131 lines
3.9 KiB
PHP
131 lines
3.9 KiB
PHP
<?php
|
|
// Configuration de la base de données
|
|
define('DB_HOST', 'localhost');
|
|
define('DB_NAME', 'mon_pari');
|
|
define('DB_USER', 'root');
|
|
define('DB_PASS', '');
|
|
define('DB_CHARSET', 'utf8mb4');
|
|
|
|
// Configuration de l'application
|
|
define('JWT_SECRET', 'mon-petit-pari-secret-key-2026-change-this-in-production');
|
|
define('JWT_EXPIRY', 86400); // 24 heures en secondes
|
|
define('POINTS_CORRECT_PREDICTION', 50);
|
|
define('POINTS_NEW_PREDICTION', 10);
|
|
|
|
// Headers CORS
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
header('Access-Control-Allow-Origin: *');
|
|
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
|
|
header('Access-Control-Allow-Headers: Content-Type, Authorization');
|
|
|
|
// Gestion des requêtes OPTIONS (preflight)
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
|
http_response_code(200);
|
|
exit();
|
|
}
|
|
|
|
// Connexion à la base de données
|
|
function getDB() {
|
|
static $pdo = null;
|
|
|
|
if ($pdo === null) {
|
|
try {
|
|
$dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=" . DB_CHARSET;
|
|
$options = [
|
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
|
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
|
PDO::ATTR_EMULATE_PREPARES => false,
|
|
];
|
|
$pdo = new PDO($dsn, DB_USER, DB_PASS, $options);
|
|
} catch (PDOException $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'Erreur de connexion à la base de données: ' . $e->getMessage()]);
|
|
exit();
|
|
}
|
|
}
|
|
|
|
return $pdo;
|
|
}
|
|
|
|
// Fonction pour générer un token JWT simple
|
|
function generateToken($userId) {
|
|
$header = base64_encode(json_encode(['alg' => 'HS256', 'typ' => 'JWT']));
|
|
$payload = base64_encode(json_encode([
|
|
'user_id' => $userId,
|
|
'exp' => time() + JWT_EXPIRY
|
|
]));
|
|
$signature = hash_hmac('sha256', "$header.$payload", JWT_SECRET);
|
|
return "$header.$payload.$signature";
|
|
}
|
|
|
|
// Fonction pour vérifier un token
|
|
function verifyToken($token) {
|
|
$parts = explode('.', $token);
|
|
if (count($parts) !== 3) return false;
|
|
|
|
list($header, $payload, $signature) = $parts;
|
|
|
|
$expectedSignature = hash_hmac('sha256', "$header.$payload", JWT_SECRET);
|
|
if (!hash_equals($expectedSignature, $signature)) return false;
|
|
|
|
$data = json_decode(base64_decode($payload), true);
|
|
if (!$data || !isset($data['exp']) || $data['exp'] < time()) return false;
|
|
|
|
return $data['user_id'];
|
|
}
|
|
|
|
// Fonction pour obtenir l'utilisateur actuel
|
|
function getCurrentUser() {
|
|
$headers = getallheaders();
|
|
$authHeader = $headers['Authorization'] ?? '';
|
|
|
|
if (preg_match('/Bearer\s+(.*)$/i', $authHeader, $matches)) {
|
|
$token = $matches[1];
|
|
$userId = verifyToken($token);
|
|
|
|
if ($userId) {
|
|
$db = getDB();
|
|
$stmt = $db->prepare("SELECT id, username, email, role, points FROM users WHERE id = ?");
|
|
$stmt->execute([$userId]);
|
|
return $stmt->fetch();
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
// Fonction pour vérifier si l'utilisateur est admin
|
|
function requireAdmin() {
|
|
$user = getCurrentUser();
|
|
if (!$user || $user['role'] !== 'admin') {
|
|
http_response_code(403);
|
|
echo json_encode(['error' => 'Accès refusé. Droits administrateur requis.']);
|
|
exit();
|
|
}
|
|
return $user;
|
|
}
|
|
|
|
// Fonction pour vérifier si l'utilisateur est authentifié
|
|
function requireAuth() {
|
|
$user = getCurrentUser();
|
|
if (!$user) {
|
|
http_response_code(401);
|
|
echo json_encode(['error' => 'Authentification requise.']);
|
|
exit();
|
|
}
|
|
return $user;
|
|
}
|
|
|
|
// Fonction pour obtenir les données JSON de la requête
|
|
function getJsonInput() {
|
|
$input = file_get_contents('php://input');
|
|
return json_decode($input, true);
|
|
}
|
|
|
|
// Fonction de réponse JSON
|
|
function jsonResponse($data, $statusCode = 200) {
|
|
http_response_code($statusCode);
|
|
echo json_encode($data, JSON_UNESCAPED_UNICODE);
|
|
exit();
|
|
}
|
|
?>
|