PHP WebShell
Текущая директория: /var/www/bitcardoApp/backyard/user/settings
Просмотр файла: user_level.php
<?php
// admin/settings/user_level.php
// Admin page to manage user levels (edit: limits only; no Level ID/Key/Priority fields shown)
include '../common/header.php';
function h($v) { return htmlspecialchars((string)$v, ENT_QUOTES, 'UTF-8'); }
function dec_or_zero($v) {
$v = trim((string)$v);
if ($v === '') return '0.00';
return number_format((float)$v, 2, '.', '');
}
$flash_success = '';
$flash_error = '';
// -----------------------------
// Handle POST actions
// -----------------------------
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
$level_id = isset($_POST['level_id']) ? (int)$_POST['level_id'] : 0;
// Update-only editable fields
$level_name = trim($_POST['level_name'] ?? '');
$buy_limit = dec_or_zero($_POST['buy_limit'] ?? '0');
$daily_buy_limit = dec_or_zero($_POST['daily_buy_limit'] ?? '0');
$sell_limit = dec_or_zero($_POST['sell_limit'] ?? '0');
$daily_sell_limit = dec_or_zero($_POST['daily_sell_limit'] ?? '0');
$instant_buy_limit = dec_or_zero($_POST['instant_buy_limit'] ?? '0');
$instant_sell_limit = dec_or_zero($_POST['instant_sell_limit'] ?? '0');
$withdraw_limit = dec_or_zero($_POST['withdraw_limit'] ?? '0');
$daily_withdraw_limit= dec_or_zero($_POST['daily_withdraw_limit'] ?? '0');
$meta_raw = trim($_POST['meta'] ?? '');
$meta_json = null;
if ($meta_raw !== '') {
$tmp = json_decode($meta_raw, true);
if (json_last_error() !== JSON_ERROR_NONE) {
$flash_error = 'Meta must be valid JSON.';
} else {
$meta_json = json_encode($tmp, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
}
}
if ($flash_error === '') {
try {
if ($action === 'update') {
if ($level_id <= 0) {
$flash_error = 'Invalid level selected.';
} elseif ($level_name === '') {
$flash_error = 'Level Name is required.';
} else {
// Lock: level_id, level_key, priority cannot be edited.
$sql = "UPDATE user_level SET
level_name=?,
buy_limit=?, daily_buy_limit=?, sell_limit=?, daily_sell_limit=?,
instant_buy_limit=?, instant_sell_limit=?,
withdraw_limit=?, daily_withdraw_limit=?,
meta=?
WHERE level_id=?";
$stmt = $conn->prepare($sql);
$stmt->bind_param(
"ssssssssssi", // 10 strings + 1 integer = 11
$level_name,
$buy_limit,
$daily_buy_limit,
$sell_limit,
$daily_sell_limit,
$instant_buy_limit,
$instant_sell_limit,
$withdraw_limit,
$daily_withdraw_limit,
$meta_json,
$level_id
);
if (!$stmt->execute()) {
throw new Exception("Update failed: " . $stmt->error);
}
$stmt->close();
$flash_success = 'User level updated successfully.';
}
} else {
// No create/delete from this page (hidden at UI and blocked at backend)
$flash_error = 'Action not allowed on this page.';
}
} catch (Throwable $e) {
$flash_error = $e->getMessage();
}
}
}
// -----------------------------
// Load levels
// -----------------------------
$levels = [];
try {
$res = $conn->query("SELECT * FROM user_level ORDER BY priority DESC, level_id ASC");
while ($row = $res->fetch_assoc()) {
$levels[] = $row;
}
} catch (Throwable $e) {
$flash_error = $flash_error ?: ("Failed to load user levels: " . $e->getMessage());
}
?>
<div class="nk-content nk-content-fluid">
<div class="container-xl wide-lg">
<div class="nk-content-body">
<div class="nk-block-head">
<div class="nk-block-between-md g-4">
<div class="nk-block-head-content">
<h5 class="nk-block-title fw-normal">User Level Settings</h5>
<div class="nk-block-des">
<p>Edit buy/sell/withdraw limits per user level.</p>
</div>
</div>
<div class="nk-block-head-content">
<!-- Intentionally no tools/actions here -->
</div>
</div>
</div>
<?php if ($flash_success): ?>
<div class="alert alert-success"><?= h($flash_success) ?></div>
<?php endif; ?>
<?php if ($flash_error): ?>
<div class="alert alert-danger"><?= h($flash_error) ?></div>
<?php endif; ?>
<div class="nk-block">
<div class="card card-bordered">
<div class="card-inner">
<div class="table-responsive">
<table class="table table-striped align-middle">
<thead>
<tr>
<th>ID</th>
<th>Key</th>
<th>Name</th>
<th>Priority</th>
<th>Buy Limit</th>
<th>Daily Buy</th>
<th>Sell Limit</th>
<th>Daily Sell</th>
<th>Instant Buy</th>
<th>Instant Sell</th>
<th>Withdraw</th>
<th>Daily Withdraw</th>
<th class="text-end">Action</th>
</tr>
</thead>
<tbody>
<?php if (empty($levels)): ?>
<tr><td colspan="13" class="text-center py-4">No user levels found.</td></tr>
<?php else: ?>
<?php foreach ($levels as $lv): ?>
<?php $meta_str = $lv['meta'] ?? ''; ?>
<tr>
<td><?= (int)$lv['level_id'] ?></td>
<td><?= h($lv['level_key']) ?></td>
<td><?= h($lv['level_name']) ?></td>
<td><?= (int)$lv['priority'] ?></td>
<td><?= h($lv['buy_limit']) ?></td>
<td><?= h($lv['daily_buy_limit']) ?></td>
<td><?= h($lv['sell_limit']) ?></td>
<td><?= h($lv['daily_sell_limit']) ?></td>
<td><?= h($lv['instant_buy_limit']) ?></td>
<td><?= h($lv['instant_sell_limit']) ?></td>
<td><?= h($lv['withdraw_limit']) ?></td>
<td><?= h($lv['daily_withdraw_limit']) ?></td>
<td class="text-end">
<button type="button"
class="btn btn-sm btn-dark"
data-bs-toggle="modal"
data-bs-target="#levelModal"
onclick='openEditLevel(<?= json_encode([
"level_id" => (int)$lv["level_id"],
"level_name" => (string)$lv["level_name"],
"buy_limit" => (string)$lv["buy_limit"],
"daily_buy_limit" => (string)$lv["daily_buy_limit"],
"sell_limit" => (string)$lv["sell_limit"],
"daily_sell_limit" => (string)$lv["daily_sell_limit"],
"instant_buy_limit" => (string)$lv["instant_buy_limit"],
"instant_sell_limit" => (string)$lv["instant_sell_limit"],
"withdraw_limit" => (string)$lv["withdraw_limit"],
"daily_withdraw_limit" => (string)$lv["daily_withdraw_limit"],
"meta" => (string)$meta_str,
], JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) ?>)'>
Edit
</button>
</td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
</div>
<div class="mt-2 text-muted small">
Locked fields: Level ID, Level Key, Priority. Editable: Level Name, limits, meta.
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Edit Modal (ONLY editable fields shown) -->
<div class="modal fade" id="levelModal" tabindex="-1" aria-hidden="true">
<div class="modal-dialog modal-lg modal-dialog-scrollable">
<div class="modal-content">
<form method="post" id="levelForm">
<div class="modal-header">
<h5 class="modal-title">Edit User Level</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label's="Close"></button>
</div>
<div class="modal-body">
<input type="hidden" name="action" value="update">
<input type="hidden" name="level_id" id="level_id" value="">
<div class="row g-3">
<div class="col-md-6">
<label class="form-label">Level Name</label>
<input type="text" class="form-control" name="level_name" id="level_name" required>
</div>
<hr class="my-2">
<div class="col-md-3">
<label class="form-label">Buy Limit</label>
<input type="number" step="0.01" class="form-control" name="buy_limit" id="buy_limit" value="0.00">
</div>
<div class="col-md-3">
<label class="form-label">Daily Buy Limit</label>
<input type="number" step="0.01" class="form-control" name="daily_buy_limit" id="daily_buy_limit" value="0.00">
</div>
<div class="col-md-3">
<label class="form-label">Sell Limit</label>
<input type="number" step="0.01" class="form-control" name="sell_limit" id="sell_limit" value="0.00">
</div>
<div class="col-md-3">
<label class="form-label">Daily Sell Limit</label>
<input type="number" step="0.01" class="form-control" name="daily_sell_limit" id="daily_sell_limit" value="0.00">
</div>
<div class="col-md-3">
<label class="form-label">Instant Buy Limit</label>
<input type="number" step="0.01" class="form-control" name="instant_buy_limit" id="instant_buy_limit" value="0.00">
</div>
<div class="col-md-3">
<label class="form-label">Instant Sell Limit</label>
<input type="number" step="0.01" class="form-control" name="instant_sell_limit" id="instant_sell_limit" value="0.00">
</div>
<div class="col-md-3">
<label class="form-label">Withdraw Limit</label>
<input type="number" step="0.01" class="form-control" name="withdraw_limit" id="withdraw_limit" value="0.00">
</div>
<div class="col-md-3">
<label class="form-label">Daily Withdraw Limit</label>
<input type="number" step="0.01" class="form-control" name="daily_withdraw_limit" id="daily_withdraw_limit" value="0.00">
</div>
<div class="col-12">
<label class="form-label">Meta (JSON)</label>
<textarea class="form-control" name="meta" id="meta" rows="4" placeholder='{"note":"optional"}'></textarea>
<div class="form-text">Optional. Must be valid JSON if provided.</div>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-outline-secondary" data-bs-dismiss="modal">Cancel</button>
<button type="submit" class="btn btn-primary">Save Changes</button>
</div>
</form>
</div>
</div>
</div>
<script>
function openEditLevel(level) {
document.getElementById('level_id').value = level.level_id || '';
document.getElementById('level_name').value = level.level_name || '';
document.getElementById('buy_limit').value = level.buy_limit ?? '0.00';
document.getElementById('daily_buy_limit').value = level.daily_buy_limit ?? '0.00';
document.getElementById('sell_limit').value = level.sell_limit ?? '0.00';
document.getElementById('daily_sell_limit').value = level.daily_sell_limit ?? '0.00';
document.getElementById('instant_buy_limit').value = level.instant_buy_limit ?? '0.00';
document.getElementById('instant_sell_limit').value = level.instant_sell_limit ?? '0.00';
document.getElementById('withdraw_limit').value = level.withdraw_limit ?? '0.00';
document.getElementById('daily_withdraw_limit').value = level.daily_withdraw_limit ?? '0.00';
document.getElementById('meta').value = level.meta ?? '';
}
</script>
<?php include '../common/footer.php'; ?>
Выполнить команду
Для локальной разработки. Не используйте в интернете!