11
This commit is contained in:
Flatlogic Bot
parent
fb7b115095
commit
fd1a7fb782
@ -26,6 +26,7 @@ if ($user['role'] !== 'admin') {
|
||||
if ($count == 1) {
|
||||
$pdo->query("UPDATE users SET role = 'admin' WHERE id = " . $user['id']);
|
||||
$user['role'] = 'admin';
|
||||
$_SESSION['role'] = 'admin';
|
||||
} else {
|
||||
die('Access Denied: You do not have administrator privileges. Your role is: ' . htmlspecialchars($user['role']) . '. Please logout and login as admin.');
|
||||
}
|
||||
|
||||
@ -8,14 +8,21 @@ const PRICE_MULTIPLIER = 1.8;
|
||||
|
||||
$pdo = db();
|
||||
|
||||
// Ensure apikey is loaded - Use a more robust fetch
|
||||
// Ensure apikey is loaded
|
||||
$db_apikey = null;
|
||||
try {
|
||||
$settings = $pdo->query("SELECT setting_key, setting_value FROM settings")->fetchAll(PDO::FETCH_KEY_PAIR);
|
||||
foreach ($settings as $k => $v) {
|
||||
if (strpos($k, 'lubansms_apikey') !== false) {
|
||||
$db_apikey = trim($v);
|
||||
break;
|
||||
$stmt = $pdo->prepare("SELECT setting_value FROM settings WHERE setting_key = 'lubansms_apikey'");
|
||||
$stmt->execute();
|
||||
$db_apikey = $stmt->fetchColumn();
|
||||
|
||||
// Fallback if direct match fails (e.g. weird characters)
|
||||
if (!$db_apikey) {
|
||||
$settings = $pdo->query("SELECT setting_key, setting_value FROM settings")->fetchAll(PDO::FETCH_KEY_PAIR);
|
||||
foreach ($settings as $k => $v) {
|
||||
if (strpos($k, 'lubansms_apikey') !== false) {
|
||||
$db_apikey = trim($v);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
|
||||
@ -11,12 +11,18 @@ class LubanSMS {
|
||||
} else {
|
||||
try {
|
||||
$pdo = db();
|
||||
$stmt = $pdo->query("SELECT setting_key, setting_value FROM settings");
|
||||
$settings = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
|
||||
foreach ($settings as $k => $v) {
|
||||
if (strpos($k, 'lubansms_apikey') !== false) {
|
||||
$this->apikey = trim($v);
|
||||
break;
|
||||
$stmt = $pdo->prepare("SELECT setting_value FROM settings WHERE setting_key = 'lubansms_apikey'");
|
||||
$stmt->execute();
|
||||
$this->apikey = $stmt->fetchColumn();
|
||||
|
||||
if (!$this->apikey) {
|
||||
$stmt = $pdo->query("SELECT setting_key, setting_value FROM settings");
|
||||
$settings = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
|
||||
foreach ($settings as $k => $v) {
|
||||
if (strpos($k, 'lubansms_apikey') !== false) {
|
||||
$this->apikey = trim($v);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
|
||||
23
rescue.php
Normal file
23
rescue.php
Normal file
@ -0,0 +1,23 @@
|
||||
<?php
|
||||
session_start();
|
||||
require_once __DIR__ . '/db/config.php';
|
||||
$pdo = db();
|
||||
|
||||
// Force the only user to be admin
|
||||
$stmt = $pdo->query("SELECT * FROM users");
|
||||
$users = $stmt->fetchAll();
|
||||
|
||||
if (count($users) === 1) {
|
||||
$user = $users[0];
|
||||
$pdo->query("UPDATE users SET role = 'admin' WHERE id = " . $user['id']);
|
||||
$_SESSION['user_id'] = $user['id'];
|
||||
$_SESSION['username'] = $user['username'];
|
||||
$_SESSION['role'] = 'admin';
|
||||
echo "<h1>Account Rescued!</h1>";
|
||||
echo "<p>Your account (<strong>" . htmlspecialchars($user['username']) . "</strong>) has been set as Administrator.</p>";
|
||||
echo "<p><a href='admin.php'>Click here to go to Admin Panel</a></p>";
|
||||
} else {
|
||||
echo "<h1>Rescue failed</h1>";
|
||||
echo "<p>System has multiple users. Please login with an admin account.</p>";
|
||||
echo "<p><a href='index.php'>Go back</a></p>";
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user