yanis/html
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
9a623ea456a406f9986ba7674e7529824b832a71
html/api/products/auth.php
WEVIA b9b1c1c75c reinit-after-reset
2026-04-12 22:57:03 +02:00

83 lines
3.8 KiB
PHP
Raw Blame History

<?php
header("Content-Type: application/json");
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); exit; }
$pg = pg_connect("host=127.0.0.1 dbname=adx_system user=postgres");
if (!$pg) { echo json_encode(["ok"=>false,"error"=>"db"]); exit; }
$action = $_GET["action"] ?? $_POST["action"] ?? "";
$data = json_decode(file_get_contents("php://input"), true) ?: [];
// Workspace sends POST with {name,email,company,product} → auto-register/login
if ($_SERVER["REQUEST_METHOD"] === "POST" && !$action && !empty($data["email"])) {
$action = "auto";
}
switch($action) {
case "auto":
$email = pg_escape_string($pg, $data["email"] ?? "");
$name = pg_escape_string($pg, $data["name"] ?? "User");
$company = pg_escape_string($pg, $data["company"] ?? "");
if (!$email) { echo json_encode(["error"=>"Email requis"]); exit; }
// Check existing
$r = pg_query($pg, "SELECT id,email,first_name,last_name,status,master_access FROM admin.users WHERE email='$email' LIMIT 1");
$u = pg_fetch_assoc($r);
if ($u) {
$key = "wv_" . md5($u["email"] . "weval2026");
echo json_encode(["ok"=>true,"api_key"=>$key,"user"=>["id"=>$u["id"],"email"=>$u["email"],"name"=>trim($u["first_name"]." ".$u["last_name"]),"tier"=>$u["master_access"]??"free"],"message"=>"Bienvenue !"]);
} else {
$parts = explode(" ", $name, 2);
$fn = pg_escape_string($pg, $parts[0]);
$ln = pg_escape_string($pg, $parts[1] ?? "");
$maxId = pg_fetch_result(pg_query($pg, "SELECT COALESCE(MAX(id),0)+1 FROM admin.users"), 0, 0);
$prodId = $maxId;
$hash = password_hash("weval2026", PASSWORD_DEFAULT);
$r = pg_query($pg, "INSERT INTO admin.users(id,production_id,email,password,first_name,last_name,status,master_access,created_by,created_date) VALUES($maxId,$prodId,'$email','$hash','$fn','$ln','Activated','free','system',CURRENT_DATE)");
if (!$r) error_log("AUTH INSERT FAIL: " . pg_last_error($pg));
$key = "wv_" . md5($email . "weval2026");
// Send notification to Yanis
$msg = "Nouveau signup WEVAL Workspace:
Nom: $name
Email: $email
Company: $company
Date: ".date("Y-m-d H:i");
@file_put_contents("/tmp/weval-signups.log", $msg."
---
", FILE_APPEND);
echo json_encode(["ok"=>true,"api_key"=>$key,"tier"=>"free","user"=>["name"=>$name,"email"=>$email,"tier"=>"free"],"message"=>"Compte créé !"]);
}
break;
case "dashboard":
$key = pg_escape_string($pg, $_GET["key"] ?? "");
if (!$key) { echo json_encode(["error"=>"Clé requise"]); exit; }
// Find user by key (reverse lookup)
$r = pg_query($pg, "SELECT * FROM admin.users WHERE status='Activated' ORDER BY id");
$found = null;
while ($row = pg_fetch_assoc($r)) {
$check = "wv_" . md5($row["email"] . "weval2026");
if ($check === $key) { $found = $row; break; }
}
if ($found) {
echo json_encode(["ok"=>true,"api_key"=>$key,"user"=>["id"=>$found["id"],"email"=>$found["email"],"name"=>trim($found["first_name"]." ".$found["last_name"]),"tier"=>$found["master_access"]??"free"]]);
} else {
echo json_encode(["error"=>"Clé invalide"]);
}
break;
case "status":
$count = pg_fetch_result(pg_query($pg, "SELECT count(*) FROM admin.users"), 0, 0);
echo json_encode(["ok"=>true,"status"=>"operational","users"=>intval($count)]);
break;
default:
echo json_encode(["ok"=>false,"error"=>"action inconnue"]);
}
pg_close($pg);
Reference in New Issue View Git Blame Copy Permalink