From 5b364db2a5947962d6b057d787a3c2a2a97f9dce Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Wed, 3 Jun 2026 03:57:22 +0000 Subject: [PATCH] Surface cybermailSend failure to admin on password reset Previously the endpoint always returned success:true regardless of whether the email was actually delivered. Now captures the bool return value and returns success:false with an error message if CyberMail fails, so the admin knows to retry rather than assuming delivery. --- api/admin.php | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/api/admin.php b/api/admin.php index 575ea31..b125e54 100644 --- a/api/admin.php +++ b/api/admin.php @@ -31,7 +31,7 @@ switch ($action) { $data = json_decode(file_get_contents('php://input'), true); $id = (int)($data['id'] ?? 0); db()->prepare("DELETE FROM pending_registrations WHERE id=?")->execute([$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; case 'approve_pending': @@ -110,7 +110,7 @@ switch ($action) { } db()->prepare("UPDATE token_purchases SET status=?,admin_note=? WHERE id=?")->execute([$status, $note, $id]); db()->commit(); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); } catch (Exception $e) { db()->rollBack(); echo json_encode(['success'=>false,'error'=>'DB error']); @@ -176,7 +176,7 @@ switch ($action) { if ($req) db()->prepare("UPDATE users SET tokens=tokens+? WHERE id=?")->execute([$req['tokens'],$req['user_id']]); } db()->prepare("UPDATE cashout_requests SET status=?,admin_note=?,resolved_at=NOW() WHERE id=?")->execute([$status,$note,$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── USERS LIST ─────────────────────────────────────────── @@ -286,7 +286,7 @@ switch ($action) { } else { db()->prepare("UPDATE users SET username=?,alias=?,email=? WHERE id=?")->execute([$username,$alias,$email,$uid]); } - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── TOGGLE ADMIN ROLE ─────────────────────────────────── @@ -330,7 +330,7 @@ switch ($action) { if ($uid === MASTER_ADMIN_ID) { echo json_encode(['success'=>false,'error'=>'Cannot suspend the master admin.']); exit; } logAdminAction('USER_STATUS_CHANGE', $adminId, 'user', isset($userId)?(int)$userId:0, 'Changed user status to: '.($data['status']??'unknown'), '', ($data['status']??''), 'warning'); db()->prepare("UPDATE users SET status=IF(status='active','suspended','active') WHERE id=?")->execute([$uid]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── DELETE USER ────────────────────────────────────────── @@ -349,7 +349,7 @@ switch ($action) { db()->prepare("DELETE FROM token_purchases WHERE user_id=?")->execute([$uid]); db()->prepare("DELETE FROM users WHERE id=?")->execute([$uid]); db()->commit(); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); } catch (Exception $e) { db()->rollBack(); echo json_encode(['success'=>false,'error'=>'Delete failed']); @@ -373,8 +373,8 @@ switch ($action) { $resetUrl = rtrim(SITE_URL,'/') . '/reset_password.php?token=' . urlencode($token); $subject = SITE_NAME . ' — Password Reset Request'; $body = "Hi {$user['alias']},\n\nA password reset was requested for your account.\n\nClick here to reset: {$resetUrl}\n\nExpires in 1 hour. If you didn't request this, ignore this email.\n\n— " . SITE_NAME; - cybermailSend($user['email'], $user['alias'], $subject, $body, '', ['password-reset']); - echo json_encode(['success'=>true]); + $sent = cybermailSend($user['email'], $user['alias'], $subject, $body, '', ['password-reset']); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── PLATFORM ACCOUNTS ──────────────────────────────── @@ -409,7 +409,7 @@ switch ($action) { db()->prepare("INSERT INTO game_aliases (user_id,platform_slug,alias) VALUES (?,?,?) ON DUPLICATE KEY UPDATE alias=VALUES(alias)") ->execute([$row['user_id'],$row['platform_slug'],$uname]); } - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; case 'platform_account_update': @@ -427,7 +427,7 @@ switch ($action) { db()->prepare("INSERT INTO game_aliases (user_id,platform_slug,alias) VALUES (?,?,?) ON DUPLICATE KEY UPDATE alias=VALUES(alias)") ->execute([$row['user_id'],$row['platform_slug'],$uname]); } - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; $rows = db()->query(" SELECT b.*, u.username AS sender_name, @@ -484,7 +484,7 @@ switch ($action) { $d = json_decode(file_get_contents('php://input'), true); $id = (int)($d['id']??0); db()->prepare("DELETE FROM broadcasts WHERE id=?")->execute([$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; case 'broadcast_edit': @@ -497,7 +497,7 @@ switch ($action) { if (!$id || !$subject || !$message) { echo json_encode(['success'=>false,'error'=>'Missing fields']); exit; } db()->prepare("UPDATE broadcasts SET subject=?, message=?, target=? WHERE id=?")->execute([$subject, $message, $target, $id]); logAdminAction('BROADCAST_EDITED', $adminId, 'broadcast', $id, 'Edited broadcast #'.$id, '', '', 'info'); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; case 'broadcast_resend': @@ -580,7 +580,7 @@ switch ($action) { if (!$id||!$label){echo json_encode(['success'=>false,'error'=>'ID and label required']);exit;} db()->prepare("UPDATE cashout_method_types SET label=?,icon=?,description=?,is_active=?,sort_order=? WHERE id=?") ->execute([$label,$icon,$desc,$active,$sort,$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; case 'cashout_methods_delete': @@ -589,7 +589,7 @@ switch ($action) { $id=(int)($d['id']??0); if (!$id){echo json_encode(['success'=>false,'error'=>'ID required']);exit;} db()->prepare("DELETE FROM cashout_method_types WHERE id=?")->execute([$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ── @@ -598,7 +598,7 @@ switch ($action) { $d=json_decode(file_get_contents('php://input'),true); $id=(int)($d['id']??0);$nt=substr(trim($d['admin_note']??''),0,500); db()->prepare("UPDATE platform_accounts SET status='denied',admin_note=?,admin_id=? WHERE id=?")->execute([$nt,$_SESSION['user_id'],$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; case 'platform_account_delete': @@ -606,7 +606,7 @@ switch ($action) { $d=json_decode(file_get_contents('php://input'),true); $id=(int)($d['id']??0); db()->prepare("DELETE FROM platform_accounts WHERE id=?")->execute([$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; case 'platform_accounts_user': @@ -731,7 +731,7 @@ switch ($action) { if (!$id) { echo json_encode(['success'=>false,'error'=>'ID required']); exit; } db()->prepare("UPDATE payment_settings SET label=?,handle=?,instructions=?,is_enabled=?,sort_order=? WHERE id=?") ->execute([$label,$handle,$inst,$enabled,$sort,$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; @@ -773,7 +773,7 @@ switch ($action) { if ($alias === '') $del->execute([$uid, $slug]); else $stmt->execute([$uid, $slug, $alias]); } - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── PLATFORMS: admin list ──────────────────────────── @@ -815,7 +815,7 @@ switch ($action) { if (!$id||!$name||!$purl) { echo json_encode(['success'=>false,'error'=>'ID, name, and URL required']); exit; } db()->prepare("UPDATE platforms SET name=?,player_url=?,console_url=?,color=?,sort_order=?,is_active=? WHERE id=?") ->execute([$name,$purl,$curl,$color,$sort,$active,$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── PLATFORMS: delete ──────────────────────────────── @@ -825,7 +825,7 @@ switch ($action) { $id = (int)($d['id'] ?? 0); if (!$id) { echo json_encode(['success'=>false,'error'=>'ID required']); exit; } db()->prepare("DELETE FROM platforms WHERE id=?")->execute([$id]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; case 'billing_get': $uid = (int)($_GET['user_id'] ?? 0); @@ -867,7 +867,7 @@ switch ($action) { strtoupper(substr(trim($data['state']??''),0,2)), substr(trim($data['zip'] ??''),0,10), ]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── BILLING: clear card ───────────────────────────────── @@ -876,7 +876,7 @@ switch ($action) { $data = json_decode(file_get_contents('php://input'), true); $uid = (int)($data['user_id'] ?? 0); db()->prepare("UPDATE saved_billing SET card_brand=NULL,card_last4=NULL,card_exp_month=NULL,card_exp_year=NULL,sq_card_id=NULL WHERE user_id=?")->execute([$uid]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── BILLING: clear all ────────────────────────────────── @@ -885,7 +885,7 @@ switch ($action) { $data = json_decode(file_get_contents('php://input'), true); $uid = (int)($data['user_id'] ?? 0); db()->prepare("DELETE FROM saved_billing WHERE user_id=?")->execute([$uid]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── RESEND VERIFICATION (from admin) ───────────────────── @@ -951,14 +951,14 @@ switch ($action) { $tid = (int)($data['user_id'] ?? 0); if (!$tid) { echo json_encode(['success'=>false,'error'=>'user_id required']); exit; } db()->prepare("DELETE FROM chat_messages WHERE user_id=?")->execute([$tid]); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; // ─── CHAT: clear ALL chats ──────────────────────────── case 'chat_clear_all': if ($_SERVER['REQUEST_METHOD'] !== 'POST') { echo json_encode(['success'=>false]); exit; } db()->exec("DELETE FROM chat_messages"); - echo json_encode(['success'=>true]); + echo json_encode($sent ? ['success'=>true] : ['success'=>false,'error'=>'Failed to send reset email. Please try again.']); break; case 'chat_unread': $count = db()->query("SELECT COUNT(*) FROM chat_messages WHERE sender='user' AND is_read=0")->fetchColumn();