false,'error'=>'Not authenticated']); exit; } $userId = (int)$_SESSION['user_id']; $isAdmin = !empty($_SESSION['is_admin']); $method = $_SERVER['REQUEST_METHOD']; $action = $_GET['action'] ?? 'status'; // ── GET actions ─────────────────────────────────────────── if ($method === 'GET') { if ($action === 'status') { // Player's referral dashboard data $user = db()->prepare("SELECT referral_code, referred_by FROM users WHERE id=?"); $user->execute([$userId]); $u = $user->fetch(); // Auto-generate code if missing if (empty($u['referral_code'])) { $code = strtoupper(substr(md5($userId.uniqid()),0,8)); db()->prepare("UPDATE users SET referral_code=? WHERE id=?")->execute([$code, $userId]); $u['referral_code'] = $code; } // Count verified referrals $countStmt = db()->prepare("SELECT COUNT(*) FROM referrals WHERE referrer_id=? AND status='verified'"); $countStmt->execute([$userId]); $verified = (int)$countStmt->fetchColumn(); // All referrals $refs = db()->prepare(" SELECT r.*, u.username, u.alias, u.email_verified, u.created_at AS joined_at FROM referrals r JOIN users u ON r.referred_id = u.id WHERE r.referrer_id = ? ORDER BY r.created_at DESC "); $refs->execute([$userId]); // Current tier $tier = db()->query(" SELECT * FROM referral_tiers WHERE is_active=1 AND min_referrals <= $verified ORDER BY min_referrals DESC LIMIT 1 ")->fetch(); // Next tier $nextTier = db()->query(" SELECT * FROM referral_tiers WHERE is_active=1 AND min_referrals > $verified ORDER BY min_referrals ASC LIMIT 1 ")->fetch(); // Total tokens earned from referrals $earned = db()->prepare("SELECT COALESCE(SUM(tokens_awarded),0) FROM referrals WHERE referrer_id=? AND status='verified'"); $earned->execute([$userId]); // Social shares $shares = db()->prepare("SELECT * FROM referral_social_shares WHERE user_id=? ORDER BY created_at DESC"); $shares->execute([$userId]); echo json_encode([ 'success' => true, 'referral_code' => $u['referral_code'] ?? '', 'referral_url' => (defined('SITE_URL')?SITE_URL:'https://tomtomgames.com') . '/?ref=' . ($u['referral_code'] ?? ''), 'verified_count' => $verified, 'total_earned' => (float)$earned->fetchColumn(), 'current_tier' => $tier, 'next_tier' => $nextTier, 'referrals' => $refs->fetchAll(), 'social_shares' => $shares->fetchAll(), ]); exit; } if ($action === 'tiers') { $rows = db()->query("SELECT * FROM referral_tiers WHERE is_active=1 ORDER BY min_referrals ASC")->fetchAll(); echo json_encode(['success'=>true,'tiers'=>$rows]); exit; } if ($action === 'all_tiers' && $isAdmin) { $rows = db()->query("SELECT * FROM referral_tiers ORDER BY sort_order ASC, min_referrals ASC")->fetchAll(); echo json_encode(['success'=>true,'tiers'=>$rows]); exit; } if ($action === 'admin_list' && $isAdmin) { $status = $_GET['status'] ?? 'pending'; $stmt = db()->prepare(" SELECT r.*, ru.username AS referrer_name, ru.alias AS referrer_alias, rd.username AS referred_name, rd.alias AS referred_alias, rd.email_verified, t.name AS tier_name FROM referrals r JOIN users ru ON r.referrer_id = ru.id JOIN users rd ON r.referred_id = rd.id LEFT JOIN referral_tiers t ON r.tier_id = t.id WHERE r.status = ? ORDER BY r.created_at DESC LIMIT 100 "); $stmt->execute([$status]); echo json_encode(['success'=>true,'referrals'=>$stmt->fetchAll()]); exit; } if ($action === 'admin_shares' && $isAdmin) { $status = $_GET['status'] ?? 'pending'; $stmt = db()->prepare(" SELECT rs.*, u.username, u.alias FROM referral_social_shares rs JOIN users u ON rs.user_id = u.id WHERE rs.status = ? ORDER BY rs.created_at DESC "); $stmt->execute([$status]); echo json_encode(['success'=>true,'shares'=>$stmt->fetchAll()]); exit; } echo json_encode(['success'=>false,'error'=>'Unknown action']); exit; } // ── POST actions ────────────────────────────────────────── if ($method !== 'POST') { echo json_encode(['success'=>false,'error'=>'Method not allowed']); exit; } $d = json_decode(file_get_contents('php://input'), true); if ($action === 'submit_share') { $platform = preg_replace('/[^a-z0-9_]/', '', strtolower(trim($d['platform'] ?? ''))); if (!$platform) { echo json_encode(['success'=>false,'error'=>'Platform required']); exit; } // Get bonus tokens for this platform from tiers config $bonus = 5; // default try { db()->prepare("INSERT INTO referral_social_shares (user_id,platform,bonus_tokens) VALUES (?,?,?)") ->execute([$userId, $platform, $bonus]); echo json_encode(['success'=>true]); } catch(Exception $e) { echo json_encode(['success'=>false,'error'=>'Already submitted for this platform']); } exit; } // ── Admin only below ────────────────────────────────────── if (!$isAdmin) { echo json_encode(['success'=>false,'error'=>'Forbidden']); exit; } if ($action === 'resolve_referral') { $id = (int)($d['id'] ?? 0); $status = $d['status'] ?? ''; $note = substr(trim($d['note'] ?? ''), 0, 300); if (!in_array($status, ['verified','denied','deleted'])) { echo json_encode(['success'=>false,'error'=>'Invalid status']); exit; } $chk = db()->prepare("SELECT r.*, t.tokens_per_ref, t.min_referrals, t.bonus_tokens FROM referrals r LEFT JOIN referral_tiers t ON r.tier_id=t.id WHERE r.id=?"); $chk->execute([$id]); $ref = $chk->fetch(); if (!$ref) { echo json_encode(['success'=>false,'error'=>'Not found']); exit; } if ($status === 'verified') { // Determine best tier for referrer $countStmt = db()->prepare("SELECT COUNT(*) FROM referrals WHERE referrer_id=? AND status='verified'"); $countStmt->execute([$ref['referrer_id']]); $verifiedCount = (int)$countStmt->fetchColumn() + 1; // +1 for this one $tier = db()->query("SELECT * FROM referral_tiers WHERE is_active=1 AND min_referrals <= $verifiedCount ORDER BY min_referrals DESC LIMIT 1")->fetch(); $tokensToAward = $tier ? (float)$tier['tokens_per_ref'] : 5; // Check if this hits a bonus milestone $bonusTokens = 0; if ($tier && $verifiedCount == (int)$tier['min_referrals']) { $bonusTokens = (float)$tier['bonus_tokens']; } $totalAward = $tokensToAward + $bonusTokens; db()->beginTransaction(); try { db()->prepare("UPDATE referrals SET status='verified', tier_id=?, tokens_awarded=?, admin_id=?, admin_note=?, resolved_at=NOW() WHERE id=?") ->execute([$tier['id'] ?? null, $totalAward, (int)$_SESSION['user_id'], $note, $id]); db()->prepare("UPDATE users SET tokens=tokens+? WHERE id=?")->execute([$totalAward, $ref['referrer_id']]); logAdminAction('REFERRAL_VERIFIED', (int)$_SESSION['user_id'], 'referral', $id, 'Verified referral #'.$id.' — awarded '.$totalAward.' tokens to user #'.$ref['referrer_id'], 'pending', 'verified', 'info'); db()->commit(); echo json_encode(['success'=>true,'tokens_awarded'=>$totalAward,'bonus'=>$bonusTokens,'tier'=>$tier['name']??'']); } catch(Exception $e) { db()->rollBack(); echo json_encode(['success'=>false,'error'=>'DB error']); } } else { db()->prepare("UPDATE referrals SET status=?, admin_id=?, admin_note=?, resolved_at=NOW() WHERE id=?") ->execute([$status, (int)$_SESSION['user_id'], $note, $id]); echo json_encode(['success'=>true]); } exit; } if ($action === 'resolve_share') { $id = (int)($d['id'] ?? 0); $status = $d['status'] ?? ''; if (!in_array($status, ['approved','denied'])) { echo json_encode(['success'=>false,'error'=>'Invalid']); exit; } $chk = db()->prepare("SELECT * FROM referral_social_shares WHERE id=?"); $chk->execute([$id]); $share = $chk->fetch(); if (!$share) { echo json_encode(['success'=>false,'error'=>'Not found']); exit; } db()->prepare("UPDATE referral_social_shares SET status=?,admin_id=?,resolved_at=NOW() WHERE id=?")->execute([$status,(int)$_SESSION['user_id'],$id]); if ($status === 'approved') { db()->prepare("UPDATE users SET tokens=tokens+? WHERE id=?")->execute([$share['bonus_tokens'],$share['user_id']]); logAdminAction('SOCIAL_SHARE_APPROVED', (int)$_SESSION['user_id'], 'referral_share', $id, 'Approved social share #'.$id.' — awarded '.$share['bonus_tokens'].' bonus tokens to user #'.$share['user_id'], '', 'approved', 'info'); } echo json_encode(['success'=>true]); exit; } // ── Tier CRUD ───────────────────────────────────────────── if ($action === 'tier_create') { $name = substr(trim($d['name']??''),0,100); $minRefs = (int)($d['min_referrals']??1); $tokPer = (float)($d['tokens_per_ref']??5); $bonus = (float)($d['bonus_tokens']??0); $desc = substr(trim($d['description']??''),0,300); $sort = (int)($d['sort_order']??99); $active = (int)(bool)($d['is_active']??1); if (!$name) { echo json_encode(['success'=>false,'error'=>'Name required']); exit; } db()->prepare("INSERT INTO referral_tiers (name,min_referrals,tokens_per_ref,bonus_tokens,description,is_active,sort_order) VALUES (?,?,?,?,?,?,?)") ->execute([$name,$minRefs,$tokPer,$bonus,$desc,$active,$sort]); echo json_encode(['success'=>true,'id'=>db()->lastInsertId()]); exit; } if ($action === 'tier_update') { $id = (int)($d['id']??0); $name = substr(trim($d['name']??''),0,100); $minRefs = (int)($d['min_referrals']??1); $tokPer = (float)($d['tokens_per_ref']??5); $bonus = (float)($d['bonus_tokens']??0); $desc = substr(trim($d['description']??''),0,300); $sort = (int)($d['sort_order']??0); $active = (int)(bool)($d['is_active']??1); if (!$id||!$name) { echo json_encode(['success'=>false,'error'=>'ID and name required']); exit; } db()->prepare("UPDATE referral_tiers SET name=?,min_referrals=?,tokens_per_ref=?,bonus_tokens=?,description=?,is_active=?,sort_order=? WHERE id=?") ->execute([$name,$minRefs,$tokPer,$bonus,$desc,$active,$sort,$id]); echo json_encode(['success'=>true]); exit; } if ($action === 'tier_delete') { $id = (int)($d['id']??0); if (!$id) { echo json_encode(['success'=>false,'error'=>'ID required']); exit; } db()->prepare("DELETE FROM referral_tiers WHERE id=?")->execute([$id]); echo json_encode(['success'=>true]); exit; } echo json_encode(['success'=>false,'error'=>'Unknown action']);