case '/admin': // 1. 安全验证:为了防止别人乱改你的汇率,访问网址必须加上你自定义的暗号 // 比如访问:https://zy.ys168.net/admin?secret=haiphong2026 $secret_token = "haiphong2026"; // 👈 这是你的管理暗号,你可以自己改成别的 if (!isset($_GET['secret']) || $_GET['secret'] !== $secret_token) { header("HTTP/1.0 403 Forbidden"); die("

鉴权失败:您无权访问海防便民网后台

"); } // 2. 抓取当前汇率 $rate_stmt = $pdo->query("SELECT rate FROM rates WHERE id=1"); $current_rate = $rate_stmt->fetchColumn(); // 3. 抓取所有待处理(pending和paid)的换汇与充值订单 $order_stmt = $pdo->query("SELECT o.*, u.username FROM orders o JOIN users u ON o.user_id = u.id ORDER BY o.created_at DESC"); $all_orders = $order_stmt->fetchAll(); $page_title = "站长私密管理后台"; include 'views/admin.php'; break; case '/admin/action': // 4. 处理后台的各类提交请求(改汇率或审批订单) $secret_token = "haiphong2026"; // 保持和上面一致 if (!isset($_GET['secret']) || $_GET['secret'] !== $secret_token) { die("无权操作"); } // 处理修改汇率 if (isset($_POST['action']) && $_POST['action'] === 'update_rate') { $new_rate = floatval($_POST['new_rate']); $up_stmt = $pdo->prepare("UPDATE rates SET rate = ? WHERE id = 1"); $up_stmt->execute([$new_rate]); header("Location: /admin?secret=" . $secret_token . "&msg=汇率更新成功"); exit; } // 处理订单状态审批 if (isset($_GET['action']) && $_GET['action'] === 'complete_order') { $order_id = intval($_GET['order_id']); $up_stmt = $pdo->prepare("UPDATE orders SET status = 'completed' WHERE id = ?"); $up_stmt->execute([$order_id]); header("Location: /admin?secret=" . $secret_token . "&msg=订单已确认完成"); exit; } break;