
<?php
header('Content-Type: application/json');
session_start();

// Vérifier authentification
if (!isset($_SESSION['user_id'])) {
    die(json_encode(['success' => false, 'error' => 'Non authentifié']));
}

$ip = $_POST['ip'] ?? $_GET['ip'] ?? null;
$action = $_POST['action'] ?? $_GET['action'] ?? 'block';

if (!$ip || !filter_var($ip, FILTER_VALIDATE_IP)) {
    die(json_encode(['success' => false, 'error' => 'IP invalide']));
}

// Fichier de blocage
$blockFile = '/opt/wevads/storage/blocked_ips.txt';
$blocked = file_exists($blockFile) ? file($blockFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) : [];

if ($action === 'block') {
    if (!in_array($ip, $blocked)) {
        file_put_contents($blockFile, $ip . "\n", FILE_APPEND | LOCK_EX);
    }
    
    // Supprimer sessions de cette IP
    $sessPath = '/opt/wevads/storage/sessions';
    foreach (glob($sessPath . '/sess_*') as $sess) {
        $content = file_get_contents($sess);
        if (strpos($content, $ip) !== false) {
            unlink($sess);
        }
    }
    
    echo json_encode(['success' => true, 'message' => "IP $ip bloquée"]);
} elseif ($action === 'unblock') {
    $blocked = array_diff($blocked, [$ip]);
    file_put_contents($blockFile, implode("\n", $blocked) . "\n", LOCK_EX);
    echo json_encode(['success' => true, 'message' => "IP $ip débloquée"]);
} else {
    echo json_encode(['success' => false, 'error' => 'Action inconnue']);
}