zoulin
/
coupon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
coupon/index.php

167 lines
6.8 KiB
PHP
Executable File
Raw Permalink Blame History

<?php
require_once __DIR__ . '/includes/auth.php';
require_once __DIR__ . '/includes/functions.php';
requireLogin();
// 修改密码
$pwdMsg = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'change_password') {
if (!verifyCsrf($_POST['csrf_token'] ?? '')) { die('CSRF token无效'); }
$oldPwd = $_POST['old_password'] ?? '';
$newPwd = $_POST['new_password'] ?? '';
$confirmPwd = $_POST['confirm_password'] ?? '';
if ($oldPwd === '' || $newPwd === '' || $confirmPwd === '') {
$pwdMsg = '请填写所有字段';
} elseif (strlen($newPwd) < 6) {
$pwdMsg = '新密码长度至少6位';
} elseif ($newPwd !== $confirmPwd) {
$pwdMsg = '两次密码输入不一致';
} else {
$stmt = $pdo->prepare('SELECT password FROM users WHERE id = ?');
$stmt->execute([getCurrentUserId()]);
$stored = $stmt->fetchColumn();
if (!password_verify($oldPwd, $stored)) {
$pwdMsg = '当前密码错误';
} else {
$hash = password_hash($newPwd, PASSWORD_DEFAULT);
$stmt = $pdo->prepare('UPDATE users SET password = ? WHERE id = ?');
$stmt->execute([$hash, getCurrentUserId()]);
$_SESSION['flash_msg'] = '密码修改成功';
$_SESSION['flash_type'] = 'success';
header('Location: index.php');
exit;
}
}
}
$pageTitle = '首页';
require __DIR__ . '/includes/header.php';
// 统计数据
$stats = [];
$pid = getCurrentProductId();
// 总兑换码数量
$stmt = $pdo->prepare('SELECT COUNT(*) as total FROM redemption_codes WHERE product_id = ?');
$stmt->execute([$pid]);
$stats['total_codes'] = $stmt->fetch()['total'];
// 已领取数量
$stmt = $pdo->prepare('SELECT COUNT(*) as total FROM redemption_codes WHERE status = 2 AND product_id = ?');
$stmt->execute([$pid]);
$stats['claimed_codes'] = $stmt->fetch()['total'];
if (isAdmin()) {
$stmt = $pdo->prepare('SELECT COUNT(*) as total FROM claim_records WHERE product_id = ?');
$stmt->execute([$pid]);
$stats['total_records'] = $stmt->fetch()['total'];
$stmt = $pdo->prepare('SELECT COUNT(*) as total FROM work_orders WHERE product_id = ?');
$stmt->execute([$pid]);
$stats['total_orders'] = $stmt->fetch()['total'];
$stmt = $pdo->prepare("SELECT COUNT(*) as total FROM work_orders WHERE status = '未处理' AND product_id = ?");
$stmt->execute([$pid]);
$stats['pending_orders'] = $stmt->fetch()['total'];
$stmt = $pdo->query('SELECT COUNT(*) as total FROM users');
$stats['total_users'] = $stmt->fetch()['total'];
} else {
$stmt = $pdo->prepare('SELECT COUNT(*) as total FROM claim_records WHERE user_id = ? AND product_id = ?');
$stmt->execute([getCurrentUserId(), $pid]);
$stats['my_records'] = $stmt->fetch()['total'];
$stmt = $pdo->prepare('SELECT COUNT(*) as total FROM work_orders WHERE creator_id = ? AND product_id = ?');
$stmt->execute([getCurrentUserId(), $pid]);
$stats['my_orders'] = $stmt->fetch()['total'];
}
?>
<div class="stats-grid">
<div class="stat-card">
<div class="stat-value"><?= $stats['total_codes'] ?></div>
<div class="stat-label">总兑换码</div>
</div>
<div class="stat-card">
<div class="stat-value"><?= $stats['claimed_codes'] ?></div>
<div class="stat-label">已领取</div>
</div>
<?php if (isAdmin()): ?>
<div class="stat-card">
<div class="stat-value"><?= $stats['total_records'] ?></div>
<div class="stat-label">领取记录</div>
</div>
<div class="stat-card">
<div class="stat-value"><?= $stats['pending_orders'] ?>/<?= $stats['total_orders'] ?></div>
<div class="stat-label">待处理工单/总数</div>
</div>
<div class="stat-card">
<div class="stat-value"><?= $stats['total_users'] ?></div>
<div class="stat-label">用户数</div>
</div>
<?php else: ?>
<div class="stat-card">
<div class="stat-value"><?= $stats['my_records'] ?></div>
<div class="stat-label">我的领取记录</div>
</div>
<div class="stat-card">
<div class="stat-value"><?= $stats['my_orders'] ?></div>
<div class="stat-label">我的工单</div>
</div>
<?php endif; ?>
</div>
<div class="card">
<h2>快速入口</h2>
<div class="action-group">
<a href="claim_code.php" class="btn btn-success">领取兑换码</a>
<a href="work_order_create.php" class="btn btn-primary">发起工单</a>
<a href="query_code.php" class="btn btn-info">查询兑换码</a>
<a href="claim_records.php" class="btn btn-warning">领取记录</a>
<a href="bill_records.php" class="btn btn-info">账单管理</a>
<a href="work_order_records.php" class="btn btn-primary">工单记录</a>
<?php if (isAdmin()): ?>
<a href="code_manage.php" class="btn btn-success">库存管理</a>
<a href="work_order_manage.php" class="btn btn-info">工单管理</a>
<a href="admin_settings.php" class="btn btn-primary">后台设置</a>
<?php endif; ?>
</div>
<div style="margin-top:16px;">
<a href="javascript:void(0)" class="btn btn-primary btn-sm" onclick="showModal('pwdModal')">修改密码</a>
</div>
</div>
<!-- 修改密码弹窗 -->
<div class="modal<?= $pwdMsg ? ' active' : '' ?>" id="pwdModal">
<div class="modal-content">
<span class="modal-close" onclick="hideModal('pwdModal')">&times;</span>
<h3>修改密码</h3>
<?php if ($pwdMsg): ?>
<div class="alert alert-danger"><?= h($pwdMsg) ?></div>
<?php endif; ?>
<form method="post">
<input type="hidden" name="action" value="change_password">
<input type="hidden" name="csrf_token" value="<?= csrfToken() ?>">
<div class="form-group">
<label>当前密码</label>
<input type="password" name="old_password" class="form-control" required>
</div>
<div class="form-group">
<label>新密码</label>
<input type="password" name="new_password" class="form-control" required minlength="6">
</div>
<div class="form-group">
<label>确认新密码</label>
<input type="password" name="confirm_password" class="form-control" required>
</div>
<button type="submit" class="btn btn-primary">确认修改</button>
</form>
</div>
</div>
<script>
function showModal(id) { document.getElementById(id).classList.add('active'); }
function hideModal(id) { document.getElementById(id).classList.remove('active'); }
document.getElementById('pwdModal')?.addEventListener('click', function(e) { if (e.target === this) this.classList.remove('active'); });
</script>
<?php require __DIR__ . '/includes/footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink