'Méthode non autorisée'], 405); } function getAllUsers() { $db = getDB(); $stmt = $db->query(" SELECT u.id, u.username, u.email, u.role, u.points, u.created_at, COUNT(p.id) as total_predictions, SUM(CASE WHEN p.is_correct = 1 THEN 1 ELSE 0 END) as correct_predictions FROM users u LEFT JOIN predictions p ON u.id = p.user_id GROUP BY u.id ORDER BY u.created_at DESC "); $users = []; while ($row = $stmt->fetch()) { $users[] = [ 'id' => $row['id'], 'username' => $row['username'], 'email' => $row['email'], 'role' => $row['role'], 'points' => (int)$row['points'], 'created_at' => $row['created_at'], 'total_predictions' => (int)$row['total_predictions'], 'correct_predictions' => (int)$row['correct_predictions'] ]; } jsonResponse(['success' => true, 'users' => $users]); } function getUser($id) { $db = getDB(); $stmt = $db->prepare(" SELECT u.id, u.username, u.email, u.role, u.points, u.created_at, COUNT(p.id) as total_predictions, SUM(CASE WHEN p.is_correct = 1 THEN 1 ELSE 0 END) as correct_predictions FROM users u LEFT JOIN predictions p ON u.id = p.user_id WHERE u.id = ? GROUP BY u.id "); $stmt->execute([$id]); $user = $stmt->fetch(); if (!$user) { jsonResponse(['error' => 'Utilisateur non trouvé'], 404); } jsonResponse(['success' => true, 'user' => $user]); } function updateUser($id) { $data = getJsonInput(); $db = getDB(); $stmt = $db->prepare("SELECT id, role FROM users WHERE id = ?"); $stmt->execute([$id]); $targetUser = $stmt->fetch(); if (!$targetUser) { jsonResponse(['error' => 'Utilisateur non trouvé'], 404); } $fields = []; $values = []; $allowedFields = ['role', 'points']; foreach ($allowedFields as $field) { if (isset($data[$field])) { $fields[] = "$field = ?"; $values[] = $data[$field]; } } if (empty($fields)) { jsonResponse(['error' => 'Aucune donnée à mettre à jour'], 400); } $values[] = $id; $stmt = $db->prepare("UPDATE users SET " . implode(', ', $fields) . " WHERE id = ?"); $stmt->execute($values); jsonResponse(['success' => true, 'message' => 'Utilisateur mis à jour avec succès']); } function deleteUser($id) { $db = getDB(); // Empêcher la suppression de soi-même global $user; if ($user['id'] == $id) { jsonResponse(['error' => 'Vous ne pouvez pas supprimer votre propre compte'], 400); } $stmt = $db->prepare("DELETE FROM users WHERE id = ?"); $stmt->execute([$id]); if ($stmt->rowCount() === 0) { jsonResponse(['error' => 'Utilisateur non trouvé'], 404); } jsonResponse(['success' => true, 'message' => 'Utilisateur supprimé avec succès']); } ?>