From d90466979397fc18d3e1abd04d20401538f2fe6c Mon Sep 17 00:00:00 2001 From: yasss2627 Date: Sun, 11 Jan 2026 22:24:53 +0000 Subject: [PATCH] =?UTF-8?q?T=C3=A9l=C3=A9verser=20les=20fichiers=20vers=20?= =?UTF-8?q?"api"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/login.php | 28 ++++++++++++++++++++++++++++ api/logout.php | 4 ++++ api/post.php | 37 +++++++++++++++++++++++++++++++++++++ api/register.php | 26 ++++++++++++++++++++++++++ 4 files changed, 95 insertions(+) create mode 100644 api/login.php create mode 100644 api/logout.php create mode 100644 api/post.php create mode 100644 api/register.php diff --git a/api/login.php b/api/login.php new file mode 100644 index 0000000..448d1b3 --- /dev/null +++ b/api/login.php @@ -0,0 +1,28 @@ + GNU nano 8.4 login.php +prepare("SELECT * FROM utilisateurs WHERE pseudo = ?"); +$stmt->execute([$username]); +$user = $stmt->fetch(PDO::FETCH_ASSOC); + +if (!$user || !password_verify($password, $user['mot_de_passe'])) { + echo json_encode(['success'=>false,'message'=>'Identifiants incorrects']); + exit; +} + +$_SESSION['user_id'] = $user['id']; +$isAdmin = strtolower($user['pseudo']) === 'admin'; + +echo json_encode([ + 'success'=>true, + 'message'=>'Connexion réussie', + 'isAdmin'=>$isAdmin, + 'flag'=>$isAdmin ? $env['FLAG'] : null +]); diff --git a/api/logout.php b/api/logout.php new file mode 100644 index 0000000..326e3c6 --- /dev/null +++ b/api/logout.php @@ -0,0 +1,4 @@ +true,'message'=>'Déconnexion réussie']); \ No newline at end of file diff --git a/api/post.php b/api/post.php new file mode 100644 index 0000000..c9375b4 --- /dev/null +++ b/api/post.php @@ -0,0 +1,37 @@ +false,'message'=>'Vous devez être connecté']); + exit; +} + +$content = trim($_POST['content'] ?? ''); +if(!$content){ + echo json_encode(['success'=>false,'message'=>'Message vide']); + exit; +} + +// Insertion du message +$stmt = $pdo->prepare("INSERT INTO messages (id_utilisateur, contenu, date_creation)> +$stmt->execute([$userId, $content]); +$messageId = $pdo->lastInsertId(); + +// Upload de fichier +if(!empty($_FILES['image']['tmp_name'])){ + $file = $_FILES['image']; + $allowedTypes = ['image/png','image/jpeg']; + if(!in_array($file['type'],$allowedTypes) || $file['size']>2*1024*1024){ + echo json_encode(['success'=>false,'message'=>'Fichier non valide']); + exit; + } + + $data = file_get_contents($file['tmp_name']); + $base64 = 'data:'.$file['type'].';base64,'.base64_encode($data); + $stmt = $pdo->prepare("INSERT INTO fichiers (id_message, nom_fichier, chemin_fic> + $stmt->execute([$messageId, $file['name'], $base64, $file['size'], $file['type']> +} + +echo json_encode(['success'=>true,'message'=>'Post publié avec succès']); \ No newline at end of file diff --git a/api/register.php b/api/register.php new file mode 100644 index 0000000..499adcb --- /dev/null +++ b/api/register.php @@ -0,0 +1,26 @@ +false,'message'=>'Pseudo ou mot de passe invalide']> + exit; +} + +$stmt = $pdo->prepare("SELECT id FROM utilisateurs WHERE pseudo = ?"); +$stmt->execute([$username]); +if ($stmt->fetch()) { + echo json_encode(['success'=>false,'message'=>'Pseudo déjà utilisé']); + exit; +} + +$hash = password_hash($password, PASSWORD_BCRYPT); +$stmt = $pdo->prepare("INSERT INTO utilisateurs (pseudo, mot_de_passe, date_inscript> +$stmt->execute([$username, $hash]); + +echo json_encode(['success'=>true,'message'=>'Inscription réussie']); \ No newline at end of file