137 lines
3.5 KiB
PHP
137 lines
3.5 KiB
PHP
<?php
|
|
require_once 'config.php';
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
$action = $_GET['action'] ?? '';
|
|
$id = $_GET['id'] ?? null;
|
|
|
|
// Vérifier les droits admin
|
|
$user = requireAdmin();
|
|
|
|
switch ($method) {
|
|
case 'GET':
|
|
if ($id) {
|
|
getUser($id);
|
|
} else {
|
|
getAllUsers();
|
|
}
|
|
break;
|
|
|
|
case 'PUT':
|
|
updateUser($id);
|
|
break;
|
|
|
|
case 'DELETE':
|
|
deleteUser($id);
|
|
break;
|
|
|
|
default:
|
|
jsonResponse(['error' => 'Méthode non autorisée'], 405);
|
|
}
|
|
|
|
function getAllUsers() {
|
|
$db = getDB();
|
|
|
|
$stmt = $db->query("
|
|
SELECT u.id, u.username, u.email, u.role, u.points, u.created_at,
|
|
COUNT(p.id) as total_predictions,
|
|
SUM(CASE WHEN p.is_correct = 1 THEN 1 ELSE 0 END) as correct_predictions
|
|
FROM users u
|
|
LEFT JOIN predictions p ON u.id = p.user_id
|
|
GROUP BY u.id
|
|
ORDER BY u.created_at DESC
|
|
");
|
|
|
|
$users = [];
|
|
while ($row = $stmt->fetch()) {
|
|
$users[] = [
|
|
'id' => $row['id'],
|
|
'username' => $row['username'],
|
|
'email' => $row['email'],
|
|
'role' => $row['role'],
|
|
'points' => (int)$row['points'],
|
|
'created_at' => $row['created_at'],
|
|
'total_predictions' => (int)$row['total_predictions'],
|
|
'correct_predictions' => (int)$row['correct_predictions']
|
|
];
|
|
}
|
|
|
|
jsonResponse(['success' => true, 'users' => $users]);
|
|
}
|
|
|
|
function getUser($id) {
|
|
$db = getDB();
|
|
|
|
$stmt = $db->prepare("
|
|
SELECT u.id, u.username, u.email, u.role, u.points, u.created_at,
|
|
COUNT(p.id) as total_predictions,
|
|
SUM(CASE WHEN p.is_correct = 1 THEN 1 ELSE 0 END) as correct_predictions
|
|
FROM users u
|
|
LEFT JOIN predictions p ON u.id = p.user_id
|
|
WHERE u.id = ?
|
|
GROUP BY u.id
|
|
");
|
|
$stmt->execute([$id]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user) {
|
|
jsonResponse(['error' => 'Utilisateur non trouvé'], 404);
|
|
}
|
|
|
|
jsonResponse(['success' => true, 'user' => $user]);
|
|
}
|
|
|
|
function updateUser($id) {
|
|
$data = getJsonInput();
|
|
$db = getDB();
|
|
|
|
$stmt = $db->prepare("SELECT id, role FROM users WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
$targetUser = $stmt->fetch();
|
|
|
|
if (!$targetUser) {
|
|
jsonResponse(['error' => 'Utilisateur non trouvé'], 404);
|
|
}
|
|
|
|
$fields = [];
|
|
$values = [];
|
|
|
|
$allowedFields = ['role', 'points'];
|
|
|
|
foreach ($allowedFields as $field) {
|
|
if (isset($data[$field])) {
|
|
$fields[] = "$field = ?";
|
|
$values[] = $data[$field];
|
|
}
|
|
}
|
|
|
|
if (empty($fields)) {
|
|
jsonResponse(['error' => 'Aucune donnée à mettre à jour'], 400);
|
|
}
|
|
|
|
$values[] = $id;
|
|
$stmt = $db->prepare("UPDATE users SET " . implode(', ', $fields) . " WHERE id = ?");
|
|
$stmt->execute($values);
|
|
|
|
jsonResponse(['success' => true, 'message' => 'Utilisateur mis à jour avec succès']);
|
|
}
|
|
|
|
function deleteUser($id) {
|
|
$db = getDB();
|
|
|
|
// Empêcher la suppression de soi-même
|
|
global $user;
|
|
if ($user['id'] == $id) {
|
|
jsonResponse(['error' => 'Vous ne pouvez pas supprimer votre propre compte'], 400);
|
|
}
|
|
|
|
$stmt = $db->prepare("DELETE FROM users WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
|
|
if ($stmt->rowCount() === 0) {
|
|
jsonResponse(['error' => 'Utilisateur non trouvé'], 404);
|
|
}
|
|
|
|
jsonResponse(['success' => true, 'message' => 'Utilisateur supprimé avec succès']);
|
|
}
|
|
?>
|