prepare('INSERT INTO invite_codes (code, max_uses) VALUES (?, ?)'); for ($i = 0; $i < $count; $i++) { $code = strtoupper(bin2hex(random_bytes(4))); try { $stmt->execute([$code, $maxUses]); $inserted++; } catch (PDOException $e) { } } $_SESSION['flash_msg'] = '成功生成 ' . $inserted . ' 个邀请码（最大使用次数: ' . ($maxUses === 0 ? '不限' : $maxUses) . '）'; $_SESSION['flash_type'] = 'success'; header('Location: admin_settings.php'); exit; } // 修改邀请码次数 if (isset($_POST['edit_max_uses'])) { if (!verifyCsrf($_POST['csrf_token'] ?? '')) { die('CSRF token无效'); } $id = (int)($_POST['id'] ?? 0); $maxUses = max(0, (int)($_POST['max_uses'] ?? 1)); $stmt = $pdo->prepare('UPDATE invite_codes SET max_uses = ? WHERE id = ?'); $stmt->execute([$maxUses, $id]); $_SESSION['flash_msg'] = '已更新最大使用次数'; $_SESSION['flash_type'] = 'success'; header('Location: admin_settings.php'); exit; } // 删除邀请码（仅可删未使用的） if (isset($_GET['del_invite']) && is_numeric($_GET['del_invite'])) { if (!verifyCsrf($_GET['csrf_token'] ?? '')) { $msg = '

CSRF token无效

'; } else { $id = (int)$_GET['del_invite']; $stmt = $pdo->prepare('DELETE FROM invite_codes WHERE id = ? AND used_count = 0'); $stmt->execute([$id]); $msg = $stmt->rowCount() ? '

邀请码已删除

' : '

无法删除：已被使用或不存在

'; } } // 新增用户 if (isset($_POST['add_user'])) { if (!verifyCsrf($_POST['csrf_token'] ?? '')) { die('CSRF token无效'); } $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; $role = $_POST['role'] ?? 'user'; $remark = trim($_POST['remark'] ?? ''); if (!in_array($role, ['admin', 'user'])) $role = 'user'; if ($username === '' || $password === '') { $msg = '

用户名和密码不能为空

'; } elseif (strlen($username) < 3 || strlen($username) > 20) { $msg = '

用户名长度3-20个字符

'; } elseif (strlen($password) < 6) { $msg = '

密码长度至少6位

'; } else { $stmt = $pdo->prepare('SELECT id FROM users WHERE username = ?'); $stmt->execute([$username]); if ($stmt->fetch()) { $msg = '

用户名已存在

'; } else { $productIds = array_map('intval', $_POST['product_ids'] ?? []); $productIds = array_filter($productIds, fn($v) => $v > 0); if (empty($productIds)) { $msg = '

至少选择一个产品

'; } else { $hash = password_hash($password, PASSWORD_DEFAULT); $stmt = $pdo->prepare('INSERT INTO users (username, password, role, remark) VALUES (?, ?, ?, ?)'); $stmt->execute([$username, $hash, $role, $remark ?: null]); $userId = (int)$pdo->lastInsertId(); $stmt = $pdo->prepare('INSERT INTO user_products (user_id, product_id) VALUES (?, ?)'); foreach ($productIds as $pid) { $stmt->execute([$userId, $pid]); } $_SESSION['flash_msg'] = '用户 ' . h($username) . ' 添加成功'; $_SESSION['flash_type'] = 'success'; header('Location: admin_settings.php'); exit; } } } } // 修改备注 if (isset($_POST['edit_remark'])) { if (!verifyCsrf($_POST['csrf_token'] ?? '')) { die('CSRF token无效'); } $id = (int)($_POST['user_id'] ?? 0); $remark = trim($_POST['remark'] ?? ''); $stmt = $pdo->prepare('UPDATE users SET remark = ? WHERE id = ?'); $stmt->execute([$remark ?: null, $id]); $_SESSION['flash_msg'] = '备注已更新'; $_SESSION['flash_type'] = 'success'; header('Location: admin_settings.php'); exit; } // 分配产品 if (isset($_POST['edit_user_products'])) { if (!verifyCsrf($_POST['csrf_token'] ?? '')) { die('CSRF token无效'); } $id = (int)($_POST['user_id'] ?? 0); $productIds = array_map('intval', $_POST['product_ids'] ?? []); $productIds = array_filter($productIds, fn($v) => $v > 0); if (empty($productIds)) { $msg = '

至少选择一个产品

'; } else { $stmt = $pdo->prepare('DELETE FROM user_products WHERE user_id = ?'); $stmt->execute([$id]); $stmt = $pdo->prepare('INSERT INTO user_products (user_id, product_id) VALUES (?, ?)'); foreach ($productIds as $pid) { $stmt->execute([$id, $pid]); } $_SESSION['flash_msg'] = '产品分配已更新'; $_SESSION['flash_type'] = 'success'; header('Location: admin_settings.php'); exit; } } // 禁用/启用用户 if (isset($_GET['toggle_disable']) && is_numeric($_GET['toggle_disable'])) { if (!verifyCsrf($_GET['csrf_token'] ?? '')) { $_SESSION['flash_msg'] = 'CSRF token无效'; $_SESSION['flash_type'] = 'danger'; } else { $id = (int)$_GET['toggle_disable']; if ($id === getCurrentUserId()) { $_SESSION['flash_msg'] = '不能禁用自己'; $_SESSION['flash_type'] = 'danger'; } else { $stmt = $pdo->prepare('SELECT disabled FROM users WHERE id = ?'); $stmt->execute([$id]); $current = (int)$stmt->fetchColumn(); $newDisabled = $current ? 0 : 1; $stmt = $pdo->prepare('UPDATE users SET disabled = ? WHERE id = ?'); $stmt->execute([$newDisabled, $id]); $_SESSION['flash_msg'] = $newDisabled ? '用户已禁用' : '用户已启用'; $_SESSION['flash_type'] = 'success'; } } header('Location: admin_settings.php'); exit; } // 修改用户角色 if (isset($_GET['set_role']) && is_numeric($_GET['set_role'])) { $id = (int)$_GET['set_role']; $role = $_GET['role'] ?? ''; if ($id === getCurrentUserId()) { $msg = '

不能修改自己的角色

'; } elseif (!in_array($role, ['admin', 'user'])) { $msg = '

无效的角色

'; } else { $stmt = $pdo->query("SELECT COUNT(*) FROM users WHERE role = 'admin'"); $adminCount = (int)$stmt->fetchColumn(); $stmt = $pdo->prepare('SELECT role FROM users WHERE id = ?'); $stmt->execute([$id]); $targetRole = $stmt->fetchColumn(); if ($role === 'user' && $targetRole === 'admin' && $adminCount <= 1) { $msg = '

至少保留一名管理员

'; } else { $stmt = $pdo->prepare('UPDATE users SET role = ? WHERE id = ?'); $stmt->execute([$role, $id]); $msg = '

角色已更新

'; } } } // 分页 - 邀请码 $page = max(1, (int)($_GET['p'] ?? 1)); $perPage = 20; $offset = ($page - 1) * $perPage; $stmt = $pdo->query('SELECT COUNT(*) FROM invite_codes'); $inviteTotal = (int)$stmt->fetchColumn(); $invitePages = max(1, ceil($inviteTotal / $perPage)); $stmt = $pdo->prepare('SELECT * FROM invite_codes ORDER BY id DESC LIMIT ? OFFSET ?'); $stmt->execute([$perPage, $offset]); $invites = $stmt->fetchAll(); // 用户列表 $stmt = $pdo->query('SELECT * FROM users ORDER BY id ASC'); $users = $stmt->fetchAll(); // 所有启用产品 $stmt = $pdo->query('SELECT id, name, code FROM products WHERE status = 1 ORDER BY id ASC'); $allProducts = $stmt->fetchAll(); // 用户-产品关联 $userProducts = []; $stmt = $pdo->query('SELECT user_id, product_id FROM user_products'); while ($row = $stmt->fetch()) { $userProducts[$row['user_id']][] = (int)$row['product_id']; } ?>

邀请码管理

0 && $i['used_count'] >= $i['max_uses']; ?>

ID	邀请码	使用次数	最大次数	状态	创建时间	操作
				已用完 0): ?> 使用中未使用		修改次数删除

用户管理 + 新增用户

ID	用户名	角色	状态	可管理产品	备注	注册时间	操作
		管理员普通用户	已禁用正常	$p['name'], array_filter($allProducts, fn($p) => in_array((int)$p['id'], $upIds))); echo $upNames ? h(implode(', ', $upNames)) : '-'; ?>	20 ? '...' : '' ?> - ✏️		分配产品设为管理员设为普通用户启用禁用当前用户

兑换码状态同步

$endTime) { $syncResult = '

请选择有效的时间范围

'; } else { $stmt = $pdo->query("SELECT id, code, name, api_url, token FROM products WHERE status = 1 AND api_url IS NOT NULL AND api_url != ''"); $products = $stmt->fetchAll(); if (empty($products)) { $syncResult = '

没有已配置接口地址的产品

'; } else { $output = ''; foreach ($products as $p) { $ret = syncCouponStatus($pdo, $p, $startTime, $endTime); if ($ret['success']) { $output .= "{$p['name']}: API返回{$ret['total']}条, 匹配{$ret['matched']}条, 更新{$ret['updated']}条"; if (!empty($ret['matched_codes'])) { $output .= '
✓ 已匹配 (' . count($ret['matched_codes']) . '个): ' . h(implode(', ', $ret['matched_codes'])) . ''; } if (!empty($ret['unmatched_codes'])) { $output .= '
✗ 未匹配 (' . count($ret['unmatched_codes']) . '个): ' . h(implode(', ', array_slice($ret['unmatched_codes'], 0, 50))) . (count($ret['unmatched_codes']) > 50 ? '...' : '') . ''; } $output .= '
'; } else { $output .= "{$p['name']}: 失败 - {$ret['message']}
"; } } $syncResult = '

' . $output . '

'; } } } ?>

通过远程接口查询兑换码的使用状态，并将已使用的兑换码更新到本地。