芝麻web文件管理V1.00

编辑当前文件:/home/pulsehostuk9/public_html/teafund.pulsehost.co.uk/api/update_payment.php
<?php require_once __DIR__ . '/../includes/auth.php'; require_once __DIR__ . '/../includes/db.php'; require_once __DIR__ . '/../includes/csrf.php'; header('Content-Type: application/json'); require_manage(); verify_csrf(); $member_id = (int)($_POST['member_id'] ?? 0); $fund_id = (int)($_POST['fund_id'] ?? 0); $year = (int)($_POST['year'] ?? 0); $month = (int)($_POST['month'] ?? 0); $status = $_POST['status'] ?? ''; if (!$member_id || !$fund_id || !$year || $month < 1 || $month > 12 || !in_array($status, ['paid','unpaid','off'], true)) { echo json_encode(['ok'=>false,'error'=>'Invalid parameters']); exit; } $pdo = get_pdo(); $stmt = $pdo->prepare("INSERT INTO payments (member_id, fund_id, year, month, status) VALUES (?,?,?,?,?) ON DUPLICATE KEY UPDATE status=VALUES(status), updated_at=NOW()"); $stmt->execute([$member_id, $fund_id, $year, $month, $status]); // Log if (!empty($_SESSION['user_id'])) { $log = $pdo->prepare("INSERT INTO activity_log (user_id, action, details) VALUES (?,?,?)"); $log->execute([$_SESSION['user_id'], 'update_payment', json_encode(['member_id'=>$member_id,'fund_id'=>$fund_id,'year'=>$year,'month'=>$month,'status'=>$status])]); } echo json_encode(['ok'=>true]); ?>