admin/38320-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

123456

Browse Source
This commit is contained in:
Flatlogic Bot 2026-02-10 12:21:03 +00:00
parent 48b78f8a22
commit fb7b115095
3 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
admin.php
View File

@ -19,8 +19,16 @@ if (!$user) {
exit; exit;
} }
// Ensure role is admin
if ($user['role'] !== 'admin') { if ($user['role'] !== 'admin') {
die('Access Denied: You do not have administrator privileges. Your role is: ' . htmlspecialchars($user['role'])); // Check if this is the ONLY user, if so, force admin
$count = $pdo->query("SELECT COUNT(*) FROM users")->fetchColumn();
if ($count == 1) {
$pdo->query("UPDATE users SET role = 'admin' WHERE id = " . $user['id']);
$user['role'] = 'admin';
} else {
die('Access Denied: You do not have administrator privileges. Your role is: ' . htmlspecialchars($user['role']) . '. Please logout and login as admin.');
}
} }
$action = $_GET['action'] ?? 'dashboard'; $action = $_GET['action'] ?? 'dashboard';

21
ajax_handler.php
View File

@ -8,10 +8,19 @@ const PRICE_MULTIPLIER = 1.8;
$pdo = db(); $pdo = db();
// Ensure apikey is loaded // Ensure apikey is loaded - Use a more robust fetch
$stmt = $pdo->prepare("SELECT setting_value FROM settings WHERE setting_key = 'lubansms_apikey'"); $db_apikey = null;
$stmt->execute(); try {
$db_apikey = $stmt->fetchColumn(); $settings = $pdo->query("SELECT setting_key, setting_value FROM settings")->fetchAll(PDO::FETCH_KEY_PAIR);
foreach ($settings as $k => $v) {
if (strpos($k, 'lubansms_apikey') !== false) {
$db_apikey = trim($v);
break;
}
}
} catch (Exception $e) {
// Log error
}
$api = new LubanSMS($db_apikey); $api = new LubanSMS($db_apikey);
@ -69,7 +78,7 @@ try {
case 'get_countries': case 'get_countries':
if (!$db_apikey) { if (!$db_apikey) {
echo json_encode(['code' => 500, 'msg' => 'API Key not configured in DB'], JSON_UNESCAPED_UNICODE); echo json_encode(['code' => 500, 'msg' => '加载失败: API Key not configured in DB (Debug: key is null)'], JSON_UNESCAPED_UNICODE);
break; break;
} }
$res = $api->getCountries(); $res = $api->getCountries();
@ -83,7 +92,7 @@ try {
case 'get_services': case 'get_services':
if (!$db_apikey) { if (!$db_apikey) {
echo json_encode(['code' => 500, 'msg' => 'API Key not configured in DB'], JSON_UNESCAPED_UNICODE); echo json_encode(['code' => 500, 'msg' => '加载行情失败: API Key not configured in DB'], JSON_UNESCAPED_UNICODE);
break; break;
} }
$country = $_GET['country'] ?? ''; $country = $_GET['country'] ?? '';

12
api/LocalLubanApi.php
View File

@ -11,11 +11,13 @@ class LubanSMS {
} else { } else {
try { try {
$pdo = db(); $pdo = db();
$stmt = $pdo->prepare("SELECT setting_value FROM settings WHERE setting_key = 'lubansms_apikey'"); $stmt = $pdo->query("SELECT setting_key, setting_value FROM settings");
$stmt->execute(); $settings = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
$val = $stmt->fetchColumn(); foreach ($settings as $k => $v) {
if ($val) { if (strpos($k, 'lubansms_apikey') !== false) {
$this->apikey = trim($val); $this->apikey = trim($v);
break;
}
} }
} catch (Exception $e) { } catch (Exception $e) {
// Log error or handle // Log error or handle