136 lines
3.8 KiB
PHP
136 lines
3.8 KiB
PHP
<?php
|
|
// Autoriser les requêtes depuis n'importe quelle origine
|
|
header("Access-Control-Allow-Origin: *");
|
|
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
|
|
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With");
|
|
|
|
// Répondre immédiatement aux requêtes preflight OPTIONS
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
|
http_response_code(200);
|
|
exit();
|
|
}
|
|
|
|
require_once 'config.php';
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
$action = $_GET['action'] ?? '';
|
|
|
|
switch ($method) {
|
|
case 'POST':
|
|
if ($action === 'register') {
|
|
register();
|
|
} elseif ($action === 'login') {
|
|
login();
|
|
}
|
|
break;
|
|
|
|
case 'GET':
|
|
if ($action === 'me') {
|
|
getCurrentUserInfo();
|
|
}
|
|
break;
|
|
|
|
default:
|
|
jsonResponse(['error' => 'Méthode non autorisée'], 405);
|
|
}
|
|
|
|
function register() {
|
|
$data = getJsonInput();
|
|
|
|
if (!isset($data['username']) || !isset($data['email']) || !isset($data['password'])) {
|
|
jsonResponse(['error' => 'Tous les champs sont requis'], 400);
|
|
}
|
|
|
|
$username = trim($data['username']);
|
|
$email = trim($data['email']);
|
|
$password = $data['password'];
|
|
|
|
// Validation
|
|
if (strlen($username) < 3) {
|
|
jsonResponse(['error' => 'Le nom d\'utilisateur doit contenir au moins 3 caractères'], 400);
|
|
}
|
|
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
jsonResponse(['error' => 'Email invalide'], 400);
|
|
}
|
|
|
|
if (strlen($password) < 6) {
|
|
jsonResponse(['error' => 'Le mot de passe doit contenir au moins 6 caractères'], 400);
|
|
}
|
|
|
|
$db = getDB();
|
|
|
|
// Vérifier si l'utilisateur existe déjà
|
|
$stmt = $db->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
|
|
$stmt->execute([$username, $email]);
|
|
|
|
if ($stmt->fetch()) {
|
|
jsonResponse(['error' => 'Ce nom d\'utilisateur ou cet email existe déjà'], 409);
|
|
}
|
|
|
|
// Créer l'utilisateur
|
|
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
|
$stmt = $db->prepare("INSERT INTO users (username, email, password, role) VALUES (?, ?, ?, 'user')");
|
|
$stmt->execute([$username, $email, $hashedPassword]);
|
|
|
|
$userId = $db->lastInsertId();
|
|
$token = generateToken($userId);
|
|
|
|
jsonResponse([
|
|
'success' => true,
|
|
'message' => 'Compte créé avec succès',
|
|
'token' => $token,
|
|
'user' => [
|
|
'id' => $userId,
|
|
'username' => $username,
|
|
'email' => $email,
|
|
'role' => 'user',
|
|
'points' => 0
|
|
]
|
|
]);
|
|
}
|
|
|
|
function login() {
|
|
$data = getJsonInput();
|
|
|
|
if (!isset($data['username']) || !isset($data['password'])) {
|
|
jsonResponse(['error' => 'Nom d\'utilisateur et mot de passe requis'], 400);
|
|
}
|
|
|
|
$username = trim($data['username']);
|
|
$password = $data['password'];
|
|
|
|
$db = getDB();
|
|
$stmt = $db->prepare("SELECT id, username, email, password, role, points FROM users WHERE username = ?");
|
|
$stmt->execute([$username]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user || !password_verify($password, $user['password'])) {
|
|
jsonResponse(['error' => 'Identifiants incorrects'], 401);
|
|
}
|
|
|
|
$token = generateToken($user['id']);
|
|
|
|
jsonResponse([
|
|
'success' => true,
|
|
'message' => 'Connexion réussie',
|
|
'token' => $token,
|
|
'user' => [
|
|
'id' => $user['id'],
|
|
'username' => $user['username'],
|
|
'email' => $user['email'],
|
|
'role' => $user['role'],
|
|
'points' => (int)$user['points']
|
|
]
|
|
]);
|
|
}
|
|
|
|
function getCurrentUserInfo() {
|
|
$user = requireAuth();
|
|
|
|
jsonResponse([
|
|
'success' => true,
|
|
'user' => $user
|
|
]);
|
|
}
|
|
?>
|