 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/.cursor-server/data/User/History/d8b65c3/ |
<?php
session_start();
header('Content-Type: application/json');
// Check if user is logged in and is admin
if (!isset($_SESSION['user_id']) || !isset($_SESSION['is_admin']) || !$_SESSION['is_admin']) {
http_response_code(403);
echo json_encode(['error' => 'Admin access required']);
exit;
}
require_once 'config/database.php';
$pdo = getDBConnection();
$action = $_GET['action'] ?? $_POST['action'] ?? '';
switch ($action) {
case 'stats':
getSystemStats($pdo);
break;
case 'audit':
getAuditTrail($pdo);
break;
case 'users':
getUsers($pdo);
break;
case 'login_as_user':
loginAsUser($pdo);
break;
case 'update_user_credits':
updateUserCredits($pdo);
break;
case 'return_to_admin':
returnToAdmin();
break;
default:
http_response_code(400);
echo json_encode(['error' => 'Invalid action']);
break;
}
function getSystemStats($pdo) {
try {
// Get total users
$stmt = $pdo->prepare("SELECT COUNT(*) as total FROM users");
$stmt->execute();
$totalUsers = $stmt->fetch()['total'];
// Get total tracks
$stmt = $pdo->prepare("SELECT COUNT(*) as total FROM music_tracks");
$stmt->execute();
$totalTracks = $stmt->fetch()['total'];
// Get active users (users with activity in last 7 days)
$stmt = $pdo->prepare("
SELECT COUNT(DISTINCT user_id) as total
FROM music_tracks
WHERE created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY)
");
$stmt->execute();
$activeUsers = $stmt->fetch()['total'];
// Get new users this week
$stmt = $pdo->prepare("
SELECT COUNT(*) as total
FROM users
WHERE created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY)
");
$stmt->execute();
$newUsers = $stmt->fetch()['total'];
// Get premium users
$stmt = $pdo->prepare("
SELECT COUNT(*) as total
FROM users
WHERE plan IN ('starter', 'pro')
");
$stmt->execute();
$premiumUsers = $stmt->fetch()['total'];
// Get track status counts
$stmt = $pdo->prepare("
SELECT
COUNT(CASE WHEN status = 'complete' THEN 1 END) as completed,
COUNT(CASE WHEN status = 'processing' THEN 1 END) as processing,
COUNT(CASE WHEN status = 'failed' THEN 1 END) as failed
FROM music_tracks
");
$stmt->execute();
$trackStats = $stmt->fetch();
// Mock data for demo (replace with real data when available)
$stats = [
'totalUsers' => $totalUsers,
'totalTracks' => $totalTracks,
'activeUsers' => $activeUsers,
'systemHealth' => 'Good',
'newUsers' => $newUsers,
'premiumUsers' => $premiumUsers,
'flaggedContent' => 3, // Mock data
'moderatedTracks' => $trackStats['completed'],
'errorLogs' => 2, // Mock data
'apiCalls' => 1567 // Mock data
];
echo json_encode(['success' => true, 'stats' => $stats]);
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['error' => 'Failed to load statistics: ' . $e->getMessage()]);
}
}
function getAuditTrail($pdo) {
try {
$filter = $_GET['filter'] ?? 'all';
// In a real system, you would have an audit_logs table
// For now, we'll create mock audit data based on existing data
$auditData = [];
// Get recent user activities
$stmt = $pdo->prepare("
SELECT
mt.id,
mt.created_at as timestamp,
u.email as user,
'Music Generation' as action,
'content' as category,
CONCAT('Created track \"', mt.title, '\" using ', COALESCE(mt.model_version, 'V3'), ' model') as details,
mt.status
FROM music_tracks mt
JOIN users u ON mt.user_id = u.id
ORDER BY mt.created_at DESC
LIMIT 50
");
$stmt->execute();
$tracks = $stmt->fetchAll();
foreach ($tracks as $track) {
$auditData[] = [
'id' => $track['id'],
'timestamp' => $track['timestamp'],
'user' => $track['user'],
'action' => $track['action'],
'category' => $track['category'],
'details' => $track['details'],
'status' => $track['status'] === 'complete' ? 'success' : ($track['status'] === 'processing' ? 'pending' : 'failed')
];
}
// Add some system events
$auditData[] = [
'id' => 'sys_1',
'timestamp' => date('Y-m-d H:i:s'),
'user' => 'system',
'action' => 'API Call',
'category' => 'system',
'details' => 'External API request to music generation service',
'status' => 'success'
];
$auditData[] = [
'id' => 'sec_1',
'timestamp' => date('Y-m-d H:i:s', strtotime('-1 hour')),
'user' => $_SESSION['user_email'],
'action' => 'Admin Login',
'category' => 'security',
'details' => 'Successful admin login from IP ' . $_SERVER['REMOTE_ADDR'],
'status' => 'success'
];
// Filter data based on category
if ($filter !== 'all') {
$auditData = array_filter($auditData, function($item) use ($filter) {
return $item['category'] === $filter;
});
}
// Sort by timestamp (newest first)
usort($auditData, function($a, $b) {
return strtotime($b['timestamp']) - strtotime($a['timestamp']);
});
echo json_encode(['success' => true, 'audit' => array_values($auditData)]);
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['error' => 'Failed to load audit trail: ' . $e->getMessage()]);
}
}
function getUsers($pdo) {
try {
$filter = $_GET['filter'] ?? 'all';
$sql = "SELECT id, name, email, plan, credits, is_admin, created_at FROM users";
$params = [];
switch ($filter) {
case 'admin':
$sql .= " WHERE is_admin = 1";
break;
case 'premium':
$sql .= " WHERE plan IN ('starter', 'pro')";
break;
case 'active':
$sql .= " WHERE id IN (SELECT DISTINCT user_id FROM music_tracks WHERE created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY))";
break;
case 'recent':
$sql .= " WHERE created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY)";
break;
}
$sql .= " ORDER BY created_at DESC";
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
$users = $stmt->fetchAll();
echo json_encode(['success' => true, 'users' => $users]);
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['error' => 'Failed to load users: ' . $e->getMessage()]);
}
}
function loginAsUser($pdo) {
try {
$input = json_decode(file_get_contents('php://input'), true);
$userId = $input['user_id'] ?? null;
if (!$userId) {
http_response_code(400);
echo json_encode(['error' => 'User ID required']);
return;
}
// Get user data
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$userId]);
$user = $stmt->fetch();
if (!$user) {
http_response_code(404);
echo json_encode(['error' => 'User not found']);
return;
}
// Store admin session data for later restoration
$_SESSION['admin_user_id'] = $_SESSION['user_id'];
$_SESSION['admin_user_email'] = $_SESSION['user_email'];
$_SESSION['admin_user_name'] = $_SESSION['user_name'];
$_SESSION['admin_is_admin'] = $_SESSION['is_admin'];
// Set user session data
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_email'] = $user['email'];
$_SESSION['user_name'] = $user['name'];
$_SESSION['credits'] = $user['credits'];
$_SESSION['plan'] = $user['plan'];
$_SESSION['is_admin'] = $user['is_admin'] ?? false;
$_SESSION['impersonating'] = true;
echo json_encode(['success' => true, 'message' => 'Logged in as user successfully']);
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['error' => 'Failed to login as user: ' . $e->getMessage()]);
}
}
function updateUserCredits($pdo) {
try {
$input = json_decode(file_get_contents('php://input'), true);
$userId = $input['user_id'] ?? null;
$credits = $input['credits'] ?? null;
if (!$userId || $credits === null) {
http_response_code(400);
echo json_encode(['error' => 'User ID and credits required']);
return;
}
// Update user credits
$stmt = $pdo->prepare("UPDATE users SET credits = ? WHERE id = ?");
$result = $stmt->execute([$credits, $userId]);
if ($result) {
echo json_encode(['success' => true, 'message' => 'User credits updated successfully']);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to update user credits']);
}
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['error' => 'Failed to update user credits: ' . $e->getMessage()]);
}
}
function returnToAdmin() {
try {
// Check if we're currently impersonating
if (!isset($_SESSION['impersonating']) || !$_SESSION['impersonating']) {
http_response_code(400);
echo json_encode(['error' => 'Not currently impersonating a user']);
return;
}
// Restore admin session data
$_SESSION['user_id'] = $_SESSION['admin_user_id'];
$_SESSION['user_email'] = $_SESSION['admin_user_email'];
$_SESSION['user_name'] = $_SESSION['admin_user_name'];
$_SESSION['is_admin'] = $_SESSION['admin_is_admin'];
// Clear impersonation data
unset($_SESSION['impersonating']);
unset($_SESSION['admin_user_id']);
unset($_SESSION['admin_user_email']);
unset($_SESSION['admin_user_name']);
unset($_SESSION['admin_is_admin']);
echo json_encode(['success' => true, 'message' => 'Returned to admin mode successfully']);
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['error' => 'Failed to return to admin mode: ' . $e->getMessage()]);
}
}
?>