354 lines
14 KiB
PHP
354 lines
14 KiB
PHP
<?php
|
|
/**
|
|
* API pour les requêtes AJAX - MH Wilds - Partage de Quêtes à Couronnes
|
|
*/
|
|
|
|
// Démarrer la session
|
|
session_start();
|
|
|
|
// Définir une constante pour empêcher l'accès direct aux includes
|
|
define('SECURE_ACCESS', true);
|
|
|
|
// Inclure les fichiers nécessaires
|
|
require_once 'includes/config.php';
|
|
require_once 'includes/database.php';
|
|
require_once 'includes/functions.php';
|
|
|
|
// Définir le type de contenu comme JSON
|
|
header('Content-Type: application/json');
|
|
|
|
// Fonction pour renvoyer une réponse JSON
|
|
function send_json_response($data, $http_code = 200) {
|
|
http_response_code($http_code);
|
|
echo json_encode($data);
|
|
exit;
|
|
}
|
|
|
|
// Vérifier la méthode HTTP
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
// Récupérer l'action demandée
|
|
$action = isset($_GET['action']) ? $_GET['action'] : '';
|
|
|
|
// Traiter les requêtes selon la méthode HTTP et l'action
|
|
if ($method === 'GET') {
|
|
// Actions de récupération de données
|
|
switch ($action) {
|
|
case 'getMonsters':
|
|
// Récupérer tous les monstres
|
|
$monsters = get_all_monsters();
|
|
send_json_response(['success' => true, 'monsters' => $monsters]);
|
|
break;
|
|
|
|
case 'getQuests':
|
|
// Vérifier que l'ID du monstre est fourni
|
|
if (!isset($_GET['monsterId'])) {
|
|
send_json_response(['success' => false, 'message' => 'ID de monstre manquant'], 400);
|
|
}
|
|
|
|
$monster_id = intval($_GET['monsterId']);
|
|
$crown_type = isset($_GET['crownType']) ? $_GET['crownType'] : 'all';
|
|
|
|
// Récupérer les quêtes
|
|
if ($crown_type === 'all') {
|
|
$quests = get_quests_by_monster($monster_id);
|
|
} else {
|
|
$quests = get_quests_by_monster_and_crown($monster_id, $crown_type);
|
|
}
|
|
|
|
// Récupérer le monstre pour inclure son nom
|
|
$monster = get_monster_by_id($monster_id);
|
|
|
|
// Ajouter les infos de fraîcheur aux quêtes
|
|
foreach ($quests as &$quest) {
|
|
$quest['freshness'] = format_relative_date($quest['date']);
|
|
}
|
|
|
|
send_json_response([
|
|
'success' => true,
|
|
'quests' => $quests,
|
|
'monster' => $monster ? $monster['name'] : 'Monstre inconnu'
|
|
]);
|
|
break;
|
|
|
|
case 'getAnnouncements':
|
|
// Récupérer les annonces actives
|
|
$announcements = get_all_announcements(true);
|
|
send_json_response(['success' => true, 'announcements' => $announcements]);
|
|
break;
|
|
|
|
case 'getStatistics':
|
|
// Vérifier l'authentification pour les statistiques
|
|
if (!is_logged_in()) {
|
|
send_json_response(['success' => false, 'message' => 'Authentification requise'], 401);
|
|
}
|
|
|
|
// Récupérer les statistiques
|
|
$stats = get_site_statistics();
|
|
send_json_response(['success' => true, 'stats' => $stats]);
|
|
break;
|
|
|
|
default:
|
|
send_json_response(['success' => false, 'message' => 'Action non reconnue'], 400);
|
|
}
|
|
} elseif ($method === 'POST') {
|
|
// Actions de modification de données
|
|
|
|
// Traiter les données POST
|
|
$post_data = json_decode(file_get_contents('php://input'), true);
|
|
if (!$post_data) {
|
|
$post_data = $_POST;
|
|
}
|
|
|
|
// Vérifier le jeton CSRF pour les actions non administratives
|
|
if (in_array($action, ['addQuest', 'deleteQuest'])) {
|
|
if (!isset($post_data['csrf_token']) || !verify_csrf_token($post_data['csrf_token'])) {
|
|
send_json_response(['success' => false, 'message' => 'Jeton de sécurité invalide'], 403);
|
|
}
|
|
}
|
|
|
|
// Vérifier l'authentification pour les actions administratives
|
|
if (in_array($action, ['addMonster', 'updateMonster', 'deleteMonster', 'addAnnouncement', 'updateAnnouncement', 'deleteAnnouncement', 'cleanOldQuests'])) {
|
|
if (!is_logged_in()) {
|
|
send_json_response(['success' => false, 'message' => 'Authentification requise'], 401);
|
|
}
|
|
}
|
|
|
|
switch ($action) {
|
|
case 'addQuest':
|
|
// Vérifier les données requises
|
|
if (!isset($post_data['selectedMonsterId']) || !isset($post_data['crownType']) ||
|
|
!isset($post_data['playerName']) || !isset($post_data['playerId'])) {
|
|
send_json_response(['success' => false, 'message' => 'Données manquantes'], 400);
|
|
}
|
|
|
|
$monster_id = intval($post_data['selectedMonsterId']);
|
|
$crown_type = $post_data['crownType'];
|
|
$player_name = trim($post_data['playerName']);
|
|
$player_id = trim($post_data['playerId']);
|
|
|
|
// Validation
|
|
if (!in_array($crown_type, ['small', 'large'])) {
|
|
send_json_response(['success' => false, 'message' => 'Type de couronne invalide'], 400);
|
|
}
|
|
|
|
if (empty($player_name) || empty($player_id)) {
|
|
send_json_response(['success' => false, 'message' => 'Nom ou ID du joueur manquant'], 400);
|
|
}
|
|
|
|
// Vérifier que le monstre existe
|
|
if (!get_monster_by_id($monster_id)) {
|
|
send_json_response(['success' => false, 'message' => 'Monstre invalide'], 400);
|
|
}
|
|
|
|
// Ajouter la quête
|
|
$quest_id = add_quest($monster_id, $crown_type, $player_name, $player_id);
|
|
|
|
if ($quest_id) {
|
|
send_json_response(['success' => true, 'questId' => $quest_id]);
|
|
} else {
|
|
send_json_response(['success' => false, 'message' => 'Erreur lors de l\'ajout de la quête'], 500);
|
|
}
|
|
break;
|
|
|
|
case 'deleteQuest':
|
|
// Vérifier les données requises
|
|
if (!isset($post_data['deleteQuestId'])) {
|
|
send_json_response(['success' => false, 'message' => 'ID de quête manquant'], 400);
|
|
}
|
|
|
|
$quest_id = intval($post_data['deleteQuestId']);
|
|
|
|
// Supprimer la quête
|
|
if (delete_quest($quest_id)) {
|
|
send_json_response(['success' => true]);
|
|
} else {
|
|
send_json_response(['success' => false, 'message' => 'Erreur lors de la suppression de la quête'], 500);
|
|
}
|
|
break;
|
|
|
|
case 'addMonster':
|
|
// Vérifier les données requises
|
|
if (!isset($post_data['name']) || !isset($post_data['image'])) {
|
|
send_json_response(['success' => false, 'message' => 'Données manquantes'], 400);
|
|
}
|
|
|
|
$name = trim($post_data['name']);
|
|
$image = trim($post_data['image']);
|
|
|
|
// Validation
|
|
if (empty($name)) {
|
|
send_json_response(['success' => false, 'message' => 'Nom du monstre manquant'], 400);
|
|
}
|
|
|
|
if (!is_valid_image_url($image)) {
|
|
send_json_response(['success' => false, 'message' => 'URL d\'image invalide'], 400);
|
|
}
|
|
|
|
// Ajouter le monstre
|
|
$monster_id = add_monster($name, $image);
|
|
|
|
if ($monster_id) {
|
|
send_json_response(['success' => true, 'monsterId' => $monster_id]);
|
|
} else {
|
|
send_json_response(['success' => false, 'message' => 'Erreur lors de l\'ajout du monstre'], 500);
|
|
}
|
|
break;
|
|
|
|
case 'updateMonster':
|
|
// Vérifier les données requises
|
|
if (!isset($post_data['id']) || !isset($post_data['name']) || !isset($post_data['image'])) {
|
|
send_json_response(['success' => false, 'message' => 'Données manquantes'], 400);
|
|
}
|
|
|
|
$id = intval($post_data['id']);
|
|
$name = trim($post_data['name']);
|
|
$image = trim($post_data['image']);
|
|
|
|
// Validation
|
|
if (empty($name)) {
|
|
send_json_response(['success' => false, 'message' => 'Nom du monstre manquant'], 400);
|
|
}
|
|
|
|
if (!is_valid_image_url($image)) {
|
|
send_json_response(['success' => false, 'message' => 'URL d\'image invalide'], 400);
|
|
}
|
|
|
|
// Mettre à jour le monstre
|
|
if (update_monster($id, $name, $image)) {
|
|
send_json_response(['success' => true]);
|
|
} else {
|
|
send_json_response(['success' => false, 'message' => 'Erreur lors de la mise à jour du monstre'], 500);
|
|
}
|
|
break;
|
|
|
|
case 'deleteMonster':
|
|
// Vérifier les données requises
|
|
if (!isset($post_data['id'])) {
|
|
send_json_response(['success' => false, 'message' => 'ID de monstre manquant'], 400);
|
|
}
|
|
|
|
$id = intval($post_data['id']);
|
|
|
|
// Supprimer le monstre
|
|
if (delete_monster($id)) {
|
|
send_json_response(['success' => true]);
|
|
} else {
|
|
send_json_response(['success' => false, 'message' => 'Erreur lors de la suppression du monstre'], 500);
|
|
}
|
|
break;
|
|
|
|
case 'addAnnouncement':
|
|
// Vérifier les données requises
|
|
if (!isset($post_data['text'])) {
|
|
send_json_response(['success' => false, 'message' => 'Texte d\'annonce manquant'], 400);
|
|
}
|
|
|
|
$text = trim($post_data['text']);
|
|
$active = isset($post_data['active']) ? (bool)$post_data['active'] : true;
|
|
|
|
// Validation
|
|
if (empty($text)) {
|
|
send_json_response(['success' => false, 'message' => 'Texte d\'annonce vide'], 400);
|
|
}
|
|
|
|
// Ajouter l'annonce
|
|
$announcement_id = add_announcement($text, $active);
|
|
|
|
if ($announcement_id) {
|
|
send_json_response(['success' => true, 'announcementId' => $announcement_id]);
|
|
} else {
|
|
send_json_response(['success' => false, 'message' => 'Erreur lors de l\'ajout de l\'annonce'], 500);
|
|
}
|
|
break;
|
|
|
|
case 'updateAnnouncement':
|
|
// Vérifier les données requises
|
|
if (!isset($post_data['id']) || !isset($post_data['text'])) {
|
|
send_json_response(['success' => false, 'message' => 'Données manquantes'], 400);
|
|
}
|
|
|
|
$id = intval($post_data['id']);
|
|
$text = trim($post_data['text']);
|
|
$active = isset($post_data['active']) ? (bool)$post_data['active'] : true;
|
|
|
|
// Validation
|
|
if (empty($text)) {
|
|
send_json_response(['success' => false, 'message' => 'Texte d\'annonce vide'], 400);
|
|
}
|
|
|
|
// Mettre à jour l'annonce
|
|
if (update_announcement($id, $text, $active)) {
|
|
send_json_response(['success' => true]);
|
|
} else {
|
|
send_json_response(['success' => false, 'message' => 'Erreur lors de la mise à jour de l\'annonce'], 500);
|
|
}
|
|
break;
|
|
|
|
case 'deleteAnnouncement':
|
|
// Vérifier les données requises
|
|
if (!isset($post_data['id'])) {
|
|
send_json_response(['success' => false, 'message' => 'ID d\'annonce manquant'], 400);
|
|
}
|
|
|
|
$id = intval($post_data['id']);
|
|
|
|
// Supprimer l'annonce
|
|
if (delete_announcement($id)) {
|
|
send_json_response(['success' => true]);
|
|
} else {
|
|
send_json_response(['success' => false, 'message' => 'Erreur lors de la suppression de l\'annonce'], 500);
|
|
}
|
|
break;
|
|
|
|
case 'cleanOldQuests':
|
|
// Nettoyer les quêtes expirées
|
|
$cleaned_count = clean_old_quests();
|
|
send_json_response(['success' => true, 'cleanedCount' => $cleaned_count]);
|
|
break;
|
|
|
|
default:
|
|
send_json_response(['success' => false, 'message' => 'Action non reconnue'], 400);
|
|
|
|
case 'updatePassword':
|
|
// Vérifier l'authentification
|
|
if (!is_logged_in()) {
|
|
send_json_response(['success' => false, 'message' => 'Authentification requise'], 401);
|
|
}
|
|
|
|
// Vérifier les données requises
|
|
if (!isset($post_data['currentPassword']) || !isset($post_data['newPassword']) || !isset($post_data['confirmPassword'])) {
|
|
send_json_response(['success' => false, 'message' => 'Données manquantes'], 400);
|
|
}
|
|
|
|
$current_password = $post_data['currentPassword'];
|
|
$new_password = $post_data['newPassword'];
|
|
$confirm_password = $post_data['confirmPassword'];
|
|
|
|
// Vérifier que les mots de passe correspondent
|
|
if ($new_password !== $confirm_password) {
|
|
send_json_response(['success' => false, 'message' => 'Les nouveaux mots de passe ne correspondent pas'], 400);
|
|
}
|
|
|
|
// Vérifier la longueur du mot de passe
|
|
if (strlen($new_password) < 8) {
|
|
send_json_response(['success' => false, 'message' => 'Le nouveau mot de passe doit contenir au moins 8 caractères'], 400);
|
|
}
|
|
|
|
// Vérifier le mot de passe actuel
|
|
if (!verify_current_password('admin', $current_password)) {
|
|
send_json_response(['success' => false, 'message' => 'Mot de passe actuel incorrect'], 400);
|
|
}
|
|
|
|
// Mettre à jour le mot de passe
|
|
if (update_user_password('admin', $new_password)) {
|
|
send_json_response(['success' => true, 'message' => 'Mot de passe mis à jour avec succès']);
|
|
} else {
|
|
send_json_response(['success' => false, 'message' => 'Erreur lors de la mise à jour du mot de passe'], 500);
|
|
}
|
|
break;
|
|
}
|
|
} else {
|
|
// Méthode HTTP non autorisée
|
|
send_json_response(['success' => false, 'message' => 'Méthode non autorisée'], 405);
|
|
} |