-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathadmin.php
More file actions
196 lines (183 loc) · 8.6 KB
/
admin.php
File metadata and controls
196 lines (183 loc) · 8.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
<?php
require 'config.php';
$user = current_user();
if (!$user || !is_admin($user)) header('Location: index.php');
// Бан с причиной и сроком
if (isset($_POST['ban_user'])) {
$uid = (int)$_POST['user_id'];
if ($uid != $user['id']) {
$reason = trim($_POST['ban_reason'] ?? 'Нарушение правил');
$days = (int)$_POST['ban_days'];
$until = ($days > 0) ? date('Y-m-d H:i:s', time() + $days * 86400) : null;
$pdo->prepare("UPDATE users SET is_banned = 1, ban_reason = ?, ban_until = ? WHERE id = ?")
->execute([$reason, $until, $uid]);
// Удаление контента при бане
$pdo->beginTransaction();
try {
$pdo->prepare("DELETE FROM tweets WHERE user_id = ?")->execute([$uid]);
$pdo->prepare("DELETE FROM messages WHERE from_user_id = ? OR to_user_id = ?")->execute([$uid, $uid]);
$pdo->commit();
} catch (Exception $e) {
$pdo->rollBack();
}
}
header('Location: admin.php');
exit;
}
// Разбан
if (isset($_GET['unban_user'])) {
$uid = (int)$_GET['unban_user'];
$pdo->prepare("UPDATE users SET is_banned = 0, ban_reason = NULL, ban_until = NULL WHERE id = ?")
->execute([$uid]);
header('Location: admin.php');
exit;
}
// Назначение ролей
if (isset($_POST['set_role'])) {
$uid = (int)$_POST['user_id'];
$role = $_POST['role'];
$value = isset($_POST['value']) ? 1 : 0;
if (in_array($role, ['is_admin', 'is_verificated', 'is_official'])) {
$pdo->prepare("UPDATE users SET $role = ? WHERE id = ?")->execute([$value, $uid]);
}
header('Location: admin.php');
exit;
}
// Удаление твита
if (isset($_GET['delete_tweet'])) {
$pdo->prepare("DELETE FROM tweets WHERE id = ?")->execute([$_GET['delete_tweet']]);
header('Location: admin.php');
exit;
}
// Обработка заявок на верификацию
if (isset($_GET['approve_request'])) {
$req_id = (int)$_GET['approve_request'];
$req = $pdo->query("SELECT * FROM verification_requests WHERE id = $req_id")->fetch();
if ($req) {
$pdo->prepare("UPDATE users SET is_{$req['type']} = 1 WHERE id = ?")->execute([$req['user_id']]);
$pdo->prepare("UPDATE verification_requests SET status = 'approved' WHERE id = ?")->execute([$req_id]);
}
header('Location: admin.php');
exit;
}
if (isset($_GET['reject_request'])) {
$pdo->prepare("UPDATE verification_requests SET status = 'rejected' WHERE id = ?")->execute([$_GET['reject_request']]);
header('Location: admin.php');
exit;
}
// Данные
$users = $pdo->query("SELECT * FROM users ORDER BY created_at DESC")->fetchAll();
$tweets = $pdo->query("
SELECT t.*, u.username, u.display_name
FROM tweets t JOIN users u ON t.user_id = u.id
ORDER BY t.created_at DESC
")->fetchAll();
$requests = $pdo->query("
SELECT vr.*, u.username
FROM verification_requests vr
JOIN users u ON u.id = vr.user_id
WHERE status = 'pending'
")->fetchAll();
?>
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Админ-панель — TweeX</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="container">
<div class="card">
<h1>Админ-панель</h1>
<a href="index.php">← Назад в ленту</a> |
<a href="ban.php?unban=1">Обжалования банов</a>
</div>
<div class="card">
<h2>Заявки на верификацию</h2>
<?php if (empty($requests)): ?>
<p>Нет активных заявок.</p>
<?php else: ?>
<table>
<tr><th>Пользователь</th><th>Тип</th><th>Причина</th><th>Действия</th></tr>
<?php foreach ($requests as $r): ?>
<tr>
<td>@<?= htmlspecialchars($r['username']) ?></td>
<td><?= $r['type'] ?></td>
<td><?= htmlspecialchars($r['reason']) ?></td>
<td>
<a href="?approve_request=<?= $r['id'] ?>" style="color:#00ff00;">Одобрить</a> |
<a href="?reject_request=<?= $r['id'] ?>" style="color:#ff0000;">Отклонить</a>
</td>
</tr>
<?php endforeach; ?>
</table>
<?php endif; ?>
</div>
<div class="card">
<h2>Пользователи</h2>
<table>
<tr><th>ID</th><th>Логин</th><th>Статус</th><th>Роли</th><th>Бан</th></tr>
<?php foreach ($users as $u): ?>
<tr>
<td><?= $u['id'] ?></td>
<td>@<?= htmlspecialchars($u['username']) ?></td>
<td><?= $u['is_banned'] ? '<span style="color:#ff4444;">Забанен</span>' : 'Активен' ?></td>
<td>
<?= $u['is_admin'] ? 'ADMIN ' : '' ?>
<?= $u['is_verificated'] ? 'VERIFICATED ' : '' ?>
<?= $u['is_official'] ? 'OFFICIAL' : '' ?>
</td>
<td>
<?php if (!$u['is_banned'] && $u['id'] != $user['id']): ?>
<form method="POST" style="margin:5px 0;">
<input type="hidden" name="user_id" value="<?= $u['id'] ?>">
<input type="text" name="ban_reason" placeholder="Причина бана" required style="width:140px;padding:4px;">
<select name="ban_days">
<option value="0">Навсегда</option>
<option value="1">1 день</option>
<option value="7">7 дней</option>
<option value="30">30 дней</option>
</select>
<button type="submit" name="ban_user" style="background:#ff0000;color:white;padding:4px 8px;border:none;">Забанить</button>
</form>
<?php elseif ($u['is_banned']): ?>
<a href="?unban_user=<?= $u['id'] ?>" style="color:#00ff00;">Разбанить</a>
<?php endif; ?>
<!-- Роли -->
<form method="POST" style="display:inline;margin-left:5px;">
<input type="hidden" name="user_id" value="<?= $u['id'] ?>">
<label><input type="checkbox" name="value" <?= $u['is_admin'] ? 'checked' : '' ?> onchange="this.form.submit()"> Admin</label>
<input type="hidden" name="role" value="is_admin">
<input type="hidden" name="set_role" value="1">
</form>
<form method="POST" style="display:inline;margin-left:5px;">
<input type="hidden" name="user_id" value="<?= $u['id'] ?>">
<label><input type="checkbox" name="value" <?= $u['is_verificated'] ? 'checked' : '' ?> onchange="this.form.submit()"> Verificated</label>
<input type="hidden" name="role" value="is_verificated">
<input type="hidden" name="set_role" value="1">
</form>
<form method="POST" style="display:inline;margin-left:5px;">
<input type="hidden" name="user_id" value="<?= $u['id'] ?>">
<label><input type="checkbox" name="value" <?= $u['is_official'] ? 'checked' : '' ?> onchange="this.form.submit()"> Official</label>
<input type="hidden" name="role" value="is_official">
<input type="hidden" name="set_role" value="1">
</form>
</td>
</tr>
<?php endforeach; ?>
</table>
</div>
<div class="card">
<h2>Удаление твитов</h2>
<?php foreach ($tweets as $t): ?>
<div class="tweet">
<strong>@<?= htmlspecialchars($t['username']) ?>:</strong> <?= htmlspecialchars($t['content']) ?>
<a href="?delete_tweet=<?= $t['id'] ?>" style="color:#ff0000; margin-left:20px;">Удалить</a>
</div>
<?php endforeach; ?>
</div>
</div>
</body>
</html>