Files
mon-petit-pari/api/users.php
T
2026-07-03 12:26:01 +02:00

137 lines
3.5 KiB
PHP

<?php
require_once 'config.php';
$method = $_SERVER['REQUEST_METHOD'];
$action = $_GET['action'] ?? '';
$id = $_GET['id'] ?? null;
// Vérifier les droits admin
$user = requireAdmin();
switch ($method) {
case 'GET':
if ($id) {
getUser($id);
} else {
getAllUsers();
}
break;
case 'PUT':
updateUser($id);
break;
case 'DELETE':
deleteUser($id);
break;
default:
jsonResponse(['error' => 'Méthode non autorisée'], 405);
}
function getAllUsers() {
$db = getDB();
$stmt = $db->query("
SELECT u.id, u.username, u.email, u.role, u.points, u.created_at,
COUNT(p.id) as total_predictions,
SUM(CASE WHEN p.is_correct = 1 THEN 1 ELSE 0 END) as correct_predictions
FROM users u
LEFT JOIN predictions p ON u.id = p.user_id
GROUP BY u.id
ORDER BY u.created_at DESC
");
$users = [];
while ($row = $stmt->fetch()) {
$users[] = [
'id' => $row['id'],
'username' => $row['username'],
'email' => $row['email'],
'role' => $row['role'],
'points' => (int)$row['points'],
'created_at' => $row['created_at'],
'total_predictions' => (int)$row['total_predictions'],
'correct_predictions' => (int)$row['correct_predictions']
];
}
jsonResponse(['success' => true, 'users' => $users]);
}
function getUser($id) {
$db = getDB();
$stmt = $db->prepare("
SELECT u.id, u.username, u.email, u.role, u.points, u.created_at,
COUNT(p.id) as total_predictions,
SUM(CASE WHEN p.is_correct = 1 THEN 1 ELSE 0 END) as correct_predictions
FROM users u
LEFT JOIN predictions p ON u.id = p.user_id
WHERE u.id = ?
GROUP BY u.id
");
$stmt->execute([$id]);
$user = $stmt->fetch();
if (!$user) {
jsonResponse(['error' => 'Utilisateur non trouvé'], 404);
}
jsonResponse(['success' => true, 'user' => $user]);
}
function updateUser($id) {
$data = getJsonInput();
$db = getDB();
$stmt = $db->prepare("SELECT id, role FROM users WHERE id = ?");
$stmt->execute([$id]);
$targetUser = $stmt->fetch();
if (!$targetUser) {
jsonResponse(['error' => 'Utilisateur non trouvé'], 404);
}
$fields = [];
$values = [];
$allowedFields = ['role', 'points'];
foreach ($allowedFields as $field) {
if (isset($data[$field])) {
$fields[] = "$field = ?";
$values[] = $data[$field];
}
}
if (empty($fields)) {
jsonResponse(['error' => 'Aucune donnée à mettre à jour'], 400);
}
$values[] = $id;
$stmt = $db->prepare("UPDATE users SET " . implode(', ', $fields) . " WHERE id = ?");
$stmt->execute($values);
jsonResponse(['success' => true, 'message' => 'Utilisateur mis à jour avec succès']);
}
function deleteUser($id) {
$db = getDB();
// Empêcher la suppression de soi-même
global $user;
if ($user['id'] == $id) {
jsonResponse(['error' => 'Vous ne pouvez pas supprimer votre propre compte'], 400);
}
$stmt = $db->prepare("DELETE FROM users WHERE id = ?");
$stmt->execute([$id]);
if ($stmt->rowCount() === 0) {
jsonResponse(['error' => 'Utilisateur non trouvé'], 404);
}
jsonResponse(['success' => true, 'message' => 'Utilisateur supprimé avec succès']);
}
?>