数据库连接失败!请检查配置信息。");
}
// 创建数据库和表结构(首次运行自动创建)
mysqli_query($conn, "CREATE DATABASE IF NOT EXISTS `$DB_NAME` DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci");
mysqli_select_db($conn, $DB_NAME);
// 创建壁纸表
mysqli_query($conn, "CREATE TABLE IF NOT EXISTS `wallpaper` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) NOT NULL,
`img_url` varchar(500) NOT NULL,
`category` varchar(50) DEFAULT '默认',
`sort` int(11) DEFAULT 0,
`downloads` int(11) DEFAULT 0,
`create_time` datetime DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `idx_sort` (`sort`),
KEY `idx_category` (`category`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4");
// 创建任务表
mysqli_query($conn, "CREATE TABLE IF NOT EXISTS `task` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`title` varchar(100) DEFAULT '关注公众号获取答案',
`task_img` varchar(500) NOT NULL,
`answer` varchar(50) NOT NULL,
`update_time` datetime DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4");
// 创建支付配置表
mysqli_query($conn, "CREATE TABLE IF NOT EXISTS `pay_config` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`type` tinyint(1) NOT NULL COMMENT '1=微信 2=支付宝',
`appid` varchar(100) NOT NULL,
`mch_id` varchar(100) DEFAULT NULL,
`key` varchar(100) DEFAULT NULL,
`notify_url` varchar(255) DEFAULT NULL,
`enabled` tinyint(1) DEFAULT 1,
PRIMARY KEY (`id`),
UNIQUE KEY `type` (`type`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4");
// 创建支付日志表
mysqli_query($conn, "CREATE TABLE IF NOT EXISTS `pay_log` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`out_trade_no` varchar(50) NOT NULL,
`type` tinyint(1) NOT NULL,
`amount` decimal(10,2) NOT NULL,
`status` tinyint(1) DEFAULT 0 COMMENT '0=未支付 1=已支付',
`ip` varchar(45) DEFAULT NULL,
`create_time` datetime DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `idx_out_trade_no` (`out_trade_no`),
KEY `idx_status` (`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4");
// ==================== 系统函数 ====================
// 安全过滤函数
function safe_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data, ENT_QUOTES, 'UTF-8');
return $data;
}
// 数据库转义
function db_escape($conn, $data) {
return mysqli_real_escape_string($conn, $data);
}
// 生成随机字符串
function generate_token($length = 32) {
return bin2hex(random_bytes($length / 2));
}
// 验证是否为URL
function is_valid_url($url) {
return filter_var($url, FILTER_VALIDATE_URL) !== false;
}
// 获取客户端IP
function get_client_ip() {
$ip = '';
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1';
}
return $ip;
}
// ==================== 会话管理 ====================
session_start();
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = generate_token();
}
// ==================== 路由处理 ====================
$action = isset($_GET['action']) ? safe_input($_GET['action']) : 'index';
// 后台登录验证函数
function check_admin_login() {
global $ADMIN_USER, $ADMIN_PWD;
if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true) {
return true;
}
if (isset($_POST['admin_login'])) {
$username = safe_input($_POST['username']);
$password = safe_input($_POST['password']);
if ($username === $ADMIN_USER && $password === $ADMIN_PWD) {
$_SESSION['admin_logged_in'] = true;
$_SESSION['admin_user'] = $username;
$_SESSION['login_time'] = time();
return true;
}
}
return false;
}
// ==================== 主逻辑处理 ====================
switch ($action) {
// ========== 前台页面 ==========
case 'index':
// 查询壁纸列表
$wallpaper_query = mysqli_query($conn, "SELECT * FROM wallpaper ORDER BY sort DESC, create_time DESC LIMIT 20");
$wallpapers = [];
while ($row = mysqli_fetch_assoc($wallpaper_query)) {
$row['name'] = htmlspecialchars($row['name']);
$row['img_url'] = htmlspecialchars($row['img_url']);
$wallpapers[] = $row;
}
// 查询任务配置
$task_query = mysqli_query($conn, "SELECT * FROM task LIMIT 1");
$task = mysqli_fetch_assoc($task_query);
// 输出HTML页面
output_frontend($wallpapers, $task);
break;
// ========== 后台登录 ==========
case 'admin':
if (check_admin_login()) {
header('Location: ?action=admin_dashboard');
exit;
}
$error = isset($_GET['error']) ? safe_input($_GET['error']) : '';
output_admin_login($error);
break;
// ========== 后台登出 ==========
case 'admin_logout':
session_destroy();
header('Location: ?action=admin');
exit;
break;
// ========== 后台仪表板 ==========
case 'admin_dashboard':
if (!check_admin_login()) {
header('Location: ?action=admin&error=请先登录');
exit;
}
// 统计数据
$total_wallpapers = mysqli_fetch_assoc(mysqli_query($conn, "SELECT COUNT(*) as count FROM wallpaper"))['count'];
$total_tasks = mysqli_fetch_assoc(mysqli_query($conn, "SELECT COUNT(*) as count FROM task"))['count'];
$total_payments = mysqli_fetch_assoc(mysqli_query($conn, "SELECT COUNT(*) as count FROM pay_log WHERE status=1"))['count'];
$total_income = mysqli_fetch_assoc(mysqli_query($conn, "SELECT SUM(amount) as total FROM pay_log WHERE status=1"))['total'];
output_admin_dashboard($total_wallpapers, $total_tasks, $total_payments, $total_income);
break;
// ========== 壁纸管理 ==========
case 'admin_wallpaper':
if (!check_admin_login()) {
header('Location: ?action=admin&error=请先登录');
exit;
}
// 处理表单提交
$message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = db_escape($conn, $_POST['name'] ?? '');
$img_url = db_escape($conn, $_POST['img_url'] ?? '');
$category = db_escape($conn, $_POST['category'] ?? '默认');
$sort = intval($_POST['sort'] ?? 0);
$id = intval($_POST['id'] ?? 0);
if (empty($name) || empty($img_url)) {
$message = '名称和图片URL不能为空
';
} elseif (!is_valid_url($img_url)) {
$message = '图片URL格式不正确
';
} else {
if ($id > 0) {
// 更新
$sql = "UPDATE wallpaper SET name='$name', img_url='$img_url', category='$category', sort=$sort WHERE id=$id";
} else {
// 新增
$sql = "INSERT INTO wallpaper (name, img_url, category, sort) VALUES ('$name', '$img_url', '$category', $sort)";
}
if (mysqli_query($conn, $sql)) {
$message = '操作成功
';
} else {
$message = '操作失败:' . mysqli_error($conn) . '
';
}
}
}
// 处理删除
if (isset($_GET['delete'])) {
$delete_id = intval($_GET['delete']);
mysqli_query($conn, "DELETE FROM wallpaper WHERE id=$delete_id");
$message = '删除成功
';
}
// 查询壁纸列表
$query = mysqli_query($conn, "SELECT * FROM wallpaper ORDER BY sort DESC, create_time DESC");
$wallpapers = [];
while ($row = mysqli_fetch_assoc($query)) {
$row['name'] = htmlspecialchars($row['name']);
$row['img_url'] = htmlspecialchars($row['img_url']);
$row['category'] = htmlspecialchars($row['category']);
$wallpapers[] = $row;
}
output_admin_wallpaper($wallpapers, $message);
break;
// ========== 任务管理 ==========
case 'admin_task':
if (!check_admin_login()) {
header('Location: ?action=admin&error=请先登录');
exit;
}
$message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$title = db_escape($conn, $_POST['title'] ?? '关注公众号获取答案');
$task_img = db_escape($conn, $_POST['task_img'] ?? '');
$answer = db_escape($conn, $_POST['answer'] ?? '');
if (empty($task_img) || empty($answer)) {
$message = '任务图片和答案不能为空
';
} elseif (!is_valid_url($task_img)) {
$message = '图片URL格式不正确
';
} else {
// 检查是否存在任务
$check = mysqli_query($conn, "SELECT id FROM task LIMIT 1");
if (mysqli_num_rows($check) > 0) {
$sql = "UPDATE task SET title='$title', task_img='$task_img', answer='$answer' LIMIT 1";
} else {
$sql = "INSERT INTO task (title, task_img, answer) VALUES ('$title', '$task_img', '$answer')";
}
if (mysqli_query($conn, $sql)) {
$message = '任务配置已保存
';
} else {
$message = '保存失败:' . mysqli_error($conn) . '
';
}
}
}
// 查询当前配置
$task_query = mysqli_query($conn, "SELECT * FROM task LIMIT 1");
$task = mysqli_fetch_assoc($task_query);
output_admin_task($task, $message);
break;
// ========== 支付配置 ==========
case 'admin_payment':
if (!check_admin_login()) {
header('Location: ?action=admin&error=请先登录');
exit;
}
$message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$type = intval($_POST['type'] ?? 0);
$appid = db_escape($conn, $_POST['appid'] ?? '');
$mch_id = db_escape($conn, $_POST['mch_id'] ?? '');
$key = db_escape($conn, $_POST['key'] ?? '');
$notify_url = db_escape($conn, $_POST['notify_url'] ?? '');
$enabled = isset($_POST['enabled']) ? 1 : 0;
if ($type == 1 || $type == 2) {
$sql = "INSERT INTO pay_config (type, appid, mch_id, `key`, notify_url, enabled)
VALUES ($type, '$appid', '$mch_id', '$key', '$notify_url', $enabled)
ON DUPLICATE KEY UPDATE
appid='$appid', mch_id='$mch_id', `key`='$key',
notify_url='$notify_url', enabled=$enabled";
if (mysqli_query($conn, $sql)) {
$message = '支付配置已保存
';
} else {
$message = '保存失败:' . mysqli_error($conn) . '
';
}
}
}