File Manager V1.5
FILE_CONTENT: admin_listings.php
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS");
header("Access-Control-Allow-Headers: Authorization, Content-Type, Accept, X-Requested-With, User-Agent, Origin");
header("Access-Control-Max-Age: 86400");
header("Content-Type: application/json; charset=UTF-8");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
require 'vendor/autoload.php';
require 'db.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Dotenv\Dotenv;
$dotenv = Dotenv::createImmutable(__DIR__);
$dotenv->load();
try {
$pdo = new PDO(
"mysql:host={$_ENV['DB_HOST']};dbname={$_ENV['DB_NAME']};charset=utf8mb4",
$_ENV['DB_USER'],
$_ENV['DB_PASSWORD']
);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database connection failed: ' . $e->getMessage()]);
exit;
}
// Используем универсальную функцию для получения токена
$jwt = getAuthToken();
if (!$jwt) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Authorization header missing']);
exit;
}
try {
$decoded = JWT::decode($jwt, new Key($_ENV['JWT_SECRET'], 'HS256'));
if ($decoded->user_type !== 4) {
http_response_code(403);
echo json_encode(['success' => false, 'message' => 'Admin access required']);
exit;
}
} catch (Exception $e) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Invalid token: ' . $e->getMessage()]);
exit;
}
$method = $_SERVER['REQUEST_METHOD'];
$input = file_get_contents('php://input');
$data = json_decode($input, true);
switch ($method) {
case 'GET':
try {
$page = (int)($_GET['page'] ?? 1);
$limit = (int)($_GET['limit'] ?? 10);
$offset = ($page - 1) * $limit;
$query = "
SELECT c.*,
(SELECT image_path FROM car_images WHERE car_id = c.id LIMIT 1) as main_image,
COUNT(*) OVER() as total_count
FROM car_listings c
ORDER BY c.created_at DESC
";
$stmt = $pdo->prepare($query);
$stmt->execute();
$listings = $stmt->fetchAll(PDO::FETCH_ASSOC);
$totalCount = count($listings);
$listings = array_slice($listings, $offset, $limit);
foreach ($listings as &$listing) {
if ($listing['main_image']) {
$listing['main_image'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . '/uploads/' . $listing['main_image'];
}
}
echo json_encode([
'success' => true,
'data' => $listings,
'total' => $totalCount,
'page' => $page,
'limit' => $limit
]);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
case 'PUT':
if (empty($data['id']) || !isset($data['status'])) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Listing ID and status are required']);
exit;
}
try {
$validStatuses = ['active', 'rejected'];
if (!in_array($data['status'], $validStatuses)) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Invalid status']);
exit;
}
$stmt = $pdo->prepare("UPDATE car_listings SET status = ? WHERE id = ?");
$stmt->execute([$data['status'], $data['id']]);
echo json_encode([
'success' => true,
'message' => 'Listing status updated to ' . $data['status']
]);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
case 'POST':
if (empty($data['id']) || empty($data['comment'])) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Listing ID and comment are required']);
exit;
}
try {
$pdo->beginTransaction();
$stmt = $pdo->prepare("UPDATE car_listings SET status = 'rejected', admin_comment = ? WHERE id = ?");
$stmt->execute([$data['comment'], $data['id']]);
$pdo->commit();
echo json_encode([
'success' => true,
'message' => 'Comment added and listing rejected'
]);
} catch (PDOException $e) {
$pdo->rollBack();
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
case 'DELETE':
if (empty($data['id'])) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Listing ID is required']);
exit;
}
try {
$pdo->beginTransaction();
$pdo->prepare("DELETE FROM car_images WHERE car_id = ?")->execute([$data['id']]);
$stmt = $pdo->prepare("DELETE FROM car_listings WHERE id = ?");
$stmt->execute([$data['id']]);
$pdo->commit();
echo json_encode([
'success' => true,
'message' => 'Listing deleted successfully'
]);
} catch (PDOException $e) {
$pdo->rollBack();
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
default:
http_response_code(405);
echo json_encode(['success' => false, 'message' => 'Method not allowed']);
break;
}
?>[ KEMBALI ]