true, 'monsters' => $monsters]); break; case 'getQuests': // Vérifier que l'ID du monstre est fourni if (!isset($_GET['monsterId'])) { send_json_response(['success' => false, 'message' => 'ID de monstre manquant'], 400); } $monster_id = intval($_GET['monsterId']); $crown_type = isset($_GET['crownType']) ? $_GET['crownType'] : 'all'; // Récupérer les quêtes if ($crown_type === 'all') { $quests = get_quests_by_monster($monster_id); } else { $quests = get_quests_by_monster_and_crown($monster_id, $crown_type); } // Récupérer le monstre pour inclure son nom $monster = get_monster_by_id($monster_id); // Ajouter les infos de fraîcheur aux quêtes foreach ($quests as &$quest) { $quest['freshness'] = format_relative_date($quest['date']); } send_json_response([ 'success' => true, 'quests' => $quests, 'monster' => $monster ? $monster['name'] : 'Monstre inconnu' ]); break; case 'getAnnouncements': // Récupérer les annonces actives $announcements = get_all_announcements(true); send_json_response(['success' => true, 'announcements' => $announcements]); break; case 'getStatistics': // Vérifier l'authentification pour les statistiques if (!is_logged_in()) { send_json_response(['success' => false, 'message' => 'Authentification requise'], 401); } // Récupérer les statistiques $stats = get_site_statistics(); send_json_response(['success' => true, 'stats' => $stats]); break; default: send_json_response(['success' => false, 'message' => 'Action non reconnue'], 400); } } elseif ($method === 'POST') { // Actions de modification de données // Traiter les données POST $post_data = json_decode(file_get_contents('php://input'), true); if (!$post_data) { $post_data = $_POST; } // Vérifier le jeton CSRF pour les actions non administratives if (in_array($action, ['addQuest', 'deleteQuest'])) { if (!isset($post_data['csrf_token']) || !verify_csrf_token($post_data['csrf_token'])) { send_json_response(['success' => false, 'message' => 'Jeton de sécurité invalide'], 403); } } // Vérifier l'authentification pour les actions administratives if (in_array($action, ['addMonster', 'updateMonster', 'deleteMonster', 'addAnnouncement', 'updateAnnouncement', 'deleteAnnouncement', 'cleanOldQuests'])) { if (!is_logged_in()) { send_json_response(['success' => false, 'message' => 'Authentification requise'], 401); } } switch ($action) { case 'addQuest': // Vérifier les données requises if (!isset($post_data['selectedMonsterId']) || !isset($post_data['crownType']) || !isset($post_data['playerName']) || !isset($post_data['playerId'])) { send_json_response(['success' => false, 'message' => 'Données manquantes'], 400); } $monster_id = intval($post_data['selectedMonsterId']); $crown_type = $post_data['crownType']; $player_name = trim($post_data['playerName']); $player_id = trim($post_data['playerId']); // Validation if (!in_array($crown_type, ['small', 'large'])) { send_json_response(['success' => false, 'message' => 'Type de couronne invalide'], 400); } if (empty($player_name) || empty($player_id)) { send_json_response(['success' => false, 'message' => 'Nom ou ID du joueur manquant'], 400); } // Vérifier que le monstre existe if (!get_monster_by_id($monster_id)) { send_json_response(['success' => false, 'message' => 'Monstre invalide'], 400); } // Ajouter la quête $quest_id = add_quest($monster_id, $crown_type, $player_name, $player_id); if ($quest_id) { send_json_response(['success' => true, 'questId' => $quest_id]); } else { send_json_response(['success' => false, 'message' => 'Erreur lors de l\'ajout de la quête'], 500); } break; case 'deleteQuest': // Vérifier les données requises if (!isset($post_data['deleteQuestId'])) { send_json_response(['success' => false, 'message' => 'ID de quête manquant'], 400); } $quest_id = intval($post_data['deleteQuestId']); // Supprimer la quête if (delete_quest($quest_id)) { send_json_response(['success' => true]); } else { send_json_response(['success' => false, 'message' => 'Erreur lors de la suppression de la quête'], 500); } break; case 'addMonster': // Vérifier les données requises if (!isset($post_data['name']) || !isset($post_data['image'])) { send_json_response(['success' => false, 'message' => 'Données manquantes'], 400); } $name = trim($post_data['name']); $image = trim($post_data['image']); // Validation if (empty($name)) { send_json_response(['success' => false, 'message' => 'Nom du monstre manquant'], 400); } if (!is_valid_image_url($image)) { send_json_response(['success' => false, 'message' => 'URL d\'image invalide'], 400); } // Ajouter le monstre $monster_id = add_monster($name, $image); if ($monster_id) { send_json_response(['success' => true, 'monsterId' => $monster_id]); } else { send_json_response(['success' => false, 'message' => 'Erreur lors de l\'ajout du monstre'], 500); } break; case 'updateMonster': // Vérifier les données requises if (!isset($post_data['id']) || !isset($post_data['name']) || !isset($post_data['image'])) { send_json_response(['success' => false, 'message' => 'Données manquantes'], 400); } $id = intval($post_data['id']); $name = trim($post_data['name']); $image = trim($post_data['image']); // Validation if (empty($name)) { send_json_response(['success' => false, 'message' => 'Nom du monstre manquant'], 400); } if (!is_valid_image_url($image)) { send_json_response(['success' => false, 'message' => 'URL d\'image invalide'], 400); } // Mettre à jour le monstre if (update_monster($id, $name, $image)) { send_json_response(['success' => true]); } else { send_json_response(['success' => false, 'message' => 'Erreur lors de la mise à jour du monstre'], 500); } break; case 'deleteMonster': // Vérifier les données requises if (!isset($post_data['id'])) { send_json_response(['success' => false, 'message' => 'ID de monstre manquant'], 400); } $id = intval($post_data['id']); // Supprimer le monstre if (delete_monster($id)) { send_json_response(['success' => true]); } else { send_json_response(['success' => false, 'message' => 'Erreur lors de la suppression du monstre'], 500); } break; case 'addAnnouncement': // Vérifier les données requises if (!isset($post_data['text'])) { send_json_response(['success' => false, 'message' => 'Texte d\'annonce manquant'], 400); } $text = trim($post_data['text']); $active = isset($post_data['active']) ? (bool)$post_data['active'] : true; // Validation if (empty($text)) { send_json_response(['success' => false, 'message' => 'Texte d\'annonce vide'], 400); } // Ajouter l'annonce $announcement_id = add_announcement($text, $active); if ($announcement_id) { send_json_response(['success' => true, 'announcementId' => $announcement_id]); } else { send_json_response(['success' => false, 'message' => 'Erreur lors de l\'ajout de l\'annonce'], 500); } break; case 'updateAnnouncement': // Vérifier les données requises if (!isset($post_data['id']) || !isset($post_data['text'])) { send_json_response(['success' => false, 'message' => 'Données manquantes'], 400); } $id = intval($post_data['id']); $text = trim($post_data['text']); $active = isset($post_data['active']) ? (bool)$post_data['active'] : true; // Validation if (empty($text)) { send_json_response(['success' => false, 'message' => 'Texte d\'annonce vide'], 400); } // Mettre à jour l'annonce if (update_announcement($id, $text, $active)) { send_json_response(['success' => true]); } else { send_json_response(['success' => false, 'message' => 'Erreur lors de la mise à jour de l\'annonce'], 500); } break; case 'deleteAnnouncement': // Vérifier les données requises if (!isset($post_data['id'])) { send_json_response(['success' => false, 'message' => 'ID d\'annonce manquant'], 400); } $id = intval($post_data['id']); // Supprimer l'annonce if (delete_announcement($id)) { send_json_response(['success' => true]); } else { send_json_response(['success' => false, 'message' => 'Erreur lors de la suppression de l\'annonce'], 500); } break; case 'cleanOldQuests': // Nettoyer les quêtes expirées $cleaned_count = clean_old_quests(); send_json_response(['success' => true, 'cleanedCount' => $cleaned_count]); break; default: send_json_response(['success' => false, 'message' => 'Action non reconnue'], 400); case 'updatePassword': // Vérifier l'authentification if (!is_logged_in()) { send_json_response(['success' => false, 'message' => 'Authentification requise'], 401); } // Vérifier les données requises if (!isset($post_data['currentPassword']) || !isset($post_data['newPassword']) || !isset($post_data['confirmPassword'])) { send_json_response(['success' => false, 'message' => 'Données manquantes'], 400); } $current_password = $post_data['currentPassword']; $new_password = $post_data['newPassword']; $confirm_password = $post_data['confirmPassword']; // Vérifier que les mots de passe correspondent if ($new_password !== $confirm_password) { send_json_response(['success' => false, 'message' => 'Les nouveaux mots de passe ne correspondent pas'], 400); } // Vérifier la longueur du mot de passe if (strlen($new_password) < 8) { send_json_response(['success' => false, 'message' => 'Le nouveau mot de passe doit contenir au moins 8 caractères'], 400); } // Vérifier le mot de passe actuel if (!verify_current_password('admin', $current_password)) { send_json_response(['success' => false, 'message' => 'Mot de passe actuel incorrect'], 400); } // Mettre à jour le mot de passe if (update_user_password('admin', $new_password)) { send_json_response(['success' => true, 'message' => 'Mot de passe mis à jour avec succès']); } else { send_json_response(['success' => false, 'message' => 'Erreur lors de la mise à jour du mot de passe'], 500); } break; } } else { // Méthode HTTP non autorisée send_json_response(['success' => false, 'message' => 'Méthode non autorisée'], 405); }