Fix 6 code review findings: auth, mysqldump stderr, dead code, audit logs

- backup.php: replace manual admin check with requireAdmin(); suppress
  mysqldump password warning (2>&1 → 2>/dev/null) to prevent corrupt dumps
- ttg-backup.sh: same mysqldump stderr fix
- admin.php toggle_user: fix undefined $adminId/$userId in logAdminAction
  call — use $_SESSION['user_id'] and $uid instead
- admin.php chat_clear_all: wrap in try/catch and add logAdminAction audit
- admin.php: delete unreachable broadcast query block after break statement
- admin/index.php: fix cashouts_total formatted as currency — use parseInt
  (tokens are whole numbers, not dollars)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-06-06 10:02:07 +00:00
parent 9470b021b6
commit 8d27290831
4 changed files with 12 additions and 21 deletions
+1 -1
View File
@@ -1270,7 +1270,7 @@ async function loadPlatformStats() {
<div style="font-size:11px;color:var(--text2);font-weight:700;letter-spacing:.5px">PURCH</div>
</div>
<div style="flex:1;text-align:center;border-left:1px solid var(--border)">
<div style="font-family:'Exo 2',sans-serif;font-weight:700;font-size:15px;color:var(--green)">${parseFloat(p.cashouts_total).toLocaleString(undefined,{minimumFractionDigits:2,maximumFractionDigits:2})} 🪙</div>
<div style="font-family:'Exo 2',sans-serif;font-weight:700;font-size:15px;color:var(--green)">${parseInt(p.cashouts_total).toLocaleString()} 🪙</div>
<div style="font-size:11px;color:var(--text2);font-weight:700;letter-spacing:.5px">CASH</div>
</div>
</div>