313 lines
17 KiB
PHP
313 lines
17 KiB
PHP
<?php
|
|
header("Content-Type: application/json; charset=UTF-8");
|
|
header("Access-Control-Allow-Origin: *");
|
|
header("Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS");
|
|
header("Access-Control-Allow-Headers: Content-Type, Authorization");
|
|
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit; }
|
|
|
|
define('ENCRYPTION_KEY', 'MaCleSecreteSuperRobuste123!');
|
|
define('CACHE_TTL', 604800); // 7 jours
|
|
|
|
try {
|
|
$pdo = new PDO("mysql:host=localhost;dbname=mon_cinema;charset=utf8mb4", "root", "", [
|
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
|
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
|
|
]);
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS users (id INT PRIMARY KEY, username VARCHAR(50) NOT NULL, password_hash VARCHAR(255) NOT NULL)");
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS config (key_name VARCHAR(50) PRIMARY KEY, key_value TEXT NOT NULL)");
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS critiques (id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, rating DECIMAL(3,1) DEFAULT 3.0, review TEXT, streaming VARCHAR(255))");
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS videotheque (id BIGINT PRIMARY KEY, title VARCHAR(255) NOT NULL, year VARCHAR(10), director VARCHAR(255), poster TEXT, format VARCHAR(50), length VARCHAR(50), publisher VARCHAR(255), ean_isbn13 VARCHAR(50), number_of_discs INT DEFAULT 1, aspect_ratio VARCHAR(50), description TEXT)");
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS cache_api (cache_key VARCHAR(120) PRIMARY KEY, data TEXT NOT NULL, source VARCHAR(20) NOT NULL, created_at INT NOT NULL)");
|
|
} catch (\PDOException $e) { echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); exit; }
|
|
|
|
// ── FONCTIONS UTILITAIRES ──
|
|
function makeStableId($type, $title, $year) {
|
|
// 🔥 CORRECTION CRITIQUE : On ajoute le $type dans le sel du hash.
|
|
// Ainsi, "Matrix" en critique et "Matrix" en vidéothèque auront des ID totalement différents.
|
|
$base = strtolower(trim($type ?? '')) . '|' . strtolower(trim($title ?? '')) . '|' . trim($year ?? '');
|
|
return (abs(crc32($base)) % 2000000000) + 100000000;
|
|
}
|
|
|
|
function checkAuth($pdo) {
|
|
if ($pdo->query("SELECT COUNT(*) FROM users")->fetchColumn() == 0) return true;
|
|
$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
|
|
if (empty($token) && function_exists('apache_request_headers')) {
|
|
$headers = apache_request_headers();
|
|
$token = $headers['Authorization'] ?? $headers['authorization'] ?? '';
|
|
}
|
|
if ($token !== md5(ENCRYPTION_KEY . 'session')) { http_response_code(403); echo json_encode(["error" => "Accès interdit."]); exit; }
|
|
}
|
|
|
|
function encryptData($data) {
|
|
$iv = openssl_random_pseudo_bytes(16);
|
|
$key = hash('sha256', ENCRYPTION_KEY, true);
|
|
return base64_encode(openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv) . '::' . $iv);
|
|
}
|
|
|
|
function getTmdbApiKey($pdo) {
|
|
$stmt = $pdo->prepare("SELECT key_value FROM config WHERE key_name = 'tmdb_api_key'");
|
|
$stmt->execute();
|
|
$row = $stmt->fetch();
|
|
return $row ? json_decode(decryptData($row['key_value']), true) : null; // Supposé que c'est stocké en JSON ou brut
|
|
}
|
|
|
|
function decryptData($str) {
|
|
$decoded = base64_decode($str);
|
|
if (strpos($decoded, '::') === false) return $str; // Fallback
|
|
list($enc, $iv) = explode('::', $decoded, 2);
|
|
return openssl_decrypt($enc, 'AES-256-CBC', hash('sha256', ENCRYPTION_KEY, true), OPENSSL_RAW_DATA, substr($iv, 0, 16));
|
|
}
|
|
|
|
function httpGet($url, $timeout = 5) {
|
|
if (!function_exists('curl_init')) {
|
|
$ctx = stream_context_create(['http' => ['timeout' => $timeout, 'user_agent' => 'MonCinema/5.0']]);
|
|
return @file_get_contents($url, false, $ctx);
|
|
}
|
|
$ch = curl_init($url);
|
|
curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => $timeout, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_USERAGENT => 'MonCinema/5.0', CURLOPT_FOLLOWLOCATION => true]);
|
|
$res = curl_exec($ch);
|
|
curl_close($ch);
|
|
return $res ?: null;
|
|
}
|
|
|
|
function getCache($pdo, $key) {
|
|
try {
|
|
$stmt = $pdo->prepare("SELECT data FROM cache_api WHERE cache_key = ? AND created_at > ?");
|
|
$stmt->execute([$key, time() - CACHE_TTL]);
|
|
$row = $stmt->fetch();
|
|
return $row ? json_decode($row['data'], true) : null;
|
|
} catch (\Exception $e) { return null; }
|
|
}
|
|
|
|
function setCache($pdo, $key, $data, $source) {
|
|
try {
|
|
$stmt = $pdo->prepare("REPLACE INTO cache_api (cache_key, data, source, created_at) VALUES (?, ?, ?, ?)");
|
|
$stmt->execute([$key, json_encode($data), $source, time()]);
|
|
} catch (\Exception $e) { /* ignore */ }
|
|
}
|
|
|
|
function cleanTitle($title) {
|
|
$clean = preg_replace('/\s*[\[\(].*?[\]\)]\s*/', '', $title);
|
|
$clean = preg_replace('/\s*-\s*(Édition|Edition|Collector|Simple|Spéciale|Digibook|Ultimate|Intégrale|Combo|SteelBook|Boîtier).*$/i', '', $clean);
|
|
$clean = preg_replace('/(blu-ray|bluray|dvd|4k|ultra hd|combo|vhs|bdrip).*$/i', '', $clean);
|
|
return trim(preg_replace('/\s{2,}/', ' ', $clean));
|
|
}
|
|
|
|
function detectFormat($title, $desc = '') {
|
|
$t = strtoupper($title . ' ' . $desc);
|
|
if (strpos($t, '4K') !== false || strpos($t, 'UHD') !== false) return '4K Ultra HD';
|
|
if (strpos($t, 'BLU-RAY') !== false || strpos($t, 'BLURAY') !== false) return 'Blu-ray';
|
|
if (strpos($t, 'DVD') !== false) return 'DVD';
|
|
if (strpos($t, 'VHS') !== false) return 'VHS';
|
|
if (strpos($t, 'COFFRET') !== false || strpos($t, 'TRILOGIE') !== false) return 'Coffret';
|
|
return 'Support Physique';
|
|
}
|
|
|
|
function extractYear($dateStr) {
|
|
if (preg_match('/(\d{4})/', $dateStr, $m)) return $m[1];
|
|
return '';
|
|
}
|
|
|
|
function fetchTMDBFull($title, $year, $apiKey, $pdo) {
|
|
if (empty($apiKey) || empty($title)) return null;
|
|
$cleanTitle = cleanTitle($title);
|
|
$cacheKey = 'tmdb_full_' . md5(strtolower($cleanTitle) . '|' . $year);
|
|
$cached = getCache($pdo, $cacheKey);
|
|
if ($cached) return $cached;
|
|
|
|
$searchUrl = "https://api.themoviedb.org/3/search/movie?api_key={$apiKey}&query=" . urlencode($cleanTitle) . "&year={$year}&language=fr-FR";
|
|
$searchRes = httpGet($searchUrl, 5);
|
|
if (!$searchRes) return null;
|
|
$searchData = json_decode($searchRes, true);
|
|
|
|
if (empty($searchData['results'])) {
|
|
$searchUrl2 = "https://api.themoviedb.org/3/search/movie?api_key={$apiKey}&query=" . urlencode($cleanTitle) . "&language=fr-FR";
|
|
$searchRes2 = httpGet($searchUrl2, 5);
|
|
if ($searchRes2) {
|
|
$searchData2 = json_decode($searchRes2, true);
|
|
if (!empty($searchData2['results'])) $searchData = $searchData2;
|
|
}
|
|
}
|
|
if (empty($searchData['results'])) return null;
|
|
$movieId = $searchData['results'][0]['id'];
|
|
|
|
$detailsUrl = "https://api.themoviedb.org/3/movie/{$movieId}?api_key={$apiKey}&append_to_response=credits,watch/providers&language=fr-FR";
|
|
$detailsRes = httpGet($detailsUrl, 5);
|
|
if (!$detailsRes) return null;
|
|
$details = json_decode($detailsRes, true);
|
|
|
|
$director = '';
|
|
if (!empty($details['credits']['crew'])) {
|
|
foreach ($details['credits']['crew'] as $crew) {
|
|
if ($crew['job'] === 'Director') { $director = $crew['name']; break; }
|
|
}
|
|
}
|
|
|
|
$streaming = '';
|
|
$frProviders = $details['watch/providers']['results']['FR'] ?? [];
|
|
$platforms = [];
|
|
if (!empty($frProviders['flatrate'])) { foreach ($frProviders['flatrate'] as $p) $platforms[] = $p['provider_name']; }
|
|
if (!empty($platforms)) $streaming = implode(', ', array_unique($platforms));
|
|
|
|
$result = [
|
|
'title' => $details['title'] ?? '',
|
|
'year' => !empty($details['release_date']) ? substr($details['release_date'], 0, 4) : '',
|
|
'director' => $director,
|
|
'poster' => !empty($details['poster_path']) ? "https://image.tmdb.org/t/p/w500" . $details['poster_path'] : '',
|
|
'length' => !empty($details['runtime']) ? $details['runtime'] . ' min' : '',
|
|
'streaming' => $streaming
|
|
];
|
|
setCache($pdo, $cacheKey, $result, 'tmdb');
|
|
return $result;
|
|
}
|
|
|
|
// ── ROUTEUR PRINCIPAL ──
|
|
$action = $_GET['action'] ?? '';
|
|
$data = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
|
|
switch ($action) {
|
|
case 'check_security_status':
|
|
echo json_encode(["is_blank" => ($pdo->query("SELECT COUNT(*) FROM users")->fetchColumn() == 0)]);
|
|
break;
|
|
|
|
case 'login':
|
|
if ($pdo->query("SELECT COUNT(*) FROM users")->fetchColumn() == 0) {
|
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => true]);
|
|
} else {
|
|
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE username = 'admin'");
|
|
$stmt->execute(); $user = $stmt->fetch();
|
|
if ($user && password_verify($data['password'] ?? '', $user['password_hash'])) {
|
|
echo json_encode(["success" => true, "token" => md5(ENCRYPTION_KEY . 'session'), "blank" => false]);
|
|
} else { http_response_code(401); echo json_encode(["error" => "Mot de passe incorrect."]); }
|
|
}
|
|
break;
|
|
|
|
case 'setup_admin': case 'update_password':
|
|
checkAuth($pdo);
|
|
$pwd = $data['password'] ?? $data['new_password'] ?? '';
|
|
$stmt = $pdo->prepare("REPLACE INTO users (id, username, password_hash) VALUES (1, 'admin', :pass)");
|
|
$stmt->execute([':pass' => password_hash($pwd, PASSWORD_BCRYPT)]);
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'get_config_keys':
|
|
checkAuth($pdo);
|
|
$keys = ['tmdb_api_key'];
|
|
$result = [];
|
|
foreach ($keys as $k) {
|
|
$stmt = $pdo->prepare("SELECT key_value FROM config WHERE key_name = ?");
|
|
$stmt->execute([$k]);
|
|
$row = $stmt->fetch();
|
|
$result[$k] = $row ? '••••••••' : '';
|
|
}
|
|
echo json_encode($result);
|
|
break;
|
|
|
|
case 'save_config':
|
|
checkAuth($pdo);
|
|
$keyName = $data['key_name'] ?? '';
|
|
$keyValue = $data['key_value'] ?? '';
|
|
if ($keyName === 'tmdb_api_key' && !empty($keyValue)) {
|
|
$stmt = $pdo->prepare("REPLACE INTO config (key_name, key_value) VALUES (?, ?)");
|
|
$stmt->execute([$keyName, encryptData($keyValue)]);
|
|
echo json_encode(["success" => true]);
|
|
} else {
|
|
http_response_code(400); echo json_encode(["error" => "Données invalides."]);
|
|
}
|
|
break;
|
|
|
|
case 'get_films':
|
|
$crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY id DESC")->fetchAll();
|
|
$video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY id DESC")->fetchAll();
|
|
echo json_encode(array_merge($crit, $video));
|
|
break;
|
|
|
|
case 'save_film':
|
|
checkAuth($pdo);
|
|
$type = $data['type'] ?? 'critique';
|
|
$id = !empty($data['id']) ? $data['id'] : makeStableId($type, $data['title'] ?? '', $data['year'] ?? '0000');
|
|
|
|
if ($type === 'critique') {
|
|
$sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['rating'] ?? 3.0, $data['review'] ?? '', $data['streaming'] ?? '']);
|
|
} else {
|
|
$sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', $data['poster'] ?? '', $data['format'] ?? '', $data['length'] ?? '', $data['publisher'] ?? '', $data['ean_isbn13'] ?? '', $data['number_of_discs'] ?? 1, $data['aspect_ratio'] ?? '', $data['description'] ?? '']);
|
|
}
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'delete_film':
|
|
checkAuth($pdo);
|
|
$type = $_GET['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
|
|
$id = $_GET['id'] ?? null;
|
|
if (!$id) { http_response_code(400); echo json_encode(["error" => "ID manquant."]); break; }
|
|
$stmt = $pdo->prepare("DELETE FROM $table WHERE id = ?"); $stmt->execute([$id]);
|
|
echo json_encode(["success" => true]);
|
|
break;
|
|
|
|
case 'bulk_delete':
|
|
checkAuth($pdo);
|
|
$ids = $data['ids'] ?? []; $type = $data['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques';
|
|
if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); $stmt->execute($ids); echo json_encode(["success" => true]); }
|
|
else { http_response_code(400); echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]); }
|
|
break;
|
|
|
|
case 'import_batch':
|
|
checkAuth($pdo);
|
|
$items = $data['items'] ?? [];
|
|
$type = $data['type'] ?? 'videotheque'; // 🔥 Strictement défini par le frontend
|
|
$tmdbApiKey = getTmdbApiKey($pdo);
|
|
$imported = 0;
|
|
|
|
$pdo->beginTransaction();
|
|
foreach ($items as $row) {
|
|
$title = $row['title'] ?? $row['Name'] ?? 'Sans titre';
|
|
$year = extractYear($row['publish_date'] ?? $row['Year'] ?? $row['year'] ?? '');
|
|
$id = makeStableId($type, $title, $year); // 🔥 ID isolé par type
|
|
|
|
if ($type === 'critique') {
|
|
$rating = isset($row['Rating']) && $row['Rating'] !== '' ? (float)$row['Rating'] : (isset($row['rating']) ? (float)$row['rating'] : 3.0);
|
|
$review = $row['Review'] ?? $row['review'] ?? '';
|
|
$streaming = $row['Streaming'] ?? $row['streaming'] ?? '';
|
|
|
|
if ($tmdbApiKey && empty($row['director'])) {
|
|
$tmdb = fetchTMDBFull($title, $year, $tmdbApiKey, $pdo);
|
|
if ($tmdb) {
|
|
if (empty($row['director'])) $row['director'] = $tmdb['director'];
|
|
if (empty($row['poster'])) $row['poster'] = $tmdb['poster'];
|
|
}
|
|
}
|
|
|
|
$sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE rating=VALUES(rating), review=IF(VALUES(review)!='',VALUES(review),review), director=IF(VALUES(director)!='',VALUES(director),director), poster=IF(VALUES(poster)!='',VALUES(poster),poster), streaming=IF(VALUES(streaming)!='',VALUES(streaming),streaming)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$id, $title, $year, $row['director'] ?? '', $row['poster'] ?? '', $rating, $review, $streaming]);
|
|
} else {
|
|
// Vidéothèque
|
|
$firstName = $row['first_name'] ?? '';
|
|
$lastName = $row['last_name'] ?? '';
|
|
$creators = $row['creators'] ?? '';
|
|
$director = !empty($firstName) && !empty($lastName) ? trim("$firstName $lastName") : $creators;
|
|
|
|
$ean = $row['ean_isbn13'] ?? $row['EAN'] ?? '';
|
|
$publisher = $row['publisher'] ?? '';
|
|
$length = $row['length'] ?? '';
|
|
$discs = $row['number_of_discs'] ?? 1;
|
|
$aspect = $row['aspect_ratio'] ?? '';
|
|
$desc = $row['description'] ?? '';
|
|
$format = detectFormat($title, $desc);
|
|
|
|
$sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE director=IF(VALUES(director)!='',VALUES(director),director), poster=IF(VALUES(poster)!='',VALUES(poster),poster), format=IF(VALUES(format)!='',VALUES(format),format), length=IF(VALUES(length)!='',VALUES(length),length), publisher=IF(VALUES(publisher)!='',VALUES(publisher),publisher), ean_isbn13=IF(VALUES(ean_isbn13)!='',VALUES(ean_isbn13),ean_isbn13), number_of_discs=IF(VALUES(number_of_discs)!=1,VALUES(number_of_discs),number_of_discs), aspect_ratio=IF(VALUES(aspect_ratio)!='',VALUES(aspect_ratio),aspect_ratio), description=IF(VALUES(description)!='',VALUES(description),description)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$id, $title, $year, $director, $row['poster'] ?? '', $format, $length, $publisher, $ean, $discs, $aspect, $desc]);
|
|
}
|
|
$imported++;
|
|
}
|
|
$pdo->commit();
|
|
echo json_encode(["success" => true, "imported" => $imported]);
|
|
break;
|
|
} |