exec("CREATE TABLE IF NOT EXISTS admin.hamid_users ( id SERIAL PRIMARY KEY, username VARCHAR(50) UNIQUE NOT NULL, password_hash VARCHAR(255) NOT NULL, email VARCHAR(100), role VARCHAR(20) DEFAULT 'user', api_key VARCHAR(64) UNIQUE, created_at TIMESTAMP DEFAULT NOW(), last_login TIMESTAMP )"); // Créer admin par défaut $stmt = $pdo->prepare("SELECT COUNT(*) FROM admin.hamid_users WHERE username = 'admin'"); $stmt->execute(); if ($stmt->fetchColumn() == 0) { $hash = password_hash('hamid2024', PASSWORD_DEFAULT); $apiKey = bin2hex(random_bytes(32)); $pdo->prepare("INSERT INTO admin.hamid_users (username, password_hash, role, api_key) VALUES ('admin', ?, 'admin', ?)") ->execute([$hash, $apiKey]); } $input = json_decode(file_get_contents('php://input'), true); $action = $input['action'] ?? $_GET['action'] ?? 'status'; switch ($action) { case 'login': $username = $input['username'] ?? ''; $password = $input['password'] ?? ''; $stmt = $pdo->prepare("SELECT * FROM admin.hamid_users WHERE username = ?"); $stmt->execute([$username]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && password_verify($password, $user['password_hash'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; $pdo->prepare("UPDATE admin.hamid_users SET last_login = NOW() WHERE id = ?") ->execute([$user['id']]); echo json_encode([ 'success' => true, 'user' => [ 'id' => $user['id'], 'username' => $user['username'], 'role' => $user['role'], 'api_key' => $user['api_key'] ] ]); } else { echo json_encode(['success' => false, 'error' => 'Identifiants incorrects']); } break; case 'register': $username = $input['username'] ?? ''; $password = $input['password'] ?? ''; $email = $input['email'] ?? ''; if (strlen($username) < 3 || strlen($password) < 6) { echo json_encode(['success' => false, 'error' => 'Username 3+ chars, password 6+ chars']); break; } try { $hash = password_hash($password, PASSWORD_DEFAULT); $apiKey = bin2hex(random_bytes(32)); $stmt = $pdo->prepare("INSERT INTO admin.hamid_users (username, password_hash, email, api_key) VALUES (?, ?, ?, ?)"); $stmt->execute([$username, $hash, $email, $apiKey]); echo json_encode(['success' => true, 'message' => 'Compte créé!', 'api_key' => $apiKey]); } catch (Exception $e) { echo json_encode(['success' => false, 'error' => 'Username déjà pris']); } break; case 'logout': session_destroy(); echo json_encode(['success' => true]); break; case 'status': if (isset($_SESSION['user_id'])) { echo json_encode([ 'logged_in' => true, 'user' => [ 'id' => $_SESSION['user_id'], 'username' => $_SESSION['username'], 'role' => $_SESSION['role'] ] ]); } else { echo json_encode(['logged_in' => false]); } break; case 'users': // Admin only if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { echo json_encode(['error' => 'Admin required']); break; } $stmt = $pdo->query("SELECT id, username, email, role, created_at, last_login FROM admin.hamid_users ORDER BY created_at DESC"); echo json_encode(['users' => $stmt->fetchAll(PDO::FETCH_ASSOC)]); break; }