PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] index.php
• [FILE] toggle_wallet.php
• [FILE] update_user.php
• [FILE] users.php

Просмотр файла: update_user.php

<?php
// backyard/models/users/update_user.php
header('Content-Type: application/json');

if (!isset($conn)) {
    include_once '../../config/db_config.php';
}

function norm($s){ return strtolower(trim((string)$s)); }

try {
    // Batch suspend (JSON body)
    $raw = file_get_contents('php://input');
    $json = json_decode($raw, true);

    if (is_array($json) && !empty($json['batch_suspend']) && !empty($json['user_ids'])) {
        $ids = array_map('intval', (array)$json['user_ids']);
        if (empty($ids)) throw new Exception('No users selected.');
        $idlist = implode(',', $ids);
        // Set to Inactive
        $q = "UPDATE users SET user_status='Inactive', updated_at = NOW() WHERE user_id IN ({$idlist})";
        if (!mysqli_query($conn, $q)) throw new Exception('Batch update failed.');
        echo json_encode(['success'=>true, 'count'=>count($ids)]);
        exit;
    }

    // Single toggle (form-encoded)
    $user_id = isset($_POST['user_id']) ? (int)$_POST['user_id'] : 0;
    $status  = isset($_POST['status'])   ? (string)$_POST['status']   : '';

    if ($user_id <= 0) throw new Exception('Invalid user.');

    // Normalize incoming status; DB uses 'Active' / 'Inactive'
    $current = norm($status);
    $new = ($current === 'active') ? 'Inactive' : 'Active';

    $q = "UPDATE users SET user_status='{$new}', updated_at = NOW() WHERE user_id = {$user_id} LIMIT 1";
    if (!mysqli_query($conn, $q)) throw new Exception('Update failed.');

    echo json_encode(['success'=>true, 'new_status'=>$new]);
} catch (Throwable $e) {
    echo json_encode(['success'=>false, 'message'=>$e->getMessage()]);
}

Выполнить команду