Téléverser les fichiers vers "api"

2026-01-11 22:24:53 +00:00 · 2026-01-11 22:24:53 +00:00 · d904669793
commit d904669793
4 changed files with 95 additions and 0 deletions
--- a/api/login.php
+++ b/api/login.php
@ -0,0 +1,28 @@
+  GNU nano 8.4                          login.php
+<?php
+session_start();
+require '../config/db.php';
+$env = require '../config/env.php';
+
+$data = json_decode(file_get_contents('php://input'), true);
+$username = trim($data['username'] ?? '');
+$password = $data['password'] ?? '';
+
+$stmt = $pdo->prepare("SELECT * FROM utilisateurs WHERE pseudo = ?");
+$stmt->execute([$username]);
+$user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+if (!$user || !password_verify($password, $user['mot_de_passe'])) {
+    echo json_encode(['success'=>false,'message'=>'Identifiants incorrects']);
+    exit;
+}
+
+$_SESSION['user_id'] = $user['id'];
+$isAdmin = strtolower($user['pseudo']) === 'admin';
+
+echo json_encode([
+    'success'=>true,
+    'message'=>'Connexion réussie',
+    'isAdmin'=>$isAdmin,
+    'flag'=>$isAdmin ? $env['FLAG'] : null
+]);
--- a/api/logout.php
+++ b/api/logout.php
@ -0,0 +1,4 @@
+<?php
+session_start();
+session_destroy();
+echo json_encode(['success'=>true,'message'=>'Déconnexion réussie']);
--- a/api/post.php
+++ b/api/post.php
@ -0,0 +1,37 @@
+<?php
+session_start();
+require '../config/db.php';
+
+$userId = $_SESSION['user_id'] ?? null;
+if(!$userId){
+    echo json_encode(['success'=>false,'message'=>'Vous devez être connecté']);
+    exit;
+}
+
+$content = trim($_POST['content'] ?? '');
+if(!$content){
+    echo json_encode(['success'=>false,'message'=>'Message vide']);
+    exit;
+}
+
+// Insertion du message
+$stmt = $pdo->prepare("INSERT INTO messages (id_utilisateur, contenu, date_creation)>
+$stmt->execute([$userId, $content]);
+$messageId = $pdo->lastInsertId();
+
+// Upload de fichier
+if(!empty($_FILES['image']['tmp_name'])){
+    $file = $_FILES['image'];
+    $allowedTypes = ['image/png','image/jpeg'];
+    if(!in_array($file['type'],$allowedTypes) || $file['size']>2*1024*1024){
+        echo json_encode(['success'=>false,'message'=>'Fichier non valide']);
+        exit;
+    }
+
+    $data = file_get_contents($file['tmp_name']);
+    $base64 = 'data:'.$file['type'].';base64,'.base64_encode($data);
+    $stmt = $pdo->prepare("INSERT INTO fichiers (id_message, nom_fichier, chemin_fic>
+    $stmt->execute([$messageId, $file['name'], $base64, $file['size'], $file['type']>
+}
+
+echo json_encode(['success'=>true,'message'=>'Post publié avec succès']);
--- a/api/register.php
+++ b/api/register.php
@ -0,0 +1,26 @@
+<?php
+session_start();
+require '../config/db.php';
+
+$data = json_decode(file_get_contents('php://input'), true);
+
+$username = trim($data['username'] ?? '');
+$password = $data['password'] ?? '';
+
+if ($username === '' || strlen($password) < 6) {
+    echo json_encode(['success'=>false,'message'=>'Pseudo ou mot de passe invalide']>
+    exit;
+}
+
+$stmt = $pdo->prepare("SELECT id FROM utilisateurs WHERE pseudo = ?");
+$stmt->execute([$username]);
+if ($stmt->fetch()) {
+    echo json_encode(['success'=>false,'message'=>'Pseudo déjà utilisé']);
+    exit;
+}
+
+$hash = password_hash($password, PASSWORD_BCRYPT);
+$stmt = $pdo->prepare("INSERT INTO utilisateurs (pseudo, mot_de_passe, date_inscript>
+$stmt->execute([$username, $hash]);
+
+echo json_encode(['success'=>true,'message'=>'Inscription réussie']);