratio'] ?? '', $data['description'] ?? '', $data['actors'] ?? '']); } echo json_encode(["success" => true]); break; case 'delete_film': checkAuth($pdo); $type = $_GET['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; $id = $_GET['id'] ?? null; if (!$id) { http_response_code(400); echo json_encode(["error" => "ID manquant."]); break; } $stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); $stmt->execute([$id]); echo json_encode(["success" => true]); break; case 'bulk_delete': checkAuth($pdo); $ids = $data['ids'] ?? []; $type = $data['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); $stmt->execute($ids); echo json_encode(["success" => true]); } else { http_response_code(400); echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]); } break; case 'import_batch': checkAuth($pdo); $data = json_decode(file_get_contents("php://input"), true); $type = $data['type'] ?? 'critique'; $items = $data['items'] ?? []; $pdo->beginTransaction(); $imported = 0; try { if ($type === 'videotheque') { $stmtVideo = $pdo->prepare("INSERT INTO videotheque (id, title, year, format, poster, ean_isbn13, description, length, number_of_discs, aspect_ratio, actors, publisher, director) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE ean_isbn13 = VALUES(ean_isbn13), poster = VALUES(poster), description = VALUES(description), format = VALUES(format), length = VALUES(length), number_of_discs = VALUES(number_of_discs), aspect_ratio = VALUES(aspect_ratio), actors = VALUES(actors), publisher = VALUES(publisher), director = VALUES(director)"); foreach ($items as $item) { $title = $item['title'] ?? ''; if (empty($title)) continue; $year = $item['year'] ?? ''; $ean = $item['ean'] ?? ''; $desc = $item['description'] ?? ''; $length = $item['length'] ?? ''; $discs = $item['number_of_discs'] ?? 1; $aspect = $item['aspect_ratio'] ?? ''; $actors = $item['actors'] ?? ''; $publisher = $item['publisher'] ?? ''; $director = $item['director'] ?? ''; $id = makeStableId('videotheque', $title, $year); $tmdbData = fetchPosterTMDB($title, $year, $pdo); $poster = $tmdbData['poster']; $format = detectFormat($title, $desc); $stmtVideo->execute([ $id, $title, $year, $format, $poster, $ean, $desc, $length, $discs, $aspect, $actors, $publisher, $director ]); $imported++; } } else { $stmtCritiques = $pdo->prepare("INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)"); $tmdbApiKey = getTmdbApiKey($pdo); foreach ($items as $rowData) { $title = $rowData['Title'] ?? $rowData['title'] ?? ''; if (empty($title)) continue; $year = $rowData['Year'] ?? $rowData['year'] ?? ''; $id = makeStableId('critique', $title, $year); $ratingRaw = $rowData['Rating'] ?? $rowData['rating'] ?? ''; $rating = ($ratingRaw !== '' && $ratingRaw !== null) ? (float)$ratingRaw : null; $review = $rowData['Review'] ?? $rowData['review'] ?? ''; $director = ''; $poster = ''; $streaming = ''; if ($tmdbApiKey && !empty($title)) { $tmdbData = fetchTMDBFull($title, $year, $tmdbApiKey, $pdo); if ($tmdbData) { $director = $tmdbData['director']; $poster = $tmdbData['poster']; $streaming = $tmdbData['streaming']; if (empty($year)) $year = $tmdbData['year']; if (!empty($tmdbData['title'])) $title = $tmdbData['title']; } } if (empty($streaming)) $streaming = 'Support physique / Cinéma'; $stmtCritiques->execute([$id, $title, $year, $director, $poster, $rating, $review, $streaming]); $imported++; } } $pdo->commit(); echo json_encode(["success" => true, "imported" => $imported]); } catch (Exception $e) { $pdo->rollBack(); error_log("import_batch error: " . $e->getMessage()); http_response_code(500); echo json_encode(["success" => false, "error" => $e->getMessage()]); } break; } ?>