Files
mon-petit-cinema/api.php
T
2026-06-21 15:38:16 +02:00

411 lines
21 KiB
PHP

<?php
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Pragma: no-cache");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit; }
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
define('TMDB_CACHE_TTL', 86400); // 24h de cache
try {
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
]);
$pdo->exec("CREATE TABLE IF NOT EXISTS users (id INT PRIMARY KEY, username VARCHAR(50) NOT NULL, password_hash VARCHAR(255) NOT NULL)");
$pdo->exec("CREATE TABLE IF NOT EXISTS config (key_name VARCHAR(50) PRIMARY KEY, key_value TEXT NOT NULL)");
$pdo->exec("CREATE TABLE IF NOT EXISTS critiques (id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, rating DECIMAL(3,1) DEFAULT 3.0, review TEXT, streaming VARCHAR(255))");
$pdo->exec("ALTER TABLE critiques MODIFY COLUMN rating DECIMAL(3,1) DEFAULT 3.0;");
$pdo->exec("CREATE TABLE IF NOT EXISTS videotheque (id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, format VARCHAR(50), length VARCHAR(50), publisher VARCHAR(255), ean_isbn13 VARCHAR(50), number_of_discs INT DEFAULT 1, aspect_ratio VARCHAR(50), description TEXT)");
// 🆕 Table de cache pour les images (évite les appels répétés)
$pdo->exec("CREATE TABLE IF NOT EXISTS cache_images (
cache_key VARCHAR(120) PRIMARY KEY,
image_url TEXT,
source VARCHAR(20),
created_at INT NOT NULL
)");
} catch (\PDOException $e) { echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); exit; }
function makeStableId($title, $year) {
$key = strtolower(trim($title ?? '')) . '|' . trim($year ?? '');
return (abs(crc32($key)) % 2000000000) + 100000000;
}
function checkAuth($pdo) {
$stmtCheck = $pdo->query("SELECT COUNT(*) FROM users");
if ($stmtCheck->fetchColumn() == 0) return true;
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (empty($token) && function_exists('apache_request_headers')) {
$headers = apache_request_headers();
$token = $headers['Authorization'] ?? $headers['authorization'] ?? '';
}
if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); echo json_encode(["error" => "Accès interdit."]); exit; }
}
function encryptData($data) {
$iv = openssl_random_pseudo_bytes(16);
$key = hash('sha256', ENCRYPTION_KEY, true);
$encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
return base64_encode($encrypted . '::' . $iv);
}
function decryptData($encryptedStr) {
$decoded = base64_decode($encryptedStr);
if (strpos($decoded, '::') !== false) { list($encData, $iv) = explode('::', $decoded, 2); } else { return null; }
$key = hash('sha256', ENCRYPTION_KEY, true);
$iv = substr($iv, 0, 16);
return openssl_decrypt($encData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
}
function getTmdbApiKey($pdo) {
$stmt = $pdo->prepare("SELECT key_value FROM config WHERE key_name = 'tmdb_api_key'");
$stmt->execute();
$row = $stmt->fetch();
if (!$row) return null;
return decryptData($row['key_value']);
}
// ─ HTTP unifié ──
function httpGet($url, $timeout = 8) {
if (function_exists('curl_init')) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'MonCinema/2.0');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$res = curl_exec($ch);
curl_close($ch);
return $res ?: null;
}
$ctx = stream_context_create(['http' => ['timeout' => $timeout, 'user_agent' => 'MonCinema/2.0']]);
return @file_get_contents($url, false, $ctx);
}
// ── 🎬 RÉCUPÉRATION IMAGE VIA EAN (Open Library API) ─
function fetchImageByEAN($ean, $pdo = null) {
if (empty($ean) || strlen($ean) < 10) return null;
// Vérifier le cache
if ($pdo) {
try {
$stmt = $pdo->prepare("SELECT image_url FROM cache_images WHERE cache_key = ? AND source = 'ean' AND created_at > ?");
$stmt->execute(['ean_' . $ean, time() - TMDB_CACHE_TTL]);
$row = $stmt->fetch();
if ($row && !empty($row['image_url'])) return $row['image_url'];
} catch (\Exception $e) { /* ignore */ }
}
// Open Library API (gratuit, sans clé, spécialisé dans les livres/DVD)
$url = "https://openlibrary.org/api/books?bibkeys=ISBN:{$ean}&jscmd=data&format=json";
$res = httpGet($url, 6);
if ($res) {
$data = json_decode($res, true);
$key = "ISBN:{$ean}";
if (isset($data[$key])) {
$cover = $data[$key]['cover'] ?? [];
$imageUrl = $cover['large'] ?? $cover['medium'] ?? $cover['small'] ?? null;
// Sauvegarder dans le cache
if ($imageUrl && $pdo) {
try {
$stmt = $pdo->prepare("REPLACE INTO cache_images (cache_key, image_url, source, created_at) VALUES (?, ?, 'ean', ?)");
$stmt->execute(['ean_' . $ean, $imageUrl, time()]);
} catch (\Exception $e) { /* ignore */ }
}
return $imageUrl;
}
}
// Fallback : Google Books API
$url = "https://www.googleapis.com/books/v1/volumes?q=isbn:{$ean}&maxResults=1";
$res = httpGet($url, 6);
if ($res) {
$data = json_decode($res, true);
if (!empty($data['items'][0]['volumeInfo']['imageLinks']['thumbnail'])) {
$imageUrl = str_replace('http:', 'https:', $data['items'][0]['volumeInfo']['imageLinks']['thumbnail']);
if ($pdo) {
try {
$stmt = $pdo->prepare("REPLACE INTO cache_images (cache_key, image_url, source, created_at) VALUES (?, ?, 'google', ?)");
$stmt->execute(['ean_' . $ean, $imageUrl, time()]);
} catch (\Exception $e) { /* ignore */ }
}
return $imageUrl;
}
}
return null;
}
// ── RÉCUPÉRATION TMDB (avec cache) ──
function fetchTmdbData($title, $year, $apiKey, $pdo = null) {
if (empty($apiKey) || empty($title)) return null;
$cleanTitle = preg_replace('/\s*\[.*?\]\s*/', '', $title);
$cleanTitle = trim($cleanTitle);
$cacheKey = md5(strtolower($cleanTitle) . '|' . $year);
// Vérifier le cache
if ($pdo) {
try {
$stmt = $pdo->prepare("SELECT image_url FROM cache_images WHERE cache_key = ? AND source = 'tmdb' AND created_at > ?");
$stmt->execute(['tmdb_' . $cacheKey, time() - TMDB_CACHE_TTL]);
$row = $stmt->fetch();
if ($row && !empty($row['image_url'])) {
// Récupérer aussi le directeur et streaming depuis le cache JSON
$stmt2 = $pdo->prepare("SELECT image_url FROM cache_images WHERE cache_key = ?");
$stmt2->execute(['tmdb_full_' . $cacheKey]);
$row2 = $stmt2->fetch();
if ($row2) return json_decode($row2['image_url'], true);
}
} catch (\Exception $e) { /* ignore */ }
}
$searchUrl = "https://api.themoviedb.org/3/search/movie?api_key={$apiKey}&query=" . urlencode($cleanTitle) . "&year={$year}&language=fr-FR";
$searchRes = httpGet($searchUrl, 8);
if (!$searchRes) return null;
$searchData = json_decode($searchRes, true);
if (empty($searchData['results'])) return null;
$movie = $searchData['results'][0];
$movieId = $movie['id'];
$poster = !empty($movie['poster_path']) ? "https://image.tmdb.org/t/p/w500" . $movie['poster_path'] : '';
// Récupération Réalisateur
$creditsUrl = "https://api.themoviedb.org/3/movie/{$movieId}/credits?api_key={$apiKey}&language=fr-FR";
$creditsRes = httpGet($creditsUrl, 8);
$director = '';
if ($creditsRes) {
$creditsData = json_decode($creditsRes, true);
if (!empty($creditsData['crew'])) {
foreach ($creditsData['crew'] as $crew) {
if ($crew['job'] === 'Director') { $director = $crew['name']; break; }
}
}
}
// Récupération Streaming (France)
$streaming = '';
$watchUrl = "https://api.themoviedb.org/3/movie/{$movieId}/watch/providers?api_key={$apiKey}";
$watchRes = httpGet($watchUrl, 8);
if ($watchRes) {
$watchData = json_decode($watchRes, true);
$frProviders = $watchData['results']['FR'] ?? [];
$platforms = [];
if (!empty($frProviders['flatrate'])) { foreach ($frProviders['flatrate'] as $p) $platforms[] = $p['provider_name']; }
if (empty($platforms)) {
if (!empty($frProviders['rent'])) { foreach ($frProviders['rent'] as $p) $platforms[] = $p['provider_name'] . ' (loc.)'; }
if (!empty($frProviders['buy'])) { foreach ($frProviders['buy'] as $p) $platforms[] = $p['provider_name'] . ' (achat)'; }
}
if (!empty($platforms)) $streaming = implode(', ', array_unique($platforms));
}
$result = ['director' => $director, 'poster' => $poster, 'streaming' => $streaming];
// Sauvegarder dans le cache
if ($pdo) {
try {
$stmt = $pdo->prepare("REPLACE INTO cache_images (cache_key, image_url, source, created_at) VALUES (?, ?, 'tmdb', ?)");
$stmt->execute(['tmdb_' . $cacheKey, $poster, time()]);
$stmt2 = $pdo->prepare("REPLACE INTO cache_images (cache_key, image_url, source, created_at) VALUES (?, ?, 'tmdb_full', ?)");
$stmt2->execute(['tmdb_full_' . $cacheKey, json_encode($result), time()]);
} catch (\Exception $e) { /* ignore */ }
}
return $result;
}
// ── Détection format ──
function detectFormat($title, $description = '') {
$t = strtoupper($title . ' ' . $description);
if (strpos($t, '4K') !== false || strpos($t, 'UHD') !== false) return 'Blu-ray 4K';
if (strpos($t, 'BLU-RAY') !== false || strpos($t, 'BLURAY') !== false || strpos($t, 'BLU-RAY') !== false) return 'Blu-ray';
if (strpos($t, 'DVD') !== false) return 'DVD';
if (strpos($t, 'VHS') !== false) return 'VHS';
if (strpos($t, 'COFFRET') !== false || strpos($t, 'TRILOGIE') !== false || strpos($t, 'INTEGRALE') !== false) return 'Coffret';
return 'DVD';
}
function extractYear($dateStr) {
if (preg_match('/(\d{4})/', $dateStr, $matches)) return $matches[1];
return '';
}
// ── ROUTEUR PRINCIPAL ──
$action = $_GET['action'] ?? '';
$data = json_decode(file_get_contents('php://input'), true) ?? [];
switch ($action) {
case 'check_security_status':
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]);
break;
case 'login':
$stmt = $pdo->query("SELECT COUNT(*) FROM users");
if ($stmt->fetchColumn() == 0) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]); }
else {
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
$stmt->execute(); $user = $stmt->fetch();
if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) { echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]); }
else { http_response_code(401); echo json_encode(["error" => "Mot de passe incorrect."]); }
}
break;
case 'setup_admin': case 'update_password':
checkAuth($pdo);
$pwd = $data['password'] ?? $data['new_password'] ?? '';
$stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)");
$stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]);
echo json_encode(["success" => true]);
break;
case 'save_config':
checkAuth($pdo);
$keyName = $data['key_name'] ?? ''; $keyValue = $data['key_value'] ?? '';
if ($keyName === 'tmdb_api_key' && !empty($keyValue)) {
$stmt = $pdo->prepare("REPLACE INTO config (key_name, key_value) VALUES (?, ?)");
$stmt->execute([$keyName, encryptData($keyValue)]);
echo json_encode(["success" => true]);
} else { http_response_code(400); echo json_encode(["error" => "Données invalides."]); }
break;
case 'get_films':
$crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY id DESC")->fetchAll();
$video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY id DESC")->fetchAll();
echo json_encode(array_merge($crit, $video));
break;
case 'save_film':
checkAuth($pdo);
$type = $data['type'] ?? 'critique';
$id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'] ?? '', $data['year'] ?? '0000');
if (empty($data['director']) || empty($data['poster'])) {
$tmdbData = fetchTmdbData($data['title'] ?? '', $data['year'] ?? '', getTmdbApiKey($pdo), $pdo);
if ($tmdbData) {
if (empty($data['director'])) $data['director'] = $tmdbData['director'];
if (empty($data['poster'])) $data['poster'] = $tmdbData['poster'];
}
}
if ($type === 'critique') {
$sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['rating'] ?? 3.0, $data['review'] ?? '', $data['streaming'] ?? '']);
} else {
$sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['format'] ?? '', $data['length'] ?? '', $data['publisher'] ?? '', $data['ean_isbn13'] ?? '', $data['number_of_discs'] ?? 1, $data['aspect_ratio'] ?? '', $data['description'] ?? '']);
}
echo json_encode(["success" => true]);
break;
case 'delete_film':
checkAuth($pdo);
$type = $_GET['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
$id = $_GET['id'] ?? null;
if (!$id) { http_response_code(400); echo json_encode(["error" => "ID manquant."]); break; }
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); $stmt->execute([$id]);
echo json_encode(["success" => true]);
break;
case 'bulk_delete':
checkAuth($pdo);
$ids = $data['ids'] ?? []; $type = $data['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); $stmt->execute($ids); echo json_encode(["success" => true]); }
else { http_response_code(400); echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]); }
break;
// ── IMPORT PAR LOTS AVEC RÉCUPÉRATION JAQUETTES ─
case 'import_batch':
checkAuth($pdo);
$items = $data['items'] ?? [];
$type = $data['type'] ?? 'videotheque';
$tmdbApiKey = getTmdbApiKey($pdo);
$imported = 0;
$stats = ['ean_hits' => 0, 'tmdb_hits' => 0, 'no_image' => 0];
$pdo->beginTransaction();
foreach ($items as $rowData) {
// ── MAPPING EXACT DES COLONNES DE VOTRE CSV ──
$title = $rowData['title'] ?? $rowData['Name'] ?? 'Sans titre';
$firstName = $rowData['first_name'] ?? '';
$lastName = $rowData['last_name'] ?? '';
$creators = $rowData['creators'] ?? '';
// Réalisateur : priorité first_name + last_name, sinon creators
$director = '';
if (!empty($firstName) && !empty($lastName)) {
$director = trim("$firstName $lastName");
} elseif (!empty($creators)) {
$director = $creators;
}
// Année depuis publish_date
$publishDate = $rowData['publish_date'] ?? $rowData['Year'] ?? $rowData['year'] ?? '';
$year = extractYear($publishDate);
$ean = $rowData['ean_isbn13'] ?? $rowData['EAN'] ?? $rowData['ean'] ?? '';
$description = $rowData['description'] ?? $rowData['Description'] ?? '';
$publisher = $rowData['publisher'] ?? $rowData['Publisher'] ?? '';
$length = $rowData['length'] ?? $rowData['Length'] ?? '';
$discs = $rowData['number_of_discs'] ?? $rowData['Number of Discs'] ?? 1;
$aspect = $rowData['aspect_ratio'] ?? $rowData['Aspect Ratio'] ?? '';
$format = $rowData['format'] ?? $rowData['Format'] ?? detectFormat($title, $description);
// ── RÉCUPÉRATION IMAGE : PRIORITÉ EAN (jaquette physique) ──
$poster = $rowData['poster'] ?? $rowData['Poster'] ?? $rowData['image'] ?? '';
$imageSource = 'none';
if (empty($poster) && !empty($ean)) {
$eanImage = fetchImageByEAN($ean, $pdo);
if ($eanImage) {
$poster = $eanImage;
$imageSource = 'ean';
$stats['ean_hits']++;
}
}
// ── FALLBACK TMDB (affiche du film) ──
if (empty($poster) && $tmdbApiKey) {
$tmdbData = fetchTmdbData($title, $year, $tmdbApiKey, $pdo);
if ($tmdbData) {
if (empty($director)) $director = $tmdbData['director'];
if (!empty($tmdbData['poster'])) {
$poster = $tmdbData['poster'];
$imageSource = 'tmdb';
$stats['tmdb_hits']++;
}
}
}
if (empty($poster)) $stats['no_image']++;
$id = makeStableId($title, $year);
if ($type === 'critique') {
$rating = isset($rowData['rating']) && $rowData['rating'] !== '' ? (float)$rowData['rating'] : (isset($rowData['Rating']) ? (float)$rowData['Rating'] : 3.0);
$review = $rowData['review'] ?? $rowData['Review'] ?? $description;
$streaming = $rowData['streaming'] ?? $rowData['Streaming'] ?? (!empty($tmdbData['streaming']) ? $tmdbData['streaming'] : 'Disponible en support physique ou Cinéma');
$sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE rating=VALUES(rating), review=IF(VALUES(review)!='',VALUES(review),review), director=IF(VALUES(director)!='',VALUES(director),director), poster=IF(VALUES(poster)!='',VALUES(poster),poster), streaming=IF(VALUES(streaming)!='',VALUES(streaming),streaming)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$id, $title, $year, $director, $poster, $rating, $review, $streaming]);
} else {
$sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE director=IF(VALUES(director)!='',VALUES(director),director), poster=IF(VALUES(poster)!='',VALUES(poster),poster), format=IF(VALUES(format)!='',VALUES(format),format), length=IF(VALUES(length)!='',VALUES(length),length), publisher=IF(VALUES(publisher)!='',VALUES(publisher),publisher), ean_isbn13=IF(VALUES(ean_isbn13)!='',VALUES(ean_isbn13),ean_isbn13), number_of_discs=IF(VALUES(number_of_discs)!=1,VALUES(number_of_discs),number_of_discs), aspect_ratio=IF(VALUES(aspect_ratio)!='',VALUES(aspect_ratio),aspect_ratio), description=IF(VALUES(description)!='',VALUES(description),description)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$id, $title, $year, $director, $poster, $format, $length, $publisher, $ean, $discs, $aspect, $description]);
}
$imported++;
}
$pdo->commit();
echo json_encode(["success" => true, "imported" => $imported, "stats" => $stats]);
break;
}