11

admin.php

@@ -26,6 +26,7 @@ if ($user['role'] !== 'admin') {
     if ($count == 1) {
         $pdo->query("UPDATE users SET role = 'admin' WHERE id = " . $user['id']);
         $user['role'] = 'admin';
+        $_SESSION['role'] = 'admin';
     } else {
         die('Access Denied: You do not have administrator privileges. Your role is: ' . htmlspecialchars($user['role']) . '. Please logout and login as admin.');
     }

ajax_handler.php

@@ -8,14 +8,21 @@ const PRICE_MULTIPLIER = 1.8;
 
 $pdo = db();
 
-// Ensure apikey is loaded - Use a more robust fetch
+// Ensure apikey is loaded
 $db_apikey = null;
 try {
-    $settings = $pdo->query("SELECT setting_key, setting_value FROM settings")->fetchAll(PDO::FETCH_KEY_PAIR);
+    $stmt = $pdo->prepare("SELECT setting_value FROM settings WHERE setting_key = 'lubansms_apikey'");
-    foreach ($settings as $k => $v) {
+    $stmt->execute();
-        if (strpos($k, 'lubansms_apikey') !== false) {
+    $db_apikey = $stmt->fetchColumn();
-            $db_apikey = trim($v);
+    
-            break;
+    // Fallback if direct match fails (e.g. weird characters)
+    if (!$db_apikey) {
+        $settings = $pdo->query("SELECT setting_key, setting_value FROM settings")->fetchAll(PDO::FETCH_KEY_PAIR);
+        foreach ($settings as $k => $v) {
+            if (strpos($k, 'lubansms_apikey') !== false) {
+                $db_apikey = trim($v);
+                break;
+            }
         }
     }
 } catch (Exception $e) {

api/LocalLubanApi.php

@@ -11,12 +11,18 @@ class LubanSMS {
         } else {
             try {
                 $pdo = db();
-                $stmt = $pdo->query("SELECT setting_key, setting_value FROM settings");
+                $stmt = $pdo->prepare("SELECT setting_value FROM settings WHERE setting_key = 'lubansms_apikey'");
-                $settings = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
+                $stmt->execute();
-                foreach ($settings as $k => $v) {
+                $this->apikey = $stmt->fetchColumn();
-                    if (strpos($k, 'lubansms_apikey') !== false) {
+                
-                        $this->apikey = trim($v);
+                if (!$this->apikey) {
-                        break;
+                    $stmt = $pdo->query("SELECT setting_key, setting_value FROM settings");
+                    $settings = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
+                    foreach ($settings as $k => $v) {
+                        if (strpos($k, 'lubansms_apikey') !== false) {
+                            $this->apikey = trim($v);
+                            break;
+                        }
                     }
                 }
             } catch (Exception $e) {

rescue.php

@@ -0,0 +1,23 @@
+<?php
+session_start();
+require_once __DIR__ . '/db/config.php';
+$pdo = db();
+
+// Force the only user to be admin
+$stmt = $pdo->query("SELECT * FROM users");
+$users = $stmt->fetchAll();
+
+if (count($users) === 1) {
+    $user = $users[0];
+    $pdo->query("UPDATE users SET role = 'admin' WHERE id = " . $user['id']);
+    $_SESSION['user_id'] = $user['id'];
+    $_SESSION['username'] = $user['username'];
+    $_SESSION['role'] = 'admin';
+    echo "<h1>Account Rescued!</h1>";
+    echo "<p>Your account (<strong>" . htmlspecialchars($user['username']) . "</strong>) has been set as Administrator.</p>";
+    echo "<p><a href='admin.php'>Click here to go to Admin Panel</a></p>";
+} else {
+    echo "<h1>Rescue failed</h1>";
+    echo "<p>System has multiple users. Please login with an admin account.</p>";
+    echo "<p><a href='index.php'>Go back</a></p>";
+}