admin/38320-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

11

Browse Source
This commit is contained in:
Flatlogic Bot 2026-02-10 12:44:05 +00:00
parent fb7b115095
commit fd1a7fb782
4 changed files with 49 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
admin.php
View File

@ -26,6 +26,7 @@ if ($user['role'] !== 'admin') {
if ($count == 1) { if ($count == 1) {
$pdo->query("UPDATE users SET role = 'admin' WHERE id = " . $user['id']); $pdo->query("UPDATE users SET role = 'admin' WHERE id = " . $user['id']);
$user['role'] = 'admin'; $user['role'] = 'admin';
$_SESSION['role'] = 'admin';
} else { } else {
die('Access Denied: You do not have administrator privileges. Your role is: ' . htmlspecialchars($user['role']) . '. Please logout and login as admin.'); die('Access Denied: You do not have administrator privileges. Your role is: ' . htmlspecialchars($user['role']) . '. Please logout and login as admin.');
} }

9
ajax_handler.php
View File

@ -8,9 +8,15 @@ const PRICE_MULTIPLIER = 1.8;
$pdo = db(); $pdo = db();
// Ensure apikey is loaded - Use a more robust fetch // Ensure apikey is loaded
$db_apikey = null; $db_apikey = null;
try { try {
$stmt = $pdo->prepare("SELECT setting_value FROM settings WHERE setting_key = 'lubansms_apikey'");
$stmt->execute();
$db_apikey = $stmt->fetchColumn();
// Fallback if direct match fails (e.g. weird characters)
if (!$db_apikey) {
$settings = $pdo->query("SELECT setting_key, setting_value FROM settings")->fetchAll(PDO::FETCH_KEY_PAIR); $settings = $pdo->query("SELECT setting_key, setting_value FROM settings")->fetchAll(PDO::FETCH_KEY_PAIR);
foreach ($settings as $k => $v) { foreach ($settings as $k => $v) {
if (strpos($k, 'lubansms_apikey') !== false) { if (strpos($k, 'lubansms_apikey') !== false) {
@ -18,6 +24,7 @@ try {
break; break;
} }
} }
}
} catch (Exception $e) { } catch (Exception $e) {
// Log error // Log error
} }

6
api/LocalLubanApi.php
View File

@ -11,6 +11,11 @@ class LubanSMS {
} else { } else {
try { try {
$pdo = db(); $pdo = db();
$stmt = $pdo->prepare("SELECT setting_value FROM settings WHERE setting_key = 'lubansms_apikey'");
$stmt->execute();
$this->apikey = $stmt->fetchColumn();
if (!$this->apikey) {
$stmt = $pdo->query("SELECT setting_key, setting_value FROM settings"); $stmt = $pdo->query("SELECT setting_key, setting_value FROM settings");
$settings = $stmt->fetchAll(PDO::FETCH_KEY_PAIR); $settings = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
foreach ($settings as $k => $v) { foreach ($settings as $k => $v) {
@ -19,6 +24,7 @@ class LubanSMS {
break; break;
} }
} }
}
} catch (Exception $e) { } catch (Exception $e) {
// Log error or handle // Log error or handle
} }

23
rescue.php Normal file
View File

@ -0,0 +1,23 @@
<?php
session_start();
require_once __DIR__ . '/db/config.php';
$pdo = db();
// Force the only user to be admin
$stmt = $pdo->query("SELECT * FROM users");
$users = $stmt->fetchAll();
if (count($users) === 1) {
$user = $users[0];
$pdo->query("UPDATE users SET role = 'admin' WHERE id = " . $user['id']);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = 'admin';
echo "<h1>Account Rescued!</h1>";
echo "<p>Your account (<strong>" . htmlspecialchars($user['username']) . "</strong>) has been set as Administrator.</p>";
echo "<p><a href='admin.php'>Click here to go to Admin Panel</a></p>";
} else {
echo "<h1>Rescue failed</h1>";
echo "<p>System has multiple users. Please login with an admin account.</p>";
echo "<p><a href='index.php'>Go back</a></p>";
}