芝麻web文件管理V1.00

编辑当前文件:/home/pulsehostuk9/public_html/teafund.pulsehost.co.uk/api/move_member_fund.php

<?php
// Move member between funds — hardened (no HTTP 500).
// Adds debug trace step and redirects back to Admin → Tools with codes.
//
// Returns via query params:
//   move=1                                 -> success
//   move_error=csrf|bad_request|schema|member_not_found|fund_not_found|db_read|db_write|payments_update|server
//   trace=<step>                           -> where it failed
//
// Optionally: move_warn=payments_no_fund_column (if payments.fund_id missing and also_move_year requested)
//
require_once __DIR__ . '/../includes/auth.php';
require_once __DIR__ . '/../includes/db.php';
// CSRF may throw in some hosts; wrap robustly.
$csrf_ok = false;
try {
  require_once __DIR__ . '/../includes/csrf.php';
  $token = $_POST['csrf_token'] ?? '';
  if (function_exists('csrf_validate')) {
    $csrf_ok = csrf_validate($token);
  } else {
    if (session_status() !== PHP_SESSION_ACTIVE) @session_start();
    $session_token = $_SESSION['csrf_token'] ?? '';
    if ($session_token && is_string($token)) $csrf_ok = hash_equals((string)$session_token, (string)$token);
  }
} catch (Throwable $e) {
  error_log('[move_member_fund csrf] ' . $e->getMessage());
  $csrf_ok = false;
}
require_manage();

function goback($qs) {
  // Prefer to land on Tools tab so the toast is visible.
  header('Location: /admin/?tab=tools&' . $qs);
  exit;
}

$TRACE = 'start';

try {
  if (!$csrf_ok) goback('move_error=csrf&trace=' . urlencode($TRACE));

$TRACE = 'read_inputs';
  $member_id = isset($_POST['member_id']) ? (int)$_POST['member_id'] : 0;
  $dest_fund_id = isset($_POST['dest_fund_id']) ? (int)$_POST['dest_fund_id'] : 0;
  $also_move_year = isset($_POST['also_move_year']) ? (int)$_POST['also_move_year'] : 0;
  if ($member_id <= 0 || $dest_fund_id <= 0) goback('move_error=bad_request&trace=' . urlencode($TRACE));

$TRACE = 'pdo_connect';
  $pdo = get_pdo();

// Check schema: members.fund_id must exist
  $TRACE = 'schema_check';
  $col = $pdo->prepare("SELECT 1 FROM information_schema.columns WHERE table_schema = DATABASE() AND table_name = 'members' AND column_name = 'fund_id'");
  $col->execute();
  if (!$col->fetchColumn()) {
    goback('move_error=schema&trace=missing_members_fund_id');
  }

// Check destination fund exists
  $TRACE = 'check_fund';
  $sf = $pdo->prepare("SELECT id, name FROM funds WHERE id = ?");
  if (!$sf || !$sf->execute([$dest_fund_id])) goback('move_error=db_read&trace=' . urlencode($TRACE));
  $fund = $sf->fetch(PDO::FETCH_ASSOC);
  if (!$fund) goback('move_error=fund_not_found&trace=' . urlencode($TRACE));

// Check member exists
  $TRACE = 'check_member';
  $sm = $pdo->prepare("SELECT id, fund_id FROM members WHERE id = ?");
  if (!$sm || !$sm->execute([$member_id])) goback('move_error=db_read&trace=' . urlencode($TRACE));
  $member = $sm->fetch(PDO::FETCH_ASSOC);
  if (!$member) goback('move_error=member_not_found&trace=' . urlencode($TRACE));

// Optional: check payments.fund_id presence if we plan to move payments
  $warn = '';
  $payments_has_fund = false;
  if ($also_move_year > 0) {
    $TRACE = 'payments_schema_check';
    $pc = $pdo->prepare("SELECT 1 FROM information_schema.columns WHERE table_schema = DATABASE() AND table_name = 'payments' AND column_name = 'fund_id'");
    $pc->execute();
    $payments_has_fund = (bool)$pc->fetchColumn();
    if (!$payments_has_fund) {
      $warn = 'payments_no_fund_column';
    }
  }

$TRACE = 'transaction_begin';
  $pdo->beginTransaction();

// Update member fund
  $TRACE = 'update_member';
  $um = $pdo->prepare("UPDATE members SET fund_id = ? WHERE id = ?");
  if (!$um || !$um->execute([$dest_fund_id, $member_id])) {
    $pdo->rollBack();
    goback('move_error=db_write&trace=' . urlencode($TRACE));
  }

// Optionally move payments (only if column exists)
  if ($also_move_year > 0 && $payments_has_fund) {
    $TRACE = 'update_payments';
    $up = $pdo->prepare("UPDATE payments SET fund_id = ? WHERE member_id = ? AND year = ?");
    if (!$up || !$up->execute([$dest_fund_id, $member_id, $also_move_year])) {
      $pdo->rollBack();
      goback('move_error=payments_update&trace=' . urlencode($TRACE));
    }
  }

$TRACE = 'commit';
  $pdo->commit();

$qs = 'move=1&fund_id=' . urlencode((string)$dest_fund_id);
  if ($warn) $qs .= '&move_warn=' . urlencode($warn);
  goback($qs);

} catch (Throwable $e) {
  error_log('[move_member_fund fatal] step=' . $TRACE . ' msg=' . $e->getMessage());
  goback('move_error=server&trace=' . urlencode($TRACE));
}