520kiss/wushu
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e89889d933496de6f5ce47a7cae5d31e23c9a111
wushu/ht/api/admin.php
Developer 9175ff9905 Initial commit: Flutter 无书应用项目
2026-03-30 02:35:31 +08:00

380 lines
12 KiB
PHP
Raw Blame History

<?php
/**
* 管理员API
* 提供管理后台所需的API接口
*/
// 引入必要文件
require_once '../inc/pubs.php';
require_once '../inc/sqls.php';
// 获取操作类型
$action = isset($_REQUEST['act']) ? $_REQUEST['act'] : '';
// 实例化数据库操作类
$db = new DB();
// 根据操作类型执行相应操作
switch ($action) {
// 添加用户
case 'addUser':
// 验证管理员权限
$admin = checkAuth('addUser', true);
if (!$admin) {
exit;
}
// 获取参数
$username = isset($_POST['username']) ? safeFilter($_POST['username']) : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$role = isset($_POST['role']) ? intval($_POST['role']) : 0;
// 参数验证
if (empty($username) || empty($password)) {
ajaxReturn(1, '用户名和密码不能为空');
}
// 验证手机号格式
if (!preg_match('/^1[3456789]\d{9}$/', $username)) {
ajaxReturn(1, '请输入正确的手机号码');
}
// 验证密码长度
if (strlen($password) < 6) {
ajaxReturn(1, '密码长度不能少于6位');
}
// 检查用户名是否已存在
$existUser = $db->getOne('users', "username = '$username'");
if ($existUser) {
ajaxReturn(1, '该手机号已被注册');
}
// 密码加密
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
// 添加用户
$userId = $db->insert('users', [
'username' => $username,
'password' => $hashedPassword,
'irole' => $role,
'status' => 1,
'regtime' => date('Y-m-d H:i:s')
]);
if (!$userId) {
ajaxReturn(1, '添加失败,请稍后重试');
}
// 记录日志
writeLog($admin['id'], 'add_user', "添加用户:$username");
ajaxReturn(0, '添加成功', ['id' => $userId]);
break;
// 更新用户信息
case 'updateUser':
// 验证管理员权限
$admin = checkAuth('updateUser', true);
if (!$admin) {
exit;
}
// 获取参数
$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
$role = isset($_POST['role']) ? intval($_POST['role']) : null;
$status = isset($_POST['status']) ? intval($_POST['status']) : null;
// 参数验证
if (empty($id)) {
ajaxReturn(1, '参数错误');
}
// 获取用户信息
$targetUser = $db->getOne('users', "id = $id");
if (!$targetUser) {
ajaxReturn(1, '用户不存在');
}
// 不能禁用自己的账号
if ($id == $admin['id'] && $status === 0) {
ajaxReturn(1, '不能禁用当前登录的账号');
}
// 准备更新数据
$updateData = [];
if ($role !== null) {
$updateData['irole'] = $role;
}
if ($status !== null) {
$updateData['status'] = $status;
}
if (empty($updateData)) {
ajaxReturn(1, '没有要更新的数据');
}
// 更新用户信息
$result = $db->update('users', $updateData, "id = $id");
if (!$result) {
ajaxReturn(1, '更新失败,请稍后重试');
}
// 记录日志
$logContent = "更新用户信息:" . $targetUser['username'];
writeLog($admin['id'], 'update_user', $logContent);
ajaxReturn(0, '更新成功');
break;
// 重置用户密码
case 'resetPassword':
// 验证管理员权限
$admin = checkAuth('resetPassword', true);
if (!$admin) {
exit;
}
// 获取参数
$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
$password = isset($_POST['password']) ? $_POST['password'] : '';
// 参数验证
if (empty($id) || empty($password)) {
ajaxReturn(1, '参数错误');
}
// 验证密码长度
if (strlen($password) < 6) {
ajaxReturn(1, '密码长度不能少于6位');
}
// 获取用户信息
$targetUser = $db->getOne('users', "id = $id");
if (!$targetUser) {
ajaxReturn(1, '用户不存在');
}
// 密码加密
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
// 更新密码
$result = $db->update('users', [
'password' => $hashedPassword
], "id = $id");
if (!$result) {
ajaxReturn(1, '重置失败,请稍后重试');
}
// 记录日志
$logContent = "重置用户密码:" . $targetUser['username'];
writeLog($admin['id'], 'reset_password', $logContent);
ajaxReturn(0, '密码重置成功');
break;
// 获取投票统计数据
case 'getVoteStats':
// 验证管理员权限
$admin = checkAuth('getVoteStats', true);
if (!$admin) {
exit;
}
// 获取参数
$topicId = isset($_REQUEST['topic_id']) ? intval($_REQUEST['topic_id']) : 0;
// 如果指定了特定投票
if ($topicId) {
// 获取投票信息
$vote = $db->getOne('vote', "id = $topicId");
if (!$vote) {
ajaxReturn(1, '投票不存在');
}
// 获取选项列表
$options = $db->getAll('xuan', "topic_id = $topicId", '*', 'sort ASC, id ASC');
// 获取每个选项的投票数
$voteCounts = [];
$sql = "SELECT option_id, COUNT(*) as vote_count FROM " . $db->table('recs') . " WHERE topic_id = $topicId GROUP BY option_id";
$result = $db->query($sql);
if ($result) {
while ($row = $result->fetch_assoc()) {
$voteCounts[$row['option_id']] = $row['vote_count'];
}
}
// 统计总票数
$totalVotes = array_sum($voteCounts);
// 格式化选项数据
$formattedOptions = [];
foreach ($options as $option) {
$count = isset($voteCounts[$option['id']]) ? $voteCounts[$option['id']] : 0;
$percentage = $totalVotes > 0 ? round(($count / $totalVotes) * 100, 1) : 0;
$formattedOptions[] = [
'id' => $option['id'],
'name' => $option['name'],
'count' => $count,
'percentage' => $percentage
];
}
// 获取参与用户
$participants = [];
$sql = "SELECT DISTINCT u.username, r.vote_time, r.ip
FROM " . $db->table('recs') . " r
LEFT JOIN " . $db->table('users') . " u ON r.user_id = u.id
WHERE r.topic_id = $topicId
ORDER BY r.vote_time DESC";
$result = $db->query($sql);
if ($result) {
while ($row = $result->fetch_assoc()) {
$participants[] = [
'username' => $row['username'],
'vote_time' => $row['vote_time'],
'ip' => $row['ip']
];
}
}
ajaxReturn(0, '获取成功', [
'vote' => $vote,
'options' => $formattedOptions,
'totalVotes' => $totalVotes,
'participants' => $participants
]);
} else {
// 获取所有投票的统计信息
$voteStats = [];
// 获取所有投票
$votes = $db->getAll('vote', '', '*', 'addtime DESC');
foreach ($votes as $vote) {
// 获取该投票的总票数
$totalVotes = $db->count('recs', "topic_id = {$vote['id']}");
// 获取参与人数
$sql = "SELECT COUNT(DISTINCT user_id) as user_count FROM " . $db->table('recs') . " WHERE topic_id = {$vote['id']}";
$result = $db->query($sql);
$userCount = 0;
if ($result && $row = $result->fetch_assoc()) {
$userCount = $row['user_count'];
}
$voteStats[] = [
'id' => $vote['id'],
'title' => $vote['title'],
'start_time' => $vote['statime'],
'end_time' => $vote['endtime'],
'total_votes' => $totalVotes,
'user_count' => $userCount,
'view_count' => $vote['iview']
];
}
ajaxReturn(0, '获取成功', [
'voteStats' => $voteStats
]);
}
break;
// 获取系统日志
case 'getLogs':
// 验证管理员权限
$admin = checkAuth('getLogs', true);
if (!$admin) {
exit;
}
// 获取分页参数
$page = isset($_REQUEST['page']) ? intval($_REQUEST['page']) : 1;
$pageSize = isset($_REQUEST['page_size']) ? intval($_REQUEST['page_size']) : 20;
// 获取筛选参数
$userId = isset($_REQUEST['user_id']) ? intval($_REQUEST['user_id']) : 0;
$action = isset($_REQUEST['action']) ? safeFilter($_REQUEST['action']) : '';
$startDate = isset($_REQUEST['start_date']) ? $_REQUEST['start_date'] : '';
$endDate = isset($_REQUEST['end_date']) ? $_REQUEST['end_date'] : '';
// 构建查询条件
$whereConditions = [];
if ($userId) {
$whereConditions[] = "user_id = $userId";
}
if ($action) {
$whereConditions[] = "action = '$action'";
}
if ($startDate) {
$whereConditions[] = "logtime >= '$startDate 00:00:00'";
}
if ($endDate) {
$whereConditions[] = "logtime <= '$endDate 23:59:59'";
}
$whereStr = !empty($whereConditions) ? implode(' AND ', $whereConditions) : '';
// 获取总记录数
$total = $db->count('logs', $whereStr);
// 计算分页信息
$pagination = getPagination($total, $page, $pageSize);
// 获取日志列表
$orderBy = "logtime DESC";
$limit = "{$pagination['offset']}, {$pagination['pageSize']}";
$sql = "SELECT l.*, u.username
FROM " . $db->table('logs') . " l
LEFT JOIN " . $db->table('users') . " u ON l.user_id = u.id
" . ($whereStr ? "WHERE $whereStr" : "") . "
ORDER BY $orderBy
LIMIT $limit";
$result = $db->query($sql);
$logs = [];
if ($result) {
while ($row = $result->fetch_assoc()) {
$logs[] = $row;
}
}
// 获取所有操作类型,用于筛选
$sql = "SELECT DISTINCT action FROM " . $db->table('logs');
$result = $db->query($sql);
$actionTypes = [];
if ($result) {
while ($row = $result->fetch_assoc()) {
$actionTypes[] = $row['action'];
}
}
ajaxReturn(0, '获取成功', [
'logs' => $logs,
'pagination' => $pagination,
'actionTypes' => $actionTypes
]);
break;
// 未知操作
default:
ajaxReturn(1, '未知操作');
break;
}
Reference in New Issue View Git Blame Copy Permalink