prepare("SELECT role FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if ($user['role'] !== 'admin') {
die('Access Denied');
}
$action = $_GET['action'] ?? 'dashboard';
// Handle Actions
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($action === 'confirm_recharge') {
$id = $_POST['id'];
$pdo->beginTransaction();
$stmt = $pdo->prepare("SELECT * FROM recharges WHERE id = ? AND status = 'pending'");
$stmt->execute([$id]);
$recharge = $stmt->fetch();
if ($recharge) {
$stmt = $pdo->prepare("UPDATE recharges SET status = 'completed' WHERE id = ?");
$stmt->execute([$id]);
$stmt = $pdo->prepare("UPDATE users SET balance = balance + ? WHERE id = ?");
$stmt->execute([$recharge['amount'], $recharge['user_id']]);
}
$pdo->commit();
} elseif ($action === 'reject_recharge') {
$id = $_POST['id'];
$stmt = $pdo->prepare("UPDATE recharges SET status = 'rejected' WHERE id = ?");
$stmt->execute([$id]);
} elseif ($action === 'reply_support') {
$user_id = $_POST['user_id'];
$message = $_POST['message'];
$stmt = $pdo->prepare("INSERT INTO support_messages (user_id, sender, message) VALUES (?, 'admin', ?)");
$stmt->execute([$user_id, $message]);
} elseif ($action === 'update_settings') {
foreach ($_POST['settings'] as $key => $value) {
$stmt = $pdo->prepare("UPDATE settings SET setting_value = ? WHERE setting_key = ?");
$stmt->execute([$value, $key]);
}
}
}
// Fetch Data
$stats = [
'users' => $pdo->query("SELECT COUNT(*) FROM users")->fetchColumn(),
'pending_recharges' => $pdo->query("SELECT COUNT(*) FROM recharges WHERE status = 'pending'")->fetchColumn(),
'total_orders' => $pdo->query("SELECT COUNT(*) FROM sms_orders")->fetchColumn(),
];
$pending_recharges = $pdo->query("SELECT r.*, u.username FROM recharges r JOIN users u ON r.user_id = u.id WHERE r.status = 'pending' ORDER BY r.created_at DESC")->fetchAll();
$support_requests = $pdo->query("SELECT m.*, u.username FROM support_messages m JOIN users u ON m.user_id = u.id WHERE m.sender = 'user' AND m.id IN (SELECT MAX(id) FROM support_messages GROUP BY user_id) ORDER BY m.created_at DESC")->fetchAll();
$settings = $pdo->query("SELECT * FROM settings")->fetchAll(PDO::FETCH_KEY_PAIR);
?>
管理后台 - 全球接码