PHP WebShell
Текущая директория: /var/www/bitcardoApp/backyard/models/giftcards
Просмотр файла: catalog_post.php
<?php
// backyard/models/giftcards/catalog_post.php
declare(strict_types=1);
header('Content-Type: application/json; charset=utf-8');
ob_start(); ini_set('display_errors','0'); error_reporting(E_ALL);
function out($data, int $code=200){
http_response_code($code);
$buf = ob_get_clean();
if ($buf) { $data['_diag'] = substr($buf,0,500); }
echo json_encode($data);
exit;
}
try {
if ($_SERVER['REQUEST_METHOD'] !== 'POST') out(['success'=>false,'message'=>'Method not allowed'],405);
$db = __DIR__ . '/../../config/db_config.php';
if (!file_exists($db)) out(['success'=>false,'message'=>'DB config missing'],500);
include_once $db;
if (!isset($conn) || !($conn instanceof mysqli)) out(['success'=>false,'message'=>'DB conn missing'],500);
require_once __DIR__ . '/catalog.php';
$raw = file_get_contents('php://input');
$payload = json_decode($raw,true);
if (!is_array($payload)) $payload = $_POST;
$action = isset($payload['action']) ? trim((string)$payload['action']) : '';
switch ($action) {
// ------- Brands -------
case 'brand.create': {
$name = trim((string)($payload['card_brand'] ?? ''));
$icon = isset($payload['brand_icon']) ? trim((string)$payload['brand_icon']) : null;
if ($name === '') out(['success'=>false,'message'=>'Brand name required'],422);
$id = gc_brand_create($conn, $name, $icon);
if (!$id) out(['success'=>false,'message'=>'Failed to create brand'],500);
out(['success'=>true,'id'=>$id]);
}
case 'brand.update': {
$id = (int)($payload['cbrand_id'] ?? 0);
$name = trim((string)($payload['card_brand'] ?? ''));
$icon = isset($payload['brand_icon']) ? trim((string)$payload['brand_icon']) : null;
if ($id<=0 || $name==='') out(['success'=>false,'message'=>'Invalid data'],422);
$ok = gc_brand_update($conn, $id, $name, $icon);
out(['success'=>$ok?true:false]);
}
case 'brand.toggle': {
$id = (int)($payload['cbrand_id'] ?? 0);
$status = (int)($payload['status'] ?? 0);
if ($id<=0) out(['success'=>false,'message'=>'Invalid brand id'],422);
$ok = gc_brand_toggle($conn, $id, $status);
out(['success'=>$ok?true:false]);
}
// ------- Gift Cards -------
case 'card.create': {
$cbrand_id = (int)($payload['cbrand_id'] ?? 0);
$demon = trim((string)($payload['demon'] ?? ''));
$curr = trim((string)($payload['card_curr'] ?? ''));
$buy = isset($payload['buy_price']) ? (float)$payload['buy_price'] : null;
$sell = isset($payload['sell_price']) ? (float)$payload['sell_price'] : null;
$status = (int)($payload['status'] ?? 1);
if ($cbrand_id<=0 || $demon==='') out(['success'=>false,'message'=>'Brand and denom required'],422);
if ($curr==='') $curr = '$'; // fallback
$id = gc_card_create($conn, $cbrand_id, $demon, $curr, $buy, $sell, $status);
if (!$id) out(['success'=>false,'message'=>'Failed to create card denom'],500);
out(['success'=>true,'id'=>$id]);
}
case 'card.update': {
$gc_id = (int)($payload['gc_id'] ?? 0);
$cbrand_id = (int)($payload['cbrand_id'] ?? 0);
$demon = trim((string)($payload['demon'] ?? ''));
$curr = trim((string)($payload['card_curr'] ?? ''));
$buy = isset($payload['buy_price']) ? (float)$payload['buy_price'] : null;
$sell = isset($payload['sell_price']) ? (float)$payload['sell_price'] : null;
$status = (int)($payload['status'] ?? 1);
if ($gc_id<=0 || $cbrand_id<=0 || $demon==='') out(['success'=>false,'message'=>'Invalid data'],422);
if ($curr==='') $curr = '$';
$ok = gc_card_update($conn, $gc_id, $cbrand_id, $demon, $curr, $buy, $sell, $status);
out(['success'=>$ok?true:false]);
}
case 'card.toggle': {
$gc_id = (int)($payload['gc_id'] ?? 0);
$status = (int)($payload['status'] ?? 0);
if ($gc_id<=0) out(['success'=>false,'message'=>'Invalid gc_id'],422);
$ok = gc_card_toggle($conn, $gc_id, $status);
out(['success'=>$ok?true:false]);
}
case 'card.delete': {
$gc_id = (int)($payload['gc_id'] ?? 0);
if ($gc_id<=0) out(['success'=>false,'message'=>'Invalid gc_id'],422);
$ok = gc_card_delete($conn, $gc_id);
out(['success'=>$ok?true:false]);
}
}
out(['success'=>false,'message'=>'Unknown action'],400);
} catch (Throwable $e) {
out(['success'=>false,'message'=>'Server error','_err'=>$e->getMessage()],500);
}
Выполнить команду
Для локальной разработки. Не используйте в интернете!