Initial commit
This commit is contained in:
+137
@@ -0,0 +1,137 @@
|
||||
<?php
|
||||
require_once 'config.php';
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$action = $_GET['action'] ?? '';
|
||||
$id = $_GET['id'] ?? null;
|
||||
|
||||
// Vérifier les droits admin
|
||||
$user = requireAdmin();
|
||||
|
||||
switch ($method) {
|
||||
case 'GET':
|
||||
if ($id) {
|
||||
getUser($id);
|
||||
} else {
|
||||
getAllUsers();
|
||||
}
|
||||
break;
|
||||
|
||||
case 'PUT':
|
||||
updateUser($id);
|
||||
break;
|
||||
|
||||
case 'DELETE':
|
||||
deleteUser($id);
|
||||
break;
|
||||
|
||||
default:
|
||||
jsonResponse(['error' => 'Méthode non autorisée'], 405);
|
||||
}
|
||||
|
||||
function getAllUsers() {
|
||||
$db = getDB();
|
||||
|
||||
$stmt = $db->query("
|
||||
SELECT u.id, u.username, u.email, u.role, u.points, u.created_at,
|
||||
COUNT(p.id) as total_predictions,
|
||||
SUM(CASE WHEN p.is_correct = 1 THEN 1 ELSE 0 END) as correct_predictions
|
||||
FROM users u
|
||||
LEFT JOIN predictions p ON u.id = p.user_id
|
||||
GROUP BY u.id
|
||||
ORDER BY u.created_at DESC
|
||||
");
|
||||
|
||||
$users = [];
|
||||
while ($row = $stmt->fetch()) {
|
||||
$users[] = [
|
||||
'id' => $row['id'],
|
||||
'username' => $row['username'],
|
||||
'email' => $row['email'],
|
||||
'role' => $row['role'],
|
||||
'points' => (int)$row['points'],
|
||||
'created_at' => $row['created_at'],
|
||||
'total_predictions' => (int)$row['total_predictions'],
|
||||
'correct_predictions' => (int)$row['correct_predictions']
|
||||
];
|
||||
}
|
||||
|
||||
jsonResponse(['success' => true, 'users' => $users]);
|
||||
}
|
||||
|
||||
function getUser($id) {
|
||||
$db = getDB();
|
||||
|
||||
$stmt = $db->prepare("
|
||||
SELECT u.id, u.username, u.email, u.role, u.points, u.created_at,
|
||||
COUNT(p.id) as total_predictions,
|
||||
SUM(CASE WHEN p.is_correct = 1 THEN 1 ELSE 0 END) as correct_predictions
|
||||
FROM users u
|
||||
LEFT JOIN predictions p ON u.id = p.user_id
|
||||
WHERE u.id = ?
|
||||
GROUP BY u.id
|
||||
");
|
||||
$stmt->execute([$id]);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if (!$user) {
|
||||
jsonResponse(['error' => 'Utilisateur non trouvé'], 404);
|
||||
}
|
||||
|
||||
jsonResponse(['success' => true, 'user' => $user]);
|
||||
}
|
||||
|
||||
function updateUser($id) {
|
||||
$data = getJsonInput();
|
||||
$db = getDB();
|
||||
|
||||
$stmt = $db->prepare("SELECT id, role FROM users WHERE id = ?");
|
||||
$stmt->execute([$id]);
|
||||
$targetUser = $stmt->fetch();
|
||||
|
||||
if (!$targetUser) {
|
||||
jsonResponse(['error' => 'Utilisateur non trouvé'], 404);
|
||||
}
|
||||
|
||||
$fields = [];
|
||||
$values = [];
|
||||
|
||||
$allowedFields = ['role', 'points'];
|
||||
|
||||
foreach ($allowedFields as $field) {
|
||||
if (isset($data[$field])) {
|
||||
$fields[] = "$field = ?";
|
||||
$values[] = $data[$field];
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($fields)) {
|
||||
jsonResponse(['error' => 'Aucune donnée à mettre à jour'], 400);
|
||||
}
|
||||
|
||||
$values[] = $id;
|
||||
$stmt = $db->prepare("UPDATE users SET " . implode(', ', $fields) . " WHERE id = ?");
|
||||
$stmt->execute($values);
|
||||
|
||||
jsonResponse(['success' => true, 'message' => 'Utilisateur mis à jour avec succès']);
|
||||
}
|
||||
|
||||
function deleteUser($id) {
|
||||
$db = getDB();
|
||||
|
||||
// Empêcher la suppression de soi-même
|
||||
global $user;
|
||||
if ($user['id'] == $id) {
|
||||
jsonResponse(['error' => 'Vous ne pouvez pas supprimer votre propre compte'], 400);
|
||||
}
|
||||
|
||||
$stmt = $db->prepare("DELETE FROM users WHERE id = ?");
|
||||
$stmt->execute([$id]);
|
||||
|
||||
if ($stmt->rowCount() === 0) {
|
||||
jsonResponse(['error' => 'Utilisateur non trouvé'], 404);
|
||||
}
|
||||
|
||||
jsonResponse(['success' => true, 'message' => 'Utilisateur supprimé avec succès']);
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user