116 lines
4.1 KiB
PHP
Executable File
116 lines
4.1 KiB
PHP
Executable File
<?php
|
|
session_start();
|
|
header('Content-Type: application/json');
|
|
|
|
$pdo = new PDO("pgsql:host=localhost;dbname=adx_system", "admin", "admin123");
|
|
|
|
// Créer table users si pas existe
|
|
$pdo->exec("CREATE TABLE IF NOT EXISTS admin.hamid_users (
|
|
id SERIAL PRIMARY KEY,
|
|
username VARCHAR(50) UNIQUE NOT NULL,
|
|
password_hash VARCHAR(255) NOT NULL,
|
|
email VARCHAR(100),
|
|
role VARCHAR(20) DEFAULT 'user',
|
|
api_key VARCHAR(64) UNIQUE,
|
|
created_at TIMESTAMP DEFAULT NOW(),
|
|
last_login TIMESTAMP
|
|
)");
|
|
|
|
// Créer admin par défaut
|
|
$stmt = $pdo->prepare("SELECT COUNT(*) FROM admin.hamid_users WHERE username = 'admin'");
|
|
$stmt->execute();
|
|
if ($stmt->fetchColumn() == 0) {
|
|
$hash = password_hash('hamid2024', PASSWORD_DEFAULT);
|
|
$apiKey = bin2hex(random_bytes(32));
|
|
$pdo->prepare("INSERT INTO admin.hamid_users (username, password_hash, role, api_key) VALUES ('admin', ?, 'admin', ?)")
|
|
->execute([$hash, $apiKey]);
|
|
}
|
|
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
$action = $input['action'] ?? $_GET['action'] ?? 'status';
|
|
|
|
switch ($action) {
|
|
case 'login':
|
|
$username = $input['username'] ?? '';
|
|
$password = $input['password'] ?? '';
|
|
|
|
$stmt = $pdo->prepare("SELECT * FROM admin.hamid_users WHERE username = ?");
|
|
$stmt->execute([$username]);
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($user && password_verify($password, $user['password_hash'])) {
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['username'] = $user['username'];
|
|
$_SESSION['role'] = $user['role'];
|
|
|
|
$pdo->prepare("UPDATE admin.hamid_users SET last_login = NOW() WHERE id = ?")
|
|
->execute([$user['id']]);
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'user' => [
|
|
'id' => $user['id'],
|
|
'username' => $user['username'],
|
|
'role' => $user['role'],
|
|
'api_key' => $user['api_key']
|
|
]
|
|
]);
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => 'Identifiants incorrects']);
|
|
}
|
|
break;
|
|
|
|
case 'register':
|
|
$username = $input['username'] ?? '';
|
|
$password = $input['password'] ?? '';
|
|
$email = $input['email'] ?? '';
|
|
|
|
if (strlen($username) < 3 || strlen($password) < 6) {
|
|
echo json_encode(['success' => false, 'error' => 'Username 3+ chars, password 6+ chars']);
|
|
break;
|
|
}
|
|
|
|
try {
|
|
$hash = password_hash($password, PASSWORD_DEFAULT);
|
|
$apiKey = bin2hex(random_bytes(32));
|
|
$stmt = $pdo->prepare("INSERT INTO admin.hamid_users (username, password_hash, email, api_key) VALUES (?, ?, ?, ?)");
|
|
$stmt->execute([$username, $hash, $email, $apiKey]);
|
|
|
|
echo json_encode(['success' => true, 'message' => 'Compte créé!', 'api_key' => $apiKey]);
|
|
} catch (Exception $e) {
|
|
echo json_encode(['success' => false, 'error' => 'Username déjà pris']);
|
|
}
|
|
break;
|
|
|
|
case 'logout':
|
|
session_destroy();
|
|
echo json_encode(['success' => true]);
|
|
break;
|
|
|
|
case 'status':
|
|
if (isset($_SESSION['user_id'])) {
|
|
echo json_encode([
|
|
'logged_in' => true,
|
|
'user' => [
|
|
'id' => $_SESSION['user_id'],
|
|
'username' => $_SESSION['username'],
|
|
'role' => $_SESSION['role']
|
|
]
|
|
]);
|
|
} else {
|
|
echo json_encode(['logged_in' => false]);
|
|
}
|
|
break;
|
|
|
|
case 'users':
|
|
// Admin only
|
|
if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') {
|
|
echo json_encode(['error' => 'Admin required']);
|
|
break;
|
|
}
|
|
$stmt = $pdo->query("SELECT id, username, email, role, created_at, last_login FROM admin.hamid_users ORDER BY created_at DESC");
|
|
echo json_encode(['users' => $stmt->fetchAll(PDO::FETCH_ASSOC)]);
|
|
break;
|
|
}
|
|
|