diff --git a/admin/products.php b/admin/products.php
index 640c732..de1c48c 100644
--- a/admin/products.php
+++ b/admin/products.php
@@ -20,13 +20,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $stock = $_POST['stock'];
     $img = $_POST['image_url'];
     $is_hot = isset($_POST['is_hot']) ? 1 : 0;
+    $is_active = isset($_POST['is_active']) ? 1 : 0;
 
     if ($id) {
-        $stmt = $db->prepare("UPDATE products SET name=?, category_id=?, description=?, content=?, price_usdt=?, stock=?, image_url=?, is_hot=? WHERE id=?");
-        $stmt->execute([$name, $cat_id, $desc, $content, $price, $stock, $img, $is_hot, $id]);
+        $stmt = $db->prepare("UPDATE products SET name=?, category_id=?, description=?, content=?, price_usdt=?, stock=?, image_url=?, is_hot=?, is_active=? WHERE id=?");
+        $stmt->execute([$name, $cat_id, $desc, $content, $price, $stock, $img, $is_hot, $is_active, $id]);
     } else {
-        $stmt = $db->prepare("INSERT INTO products (name, category_id, description, content, price_usdt, stock, image_url, is_hot) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
-        $stmt->execute([$name, $cat_id, $desc, $content, $price, $stock, $img, $is_hot]);
+        $stmt = $db->prepare("INSERT INTO products (name, category_id, description, content, price_usdt, stock, image_url, is_hot, is_active) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
+        $stmt->execute([$name, $cat_id, $desc, $content, $price, $stock, $img, $is_hot, $is_active]);
     }
     header("Location: products.php");
     exit;
@@ -105,11 +106,15 @@ if (isset($_GET['edit'])) {
                                 <label class="form-label">商品图片 URL</label>
                                 <input type="text" name="image_url" class="form-control" value="<?php echo htmlspecialchars($edit_product['image_url'] ?? ''); ?>" required>
                             </div>
-                            <div class="col-md-3 d-flex align-items-end">
+                            <div class="col-md-3 d-flex align-items-end gap-3">
                                 <div class="form-check mb-2">
                                     <input class="form-check-input" type="checkbox" name="is_hot" value="1" id="isHot" <?php echo (isset($edit_product['is_hot']) && $edit_product['is_hot']) ? 'checked' : ''; ?>>
                                     <label class="form-check-label" for="isHot">设为热门推荐</label>
                                 </div>
+                                <div class="form-check mb-2">
+                                    <input class="form-check-input" type="checkbox" name="is_active" value="1" id="isActive" <?php echo (!isset($edit_product) || $edit_product['is_active']) ? 'checked' : ''; ?>>
+                                    <label class="form-check-label" for="isActive">上架显示</label>
+                                </div>
                             </div>
                             <div class="col-12">
                                 <label class="form-label">简短描述 (显示在列表页)</label>
@@ -158,6 +163,11 @@ if (isset($_GET['edit'])) {
                                     <?php if ($p['is_hot']): ?>
                                         <span class="badge bg-danger">热门</span>
                                     <?php endif; ?>
+                                    <?php if (!$p['is_active']): ?>
+                                        <span class="badge bg-secondary">隐藏</span>
+                                    <?php else: ?>
+                                        <span class="badge bg-success">显示</span>
+                                    <?php endif; ?>
                                 </td>
                                 <td>
                                     <a href="?edit=<?php echo $p['id']; ?>" class="btn btn-sm btn-outline-primary">编辑</a>
diff --git a/admin/settings.php b/admin/settings.php
index 19d8108..d5dd5f2 100644
--- a/admin/settings.php
+++ b/admin/settings.php
@@ -1,14 +1,7 @@
 <?php
-require_once __DIR__ . '/../db/config.php';
-session_start();
-
-if (!isset($_SESSION['admin_logged_in'])) {
-    header('Location: ../login.php');
-    exit;
-}
+require_once 'auth.php';
 
 $message = '';
-$db = db();
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_settings'])) {
     foreach ($_POST['settings'] as $key => $value) {
@@ -29,9 +22,27 @@ $groups = [
     '基础信息' => ['site_name', 'site_logo', 'site_description', 'footer_text', 'notice', 'tg_channel'],
     '外观样式 (PC端)' => ['primary_color', 'accent_color'],
     '外观样式 (手机端)' => ['mobile_primary_color', 'mobile_accent_color'],
-    '支付与联系' => ['usdt_address', 'qr_code_custom', 'tg_link'],
+    '支付与联系' => ['usdt_address', 'qr_code_custom', 'tg_link', 'customer_service_email', 'payment_info'],
     'API 与 通知' => ['tg_bot_token', 'tg_chat_id']
 ];
+
+// Check if new settings exist, if not, create them (idempotent)
+$check_new_settings = ['customer_service_email', 'payment_info'];
+foreach ($check_new_settings as $new_key) {
+    if (!isset($settings[$new_key])) {
+        $desc = ($new_key == 'customer_service_email') ? '客服邮箱' : '收款信息/备注';
+        $stmt = $db->prepare("INSERT IGNORE INTO settings (key_name, key_value, description) VALUES (?, '', ?)");
+        $stmt->execute([$new_key, $desc]);
+        
+        // Refresh settings
+        $settings_raw = $db->query("SELECT * FROM settings ORDER BY id ASC")->fetchAll();
+        $settings = [];
+        foreach ($settings_raw as $s) {
+            $settings[$s['key_name']] = $s;
+        }
+    }
+}
+
 ?>
 <!DOCTYPE html>
 <html lang="zh-CN">
@@ -91,11 +102,11 @@ $groups = [
                                         <code class="text-muted small"><?php echo $key; ?></code>
                                     </label>
                                     
-                                    <?php if ($key === 'notice' || $key === 'site_description'): ?>
+                                    <?php if ($key === 'notice' || $key === 'site_description' || $key === 'payment_info'): ?>
                                         <textarea name="settings[<?php echo $key; ?>]" class="form-control border-light-subtle shadow-sm" rows="3"><?php echo htmlspecialchars($s['key_value']); ?></textarea>
                                     <?php elseif (strpos($key, 'color') !== false): ?>
                                         <div class="color-input-wrapper">
-                                            <input type="color" class="form-control-color border-0" value="<?php echo htmlspecialchars($s['key_value']); ?>" oninput="this.nextElementSibling.value = this.value">
+                                            <input type="color" class="form-control-color border-0" value="<?php echo htmlspecialchars($s['key_value'] ?: '#000000'); ?>" oninput="this.nextElementSibling.value = this.value">
                                             <input type="text" name="settings[<?php echo $key; ?>]" class="form-control border-light-subtle shadow-sm" value="<?php echo htmlspecialchars($s['key_value']); ?>">
                                         </div>
                                     <?php elseif ($key === 'site_logo'): ?>
@@ -117,7 +128,7 @@ $groups = [
                     <button type="submit" class="btn btn-primary btn-lg px-5 shadow fw-bold">
                         <i class="bi bi-cloud-arrow-up-fill me-2"></i> 保存并生效所有修改
                     </button>
-                    <p class="text-muted small mt-2 mb-0">所有更改将实时反映在 PC 端和手机端前端页面上。</p>
+                    <p class="text-muted small mt-2 mb-0">所有更改将实时反映在 PC 端 and 手机端前端页面上。</p>
                 </div>
             </form>
         </div>
diff --git a/category.php b/category.php
index e9fc19e..8d6432e 100644
--- a/category.php
+++ b/category.php
@@ -12,7 +12,7 @@ if (!$cat) {
 }
 
 // Fetch products for this category
-$stmt = db()->prepare("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE p.category_id = ? ORDER BY p.id DESC");
+$stmt = db()->prepare("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE p.category_id = ? AND p.is_active = 1 ORDER BY p.id DESC");
 $stmt->execute([$id]);
 $cat_products = $stmt->fetchAll();
 ?>
diff --git a/includes/footer.php b/includes/footer.php
index 490bace..d1fd9a0 100644
--- a/includes/footer.php
+++ b/includes/footer.php
@@ -1,6 +1,7 @@
 <?php
 $footer_text = $settings['footer_text'] ?? ('&copy; ' . date('Y') . ' ' . $site_name . '. All rights reserved.');
 $current_page = basename($_SERVER['PHP_SELF']);
+$cs_email = $settings['customer_service_email'] ?? 'support@hao-soft.world';
 ?>
 </div> <!-- end container mt-4 from header -->
 
@@ -38,7 +39,7 @@ $current_page = basename($_SERVER['PHP_SELF']);
                     <i class="bi bi-telegram text-primary me-2"></i> 官方客服：<a href="<?php echo $tg_link; ?>" class="text-decoration-none text-primary fw-bold" target="_blank">点击跳转</a>
                 </p>
                 <p class="text-muted small mb-2">
-                    <i class="bi bi-envelope text-primary me-2"></i> 售后邮箱：support@hao-soft.world
+                    <i class="bi bi-envelope text-primary me-2"></i> 售后邮箱：<?php echo htmlspecialchars($cs_email); ?>
                 </p>
                 <div class="mt-4">
                     <img src="https://img.shields.io/badge/USDT-Accepted-blue?style=flat-square&logo=tether" alt="USDT">
@@ -89,4 +90,4 @@ $current_page = basename($_SERVER['PHP_SELF']);
 <script src="assets/js/main.js?v=<?php echo time(); ?>"></script>
 
 </body>
-</html>
+</html>
\ No newline at end of file
diff --git a/index.php b/index.php
index f76a23f..5b704e3 100644
--- a/index.php
+++ b/index.php
@@ -5,11 +5,11 @@ include 'includes/header.php';
 $db = db();
 
 // Fetch hot products (Popular Recommendations) - 8 items
-$hot_products = $db->query("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE p.is_hot = 1 LIMIT 8")->fetchAll();
+$hot_products = $db->query("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE p.is_hot = 1 AND p.is_active = 1 LIMIT 8")->fetchAll();
 
 // Function to fetch products by category ID with limit
 function getProductsByCategory($db, $cat_id, $limit) {
-    $stmt = $db->prepare("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE p.category_id = :cat_id LIMIT :limit");
+    $stmt = $db->prepare("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE p.category_id = :cat_id AND p.is_active = 1 LIMIT :limit");
     $stmt->bindValue(':cat_id', $cat_id, PDO::PARAM_INT);
     $stmt->bindValue(':limit', $limit, PDO::PARAM_INT);
     $stmt->execute();
@@ -163,6 +163,18 @@ $categories = $db->query("SELECT * FROM categories")->fetchAll();
             <?php endforeach; ?>
         </div>
     </div>
+
+    <!-- Email Tools -->
+    <div class="mb-4 mb-lg-5">
+        <h5 class='text-dark mb-3 mb-lg-4 mt-4 d-flex align-items-center fw-bold'><span class='category-accent me-2 me-lg-3'></span> 邮箱展示区</h5>
+        <div class="row g-2 g-lg-4">
+            <?php foreach ($email_tools as $product): ?>
+            <div class="col-6 col-lg-3">
+                <?php include 'includes/product_card.php'; ?>
+            </div>
+            <?php endforeach; ?>
+        </div>
+    </div>
 </div>
 
 <!-- Trust Badges (Improved Contrast) -->
diff --git a/payment.php b/payment.php
index 765652b..f761b08 100644
--- a/payment.php
+++ b/payment.php
@@ -22,6 +22,7 @@ $total_qty = $qty_data['total_qty'] ?? 1;
 $usdt_address = $settings['usdt_address'] ?? 'Txxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
 $qr_code_custom = $settings['qr_code_custom'] ?? '';
 $qr_src = !empty($qr_code_custom) ? $qr_code_custom : "https://api.qrserver.com/v1/create-qr-code/?size=300x300&data=" . urlencode($usdt_address);
+$payment_info = $settings['payment_info'] ?? '';
 ?>
 
 <div class="row justify-content-center">
@@ -72,6 +73,15 @@ $qr_src = !empty($qr_code_custom) ? $qr_code_custom : "https://api.qrserver.com/
                             </div>
                         </div>
 
+                        <?php if (!empty($payment_info)): ?>
+                        <div class="p-3 rounded-4 border border-warning border-opacity-10 bg-warning bg-opacity-10 mb-4">
+                            <h6 class="text-warning fw-bold mb-2 small"><i class="bi bi-exclamation-triangle-fill me-2"></i> 收款备注：</h6>
+                            <div class="text-muted small lh-sm" style="font-size: 0.75rem;">
+                                <?php echo nl2br(htmlspecialchars($payment_info)); ?>
+                            </div>
+                        </div>
+                        <?php endif; ?>
+
                         <div class="p-3 rounded-4 border border-info border-opacity-10 bg-info bg-opacity-10 mb-4">
                             <h6 class="text-info fw-bold mb-2 small"><i class="bi bi-info-square-fill me-2"></i> 支付说明：</h6>
                             <ul class="text-muted small mb-0 ps-3 lh-sm" style="font-size: 0.75rem;">
@@ -139,4 +149,4 @@ localStorage.removeItem('cart');
 if (typeof updateCartBadge === 'function') updateCartBadge();
 </script>
 
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
+<?php include 'includes/footer.php'; ?>
diff --git a/product.php b/product.php
index cb97055..c1eaceb 100644
--- a/product.php
+++ b/product.php
@@ -2,12 +2,12 @@
 include 'includes/header.php';
 
 $id = $_GET['id'] ?? 0;
-$stmt = db()->prepare("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE p.id = ?");
+$stmt = db()->prepare("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE p.id = ? AND p.is_active = 1");
 $stmt->execute([$id]);
 $product = $stmt->fetch();
 
 if (!$product) {
-    echo "<div class='alert alert-danger'>商品不存在。</div>";
+    echo "<div class='container py-5 text-center'><div class='alert alert-danger p-5 rounded-4 shadow-sm border-0'><i class='bi bi-exclamation-triangle fs-1 d-block mb-3'></i><h4 class='fw-bold'>商品不存在或已下架</h4><p class='mb-4'>抱歉，您访问的商品可能已被下架或删除。</p><a href='index.php' class='btn btn-primary px-5 rounded-pill'>返回商城首页</a></div></div>";
     include 'includes/footer.php';
     exit;
 }
diff --git a/search.php b/search.php
index eb2e453..9ac5f0d 100644
--- a/search.php
+++ b/search.php
@@ -4,7 +4,7 @@ include 'includes/header.php';
 $q = $_GET['q'] ?? '';
 $results = [];
 if (!empty($q)) {
-    $stmt = db()->prepare("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE p.name LIKE ? OR p.description LIKE ? OR c.name LIKE ? ORDER BY p.id DESC");
+    $stmt = db()->prepare("SELECT p.*, c.name as category_name FROM products p JOIN categories c ON p.category_id = c.id WHERE (p.name LIKE ? OR p.description LIKE ? OR c.name LIKE ?) AND p.is_active = 1 ORDER BY p.id DESC");
     $stmt->execute(['%'.$q.'%', '%'.$q.'%', '%'.$q.'%']);
     $results = $stmt->fetchAll();
 }
@@ -39,4 +39,4 @@ if (!empty($q)) {
     </div>
 <?php endif; ?>
 
-<?php include 'includes/footer.php'; ?>
+<?php include 'includes/footer.php'; ?>
\ No newline at end of file