prepare("SELECT * FROM users WHERE username = ? AND password = ?"); $stmt->bind_param("ss", $username, $password); $stmt->execute(); $result = $stmt->get_result(); $user = $result->fetch_assoc(); $db->close(); if ($user) { $payload = [ 'sub' => $username, 'iat' => time(), 'exp' => time() + 900 ]; $token = JWT::encode($payload, JWT_SECRET, 'HS256'); echo json_encode(['token' => $token]); } else { http_response_code(401); echo json_encode(['message' => 'Identifiants incorrects']); } } else { http_response_code(405); echo json_encode(['message' => 'Méthode non autorisée']); } ?>