38451-vm/api/admin_recharge.php

<?php
require_once __DIR__ . '/../db/config.php';
header('Content-Type: application/json');

if (session_status() === PHP_SESSION_NONE) session_start();

// Basic admin check (this is a simplified check, adjust based on your project's admin auth)
if (!isset($_SESSION['admin_id'])) {
    echo json_encode(['success' => false, 'error' => 'Unauthorized']);
    exit;
}

$action = $_GET['action'] ?? '';
$user_id = $_REQUEST['user_id'] ?? null;
$ip_address = $_REQUEST['ip_address'] ?? '';
$session_id = $_REQUEST['session_id'] ?? '';

if (!isset($user_id) && empty($ip_address)) {
    echo json_encode(['success' => false, 'error' => 'Missing User ID or IP']);
    exit;
}

try {
    $db = db();
    
    // Find the latest pending/matching/account_sent recharge for this user
    // We try to match by user_id first, then by IP/Session if user_id is 0
    if ($user_id > 0) {
        $stmt = $db->prepare("SELECT id FROM finance_requests WHERE user_id = ? AND type = 'recharge' AND status IN ('0', '1', '2', 'pending', 'matched', 'account_sent', 'finished') ORDER BY id DESC LIMIT 1");
        $stmt->execute([$user_id]);
    } else {
        $stmt = $db->prepare("SELECT id FROM finance_requests WHERE (ip_address = ? OR payment_details = ?) AND type = 'recharge' AND status IN ('0', '1', '2', 'pending', 'matched', 'account_sent', 'finished') ORDER BY id DESC LIMIT 1");
        $stmt->execute([$ip_address, $session_id]);
    }
    $order_id = $stmt->fetchColumn();

    if (!$order_id) {
        echo json_encode(['success' => false, 'error' => '未找到该用户的待处理充值订单']);
        exit;
    }

    if ($action === 'match_success') {
        $bank = $_POST['bank'] ?? '';
        $name = $_POST['name'] ?? '';
        $account = $_POST['account'] ?? '';
        
        $stmt = $db->prepare("UPDATE finance_requests SET status = '1', account_bank = ?, account_name = ?, account_number = ? WHERE id = ?");
        $stmt->execute([$bank, $name, $account, $order_id]);
        
        if ($stmt->rowCount() > 0) {
            echo json_encode(['success' => true]);
        } else {
            // Check if it was already status 1
            $stmt = $db->prepare("SELECT status FROM finance_requests WHERE id = ?");
            $stmt->execute([$order_id]);
            if ($stmt->fetchColumn() == '1') {
                echo json_encode(['success' => true, 'note' => 'Already matched']);
            } else {
                echo json_encode(['success' => false, 'error' => '更新失败']);
            }
        }
    } 
    elseif ($action === 'send_account') {
        $bank = $_POST['bank'] ?? '';
        $name = $_POST['name'] ?? '';
        $account = $_POST['account'] ?? '';
        $note = $_POST['note'] ?? '';

        $stmt = $db->prepare("UPDATE finance_requests SET status = '2', account_bank = ?, account_name = ?, account_number = ?, payment_details = ? WHERE id = ?");
        $stmt->execute([$bank, $name, $account, $note, $order_id]);
        
        echo json_encode(['success' => true]);
    }
    elseif ($action === 'approve') {
        $confirm_amount = $_POST['confirm_amount'] ?? null;
        if ($confirm_amount === null) {
            echo json_encode(['success' => false, 'error' => 'Missing confirmation amount']);
            exit;
        }

        $db->beginTransaction();
        try {
            // Get order details
            $stmt = $db->prepare("SELECT user_id, amount, symbol FROM finance_requests WHERE id = ?");
            $stmt->execute([$order_id]);
            $order = $stmt->fetch();

            if (!$order) throw new Exception("订单不存在");

            // Update order status
            $stmt = $db->prepare("UPDATE finance_requests SET status = 'completed', amount = ? WHERE id = ?");
            $stmt->execute([$confirm_amount, $order_id]);

            // Update user balance if user_id > 0
            if ($order['user_id'] > 0) {
                // Ensure balance record exists
                $stmt = $db->prepare("SELECT id FROM user_balances WHERE user_id = ? AND symbol = ?");
                $stmt->execute([$order['user_id'], $order['symbol']]);
                if (!$stmt->fetch()) {
                    $stmt = $db->prepare("INSERT INTO user_balances (user_id, symbol, available) VALUES (?, ?, 0)");
                    $stmt->execute([$order['user_id'], $order['symbol']]);
                }

                $stmt = $db->prepare("UPDATE user_balances SET available = available + ? WHERE user_id = ? AND symbol = ?");
                $stmt->execute([$confirm_amount, $order['user_id'], $order['symbol']]);
                
                // Record transaction
                $stmt = $db->prepare("INSERT INTO transactions (user_id, type, amount, symbol, status, ip_address) VALUES (?, 'recharge', ?, ?, 'completed', ?)");
                $stmt->execute([$order['user_id'], $confirm_amount, $order['symbol'], $ip_address]);
            }

            $db->commit();
            echo json_encode(['success' => true]);
        } catch (Exception $e) {
            $db->rollBack();
            echo json_encode(['success' => false, 'error' => $e->getMessage()]);
        }
    }
    elseif ($action === 'reject') {
        $stmt = $db->prepare("UPDATE finance_requests SET status = 'rejected' WHERE id = ?");
        $stmt->execute([$order_id]);
        echo json_encode(['success' => true]);
    }
    elseif ($action === 'get_order_info') {
        $stmt = $db->prepare("SELECT * FROM finance_requests WHERE id = ?");
        $stmt->execute([$order_id]);
        $order = $stmt->fetch(PDO::FETCH_ASSOC);
        echo json_encode(['success' => true, 'order' => $order]);
    }
    else {
        echo json_encode(['success' => false, 'error' => 'Invalid action']);
    }
} catch (Exception $e) {
    echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}