mirror of
https://github.com/myronblair/tomtomgames
synced 2026-06-30 17:51:08 -05:00
Fix 6 code review findings: auth, mysqldump stderr, dead code, audit logs
- backup.php: replace manual admin check with requireAdmin(); suppress mysqldump password warning (2>&1 → 2>/dev/null) to prevent corrupt dumps - ttg-backup.sh: same mysqldump stderr fix - admin.php toggle_user: fix undefined $adminId/$userId in logAdminAction call — use $_SESSION['user_id'] and $uid instead - admin.php chat_clear_all: wrap in try/catch and add logAdminAction audit - admin.php: delete unreachable broadcast query block after break statement - admin/index.php: fix cashouts_total formatted as currency — use parseInt (tokens are whole numbers, not dollars) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+2
-6
@@ -9,11 +9,7 @@ if ($action !== 'download') {
|
||||
header('Content-Type: application/json');
|
||||
}
|
||||
|
||||
if (!isLoggedIn() || empty($_SESSION['is_admin'])) {
|
||||
if ($action !== 'download') echo json_encode(['success'=>false,'error'=>'Forbidden']);
|
||||
else { http_response_code(403); echo 'Forbidden'; }
|
||||
exit;
|
||||
}
|
||||
requireAdmin();
|
||||
|
||||
$backupDir = '/home/tomtomgames.com/backups';
|
||||
if (!is_dir($backupDir)) @mkdir($backupDir, 0750, true);
|
||||
@@ -43,7 +39,7 @@ switch ($action) {
|
||||
|
||||
// Export database
|
||||
$dbCmd = sprintf(
|
||||
'/usr/bin/mysqldump -u %s -p%s %s > %s 2>&1',
|
||||
'/usr/bin/mysqldump -u %s -p%s %s > %s 2>/dev/null',
|
||||
escapeshellarg(DB_USER), escapeshellarg(DB_PASS),
|
||||
escapeshellarg(DB_NAME), escapeshellarg($sqlFile)
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user