diff --git a/admin/agents.php b/admin/agents.php index 067f430..465adbb 100644 --- a/admin/agents.php +++ b/admin/agents.php @@ -138,17 +138,21 @@ ob_start();
- +
- +
- +
+
+ + +
@@ -194,6 +198,10 @@ ob_start(); +
+ + +
diff --git a/admin/backend_settings.php b/admin/backend_settings.php index abe183d..b1d4f25 100644 --- a/admin/backend_settings.php +++ b/admin/backend_settings.php @@ -16,9 +16,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $settings = [ 'email_verification_enabled' => $_POST['email_verification_enabled'] ?? '0', 'site_logo' => $_POST['site_logo'] ?? '', - 'usdt_recharge_address' => $_POST['usdt_recharge_address'] ?? '', - 'usdt_protocol' => $_POST['usdt_protocol'] ?? 'TRC20', + 'usdt_trc20_address' => $_POST['usdt_trc20_address'] ?? '', + 'usdt_erc20_address' => $_POST['usdt_erc20_address'] ?? '', + 'usdt_bep20_address' => $_POST['usdt_bep20_address'] ?? '', 'service_link' => $_POST['service_link'] ?? '', + 'site_name' => $_POST['site_name'] ?? 'Byro', ]; foreach ($settings as $key => $val) { @@ -31,6 +33,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $ext = pathinfo($_FILES['logo_file']['name'], PATHINFO_EXTENSION); $filename = 'logo_' . time() . '.' . $ext; $target = __DIR__ . '/../assets/images/' . $filename; + if (!is_dir(__DIR__ . '/../assets/images/')) { + mkdir(__DIR__ . '/../assets/images/', 0777, true); + } if (move_uploaded_file($_FILES['logo_file']['tmp_name'], $target)) { $logo_path = '/assets/images/' . $filename; $stmt = db()->prepare("INSERT INTO system_settings (setting_key, setting_value) VALUES ('site_logo', ?) ON DUPLICATE KEY UPDATE setting_value = ?"); @@ -43,9 +48,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $email_verify = getLocalSetting('email_verification_enabled', '0'); $site_logo = getLocalSetting('site_logo', ''); -$usdt_address = getLocalSetting('usdt_recharge_address', ''); -$usdt_protocol = getLocalSetting('usdt_protocol', 'TRC20'); +$trc20_addr = getLocalSetting('usdt_trc20_address', ''); +$erc20_addr = getLocalSetting('usdt_erc20_address', ''); +$bep20_addr = getLocalSetting('usdt_bep20_address', ''); $service_link = getLocalSetting('service_link', ''); +$site_name = getLocalSetting('site_name', 'Byro'); $title = '后台设置'; ob_start(); @@ -62,40 +69,58 @@ ob_start();
系统全局配置
-
设置已保存
+
- -
+ + +
+ +
+ +
- +
+ +
-
建议尺寸: 200x50, PNG 格式
+
上传后将同步更新网站 LOGO 和 Favicon 浏览器图标。建议使用透明 PNG。
-
- - +
+
充值地址配置
+ +
+ +
-
- - +
+ +
+
+ + +
+ +
+
安全与功能
+
>
+
开启后,用户注册必须输入验证码(演示环境默认验证码:123456)。
@@ -105,17 +130,20 @@ ob_start();
- +
-
+
使用说明
-
    -
  • 收款地址将直接展示在前端充值页面。
    • -
  • 验证码开关关闭后,前端注册无需输入验证码即可提交。
    • -
  • 客服链接将用于前端“联系客服”按钮跳转。
    • +
      +
    • 网站名称:影响浏览器标签页标题。
      • +
    • LOGO:上传后会自动替换后台左上角及前端所有引用处。
      • +
    • 充值地址:对应前端充值页面的三个网络,请务必填写正确。
      • +
    • 验证码:若未配置 SMTP 邮件服务,建议保持关闭或使用固定验证码。
diff --git a/admin/binary.php b/admin/binary.php index 5a96354..4e0fac0 100644 --- a/admin/binary.php +++ b/admin/binary.php @@ -3,6 +3,12 @@ require_once __DIR__ . '/layout.php'; $db = db(); +// Helper to check permissions +if (!hasPermission('view_orders')) { + echo "权限不足"; + exit; +} + // Handle Control Update if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) { if ($_POST['action'] === 'set_control') { @@ -20,8 +26,12 @@ ob_start(); $user_id = isset($_GET['user_id']) ? (int)$_GET['user_id'] : null; $sql = "SELECT o.*, u.username, u.uid FROM binary_orders o JOIN users u ON o.user_id = u.id"; $params = []; +if ($admin['is_agent']) { + $sql .= ($params ? " AND" : " WHERE") . " u.agent_id = ?"; + $params[] = $admin['id']; +} if ($user_id) { - $sql .= " WHERE o.user_id = ?"; + $sql .= (strpos($sql, 'WHERE') === false ? " WHERE" : " AND") . " o.user_id = ?"; $params[] = $user_id; } $sql .= " ORDER BY o.created_at DESC"; diff --git a/admin/contract.php b/admin/contract.php index f53fb46..bab2a95 100644 --- a/admin/contract.php +++ b/admin/contract.php @@ -2,6 +2,11 @@ require_once __DIR__ . '/layout.php'; $db = db(); +if (!hasPermission('view_orders')) { + echo "权限不足"; + exit; +} + if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) { if ($_POST['action'] === 'set_control') { $id = (int)$_POST['order_id']; @@ -17,8 +22,12 @@ ob_start(); $user_id = isset($_GET['user_id']) ? (int)$_GET['user_id'] : null; $sql = "SELECT o.*, u.username, u.uid FROM contract_orders o JOIN users u ON o.user_id = u.id"; $params = []; +if ($admin['is_agent']) { + $sql .= " WHERE u.agent_id = ?"; + $params[] = $admin['id']; +} if ($user_id) { - $sql .= " WHERE o.user_id = ?"; + $sql .= (strpos($sql, 'WHERE') === false ? " WHERE" : " AND") . " o.user_id = ?"; $params[] = $user_id; } $sql .= " ORDER BY o.created_at DESC"; diff --git a/admin/index.php b/admin/index.php index ea8d299..4063bbe 100644 --- a/admin/index.php +++ b/admin/index.php @@ -7,7 +7,7 @@ $total_users = $db->query("SELECT COUNT(*) FROM users")->fetchColumn(); $total_recharge = $db->query("SELECT SUM(amount) FROM finance_requests WHERE type='recharge' AND status='approved'")->fetchColumn() ?: 0; $total_withdrawal = $db->query("SELECT SUM(amount) FROM finance_requests WHERE type='withdrawal' AND status='approved'")->fetchColumn() ?: 0; $pending_finance = $db->query("SELECT COUNT(*) FROM finance_requests WHERE status='pending'")->fetchColumn(); -$pending_kyc = $db->query("SELECT COUNT(*) FROM users WHERE kyc_status=0 AND kyc_name IS NOT NULL")->fetchColumn(); +$pending_kyc = $db->query("SELECT COUNT(*) FROM users WHERE kyc_status=1 AND kyc_name IS NOT NULL")->fetchColumn(); ob_start(); ?> diff --git a/admin/kyc.php b/admin/kyc.php index eb79f97..181cb35 100644 --- a/admin/kyc.php +++ b/admin/kyc.php @@ -3,17 +3,33 @@ require_once __DIR__ . '/layout.php'; $db = db(); +// Helper to check permissions +if (!hasPermission('manage_kyc')) { + echo "权限不足"; + exit; +} + // Handle Approve/Reject if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) { $id = (int)$_POST['user_id']; + + // Safety check for agents + if ($admin['is_agent']) { + $stmt = $db->prepare("SELECT id FROM users WHERE id = ? AND agent_id = ?"); + $stmt->execute([$id, $admin['id']]); + if (!$stmt->fetch()) exit("无权操作"); + } + if ($_POST['action'] === 'approve') { - $db->prepare("UPDATE users SET kyc_status = 1 WHERE id = ?")->execute([$id]); + // Status 2: Verified (Standard) + $db->prepare("UPDATE users SET kyc_status = 2 WHERE id = ?")->execute([$id]); header("Location: kyc.php?msg=approved"); exit; } if ($_POST['action'] === 'reject') { $reason = $_POST['reason'] ?? ''; - $db->prepare("UPDATE users SET kyc_status = 2, kyc_rejection_reason = ? WHERE id = ?") + // Status 3: Rejected (Standard) + $db->prepare("UPDATE users SET kyc_status = 3, kyc_rejection_reason = ? WHERE id = ?") ->execute([$reason, $id]); header("Location: kyc.php?msg=rejected"); exit; @@ -25,11 +41,25 @@ ob_start(); $user_id = isset($_GET['user_id']) ? (int)$_GET['user_id'] : null; if ($user_id) { - $stmt = $db->prepare("SELECT * FROM users WHERE id = ?"); - $stmt->execute([$user_id]); + $sql = "SELECT * FROM users WHERE id = ?"; + $params = [$user_id]; + if ($admin['is_agent']) { + $sql .= " AND agent_id = ?"; + $params[] = $admin['id']; + } + $stmt = $db->prepare($sql); + $stmt->execute($params); $users = $stmt->fetchAll(); } else { - $stmt = $db->query("SELECT * FROM users WHERE kyc_name IS NOT NULL ORDER BY kyc_status ASC, created_at DESC"); + $sql = "SELECT * FROM users WHERE kyc_name IS NOT NULL"; + $params = []; + if ($admin['is_agent']) { + $sql .= " AND agent_id = ?"; + $params[] = $admin['id']; + } + $sql .= " ORDER BY CASE WHEN kyc_status = 1 THEN 0 ELSE 1 END, created_at DESC"; + $stmt = $db->prepare($sql); + $stmt->execute($params); $users = $stmt->fetchAll(); } ?> @@ -55,12 +85,14 @@ if ($user_id) {
UID: | 用户: - + 待审核 - - 已通过 + 已通过 + 已拒绝 + + 未提交
@@ -72,7 +104,7 @@ if ($user_id) {

身份证号

- +
拒绝理由:
@@ -82,21 +114,21 @@ if ($user_id) {

正面照

- +

反面照

- +

手持照

- +
- +
@@ -106,6 +138,7 @@ if ($user_id) {
+
@@ -120,31 +153,40 @@ if ($user_id) { - -