diff --git a/admin/customer_service.php b/admin/customer_service.php
index ac3c97c..97afce0 100644
--- a/admin/customer_service.php
+++ b/admin/customer_service.php
@@ -313,6 +313,9 @@ let currentUserContext = '';
let lastMsgCount = 0;
let notifySound = new Audio('https://assets.mixkit.co/active_storage/sfx/2358/2358-preview.mp3');
+// Get API path dynamically
+const apiPath = (window.location.origin + window.location.pathname).split('/admin/')[0] + '/api/';
+
async function refreshUsers() {
try {
const list = document.getElementById('user-list');
@@ -321,10 +324,17 @@ let notifySound = new Audio('https://assets.mixkit.co/active_storage/sfx/2358/23
const searchInput = document.getElementById('user-search');
const search = searchInput ? searchInput.value.toLowerCase() : '';
- const r = await fetch('../api/chat.php?action=admin_get_all');
- if (!r.ok) return;
+ const r = await fetch(apiPath + 'chat.php?action=admin_get_all&v=' + Date.now());
+ if (!r.ok) {
+ list.innerHTML = `API 错误: ${r.status} ${r.statusText}
`;
+ return;
+ }
const users = await r.json();
+ if (users.success === false) {
+ list.innerHTML = `服务器错误: ${users.error}
`;
+ return;
+ }
if (users.error || !Array.isArray(users)) return;
// Sound notification for new messages based on total unread count
@@ -452,14 +462,14 @@ let notifySound = new Audio('https://assets.mixkit.co/active_storage/sfx/2358/23
fd.append('user_id', userId);
fd.append('ip_address', ip);
fd.append('session_id', sid);
- fetch('../api/chat.php?action=mark_read', { method: 'POST', body: fd }).then(() => refreshUsers());
+ fetch(apiPath + 'chat.php?action=mark_read&v=' + Date.now(), { method: 'POST', body: fd }).then(() => refreshUsers());
}
async function recallMessage(msgId) {
if (!confirm('确定撤回该消息吗?')) return;
const fd = new URLSearchParams();
fd.append('message_id', msgId);
- const r = await fetch('../api/chat.php?action=admin_recall_message', { method: 'POST', body: fd });
+ const r = await fetch(apiPath + 'chat.php?action=admin_recall_message&v=' + Date.now(), { method: 'POST', body: fd });
const res = await r.json();
if (res.success) {
fetchMessages();
@@ -473,7 +483,7 @@ async function deleteChat(userId, ip, sid, event) {
fd.append('user_id', userId);
fd.append('ip_address', ip);
fd.append('session_id', sid);
- const r = await fetch('../api/chat.php?action=admin_delete_user', { method: 'POST', body: fd });
+ const r = await fetch(apiPath + 'chat.php?action=admin_delete_user&v=' + Date.now(), { method: 'POST', body: fd });
const res = await r.json();
if (res.success) {
if (selectedSid == sid && selectedIp == ip && selectedUser == userId) {
@@ -500,7 +510,7 @@ async function deleteUser() {
fd.append('user_id', selectedUser);
fd.append('ip_address', selectedIp);
fd.append('session_id', selectedSid);
- const r = await fetch('../api/chat.php?action=admin_delete_user', { method: 'POST', body: fd });
+ const r = await fetch(apiPath + 'chat.php?action=admin_delete_user&v=' + Date.now(), { method: 'POST', body: fd });
const res = await r.json();
if (res.success) {
selectedUser = null;
@@ -522,7 +532,7 @@ async function deleteUser() {
async function fetchMessages() {
if (!selectedIp && !selectedUser && !selectedSid) return;
try {
- const r = await fetch(`../api/chat.php?action=get_messages&user_id=${selectedUser}&ip=${selectedIp}&session_id=${selectedSid}`);
+ const r = await fetch(apiPath + `chat.php?action=get_messages&user_id=${selectedUser}&ip=${selectedIp}&session_id=${selectedSid}&v=${Date.now()}`);
const msgs = await r.json();
if (!msgs || !Array.isArray(msgs)) return;
@@ -634,7 +644,7 @@ async function notifyMatchSuccess() {
fd.append('account', account);
try {
- const r = await fetch('../api/admin_recharge.php?action=match_success', { method: 'POST', body: fd });
+ const r = await fetch(apiPath + 'admin_recharge.php?action=match_success&v=' + Date.now(), { method: 'POST', body: fd });
const res = await r.json();
if (res.success) {
alert('匹配成功!状态已更新。若要向用户显示收款账户,请继续点击“发送账户”按钮。');
@@ -663,7 +673,7 @@ async function sendPaymentInfo() {
try {
console.log('Sending account info...', { bank, name, account });
- const r = await fetch('../api/admin_recharge.php?action=send_account', { method: 'POST', body: fd });
+ const r = await fetch(apiPath + 'admin_recharge.php?action=send_account&v=' + Date.now(), { method: 'POST', body: fd });
const res = await r.json();
if (res.success) {
@@ -709,7 +719,7 @@ document.getElementById('image-input').addEventListener('change', async (e) => {
formData.append('session_id', selectedSid || '');
try {
- const r = await fetch('../api/chat.php?action=upload_image', {
+ const r = await fetch(apiPath + 'chat.php?action=upload_image&v=' + Date.now(), {
method: 'POST',
body: formData
});
@@ -759,7 +769,7 @@ document.getElementById('chat-form').addEventListener('submit', async (e) => {
fd.append('session_id', selectedSid);
try {
- const r = await fetch('../api/chat.php?action=admin_send', { method: 'POST', body: fd });
+ const r = await fetch(apiPath + 'chat.php?action=admin_send&v=' + Date.now(), { method: 'POST', body: fd });
const res = await r.json();
const tempMsg = document.querySelector(`[data-id="${tempId}"]`);
@@ -781,7 +791,7 @@ document.getElementById('save-remark-btn').addEventListener('click', async () =>
fd.append('session_id', selectedSid);
fd.append('remark', remark);
- const r = await fetch('../api/chat.php?action=save_remark', { method: 'POST', body: fd });
+ const r = await fetch(apiPath + 'chat.php?action=save_remark&v=' + Date.now(), { method: 'POST', body: fd });
const res = await r.json();
if (res.success) {
alert('备注已保存');
diff --git a/admin/layout.php b/admin/layout.php
index b079364..4f00f33 100644
--- a/admin/layout.php
+++ b/admin/layout.php
@@ -281,21 +281,24 @@ function renderAdminPage($content, $title = '后台管理') {
const visitedPages = JSON.parse(localStorage.getItem('visited_admin_pages') || '[]');
const currentPage = window.location.pathname;
+ // Detect base path for API calls
+ const apiPath = (window.location.origin + window.location.pathname).split('/admin/')[0] + '/api/';
+
// Clear badges based on current page
if (currentPage.includes('finance.php')) {
- fetch('../api/admin_notifications.php?action=clear&type=finance');
+ fetch(apiPath + 'admin_notifications.php?action=clear&type=finance&v=' + Date.now());
} else if (currentPage.includes('kyc.php')) {
- fetch('../api/admin_notifications.php?action=clear&type=kyc');
+ fetch(apiPath + 'admin_notifications.php?action=clear&type=kyc&v=' + Date.now());
} else if (currentPage.includes('binary.php')) {
- fetch('../api/admin_notifications.php?action=clear&type=binary');
+ fetch(apiPath + 'admin_notifications.php?action=clear&type=binary&v=' + Date.now());
} else if (currentPage.includes('contract.php')) {
- fetch('../api/admin_notifications.php?action=clear&type=contract');
+ fetch(apiPath + 'admin_notifications.php?action=clear&type=contract&v=' + Date.now());
} else if (currentPage.includes('spot.php')) {
- fetch('../api/admin_notifications.php?action=clear&type=spot');
+ fetch(apiPath + 'admin_notifications.php?action=clear&type=spot&v=' + Date.now());
} else if (currentPage.includes('customer_service.php')) {
- fetch('../api/admin_notifications.php?action=clear&type=messages');
+ fetch(apiPath + 'admin_notifications.php?action=clear&type=messages&v=' + Date.now());
} else if (currentPage.includes('users.php')) {
- fetch('../api/admin_notifications.php?action=clear&type=users');
+ fetch(apiPath + 'admin_notifications.php?action=clear&type=users&v=' + Date.now());
}
document.querySelectorAll('.card-dismissible').forEach(card => {
@@ -351,7 +354,8 @@ function renderAdminPage($content, $title = '后台管理') {
function checkNotifications() {
const currentPage = window.location.pathname;
const isDashboard = currentPage.includes('index.php') || currentPage.endsWith('/admin/');
- const url = isDashboard ? '../api/admin_notifications.php?stats=1' : '../api/admin_notifications.php';
+ const apiPath = (window.location.origin + window.location.pathname).split('/admin/')[0] + '/api/';
+ const url = apiPath + 'admin_notifications.php?v=' + Date.now() + (isDashboard ? '&stats=1' : '');
fetch(url)
.then(r => r.json())
diff --git a/api/chat.php b/api/chat.php
index b405aa6..7d4fd37 100644
--- a/api/chat.php
+++ b/api/chat.php
@@ -233,71 +233,55 @@ if ($action === 'admin_get_all') {
exit;
}
try {
- // Improved query to get all active chat sessions.
- // We group by user_id if it's set (>0).
- // If user_id is 0, we group by session_id.
- // If session_id is also empty, we group by IP.
+ // Simplified and robust query for deployment compatibility
$stmt = db()->query("
SELECT
v.final_user_id as user_id,
- v.effective_ip as ip_address,
- v.effective_sid as session_id,
- v.unread_count,
+ MAX(v.effective_ip) as ip_address,
+ MAX(v.effective_sid) as session_id,
+ SUM(v.is_unread) as unread_count,
+ MAX(v.has_recharge) as has_recharge,
CASE
WHEN m.message LIKE ' 0 THEN final_user_id ELSE 0 END,
- CASE WHEN final_user_id = 0 THEN effective_sid ELSE '' END,
- CASE WHEN final_user_id = 0 AND effective_sid = '' THEN effective_ip ELSE '' END
+ IFNULL(user_id, 0) as final_user_id,
+ CASE WHEN ip_address = '---' THEN '' ELSE IFNULL(ip_address, '') END as effective_ip,
+ IFNULL(session_id, '') as effective_sid,
+ created_at as last_activity,
+ NULL as user_time,
+ 0 as has_recharge,
+ CASE WHEN sender = 'user' AND is_read = 0 THEN 1 ELSE 0 END as is_unread
+ FROM messages
+ UNION ALL
+ SELECT
+ IFNULL(user_id, 0) as final_user_id,
+ CASE WHEN ip_address = '---' THEN '' ELSE IFNULL(ip_address, '') END as effective_ip,
+ IFNULL(session_id, '') as effective_sid,
+ last_ping as last_activity,
+ user_time,
+ 0 as has_recharge,
+ 0 as is_unread
+ FROM chat_visitors
+ UNION ALL
+ SELECT
+ IFNULL(user_id, 0) as final_user_id,
+ CASE WHEN ip_address = '---' THEN '' ELSE IFNULL(ip_address, '') END as effective_ip,
+ '' as effective_sid,
+ created_at as last_activity,
+ NULL as user_time,
+ 1 as has_recharge,
+ 0 as is_unread
+ FROM finance_requests WHERE type='recharge' AND status NOT IN ('3', '4')
) v
LEFT JOIN (
SELECT m1.*,
@@ -322,6 +306,10 @@ if ($action === 'admin_get_all') {
(v.final_user_id = 0 AND v.effective_sid != '' AND v.effective_sid = r.session_id) OR
(v.final_user_id = 0 AND v.effective_sid = '' AND v.effective_ip = r.ip_address)
)
+ GROUP BY
+ v.final_user_id,
+ CASE WHEN v.final_user_id = 0 THEN v.effective_sid ELSE '' END,
+ CASE WHEN v.final_user_id = 0 AND v.effective_sid = '' THEN v.effective_ip ELSE '' END
ORDER BY created_at DESC
");
$results = $stmt->fetchAll();
@@ -332,7 +320,8 @@ if ($action === 'admin_get_all') {
echo json_encode($results);
} catch (Exception $e) {
error_log("Chat API Error: " . $e->getMessage());
- echo json_encode(['error' => $e->getMessage()]);
+ // Return structured error for front-end handling
+ echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}
exit;
}
diff --git a/assets/pasted-20260222-081324-8196b7b9.png b/assets/pasted-20260222-081324-8196b7b9.png
new file mode 100644
index 0000000..888ae69
Binary files /dev/null and b/assets/pasted-20260222-081324-8196b7b9.png differ
diff --git a/db/config.php b/db/config.php
index fd53eee..5668869 100644
--- a/db/config.php
+++ b/db/config.php
@@ -28,8 +28,13 @@ function getRealIP() {
return $_SERVER['HTTP_X_REAL_IP'];
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
- $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
- return trim($ips[0]);
+ $ips = array_map('trim', explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
+ foreach ($ips as $ip) {
+ if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
+ return $ip;
+ }
+ }
+ return $ips[0];
}
return $_SERVER['REMOTE_ADDR'];
}
diff --git a/recharge.php b/recharge.php
index b4064c2..7b0da33 100644
--- a/recharge.php
+++ b/recharge.php
@@ -405,6 +405,7 @@ $bep20_addr = $settings['usdt_bep20_address'] ?? '0x742d35Cc6634C0532925a3b844Bc
let currentNetwork = 'TRC20';
let currentAddress = '';
const userId = '';
+const apiPath = (window.location.origin + window.location.pathname).split('/recharge.php')[0] + '/api/';
let rechargeCountdownInterval;
let modalChatLastIds = new Set();
let remainingSeconds = 1800;
@@ -430,7 +431,7 @@ async function updateRate() {
// Try to get fresh rates
try {
- const resp = await fetch('api/exchange.php');
+ const resp = await fetch(apiPath + 'exchange.php?v=' + Date.now());
const data = await resp.json();
if (data.success && data.rates) {
exchangeRates = data.rates;
@@ -496,7 +497,7 @@ function finishTransfer() {
const formData = new FormData();
formData.append('action', 'complete_transfer');
formData.append('order_id', orderId);
- fetch('api/finance.php', { method: 'POST', body: formData })
+ fetch(apiPath + 'finance.php?v=' + Date.now(), { method: 'POST', body: formData })
.then(r => r.json())
.then(data => { if (data.success) renderRechargeUI({status: 'finished'}); });
} else {
@@ -552,8 +553,7 @@ function startStatusPolling(order_id) {
const modalEl = document.getElementById('rechargeModal');
if (!modalEl || !modalEl.classList.contains('show')) return;
try {
- const path = (window.REL_PATH || '') + `api/recharge_status.php?id=${order_id}&_t=${Date.now()}`;
- const r = await fetch(path);
+ const r = await fetch(apiPath + `recharge_status.php?id=${order_id}&v=${Date.now()}`);
const data = await r.json();
if (data.success) {
console.log('Order status update:', data.status, data);
@@ -745,7 +745,7 @@ function initModalChat() {
scrollModalToBottom();
const formData = new FormData(); formData.append('file', file); formData.append('action', 'upload_image');
try {
- const resp = await fetch('api/chat.php', { method: 'POST', body: formData }), data = await resp.json();
+ const resp = await fetch(apiPath + 'chat.php?v=' + Date.now(), { method: 'POST', body: formData }), data = await resp.json();
document.querySelector(`[data-modal-id="${tempId}"]`)?.remove();
if (data.success) { appendModalMessage(data.message); scrollModalToBottom(); }
} catch (err) { console.error(err); }
@@ -757,7 +757,7 @@ function initModalChat() {
appendModalMessage({ id: tempId, sender: 'user', message: msg, created_at: new Date().toISOString() });
scrollModalToBottom();
try {
- const resp = await fetch('api/chat.php?action=send_message', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: `message=${encodeURIComponent(msg)}` });
+ const resp = await fetch(apiPath + 'chat.php?action=send_message&v=' + Date.now(), { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: `message=${encodeURIComponent(msg)}` });
const data = await resp.json();
document.querySelector(`[data-modal-id="${tempId}"]`)?.remove();
if (data.success) { appendModalMessage(data.message); scrollModalToBottom(); }
@@ -769,8 +769,8 @@ function initModalChat() {
return;
}
try {
- fetch(`api/chat.php?action=ping&user_time=${encodeURIComponent(new Date().toLocaleString())}`);
- const resp = await fetch('api/chat.php?action=get_messages'), data = await resp.json();
+ fetch(apiPath + `chat.php?action=ping&user_time=${encodeURIComponent(new Date().toLocaleString())}&v=` + Date.now());
+ const resp = await fetch(apiPath + 'chat.php?action=get_messages&v=' + Date.now()), data = await resp.json();
if (Array.isArray(data)) { data.forEach(m => { if (!modalChatLastIds.has(m.id)) { appendModalMessage(m); modalChatLastIds.add(m.id); scrollModalToBottom(); } }); }
} catch (err) {}
setTimeout(modalPoll, 2000);
@@ -779,7 +779,7 @@ function initModalChat() {
}
async function sendModalMessage(msg) {
- try { await fetch('api/chat.php?action=send_message', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: `message=${encodeURIComponent(msg)}` }); } catch (err) {}
+ try { await fetch(apiPath + 'chat.php?action=send_message&v=' + Date.now(), { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: `message=${encodeURIComponent(msg)}` }); } catch (err) {}
}
function appendModalMessage(m) {
@@ -812,7 +812,7 @@ function confirmFiatOrder(btn, event) {
if (isNaN(amount) || amount <= 0) { notify('warning', ''); return; }
const originalText = btn.innerHTML; btn.disabled = true; btn.innerHTML = `${originalText}`;
const formData = new FormData(); formData.append('action', 'recharge'); formData.append('amount', amount / rate); formData.append('symbol', 'USDT'); formData.append('fiat_amount', amount); formData.append('fiat_currency', currency); formData.append('method', ' (' + currency + ')');
- fetch((window.REL_PATH || '') + 'api/finance.php', { method: 'POST', body: formData }).then(r => r.json()).then(data => {
+ fetch(apiPath + 'finance.php?v=' + Date.now(), { method: 'POST', body: formData }).then(r => r.json()).then(data => {
btn.disabled = false; btn.innerHTML = originalText;
if (data.success) {
let msg = ``;
@@ -832,7 +832,7 @@ function confirmCryptoOrder(btn, event) {
if (isNaN(amount) || amount <= 0) { notify('warning', ''); return; }
const originalText = btn.innerHTML; btn.disabled = true; btn.innerHTML = `${originalText}`;
const formData = new FormData(); formData.append('action', 'recharge'); formData.append('amount', amount); formData.append('symbol', 'USDT'); formData.append('method', currentNetwork);
- fetch((window.REL_PATH || '') + 'api/finance.php', { method: 'POST', body: formData }).then(r => r.json()).then(data => {
+ fetch(apiPath + 'finance.php?v=' + Date.now(), { method: 'POST', body: formData }).then(r => r.json()).then(data => {
btn.disabled = false; btn.innerHTML = originalText;
if (data.success) {
let msg = ``;