PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] generated.php
• [FILE] users.php
• [FILE] view.php
• [FILE] view_user.php
• [FILE] wallet_actions.php
• [FILE] wallet_actions_post.php

Просмотр файла: wallet_actions_post.php

<?php
// backyard/models/users/wallet_actions_post.php
// Robust JSON responder for wallet freeze/unfreeze toggle.

declare(strict_types=1);

// Always return JSON
header('Content-Type: application/json; charset=utf-8');

// Hard-stop any BOM/whitespace + capture warnings/notices so we don't break JSON.
ob_start();
ini_set('display_errors', '0');
error_reporting(E_ALL);

function respond_json(array $payload, int $http = 200): never {
    http_response_code($http);
    $buffer = ob_get_clean(); // capture any stray output
    if (!empty($buffer)) {
        // Attach any captured output for easier debugging (truncated)
        $payload['_diag'] = substr($buffer, 0, 500);
    }
    echo json_encode($payload);
    exit;
}

try {
    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
        respond_json(['success'=>false, 'message'=>'Method not allowed'], 405);
    }

    // --- DB bootstrap ---
    $dbPath = __DIR__ . '/../../config/db_config.php';
    if (!file_exists($dbPath)) {
        respond_json(['success'=>false, 'message'=>'DB config missing'], 500);
    }
    include_once $dbPath;
    if (!isset($conn) || !($conn instanceof mysqli)) {
        respond_json(['success'=>false, 'message'=>'DB connection not available'], 500);
    }

    require_once __DIR__ . '/wallet_actions.php';

    // --- Inputs ---
    $action    = isset($_POST['action']) ? trim((string)$_POST['action']) : '';
    $wallet_id = isset($_POST['wallet_id']) ? (int)$_POST['wallet_id'] : 0;
    $freeze    = (isset($_POST['freeze']) && $_POST['freeze'] === '1');

    if ($action !== 'toggle_freeze' || $wallet_id <= 0) {
        respond_json(['success'=>false, 'message'=>'Bad request'], 400);
    }

    // (Optional) TODO: permission / CSRF checks

    // --- Do it ---
    $res = wallet_toggle_freeze($conn, $wallet_id, $freeze);

    respond_json([
        'success'    => $res['success'],
        'message'    => $res['message'],
        'new_status' => $res['new_status'] ?? null,
    ], $res['success'] ? 200 : 500);

} catch (Throwable $e) {
    respond_json(['success'=>false, 'message'=>'Server error', '_err'=>substr($e->getMessage(),0,200)], 500);
}

Выполнить команду