image-pichost/admin/ajax_update_user.php

<?php
require_once '../config.php';

if (!isset($_SESSION['user_id']) || $_SESSION['username'] !== 'admin') {
    echo json_encode(['success' => false, 'error' => '无权限']);
    exit;
}

$input = json_decode(file_get_contents('php://input'), true);

if ($input && isset($input['user_id']) && isset($input['role'])) {
    try {
        $stmt = $pdo->prepare("UPDATE users SET role = ? WHERE id = ? AND username != 'admin'");
        $stmt->execute([$input['role'], $input['user_id']]);
        
        echo json_encode(['success' => true]);
    } catch(PDOException $e) {
        echo json_encode(['success' => false, 'error' => $e->getMessage()]);
    }
} else {
    echo json_encode(['success' => false, 'error' => '无效请求']);
}
?>
上传文件至 admin 2025-11-30 13:07:29 +00:00			`<?php`
			`require_once '../config.php';`

			`if (!isset($_SESSION['user_id']) \|\| $_SESSION['username'] !== 'admin') {`
			`echo json_encode(['success' => false, 'error' => '无权限']);`
			`exit;`
			`}`

			`$input = json_decode(file_get_contents('php://input'), true);`

			`if ($input && isset($input['user_id']) && isset($input['role'])) {`
			`try {`
			`$stmt = $pdo->prepare("UPDATE users SET role = ? WHERE id = ? AND username != 'admin'");`
			`$stmt->execute([$input['role'], $input['user_id']]);`

			`echo json_encode(['success' => true]);`
			`} catch(PDOException $e) {`
			`echo json_encode(['success' => false, 'error' => $e->getMessage()]);`
			`}`
			`} else {`
			`echo json_encode(['success' => false, 'error' => '无效请求']);`
			`}`
			`?>`