Access Denied

prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$_SESSION['user_id']]); $user = $stmt->fetch(); if (!$user) { session_destroy(); header('Location: index.php?error=user_not_found'); exit; } // Ensure role is admin if ($user['role'] !== 'admin') { // Check if there are ANY admins in the system $adminCount = $pdo->query("SELECT COUNT(*) FROM users WHERE role = 'admin'")->fetchColumn(); if ($adminCount == 0) { // No admin exists? Make this user the admin automatically to prevent lock-out $pdo->query("UPDATE users SET role = 'admin' WHERE id = " . $user['id']); $user['role'] = 'admin'; $_SESSION['role'] = 'admin'; } else { // Nicer access denied page ?> Access Denied

权限不足 (Access Denied)

您当前以 (角色: ) 身份登录。后台管理面板仅限管理员访问。

返回个人中心退出并登录管理员账号

提示: 如果您是系统所有者但无法进入，请尝试访问 /rescue.php

beginTransaction(); try { $stmt = $pdo->prepare("SELECT * FROM recharges WHERE id = ? AND status = 'pending'"); $stmt->execute([$id]); $recharge = $stmt->fetch(); if ($recharge) { $stmt = $pdo->prepare("UPDATE recharges SET status = 'completed' WHERE id = ?"); $stmt->execute([$id]); $stmt = $pdo->prepare("UPDATE users SET balance = balance + ? WHERE id = ?"); $stmt->execute([$recharge['amount'], $recharge['user_id']]); $pdo->commit(); } else { $pdo->rollBack(); } } catch (Exception $e) { $pdo->rollBack(); } header('Location: admin.php?action=recharges'); exit; } if ($action === 'update_settings') { foreach ($_POST['settings'] as $key => $value) { $stmt = $pdo->prepare("INSERT INTO settings (setting_key, setting_value) VALUES (?, ?) ON DUPLICATE KEY UPDATE setting_value = ?"); $stmt->execute([$key, $value, $value]); } header('Location: admin.php?action=settings&success=1'); exit; } if ($action === 'update_user') { $id = $_POST['id']; $balance = $_POST['balance']; $role = $_POST['role']; $stmt = $pdo->prepare("UPDATE users SET balance = ?, role = ? WHERE id = ?"); $stmt->execute([$balance, $role, $id]); header('Location: admin.php?action=users'); exit; } if ($action === 'add_user') { $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; $role = $_POST['role'] ?? 'user'; $balance = (float)($_POST['balance'] ?? 0); if ($username && $password) { $hash = password_hash($password, PASSWORD_DEFAULT); $stmt = $pdo->prepare("INSERT INTO users (username, password_hash, role, balance) VALUES (?, ?, ?, ?)"); try { $stmt->execute([$username, $hash, $role, $balance]); } catch (Exception $e) { header('Location: admin.php?action=users&error=user_exists'); exit; } } header('Location: admin.php?action=users'); exit; } if ($action === 'delete_user') { $id = $_POST['id']; if ($id != $_SESSION['user_id']) { // Foreign keys are ON DELETE CASCADE, so this is safe $stmt = $pdo->prepare("DELETE FROM users WHERE id = ?"); $stmt->execute([$id]); } header('Location: admin.php?action=users'); exit; } } $settings = $pdo->query("SELECT setting_key, setting_value FROM settings")->fetchAll(PDO::FETCH_KEY_PAIR); // Fetch stats for dashboard $stats = [ 'total_users' => $pdo->query("SELECT COUNT(*) FROM users")->fetchColumn(), 'total_recharge' => $pdo->query("SELECT SUM(amount) FROM recharges WHERE status = 'completed'")->fetchColumn() ?: 0, 'total_orders' => $pdo->query("SELECT COUNT(*) FROM sms_orders")->fetchColumn(), 'pending_recharges' => $pdo->query("SELECT COUNT(*) FROM recharges WHERE status = 'pending'")->fetchColumn() ]; ?> 后台管理 - <?= htmlspecialchars($settings['site_name'] ?? '全球接码') ?>

新消息提醒

您收到了来自用户的新客服消息！

数据概览

总用户数

总充值金额

$

总订单数

待审核充值

用户管理

用户名已存在，请换一个。

query("SELECT * FROM users ORDER BY id DESC")->fetchAll(); foreach ($users as $u): ?>

ID	用户名	余额	角色	操作
		$

充值管理

query("SELECT r.*, u.username FROM recharges r JOIN users u ON r.user_id = u.id ORDER BY r.created_at DESC")->fetchAll(); foreach ($recharges as $r): ?>

ID	用户	金额	TXID / 备注	时间	状态	操作
		$

订单记录

query("SELECT o.*, u.username FROM sms_orders o JOIN users u ON o.user_id = u.id ORDER BY o.id DESC LIMIT 100")->fetchAll(); foreach ($orders as $o): ?>

ID	用户	项目	国家	号码	费用	状态	时间
					$

客服消息

正在加载对话...

请选择一个对话

点击左侧用户开始聊天

系统设置

设置已更新

网站名称

网站Logo URL

系统公告

Luban SMS API Key

USDT (TRC20) 收款地址

USDT (ERC20) 收款地址

汇率 (1 USDT = ? 余额)