Linux spg1.cloudpowerdns.com 5.14.0-611.34.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Feb 18 05:51:10 EST 2026 x86_64
LiteSpeed
Server IP : 176.9.63.151 & Your IP : 216.73.217.60
Domains :
Cant Read [ /etc/named.conf ]
User : fastear1
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
home /
fastear1 /
.trash /
public /
Delete
Unzip
Name
Size
Permission
Date
Action
data
[ DIR ]
drwxr-xr-x
2025-09-15 23:22
uploads
[ DIR ]
drwxr-xr-x
2025-09-15 18:00
COMPLETE_SETUP_GUIDE.md
5.02
KB
-rw-r--r--
2025-09-15 23:45
DATABASE_SETUP.md
2.84
KB
-rw-r--r--
2025-09-15 23:41
FIX_ACCESS_DENIED.md
2.36
KB
-rw-r--r--
2025-09-16 00:07
MIGRATION_SUMMARY.md
4.28
KB
-rw-r--r--
2025-09-15 23:45
NEXT_STEPS.md
2.18
KB
-rw-r--r--
2025-09-15 23:45
PHPMYADMIN_SETUP_GUIDE.md
3.61
KB
-rw-r--r--
2025-09-15 23:43
QUICK_FIX_INSTRUCTIONS.md
1.99
KB
-rw-r--r--
2025-09-16 00:09
admin-dashboard.html
25.26
KB
-rw-r--r--
2025-09-15 17:29
admin-login.html
5.25
KB
-rw-r--r--
2025-09-15 02:24
admin-profile.html
24.21
KB
-rw-r--r--
2025-09-15 17:43
analytics.html
25.08
KB
-rw-r--r--
2025-09-15 16:13
check_mysql.php
1.33
KB
-rw-r--r--
2025-09-15 23:44
cleanup_duplicates.php
1.46
KB
-rw-r--r--
2025-09-15 23:08
complete_workflow_test.php
4.46
KB
-rw-r--r--
2025-09-15 23:22
create_test_user.php
1.15
KB
-rw-r--r--
2025-09-15 23:20
database.php
4.29
KB
-rw-r--r--
2025-09-15 23:43
database_mysql.php
9.98
KB
-rw-r--r--
2025-09-16 00:08
db_config.php
587
B
-rw-r--r--
2025-09-16 00:07
demo-enhanced.html
45.46
KB
-rw-r--r--
2025-09-15 01:43
deposit.html
10.83
KB
-rw-r--r--
2025-09-15 17:08
error_log
825
B
-rw-r--r--
2025-10-04 15:48
fastearnads.sql
6.12
KB
-rw-r--r--
2025-09-15 23:39
fastearnads_tables_only.sql
5.96
KB
-rw-r--r--
2025-09-16 00:07
final_test.php
4.73
KB
-rw-r--r--
2025-09-15 23:29
import_database.bat
1.03
KB
-rw-r--r--
2025-09-15 23:45
index.php
50.11
KB
-rw-r--r--
2025-09-15 23:40
manage-ads.html
25.39
KB
-rw-r--r--
2025-09-15 16:12
manage-users.html
42.4
KB
-rw-r--r--
2025-09-15 16:54
manage-withdraws.html
49.19
KB
-rw-r--r--
2025-09-15 15:54
migrate_data.php
1.6
KB
-rw-r--r--
2025-09-15 23:40
simple-login.html
1.19
KB
-rw-r--r--
2025-09-15 02:08
start_mysql.bat
948
B
-rw-r--r--
2025-09-15 23:45
test_admin_approval.php
3.55
KB
-rw-r--r--
2025-09-15 23:21
test_connection_with_user.php
1.9
KB
-rw-r--r--
2025-09-15 19:19
test_db_connection.php
1.54
KB
-rw-r--r--
2025-09-15 23:41
test_deposit_fix.php
2.88
KB
-rw-r--r--
2025-09-15 23:09
test_frontend.html
3.49
KB
-rw-r--r--
2025-09-15 23:22
test_user_activity_history.php
2.96
KB
-rw-r--r--
2025-09-15 23:21
user-ads.html
18.36
KB
-rw-r--r--
2025-09-15 14:39
user-dashboard.html
47.77
KB
-rw-r--r--
2025-09-15 23:26
user-login.html
5.78
KB
-rw-r--r--
2025-09-15 02:27
user-profile.html
33.93
KB
-rw-r--r--
2025-09-15 18:33
user-register.html
7.56
KB
-rw-r--r--
2025-09-15 02:27
user-transactions.html
31.83
KB
-rw-r--r--
2025-09-15 22:58
user-withdraw.html
29.48
KB
-rw-r--r--
2025-09-15 21:52
user-withdrawals.html
29.17
KB
-rw-r--r--
2025-09-15 21:51
waiting-approval.html
5.46
KB
-rw-r--r--
2025-09-15 03:23
Save
Rename
<?php use Illuminate\Contracts\Http\Kernel; use Illuminate\Http\Request; define('LARAVEL_START', microtime(true)); // Configure PHP session ini_set('session.cookie_httponly', 1); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_secure', 0); // Set to 1 for HTTPS session_start(); // Check if Laravel is properly configured if (!file_exists(__DIR__.'/../vendor/autoload.php')) { // Fallback to demo header('Location: /demo-enhanced.html'); exit(); } require __DIR__.'/../vendor/autoload.php'; // Use MySQL database instead of file-based system require __DIR__.'/database_mysql.php'; // Initialize database $db = new MySQLDB(); // Simple router for basic functionality $requestUri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH); $requestMethod = $_SERVER['REQUEST_METHOD']; // Debug route to check session if ($requestUri === '/debug' && $requestMethod === 'GET') { echo "<h2>Debug Info</h2>"; echo "<p>Session ID: " . session_id() . "</p>"; echo "<p>Admin logged in: " . (isset($_SESSION['admin_logged_in']) ? 'YES' : 'NO') . "</p>"; echo "<p>Admin email: " . ($_SESSION['admin_email'] ?? 'Not set') . "</p>"; echo "<p>Session data: " . print_r($_SESSION, true) . "</p>"; echo "<p>Request URI: $requestUri</p>"; echo "<p>Request Method: $requestMethod</p>"; exit(); } // Handle admin login routes if ($requestUri === '/admin/login' && $requestMethod === 'GET') { $errorMessage = $_SESSION['login_error'] ?? ''; unset($_SESSION['login_error']); // Read the HTML file and inject error message if any $html = file_get_contents(__DIR__ . '/admin-login.html'); if ($errorMessage) { // Show error message $html = str_replace('id="errorMessage" class="bg-red-50 border border-red-200 rounded-xl p-4 mb-6 hidden"', 'id="errorMessage" class="bg-red-50 border border-red-200 rounded-xl p-4 mb-6"', $html); } echo $html; exit(); } // Simple test login route if ($requestUri === '/simple-login' && $requestMethod === 'GET') { include __DIR__ . '/simple-login.html'; exit(); } if ($requestUri === '/admin/login' && $requestMethod === 'POST') { // Handle admin login $email = $_POST['email'] ?? ''; $password = $_POST['password'] ?? ''; // Debug log error_log("Admin login attempt: Email=$email, Password=$password"); // Demo authentication if ($email === 'admin@fastearnads.com' && $password === 'admin123') { $_SESSION['admin_logged_in'] = true; $_SESSION['admin_email'] = $email; error_log("Login successful, redirecting to dashboard"); header('Location: /admin/dashboard'); exit(); } else { $_SESSION['login_error'] = 'Invalid credentials'; error_log("Login failed for email: $email"); header('Location: /admin/login'); exit(); } } if ($requestUri === '/admin/dashboard' && $requestMethod === 'GET') { if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) { header('Location: /admin/login'); exit(); } include __DIR__ . '/admin-dashboard.html'; exit(); } // Admin API Endpoints if ($requestUri === '/admin/stats' && $requestMethod === 'GET') { header('Content-Type: application/json'); $totalUsers = $db->count('users'); $approvedUsers = count($db->findWhere('users', 'deposit_status', 'approved')); $pendingDeposits = count($db->findWhere('deposits', 'status', 'pending')); echo json_encode([ 'totalUsers' => $totalUsers, 'activeUsers' => $approvedUsers, 'pendingDeposits' => $pendingDeposits, 'totalRevenue' => $approvedUsers * 2.30 // Rough calculation ]); exit(); } if ($requestUri === '/admin/bank-details' && $requestMethod === 'GET') { header('Content-Type: application/json'); echo json_encode([ 'accountNumber' => getSetting('bank_account_number', ''), 'accountTitle' => getSetting('bank_account_title', '') ]); exit(); } if ($requestUri === '/admin/update-bank' && $requestMethod === 'POST') { $input = json_decode(file_get_contents('php://input'), true); setSetting('bank_account_number', $input['accountNumber'] ?? ''); setSetting('bank_account_title', $input['accountTitle'] ?? ''); header('Content-Type: application/json'); echo json_encode(['success' => true]); exit(); } if ($requestUri === '/admin/pending-deposits' && $requestMethod === 'GET') { header('Content-Type: application/json'); $pendingDeposits = $db->findWhere('deposits', 'status', 'pending'); echo json_encode(array_values($pendingDeposits)); exit(); } if ($requestUri === '/admin/users' && $requestMethod === 'GET') { header('Content-Type: application/json'); $users = $db->load('users'); echo json_encode($users); exit(); } if ($requestUri === '/admin/approve-deposit' && $requestMethod === 'POST') { $input = json_decode(file_get_contents('php://input'), true); $depositId = $input['id']; // Update deposit status $db->update('deposits', $depositId, ['status' => 'approved']); // Find and update user status $deposits = $db->findWhere('deposits', 'id', $depositId); if (!empty($deposits)) { $deposit = reset($deposits); $userEmail = $deposit['user_email']; $depositAmount = floatval($deposit['amount']); $users = $db->findWhere('users', 'email', $userEmail); if (!empty($users)) { $user = reset($users); $db->update('users', $user['id'], ['deposit_status' => 'approved']); } // Check if deposit activity already exists to prevent duplicates $existingActivities = $db->findWhere('user_activities', 'id', 'deposit_' . $depositId); if (empty($existingActivities)) { // Automatically add plan purchase to user activities $planType = 'Premium Plan'; $amountUSD = 50; // Standard amount for Premium Plan if ($depositAmount == 650) { $planType = 'Premium Plan'; $amountUSD = 50; } elseif ($depositAmount == 1500) { $planType = 'Premium Plan'; $amountUSD = 100; } elseif ($depositAmount > 1500) { $planType = 'VIP Plan'; $amountUSD = round($depositAmount / 15, 2); // Convert PKR to USD } // Add plan purchase activity with specific ID to prevent duplicates $planActivity = [ 'user_email' => $userEmail, 'type' => 'deposit', 'description' => $planType, 'amount' => $amountUSD, 'plan_name' => $planType, 'plan_amount_pkr' => $depositAmount, 'status' => 'completed', 'created_at' => $deposit['created_at'] ?? date('Y-m-d H:i:s') ]; $db->saveWithId('user_activities', $planActivity, 'deposit_' . $depositId); } } header('Content-Type: application/json'); echo json_encode(['success' => true]); exit(); } if ($requestUri === '/admin/reject-deposit' && $requestMethod === 'POST') { $input = json_decode(file_get_contents('php://input'), true); $depositId = $input['id']; // Update deposit status $db->update('deposits', $depositId, ['status' => 'rejected']); // Find and update user status to rejected $deposits = $db->findWhere('deposits', 'id', $depositId); if (!empty($deposits)) { $deposit = reset($deposits); $users = $db->findWhere('users', 'email', $deposit['user_email']); if (!empty($users)) { $user = reset($users); $db->update('users', $user['id'], ['deposit_status' => 'rejected']); } } header('Content-Type: application/json'); echo json_encode(['success' => true]); exit(); } // Ads Management API Endpoints if ($requestUri === '/admin/ads' && $requestMethod === 'GET') { header('Content-Type: application/json'); $ads = $db->load('ads') ?: []; echo json_encode(array_values($ads)); exit(); } if ($requestUri === '/admin/create-ad' && $requestMethod === 'POST') { $input = json_decode(file_get_contents('php://input'), true); if (empty($input['title']) || empty($input['category']) || empty($input['url'])) { header('Content-Type: application/json'); http_response_code(400); echo json_encode(['error' => 'Missing required fields']); exit(); } $adData = [ 'title' => $input['title'], 'category' => $input['category'], 'duration' => intval($input['duration'] ?? 30), 'reward' => floatval($input['reward'] ?? 0.05), 'status' => $input['status'] ?? 'active', 'url' => $input['url'], 'description' => $input['description'] ?? '', 'created_at' => $input['created_at'] ?? date('Y-m-d H:i:s'), 'views' => 0 ]; $db->save('ads', $adData); header('Content-Type: application/json'); echo json_encode(['success' => true, 'message' => 'Ad created successfully']); exit(); } if ($requestUri === '/admin/delete-ad' && $requestMethod === 'POST') { $input = json_decode(file_get_contents('php://input'), true); $adId = $input['id']; $db->delete('ads', $adId); header('Content-Type: application/json'); echo json_encode(['success' => true, 'message' => 'Ad deleted successfully']); exit(); } // Withdraw Management API Endpoints if ($requestUri === '/admin/withdraw-stats' && $requestMethod === 'GET') { header('Content-Type: application/json'); $allWithdraws = $db->load('withdraws') ?: []; $pendingWithdraws = array_filter($allWithdraws, function($w) { return $w['status'] === 'pending'; }); $approvedToday = array_filter($allWithdraws, function($w) { return $w['status'] === 'approved' && date('Y-m-d', strtotime($w['approved_at'] ?? '')) === date('Y-m-d'); }); $rejectedToday = array_filter($allWithdraws, function($w) { return $w['status'] === 'rejected' && date('Y-m-d', strtotime($w['rejected_at'] ?? '')) === date('Y-m-d'); }); $totalAmount = array_sum(array_column($pendingWithdraws, 'amount')); echo json_encode([ 'pendingRequests' => count($pendingWithdraws), 'approvedToday' => count($approvedToday), 'totalAmount' => $totalAmount, 'rejectedToday' => count($rejectedToday) ]); exit(); } if ($requestUri === '/admin/pending-withdraws' && $requestMethod === 'GET') { header('Content-Type: application/json'); $withdraws = $db->findWhere('withdraws', 'status', 'pending'); echo json_encode(array_values($withdraws)); exit(); } if ($requestUri === '/admin/approved-withdraws' && $requestMethod === 'GET') { header('Content-Type: application/json'); $withdraws = $db->findWhere('withdraws', 'status', 'approved'); echo json_encode(array_values($withdraws)); exit(); } if ($requestUri === '/admin/rejected-withdraws' && $requestMethod === 'GET') { header('Content-Type: application/json'); $withdraws = $db->findWhere('withdraws', 'status', 'rejected'); echo json_encode(array_values($withdraws)); exit(); } if ($requestUri === '/admin/approve-withdraw' && $requestMethod === 'POST') { $input = json_decode(file_get_contents('php://input'), true); $withdrawId = $input['id']; $db->update('withdraws', $withdrawId, [ 'status' => 'approved', 'approved_at' => date('Y-m-d H:i:s') ]); header('Content-Type: application/json'); echo json_encode(['success' => true]); exit(); } if ($requestUri === '/admin/reject-withdraw' && $requestMethod === 'POST') { $input = json_decode(file_get_contents('php://input'), true); $withdrawId = $input['id']; $reason = $input['reason'] ?? ''; // Get withdraw details before updating $withdraws = $db->findWhere('withdraws', 'id', $withdrawId); if (!empty($withdraws)) { $withdraw = reset($withdraws); $userEmail = $withdraw['user_email']; $refundAmount = $withdraw['amount']; // Update withdraw status $db->update('withdraws', $withdrawId, [ 'status' => 'rejected', 'rejected_at' => date('Y-m-d H:i:s'), 'rejection_reason' => $reason ]); // Refund the amount back to user's balance $users = $db->load('users'); foreach ($users as &$userRecord) { if ($userRecord['email'] === $userEmail && (isset($userRecord['balance']) || isset($userRecord['ads_watched']))) { $userRecord['balance'] = round(($userRecord['balance'] ?? 0) + $refundAmount, 2); break; } } // Save updated users $file = __DIR__ . '/data/users.json'; file_put_contents($file, json_encode($users, JSON_PRETTY_PRINT)); // Record refund activity $activity = [ 'user_email' => $userEmail, 'type' => 'withdraw_refund', 'description' => 'Withdraw request rejected - amount refunded', 'amount' => $refundAmount, // Positive for refund 'created_at' => date('Y-m-d H:i:s') ]; $db->save('user_activities', $activity); } header('Content-Type: application/json'); echo json_encode(['success' => true]); exit(); } if ($requestUri === '/admin/create-manual-withdraw' && $requestMethod === 'POST') { $input = json_decode(file_get_contents('php://input'), true); if (empty($input['userEmail']) || empty($input['userName']) || empty($input['amount'])) { header('Content-Type: application/json'); http_response_code(400); echo json_encode(['error' => 'Missing required fields']); exit(); } $withdrawData = [ 'user_email' => $input['userEmail'], 'user_name' => $input['userName'], 'user_balance' => 100.00, // Default balance for manual entry 'amount' => floatval($input['amount']), 'payment_method' => $input['paymentMethod'], 'account_details' => $input['accountDetails'], 'notes' => $input['notes'] ?? '', 'status' => $input['status'] ?? 'pending', 'created_at' => $input['created_at'] ?? date('Y-m-d H:i:s') ]; // If status is approved, add approval timestamp if ($withdrawData['status'] === 'approved') { $withdrawData['approved_at'] = date('Y-m-d H:i:s'); } $db->save('withdraws', $withdrawData); // If auto-enable is requested, enable withdraw for the user if (isset($input['enable_withdraw']) && $input['enable_withdraw']) { // Find or create user withdraw permissions $userEmail = $input['userEmail']; $users = $db->findWhere('users', 'email', $userEmail); if (!empty($users)) { $user = reset($users); $userId = $user['id'] ?? null; if ($userId) { // Enable withdraw for user and enable the payment method used $paymentMethod = $input['paymentMethod']; $enabledMethods = [$paymentMethod]; $db->save('user_withdraw_permissions', [ 'user_id' => $userId, 'user_email' => $userEmail, 'withdraw_enabled' => true, 'enabled_methods' => json_encode($enabledMethods), 'updated_at' => date('Y-m-d H:i:s') ]); } } } header('Content-Type: application/json'); echo json_encode(['success' => true, 'message' => 'Manual withdraw created successfully']); exit(); } // Withdraw methods management API endpoints if ($requestUri === '/admin/withdraw-methods' && $requestMethod === 'GET') { header('Content-Type: application/json'); try { // Load withdraw methods $methods = $db->load('withdraw_methods') ?: []; // Check if data is corrupted (nested structure) if (!empty($methods) && isset($methods[0]) && !isset($methods[0]['id'])) { // Data is corrupted, reset to default $methods = []; } // If no methods exist or data was corrupted, create default ones if (empty($methods)) { $defaultMethods = [ [ 'id' => 1, 'name' => 'JazzCash', 'type' => 'Mobile Wallet', 'enabled' => false, 'accountDetails' => '', 'processingTime' => '10-30 minutes', 'minAmount' => 5, 'instructions' => 'Account Name Or Account Number Exact Original Any Mistake Your Withdraw Well Be Rejected' ], [ 'id' => 2, 'name' => 'EasyPaisa', 'type' => 'Mobile Wallet', 'enabled' => false, 'accountDetails' => '', 'processingTime' => '10-30 minutes', 'minAmount' => 5, 'instructions' => 'Account Name Or Account Number Exact Original Any Mistake Your Withdraw Well Be Rejected' ], [ 'id' => 3, 'name' => 'UBL Bank Transfer', 'type' => 'Bank Transfer', 'enabled' => false, 'accountDetails' => '', 'processingTime' => '1-2 hours', 'minAmount' => 10, 'instructions' => 'Account Name Or Account Number Exact Original Any Mistake Your Withdraw Well Be Rejected' ], [ 'id' => 4, 'name' => 'Bank Transfer', 'type' => 'Bank Transfer', 'enabled' => false, 'accountDetails' => '', 'processingTime' => '1-2 hours', 'minAmount' => 10, 'instructions' => 'Account Name Or Account Number Exact Original Any Mistake Your Withdraw Well Be Rejected' ] ]; // Save directly to file $file = __DIR__ . '/data/withdraw_methods.json'; file_put_contents($file, json_encode($defaultMethods, JSON_PRETTY_PRINT)); $methods = $defaultMethods; } echo json_encode($methods); } catch (Exception $e) { error_log('Error loading withdraw methods: ' . $e->getMessage()); http_response_code(500); echo json_encode(['error' => 'Server error']); } exit(); } if ($requestUri === '/admin/save-withdraw-method' && $requestMethod === 'POST') { $input = json_decode(file_get_contents('php://input'), true); // Debug logging error_log('Received withdraw method data: ' . json_encode($input)); if (!isset($input['id'])) { header('Content-Type: application/json'); http_response_code(400); echo json_encode(['error' => 'Method ID required']); exit(); } try { $methods = $db->load('withdraw_methods') ?: []; $methodId = intval($input['id']); $updated = false; // Update existing method foreach ($methods as &$method) { if ($method['id'] == $methodId) { $method['enabled'] = $input['enabled'] ?? false; $method['accountDetails'] = $input['accountDetails'] ?? ''; $method['processingTime'] = $input['processingTime'] ?? '10-30 minutes'; $method['minAmount'] = floatval($input['minAmount'] ?? 5); $method['instructions'] = $input['instructions'] ?? ''; $updated = true; break; } } if ($updated) { // Save the entire array directly to file $file = __DIR__ . '/data/withdraw_methods.json'; $result = file_put_contents($file, json_encode($methods, JSON_PRETTY_PRINT)); if ($result === false) { throw new Exception('Failed to write to file'); } header('Content-Type: application/json'); echo json_encode(['success' => true, 'message' => 'Withdraw method saved successfully']); } else { header('Content-Type: application/json'); http_response_code(404); echo json_encode(['error' => 'Method not found']); } } catch (Exception $e) { error_log('Error saving withdraw method: ' . $e->getMessage()); header('Content-Type: application/json'); http_response_code(500); echo json_encode(['error' => 'Server error: ' . $e->getMessage()]); } exit(); } // Analytics API Endpoints if ($requestUri === '/admin/analytics-stats' && $requestMethod === 'GET') { header('Content-Type: application/json'); $totalUsers = $db->count('users'); $approvedUsers = count($db->findWhere('users', 'deposit_status', 'approved')); $ads = $db->load('ads') ?: []; $totalAdsWatched = array_sum(array_column($ads, 'views')); $totalRevenue = $approvedUsers * 2.30; // Rough calculation echo json_encode([ 'totalUsers' => $totalUsers, 'activeUsers' => $approvedUsers, 'totalRevenue' => $totalRevenue, 'adsWatched' => $totalAdsWatched ]); exit(); } if ($requestUri === '/admin/top-ads' && $requestMethod === 'GET') { header('Content-Type: application/json'); $ads = $db->load('ads') ?: []; // Sort by views descending and take top 5 usort($ads, function($a, $b) { return ($b['views'] ?? 0) - ($a['views'] ?? 0); }); $topAds = array_slice($ads, 0, 5); // Calculate revenue for each ad foreach ($topAds as &$ad) { $ad['revenue'] = ($ad['views'] ?? 0) * ($ad['reward'] ?? 0.05); } echo json_encode($topAds); exit(); } if ($requestUri === '/admin/recent-activity' && $requestMethod === 'GET') { header('Content-Type: application/json'); // Mock recent activity data $activities = [ ['id' => 1, 'user_name' => 'Ahmed Khan', 'action' => 'watched an ad', 'time' => '2 minutes ago', 'amount' => '+$0.50'], ['id' => 2, 'user_name' => 'Sarah Ali', 'action' => 'completed deposit', 'time' => '5 minutes ago', 'amount' => 'PKR 500'], ['id' => 3, 'user_name' => 'Hassan Sheikh', 'action' => 'registered', 'time' => '10 minutes ago', 'amount' => ''], ['id' => 4, 'user_name' => 'Fatima Malik', 'action' => 'watched an ad', 'time' => '15 minutes ago', 'amount' => '+$0.25'] ]; echo json_encode($activities); exit(); } if ($requestUri === '/admin/logout' && $requestMethod === 'POST') { session_destroy(); header('Location: /admin/login'); exit(); } // User withdraw API endpoints if ($requestUri === '/user/withdraw-status' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Not logged in']); exit(); } $userEmail = $_SESSION['user_email']; // Find user - get the latest record if multiple exist $users = $db->findWhere('users', 'email', $userEmail); if (empty($users)) { header('Content-Type: application/json'); echo json_encode(['withdrawEnabled' => false, 'enabledMethods' => []]); exit(); } // Get the user with the most recent data (has balance/stats) $user = null; foreach ($users as $userRecord) { if (isset($userRecord['balance']) || isset($userRecord['ads_watched'])) { $user = $userRecord; break; } } // If no user with stats found, get the last one if (!$user) { $user = end($users); } // Get enabled withdraw methods $methods = $db->load('withdraw_methods') ?: []; $enabledMethods = []; foreach ($methods as $method) { if ($method['enabled']) { $enabledMethods[] = [ 'name' => $method['name'], 'type' => $method['type'], 'minAmount' => $method['minAmount'], 'processingTime' => $method['processingTime'], 'instructions' => $method['instructions'] ]; } } header('Content-Type: application/json'); echo json_encode([ 'withdrawEnabled' => count($enabledMethods) > 0, 'enabledMethods' => $enabledMethods, 'userBalance' => round($user['balance'] ?? 0, 2) ]); exit(); } if ($requestUri === '/user/withdraw-request' && $requestMethod === 'POST') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Not logged in']); exit(); } $input = json_decode(file_get_contents('php://input'), true); if (empty($input['amount']) || empty($input['paymentMethod']) || empty($input['accountDetails'])) { header('Content-Type: application/json'); http_response_code(400); echo json_encode(['error' => 'Missing required fields']); exit(); } $userEmail = $_SESSION['user_email']; $userName = $_SESSION['user_name']; // Find user - get the latest record if multiple exist $users = $db->findWhere('users', 'email', $userEmail); if (empty($users)) { header('Content-Type: application/json'); http_response_code(400); echo json_encode(['error' => 'User not found']); exit(); } // Get the user with the most recent data (has balance/stats) $user = null; foreach ($users as $userRecord) { if (isset($userRecord['balance']) || isset($userRecord['ads_watched'])) { $user = $userRecord; break; } } // If no user with stats found, get the last one if (!$user) { $user = end($users); } $userId = $user['id'] ?? 1; $userBalance = $user['balance'] ?? 0; // Check if the payment method is enabled by admin $methods = $db->load('withdraw_methods') ?: []; $selectedMethod = null; foreach ($methods as $method) { if ($method['name'] === $input['paymentMethod'] && $method['enabled']) { $selectedMethod = $method; break; } } if (!$selectedMethod) { header('Content-Type: application/json'); http_response_code(403); echo json_encode(['error' => 'Payment method not available']); exit(); } // Validate amount $amount = floatval($input['amount']); if ($amount < $selectedMethod['minAmount'] || $amount > $userBalance) { header('Content-Type: application/json'); http_response_code(400); echo json_encode(['error' => 'Invalid amount. Must be between $' . $selectedMethod['minAmount'] . ' and your balance.']); exit(); } // Create withdraw request $withdrawData = [ 'user_email' => $userEmail, 'user_name' => $userName, 'user_balance' => $userBalance, 'user_id' => $userId, 'amount' => $amount, 'payment_method' => $input['paymentMethod'], 'account_details' => $input['accountDetails'], 'notes' => $input['notes'] ?? '', 'status' => 'pending', 'created_at' => date('Y-m-d H:i:s') ]; // Deduct amount from user balance immediately $newBalance = round($userBalance - $amount, 2); // Update user balance in database $users = $db->load('users'); foreach ($users as &$userRecord) { if ($userRecord['email'] === $userEmail && (isset($userRecord['balance']) || isset($userRecord['ads_watched']))) { $userRecord['balance'] = $newBalance; break; } } // Save updated users $file = __DIR__ . '/data/users.json'; file_put_contents($file, json_encode($users, JSON_PRETTY_PRINT)); // Save withdraw request $db->save('withdraws', $withdrawData); // Record transaction activity $activity = [ 'user_email' => $userEmail, 'type' => 'withdraw_request', 'description' => 'Withdraw request submitted for ' . $input['paymentMethod'], 'amount' => -$amount, // Negative for withdrawal 'created_at' => date('Y-m-d H:i:s') ]; $db->save('user_activities', $activity); header('Content-Type: application/json'); echo json_encode([ 'success' => true, 'message' => 'Withdraw request submitted successfully', 'newBalance' => round($newBalance, 2), 'withdrawAmount' => round($amount, 2) ]); exit(); } if ($requestUri === '/user/withdraw-history' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Not logged in']); exit(); } $userEmail = $_SESSION['user_email']; // Get user's withdraw history $withdraws = $db->findWhere('withdraws', 'user_email', $userEmail); // Sort by created_at descending usort($withdraws, function($a, $b) { return strtotime($b['created_at']) - strtotime($a['created_at']); }); header('Content-Type: application/json'); echo json_encode($withdraws); exit(); } // User withdraw page route if ($requestUri === '/user/withdraw' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Location: /user/login'); exit(); } // Check if user deposit is approved if ($_SESSION['deposit_status'] !== 'approved') { if ($_SESSION['deposit_status'] === 'waiting') { header('Location: /waiting-approval'); } else { header('Location: /deposit'); } exit(); } include __DIR__ . '/user-withdraw.html'; exit(); } // User withdrawals page route if ($requestUri === '/user/withdrawals' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Location: /user/login'); exit(); } // Check if user deposit is approved if ($_SESSION['deposit_status'] !== 'approved') { if ($_SESSION['deposit_status'] === 'waiting') { header('Location: /waiting-approval'); } else { header('Location: /deposit'); } exit(); } include __DIR__ . '/user-withdrawals.html'; exit(); } // User ads page route if ($requestUri === '/user/ads' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Location: /user/login'); exit(); } // Check if user deposit is approved if ($_SESSION['deposit_status'] !== 'approved') { if ($_SESSION['deposit_status'] === 'waiting') { header('Location: /waiting-approval'); } else { header('Location: /deposit'); } exit(); } include __DIR__ . '/user-ads.html'; exit(); } // User transactions page route if ($requestUri === '/user-transactions.html' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Location: /user/login'); exit(); } // Check if user deposit is approved if ($_SESSION['deposit_status'] !== 'approved') { if ($_SESSION['deposit_status'] === 'waiting') { header('Location: /waiting-approval'); } else { header('Location: /deposit'); } exit(); } include __DIR__ . '/user-transactions.html'; exit(); } // User stats API if ($requestUri === '/user/stats' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Not logged in']); exit(); } $userEmail = $_SESSION['user_email']; // Find user - get the latest record if multiple exist $users = $db->findWhere('users', 'email', $userEmail); if (empty($users)) { header('Content-Type: application/json'); echo json_encode(['balance' => 0, 'adsWatched' => 0, 'totalEarned' => 0]); exit(); } // Get the user with the most recent data (has balance/stats) $user = null; foreach ($users as $userRecord) { if (isset($userRecord['balance']) || isset($userRecord['ads_watched'])) { $user = $userRecord; break; } } // If no user with stats found, get the last one if (!$user) { $user = end($users); } header('Content-Type: application/json'); echo json_encode([ 'balance' => round($user['balance'] ?? 0, 2), 'adsWatched' => $user['ads_watched'] ?? 0, 'totalEarned' => round($user['total_earned'] ?? 0, 2) ]); exit(); } // User balance API if ($requestUri === '/user/balance' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Not logged in']); exit(); } $userEmail = $_SESSION['user_email']; // Find user - get the latest record if multiple exist $users = $db->findWhere('users', 'email', $userEmail); if (empty($users)) { header('Content-Type: application/json'); echo json_encode(['balance' => 0]); exit(); } // Get the user with the most recent data (has balance/stats) $user = null; foreach ($users as $userRecord) { if (isset($userRecord['balance']) || isset($userRecord['ads_watched'])) { $user = $userRecord; break; } } // If no user with stats found, get the last one if (!$user) { $user = end($users); } header('Content-Type: application/json'); echo json_encode([ 'balance' => round($user['balance'] ?? 0, 2) ]); exit(); } // User available ads API if ($requestUri === '/user/available-ads' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Not logged in']); exit(); } // Load ads from admin $ads = $db->load('ads') ?: []; // Filter only active ads $activeAds = array_filter($ads, function($ad) { return isset($ad['status']) && $ad['status'] === 'active'; }); header('Content-Type: application/json'); echo json_encode(array_values($activeAds)); exit(); } // User activity history API if ($requestUri === '/user/activity-history' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Not logged in']); exit(); } $userEmail = $_SESSION['user_email']; // Load user activity $activities = $db->findWhere('user_activities', 'user_email', $userEmail); // Remove duplicate deposit entries $seenIds = []; $uniqueActivities = []; foreach ($activities as $activity) { // For deposits, check if we've already seen this deposit ID if ($activity['type'] === 'deposit') { $depositId = $activity['id'] ?? ''; if (!in_array($depositId, $seenIds)) { $seenIds[] = $depositId; $uniqueActivities[] = $activity; } } else { // For non-deposit activities, just add them $uniqueActivities[] = $activity; } } // Sort by timestamp descending usort($uniqueActivities, function($a, $b) { return strtotime($b['created_at']) - strtotime($a['created_at']); }); header('Content-Type: application/json'); echo json_encode(array_slice($uniqueActivities, 0, 10)); // Latest 10 activities exit(); } // User watch ad API if ($requestUri === '/user/watch-ad' && $requestMethod === 'POST') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Not logged in']); exit(); } $input = json_decode(file_get_contents('php://input'), true); if (empty($input['ad_id']) || !isset($input['reward'])) { header('Content-Type: application/json'); http_response_code(400); echo json_encode(['error' => 'Missing ad ID or reward']); exit(); } $userEmail = $_SESSION['user_email']; $adId = $input['ad_id']; $reward = floatval($input['reward']); $duration = intval($input['duration'] ?? 30); try { // Find user $users = $db->findWhere('users', 'email', $userEmail); if (empty($users)) { header('Content-Type: application/json'); http_response_code(404); echo json_encode(['error' => 'User not found']); exit(); } $user = reset($users); $userId = $user['id']; // Update user stats $newBalance = round(($user['balance'] ?? 0) + $reward, 2); $newAdsWatched = ($user['ads_watched'] ?? 0) + 1; $newTotalEarned = round(($user['total_earned'] ?? 0) + $reward, 2); // Update user in database $users = $db->load('users'); foreach ($users as &$userRecord) { if ($userRecord['email'] === $userEmail) { $userRecord['balance'] = $newBalance; $userRecord['ads_watched'] = $newAdsWatched; $userRecord['total_earned'] = $newTotalEarned; break; } } // Save updated users $file = __DIR__ . '/data/users.json'; file_put_contents($file, json_encode($users, JSON_PRETTY_PRINT)); // Update ad views $ads = $db->load('ads'); foreach ($ads as &$ad) { if ($ad['id'] === $adId) { $ad['views'] = ($ad['views'] ?? 0) + 1; break; } } // Save updated ads $file = __DIR__ . '/data/ads.json'; file_put_contents($file, json_encode($ads, JSON_PRETTY_PRINT)); // Record user activity $activity = [ 'user_email' => $userEmail, 'ad_id' => $adId, 'reward' => $reward, 'type' => 'ad_watch', 'description' => 'Watched ad and earned reward', 'created_at' => date('Y-m-d H:i:s') ]; $db->save('user_activities', $activity); header('Content-Type: application/json'); echo json_encode([ 'success' => true, 'reward' => round($reward, 2), 'newBalance' => round($newBalance, 2), 'message' => 'Ad watched successfully!' ]); } catch (Exception $e) { error_log('Error processing ad watch: ' . $e->getMessage()); header('Content-Type: application/json'); http_response_code(500); echo json_encode(['error' => 'Server error processing ad watch']); } exit(); } // User Authentication Routes if ($requestUri === '/user/register' && $requestMethod === 'GET') { $errorMessage = $_SESSION['registration_error'] ?? ''; unset($_SESSION['registration_error']); // Read the HTML file and inject error message if any $html = file_get_contents(__DIR__ . '/user-register.html'); if ($errorMessage) { // Show error message $html = str_replace('id="errorMessage" class="bg-red-50 border border-red-200 rounded-xl p-4 mb-6 hidden"', 'id="errorMessage" class="bg-red-50 border border-red-200 rounded-xl p-4 mb-6"', $html); $html = str_replace('❌ Registration failed! Please check your information.', '❌ ' . $errorMessage, $html); } echo $html; exit(); } if ($requestUri === '/user/login' && $requestMethod === 'GET') { $errorMessage = $_SESSION['login_error'] ?? ''; unset($_SESSION['login_error']); // Read the HTML file and inject error message if any $html = file_get_contents(__DIR__ . '/user-login.html'); if ($errorMessage) { // Show error message - need to add error div to login page $errorDiv = '<div class="bg-red-50 border border-red-200 rounded-xl p-4 mb-6">'. '<div class="flex items-center">'. '<svg class="w-5 h-5 text-red-600 mr-3" fill="none" viewBox="0 0 24 24" stroke="currentColor">'. '<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 8v4m0 4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z"/>'. '</svg>'. '<p class="text-red-700 font-medium">❌ ' . htmlspecialchars($errorMessage) . '</p>'. '</div></div>'; // Insert error message after the form opening tag $html = str_replace('<form method="POST"', $errorDiv . '<form method="POST"', $html); } echo $html; exit(); } if ($requestUri === '/user/register' && $requestMethod === 'POST') { // Handle user registration $name = $_POST['name'] ?? ''; $email = $_POST['email'] ?? ''; $phone = $_POST['phone'] ?? ''; $password = $_POST['password'] ?? ''; // Check for duplicate email $existingEmailUsers = $db->findWhere('users', 'email', $email); if (!empty($existingEmailUsers)) { $_SESSION['registration_error'] = 'This email is already registered. Please use a different email.'; header('Location: /user/register'); exit(); } // Check for duplicate phone $existingPhoneUsers = $db->findWhere('users', 'phone', $phone); if (!empty($existingPhoneUsers)) { $_SESSION['registration_error'] = 'This phone number is already registered. Please use a different number.'; header('Location: /user/register'); exit(); } // Save user to database $db->save('users', [ 'name' => $name, 'email' => $email, 'phone' => $phone, 'password' => password_hash($password, PASSWORD_DEFAULT), 'deposit_status' => 'pending', // User must deposit and get approval 'balance' => 0, // Start with zero balance 'ads_watched' => 0, // Start with zero ads watched 'total_earned' => 0 // Start with zero total earned ]); // Create user session $_SESSION['user_logged_in'] = true; $_SESSION['user_email'] = $email; $_SESSION['user_name'] = $name; $_SESSION['deposit_status'] = 'pending'; header('Location: /deposit'); exit(); } if ($requestUri === '/user/login' && $requestMethod === 'POST') { // Handle user login $email = $_POST['email'] ?? ''; $password = $_POST['password'] ?? ''; // Check if user exists and password is correct $users = $db->findWhere('users', 'email', $email); if (!empty($users)) { $user = reset($users); if (password_verify($password, $user['password'])) { $_SESSION['user_logged_in'] = true; $_SESSION['user_email'] = $email; $_SESSION['user_name'] = $user['name']; $_SESSION['deposit_status'] = $user['deposit_status']; // Redirect based on deposit status if ($user['deposit_status'] === 'approved') { header('Location: /dashboard'); } elseif ($user['deposit_status'] === 'rejected') { header('Location: /deposit?rejected=true'); } else { header('Location: /deposit'); } exit(); } } // If login fails, redirect back to login with error $_SESSION['login_error'] = 'Invalid email or password. Please try again.'; header('Location: /user/login'); exit(); } if ($requestUri === '/deposit' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Location: /user/login'); exit(); } if ($_SESSION['deposit_status'] === 'approved') { header('Location: /dashboard'); exit(); } // Load bank details and inject into HTML $html = file_get_contents(__DIR__ . '/deposit.html'); $accountNumber = getSetting('bank_account_number', 'Not set by admin'); $accountTitle = getSetting('bank_account_title', 'Not set by admin'); $html = str_replace('Will be displayed by admin', $accountNumber, $html); $html = str_replace('Will be displayed by admin', $accountTitle, $html); echo $html; exit(); } if ($requestUri === '/user/deposit' && $requestMethod === 'POST') { // Handle deposit submission $amount = floatval($_POST['amount'] ?? 0); $transactionId = $_POST['transaction_id'] ?? ''; $notes = $_POST['notes'] ?? ''; // Validate deposit amount (must be exactly 650 PKR) if ($amount != 650) { $_SESSION['deposit_error'] = 'Registration fees must be exactly PKR 650 ($2.30)'; header('Location: /deposit'); exit(); } // Save deposit to database $db->save('deposits', [ 'user_email' => $_SESSION['user_email'], 'user_name' => $_SESSION['user_name'], 'amount' => $amount, 'transaction_id' => $transactionId, 'notes' => $notes, 'status' => 'pending' ]); // Set user status to waiting for approval $users = $db->findWhere('users', 'email', $_SESSION['user_email']); if (!empty($users)) { $user = reset($users); $db->update('users', $user['id'], ['deposit_status' => 'waiting']); } $_SESSION['deposit_status'] = 'waiting'; header('Location: /waiting-approval'); exit(); } if ($requestUri === '/waiting-approval' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Location: /user/login'); exit(); } if ($_SESSION['deposit_status'] === 'approved') { header('Location: /dashboard'); exit(); } include __DIR__ . '/waiting-approval.html'; exit(); } if ($requestUri === '/dashboard' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Location: /user/login'); exit(); } // Check if user deposit is approved if ($_SESSION['deposit_status'] !== 'approved') { if ($_SESSION['deposit_status'] === 'waiting') { header('Location: /waiting-approval'); } else { header('Location: /deposit'); } exit(); } include __DIR__ . '/user-dashboard.html'; exit(); } if ($requestUri === '/user/logout' && $requestMethod === 'POST') { unset($_SESSION['user_logged_in']); unset($_SESSION['user_email']); unset($_SESSION['deposit_status']); header('Location: /user/login'); exit(); } // User approval status check API if ($requestUri === '/user/check-approval-status' && $requestMethod === 'GET') { if (!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Not logged in']); exit(); } $userEmail = $_SESSION['user_email']; // Check user deposit status in database $users = $db->findWhere('users', 'email', $userEmail); if (!empty($users)) { $user = reset($users); $depositStatus = $user['deposit_status']; // Update session status $_SESSION['deposit_status'] = $depositStatus; header('Content-Type: application/json'); echo json_encode([ 'approved' => $depositStatus === 'approved', 'rejected' => $depositStatus === 'rejected', 'pending' => $depositStatus === 'pending' || $depositStatus === 'waiting', 'status' => $depositStatus ]); } else { header('Content-Type: application/json'); echo json_encode([ 'approved' => false, 'rejected' => false, 'pending' => true, 'status' => 'pending' ]); } exit(); } // Default route if ($requestUri === '/' && $requestMethod === 'GET') { header('Location: /user/register'); exit(); } // Fallback route header('Location: /user/register'); exit();