File Manager V1.5
FILE_CONTENT: admin_users.php
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS");
header("Access-Control-Allow-Headers: Authorization, Content-Type, Accept, X-Requested-With, User-Agent, Origin");
header("Access-Control-Max-Age: 86400");
header("Content-Type: application/json; charset=UTF-8");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
require 'vendor/autoload.php';
require 'db.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Dotenv\Dotenv;
$dotenv = Dotenv::createImmutable(__DIR__);
$dotenv->load();
try {
$pdo = new PDO(
"mysql:host={$_ENV['DB_HOST']};dbname={$_ENV['DB_NAME']};charset=utf8mb4",
$_ENV['DB_USER'],
$_ENV['DB_PASSWORD']
);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database connection failed: ' . $e->getMessage()]);
exit;
}
// Используем универсальную функцию для получения токена
$jwt = getAuthToken();
if (!$jwt) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Authorization header missing']);
exit;
}
try {
$decoded = JWT::decode($jwt, new Key($_ENV['JWT_SECRET'], 'HS256'));
if ($decoded->user_type !== 4) {
http_response_code(403);
echo json_encode(['success' => false, 'message' => 'Admin access required']);
exit;
}
} catch (Exception $e) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Invalid token: ' . $e->getMessage()]);
exit;
}
$method = $_SERVER['REQUEST_METHOD'];
$input = file_get_contents('php://input');
$data = json_decode($input, true);
if ($input && json_last_error() !== JSON_ERROR_NONE) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Invalid JSON: ' . json_last_error_msg()]);
exit;
}
switch ($method) {
case 'GET':
try {
$status = isset($_GET['status']) ? $_GET['status'] : null;
$tables = ['individusers' => 0, 'companyusers' => 1, 'leasingmanagers' => 2];
$users = [];
foreach ($tables as $table => $userType) {
$query = "SELECT * FROM $table";
if ($status) {
$query .= " WHERE status = :status";
}
$stmt = $pdo->prepare($query);
if ($status) {
$stmt->bindParam(':status', $status);
}
$stmt->execute();
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($results as $result) {
$result['user_type'] = $userType;
$users[] = $result;
}
}
echo json_encode(['success' => true, 'users' => $users]);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
case 'PUT':
if (empty($data['user_id']) || !isset($data['status']) || !isset($data['user_type'])) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'user_id, status and user_type are required']);
exit;
}
try {
$tables = [0 => 'individusers', 1 => 'companyusers', 2 => 'leasingmanagers'];
$table = $tables[$data['user_type']] ?? null;
if (!$table) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Invalid user_type']);
exit;
}
$stmt = $pdo->prepare("UPDATE $table SET status = :status WHERE id = :user_id");
$stmt->execute([
':status' => $data['status'],
':user_id' => $data['user_id']
]);
echo json_encode(['success' => true, 'message' => 'User status updated']);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
case 'DELETE':
if (empty($data['user_id']) || !isset($data['user_type'])) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'user_id and user_type are required']);
exit;
}
try {
$tables = [0 => 'individusers', 1 => 'companyusers', 2 => 'leasingmanagers'];
$table = $tables[$data['user_type']] ?? null;
if (!$table) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Invalid user_type']);
exit;
}
$stmt = $pdo->prepare("UPDATE $table SET status = 'blocked' WHERE id = :user_id");
$stmt->execute([':user_id' => $data['user_id']]);
echo json_encode(['success' => true, 'message' => 'User blocked']);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
default:
http_response_code(405);
echo json_encode(['success' => false, 'message' => 'Method not allowed']);
break;
}
if ($method === 'GET' && isset($_GET['user_id']) && isset($_GET['documents'])) {
try {
$user_id = $_GET['user_id'];
$user_type = $_GET['user_type'] ?? null;
$tables = [0 => 'individusers', 1 => 'companyusers', 2 => 'leasingmanagers'];
if (!isset($tables[$user_type])) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Invalid user_type']);
exit;
}
$stmt = $pdo->prepare("SELECT * FROM documents WHERE user_id = :user_id");
$stmt->execute([':user_id' => $user_id]);
$documents = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode(['success' => true, 'documents' => $documents]);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
}
?>[ KEMBALI ]