├── README.md
├── api
    ├── add_candidate.php
    ├── add_user.php
    ├── admin.php
    ├── change_password.php
    ├── config.php
    ├── dash.php
    ├── delete_candidate.php
    ├── delete_user.php
    ├── get_votes.php
    ├── install.php
    ├── login.php
    ├── logout.php
    ├── password.php
    ├── reset_all_votes.php
    ├── reset_votes.php
    ├── update_candidate.php
    ├── update_settings.php
    ├── update_user_role.php
    ├── update_votes.php
    └── vote.php
├── index.html
└── vercel.json


/README.md:
--------------------------------------------------------------------------------
 1 | ## 开始使用
 2 | 
 3 | 1. 准备好你的 MySQL 数据库;
 4 | 2. 点击右侧按钮开始部署：
 5 |    [![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3a%2f%2fgithub.com%2fSMNETSTUDIO%2fShineVote&env=DB_HOST&env=DB_NAME&env=DB_USER&env=DB_PASSWORD&project-name=shinevote&repository-name=shinevote)
 6 | 3. 在环境变量页填入数据库信息；
 7 | 4. 部署完毕后，即可开始使用
 8 | 
 9 | ![image](https://github.com/user-attachments/assets/1839e903-9b10-4fdb-a54e-17bd23dd5686)
10 | 


--------------------------------------------------------------------------------
/api/add_candidate.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '未登录']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ? AND u.is_admin = 1
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | if (!$stmt->fetch()) {
19 |     echo json_encode(['success' => false, 'message' => '无权限']);
20 |     exit;
21 | }
22 | 
23 | $name = $_POST['name'] ?? '';
24 | if (!$name) {
25 |     echo json_encode(['success' => false, 'message' => '请输入名称']);
26 |     exit;
27 | }
28 | 
29 | $stmt = $pdo->prepare("INSERT INTO candidates (name) VALUES (?)");
30 | $result = $stmt->execute([$name]);
31 | 
32 | echo json_encode(['success' => $result]); 


--------------------------------------------------------------------------------
/api/add_user.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '无权限']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ? AND u.is_admin = 1
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | $admin = $stmt->fetch();
19 | 
20 | if (!$admin) {
21 |     echo json_encode(['success' => false, 'message' => '无权限']);
22 |     exit;
23 | }
24 | 
25 | if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
26 |     echo json_encode(['success' => false, 'message' => '无效的请求方法']);
27 |     exit;
28 | }
29 | 
30 | $username = trim($_POST['username'] ?? '');
31 | $password = $_POST['password'] ?? '';
32 | 
33 | if (empty($username) || empty($password)) {
34 |     echo json_encode(['success' => false, 'message' => '用户名和密码不能为空']);
35 |     exit;
36 | }
37 | 
38 | $stmt = $pdo->prepare("SELECT COUNT(*) FROM users WHERE username = ?");
39 | $stmt->execute([$username]);
40 | if ($stmt->fetchColumn() > 0) {
41 |     echo json_encode(['success' => false, 'message' => '用户名已存在']);
42 |     exit;
43 | }
44 | 
45 | try {
46 |     $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
47 |     $stmt = $pdo->prepare("
48 |         INSERT INTO users (username, password, is_admin, created_at) 
49 |         VALUES (?, ?, 0, NOW())
50 |     ");
51 |     
52 |     $stmt->execute([$username, $hashedPassword]);
53 |     echo json_encode(['success' => true, 'message' => '用户添加成功']);
54 |     
55 | } catch (PDOException $e) {
56 |     error_log($e->getMessage());
57 |     echo json_encode(['success' => false, 'message' => '系统错误']);
58 | } 


--------------------------------------------------------------------------------
/api/admin.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | require_once 'config.php';
  3 | 
  4 | $auth_token = $_COOKIE['auth_token'] ?? '';
  5 | if (!$auth_token) {
  6 |     header('Location: login.php');
  7 |     exit;
  8 | }
  9 | 
 10 | $stmt = $pdo->prepare("
 11 |     SELECT u.* 
 12 |     FROM users u 
 13 |     JOIN user_tokens t ON u.id = t.user_id 
 14 |     WHERE t.token = ? AND u.is_admin = 1
 15 |     LIMIT 1
 16 | ");
 17 | $stmt->execute([$auth_token]);
 18 | $admin = $stmt->fetch();
 19 | 
 20 | if (!$admin) {
 21 |     header('Location: /api/login.php');
 22 |     exit;
 23 | }
 24 | 
 25 | $stmt = $pdo->query("SELECT * FROM users WHERE is_admin = 0");
 26 | $users = $stmt->fetchAll();
 27 | $stmt = $pdo->query("
 28 |     SELECT c.*, 
 29 |            COALESCE((SELECT COUNT(*) FROM votes v WHERE v.candidate_id = c.id), 0) as vote_count 
 30 |     FROM candidates c
 31 | ");
 32 | $candidates = $stmt->fetchAll();
 33 | $stmt = $pdo->query("SELECT * FROM settings WHERE id = 1");
 34 | $settings = $stmt->fetch();
 35 | $stmt = $pdo->query("SELECT COUNT(*) as total_users FROM users WHERE is_admin = 0");
 36 | $totalUsers = $stmt->fetch()['total_users'];
 37 | $today = date('Y-m-d');
 38 | $stmt = $pdo->prepare("
 39 |     SELECT COUNT(DISTINCT user_id) as active_users 
 40 |     FROM votes 
 41 |     WHERE DATE(created_at) = ?
 42 | ");
 43 | $stmt->execute([$today]);
 44 | $activeUsers = $stmt->fetch()['active_users'];
 45 | $stmt = $pdo->query("SELECT COUNT(*) as total_votes FROM votes");
 46 | $totalVotes = $stmt->fetch()['total_votes'];
 47 | ?>
 48 | 
 49 | <!DOCTYPE html>
 50 | <html>
 51 | <head>
 52 |     <title>管理后台</title>
 53 |     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
 54 |     <style>
 55 |         body {
 56 |             background-color: #f0f2f5;
 57 |             min-height: 100vh;
 58 |             font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
 59 |         }
 60 |         .navbar {
 61 |             background: linear-gradient(135deg, #1a1a1a 0%, #2c3e50 100%);
 62 |             box-shadow: 0 4px 12px rgba(0,0,0,0.1);
 63 |             padding: 1rem 0;
 64 |         }
 65 |         .navbar-brand {
 66 |             color: white !important;
 67 |             font-size: 1.5rem;
 68 |             font-weight: 700;
 69 |             letter-spacing: -0.5px;
 70 |         }
 71 |         .nav-tabs {
 72 |             border-bottom: none;
 73 |             margin-top: 2rem;
 74 |             gap: 0.5rem;
 75 |         }
 76 |         .nav-tabs .nav-link {
 77 |             border: none;
 78 |             padding: 1rem 1.5rem;
 79 |             font-weight: 600;
 80 |             color: #495057;
 81 |             border-radius: 12px 12px 0 0;
 82 |             transition: all 0.3s ease;
 83 |         }
 84 |         .nav-tabs .nav-link:hover {
 85 |             background: rgba(0,0,0,0.05);
 86 |         }
 87 |         .nav-tabs .nav-link.active {
 88 |             background: white;
 89 |             color: #0056b3;
 90 |             position: relative;
 91 |         }
 92 |         .nav-tabs .nav-link.active::after {
 93 |             content: '';
 94 |             position: absolute;
 95 |             bottom: 0;
 96 |             left: 0;
 97 |             width: 100%;
 98 |             height: 3px;
 99 |             background: linear-gradient(90deg, #0056b3 0%, #00a0ff 100%);
100 |             border-radius: 3px 3px 0 0;
101 |         }
102 |         .card {
103 |             border: none;
104 |             border-radius: 16px;
105 |             box-shadow: 0 4px 12px rgba(0,0,0,0.05);
106 |             transition: all 0.3s ease;
107 |             background: white;
108 |             margin-bottom: 1.5rem;
109 |         }
110 |         .card:hover {
111 |             transform: translateY(-2px);
112 |             box-shadow: 0 8px 24px rgba(0,0,0,0.1);
113 |         }
114 |         .stats-card {
115 |             background: linear-gradient(135deg, #fff 0%, #f8f9fa 100%);
116 |             border-left: 4px solid #0056b3;
117 |             padding: 1.5rem;
118 |         }
119 |         .stats-card h6 {
120 |             color: #6c757d;
121 |             font-weight: 600;
122 |             margin-bottom: 0.5rem;
123 |         }
124 |         .stats-card h3 {
125 |             color: #2c3e50;
126 |             font-weight: 700;
127 |             margin: 0;
128 |         }
129 |         .table {
130 |             margin: 0;
131 |         }
132 |         .table thead th {
133 |             background: linear-gradient(135deg, #1a1a1a 0%, #2c3e50 100%);
134 |             color: white;
135 |             font-weight: 600;
136 |             border: none;
137 |             padding: 1rem 1.5rem;
138 |         }
139 |         .table tbody td {
140 |             padding: 1rem 1.5rem;
141 |             vertical-align: middle;
142 |             border-bottom: 1px solid #e9ecef;
143 |         }
144 |         .btn {
145 |             padding: 0.6rem 1.2rem;
146 |             border-radius: 10px;
147 |             font-weight: 600;
148 |             transition: all 0.3s ease;
149 |         }
150 |         .btn:hover {
151 |             transform: translateY(-2px);
152 |         }
153 |         .btn-primary {
154 |             background: linear-gradient(135deg, #0056b3 0%, #0088ff 100%);
155 |             border: none;
156 |         }
157 |         .btn-primary:hover {
158 |             background: linear-gradient(135deg, #003d82 0%, #0056b3 100%);
159 |             box-shadow: 0 4px 12px rgba(0,86,179,0.2);
160 |         }
161 |         .btn-danger {
162 |             background: linear-gradient(135deg, #dc3545 0%, #ff4d5b 100%);
163 |             border: none;
164 |         }
165 |         .btn-warning {
166 |             background: linear-gradient(135deg, #ffc107 0%, #ffdb4d 100%);
167 |             border: none;
168 |         }
169 |         .form-control, .form-select {
170 |             border-radius: 10px;
171 |             border: 1px solid #e0e0e0;
172 |             padding: 0.7rem 1rem;
173 |             transition: all 0.3s ease;
174 |         }
175 |         .form-control:focus, .form-select:focus {
176 |             border-color: #0056b3;
177 |             box-shadow: 0 0 0 0.2rem rgba(0,86,179,0.25);
178 |         }
179 |         .modal-content {
180 |             border: none;
181 |             border-radius: 16px;
182 |             overflow: hidden;
183 |         }
184 |         .modal-header {
185 |             background: linear-gradient(135deg, #1a1a1a 0%, #2c3e50 100%);
186 |             border: none;
187 |             padding: 1.5rem;
188 |         }
189 |         .modal-header .modal-title {
190 |             color: white;
191 |             font-weight: 600;
192 |         }
193 |         .modal-header .btn-close {
194 |             filter: brightness(0) invert(1);
195 |             opacity: 0.8;
196 |         }
197 |         .modal-body {
198 |             padding: 2rem;
199 |         }
200 |         .tab-content {
201 |             background: white;
202 |             border-radius: 0 0 16px 16px;
203 |             padding: 2rem;
204 |             box-shadow: 0 4px 12px rgba(0,0,0,0.05);
205 |         }
206 |         .tab-pane h3 {
207 |             color: #2c3e50;
208 |             font-weight: 700;
209 |             margin-bottom: 1.5rem;
210 |         }
211 |         @media (max-width: 768px) {
212 |             .container {
213 |                 padding: 0.5rem;
214 |                 max-width: 100%;
215 |             }
216 |             
217 |             .navbar .container {
218 |                 flex-direction: column;
219 |                 gap: 0.5rem;
220 |                 align-items: stretch;
221 |             }
222 |             
223 |             .navbar-brand {
224 |                 font-size: 1.1rem;
225 |                 text-align: center;
226 |             }
227 |             
228 |             .navbar .btn {
229 |                 padding: 0.4rem 0.8rem;
230 |                 font-size: 0.9rem;
231 |             }
232 |             
233 |             .nav-tabs {
234 |                 margin-top: 0.8rem;
235 |                 flex-wrap: nowrap;
236 |                 overflow-x: auto;
237 |                 -webkit-overflow-scrolling: touch;
238 |                 gap: 0.3rem;
239 |                 padding: 0.5rem 0;
240 |             }
241 |             
242 |             .nav-tabs .nav-link {
243 |                 padding: 0.6rem 0.8rem;
244 |                 font-size: 0.9rem;
245 |                 white-space: nowrap;
246 |             }
247 |             
248 |             .tab-content {
249 |                 padding: 0.8rem;
250 |             }
251 |             
252 |             .row {
253 |                 margin: 0 -0.5rem;
254 |             }
255 |             
256 |             .col-md-4 {
257 |                 padding: 0 0.5rem;
258 |             }
259 |             
260 |             .stats-card {
261 |                 padding: 1rem;
262 |                 margin-bottom: 0.8rem;
263 |             }
264 |             
265 |             .stats-card h6 {
266 |                 font-size: 0.85rem;
267 |             }
268 |             
269 |             .stats-card h3 {
270 |                 font-size: 1.2rem;
271 |             }
272 |             
273 |             .table-responsive {
274 |                 margin: 0 -0.8rem;
275 |                 padding: 0 0.8rem;
276 |                 width: calc(100% + 1.6rem);
277 |             }
278 |             
279 |             .table {
280 |                 font-size: 0.9rem;
281 |             }
282 |             
283 |             .table thead th {
284 |                 padding: 0.6rem;
285 |                 font-size: 0.85rem;
286 |             }
287 |             
288 |             .table tbody td {
289 |                 padding: 0.6rem;
290 |             }
291 |             
292 |             .form-control, .form-select {
293 |                 padding: 0.4rem 0.6rem;
294 |                 font-size: 0.9rem;
295 |             }
296 |             
297 |             .btn {
298 |                 padding: 0.4rem 0.8rem;
299 |                 font-size: 0.9rem;
300 |             }
301 |             
302 |             .modal-body {
303 |                 padding: 0.8rem;
304 |             }
305 |             
306 |             .modal-header {
307 |                 padding: 0.8rem;
308 |             }
309 |             
310 |             .modal-title {
311 |                 font-size: 1.1rem;
312 |             }
313 |         }
314 |         
315 |         @media (max-width: 480px) {
316 |             .navbar-brand {
317 |                 font-size: 1rem;
318 |             }
319 |             
320 |             .nav-tabs .nav-link {
321 |                 font-size: 0.85rem;
322 |                 padding: 0.5rem 0.6rem;
323 |             }
324 |             
325 |             .stats-card h3 {
326 |                 font-size: 1.1rem;
327 |             }
328 |             
329 |             .table {
330 |                 font-size: 0.85rem;
331 |             }
332 |         }
333 |     </style>
334 | </head>
335 | <body>
336 |     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
337 |     <nav class="navbar">
338 |         <div class="container">
339 |             <span class="navbar-brand">投票系统管理后台</span>
340 |             <div>
341 |                 <button class="btn btn-outline-light me-2" data-bs-toggle="modal" data-bs-target="#changePasswordModal">修改密码</button>
342 |                 <a href="logout.php" class="btn btn-outline-light">退出登录</a>
343 |             </div>
344 |         </div>
345 |     </nav>
346 | 
347 |     <div class="container">
348 |         <ul class="nav nav-tabs mb-4">
349 |             <li class="nav-item">
350 |                 <a class="nav-link active" data-bs-toggle="tab" href="#users">用户管理</a>
351 |             </li>
352 |             <li class="nav-item">
353 |                 <a class="nav-link" data-bs-toggle="tab" href="#candidates">候选人管理</a>
354 |             </li>
355 |             <li class="nav-item">
356 |                 <a class="nav-link" data-bs-toggle="tab" href="#settings">投票设置</a>
357 |             </li>
358 |         </ul>
359 | 
360 |         <div class="tab-content">
361 |             <div class="tab-pane active" id="users">
362 |                 <div class="row mb-4">
363 |                     <div class="col-md-4">
364 |                         <div class="card stats-card">
365 |                             <div class="card-body">
366 |                                 <h6 class="text-muted">总用户数</h6>
367 |                                 <h3><?= $totalUsers ?></h3>
368 |                             </div>
369 |                         </div>
370 |                     </div>
371 |                     <div class="col-md-4">
372 |                         <div class="card stats-card">
373 |                             <div class="card-body">
374 |                                 <h6 class="text-muted">今日活跃用户</h6>
375 |                                 <h3><?= $activeUsers ?></h3>
376 |                             </div>
377 |                         </div>
378 |                     </div>
379 |                     <div class="col-md-4">
380 |                         <div class="card stats-card">
381 |                             <div class="card-body">
382 |                                 <h6 class="text-muted">总投票数</h6>
383 |                                 <h3><?= $totalVotes ?></h3>
384 |                             </div>
385 |                         </div>
386 |                     </div>
387 |                 </div>
388 |                 <h3>用户管理</h3>
389 |                 <button class="btn btn-primary mb-3" data-bs-toggle="modal" data-bs-target="#addUserModal">添加用户</button>
390 |                 
391 |                 <table class="table">
392 |                     <thead>
393 |                         <tr>
394 |                             <th>ID</th>
395 |                             <th>用户名</th>
396 |                             <th>权限</th>
397 |                             <th>创建时间</th>
398 |                             <th>操作</th>
399 |                         </tr>
400 |                     </thead>
401 |                     <tbody>
402 |                         <?php foreach ($users as $user): ?>
403 |                         <tr>
404 |                             <td><?= $user['id'] ?></td>
405 |                             <td><?= htmlspecialchars($user['username']) ?></td>
406 |                             <td>
407 |                                 <select class="form-select form-select-sm" onchange="updateUserRole(<?= $user['id'] ?>, this.value)">
408 |                                     <option value="0" <?= $user['is_admin'] ? '' : 'selected' ?>>普通用户</option>
409 |                                     <option value="1" <?= $user['is_admin'] ? 'selected' : '' ?>>管理员</option>
410 |                                 </select>
411 |                             </td>
412 |                             <td><?= $user['created_at'] ?></td>
413 |                             <td>
414 |                                 <button class="btn btn-sm btn-warning" onclick="resetPassword(<?= $user['id'] ?>)">重置密码</button>
415 |                                 <button class="btn btn-sm btn-danger" onclick="deleteUser(<?= $user['id'] ?>)">删除</button>
416 |                             </td>
417 |                         </tr>
418 |                         <?php endforeach; ?>
419 |                     </tbody>
420 |                 </table>
421 |             </div>
422 | 
423 |             <div class="tab-pane" id="candidates">
424 |                 <h3>候选人管理</h3>
425 |                 <button class="btn btn-primary mb-3" data-bs-toggle="modal" data-bs-target="#addCandidateModal">添加候选人</button>
426 |                 
427 |                 <table class="table">
428 |                     <thead>
429 |                         <tr>
430 |                             <th>ID</th>
431 |                             <th>名称</th>
432 |                             <th>当前票数</th>
433 |                             <th>操作</th>
434 |                         </tr>
435 |                     </thead>
436 |                     <tbody>
437 |                         <?php foreach ($candidates as $candidate): ?>
438 |                         <tr>
439 |                             <td><?= $candidate['id'] ?></td>
440 |                             <td>
441 |                                 <input type="text" class="form-control form-control-sm" 
442 |                                        value="<?= htmlspecialchars($candidate['name']) ?>"
443 |                                        onchange="updateCandidateName(<?= $candidate['id'] ?>, this.value)">
444 |                             </td>
445 |                             <td><?= $candidate['vote_count'] ?? 0 ?></td>
446 |                             <td>
447 |                                 <button class="btn btn-sm btn-info" onclick="resetVotes(<?= $candidate['id'] ?>)">重置票数</button>
448 |                                 <button class="btn btn-sm btn-danger" onclick="deleteCandidate(<?= $candidate['id'] ?>)">删除</button>
449 |                             </td>
450 |                         </tr>
451 |                         <?php endforeach; ?>
452 |                     </tbody>
453 |                 </table>
454 |             </div>
455 | 
456 |             <div class="tab-pane" id="settings">
457 |                 <h3>投票设置</h3>
458 |                 <div class="card p-3">
459 |                     <div class="mb-3">
460 |                         <label class="form-label">投票系统名称</label>
461 |                         <input type="text" class="form-control" id="votingSystemName" 
462 |                                value="<?= htmlspecialchars($settings['voting_name'] ?? '投票系统') ?>">
463 |                     </div>
464 |                     <div class="mb-3">
465 |                         <label class="form-label">每人最多可投票数</label>
466 |                         <input type="number" class="form-control" id="maxVotesPerUser" min="1"
467 |                                value="<?= htmlspecialchars($settings['max_votes_per_user'] ?? '1') ?>">
468 |                     </div>
469 |                     <div class="mb-3">
470 |                         <label class="form-label">投票状态</label>
471 |                         <select class="form-select" id="votingStatus">
472 |                             <option value="1" <?= ($settings['voting_enabled'] ?? 1) ? 'selected' : '' ?>>开启投票</option>
473 |                             <option value="0" <?= ($settings['voting_enabled'] ?? 1) ? '' : 'selected' ?>>暂停投票</option>
474 |                         </select>
475 |                     </div>
476 |                     <div class="mb-3">
477 |                         <label class="form-label">投票开始时间</label>
478 |                         <input type="datetime-local" class="form-control" id="votingStartTime"
479 |                                value="<?= date('Y-m-d\TH:i', strtotime($settings['voting_start_time'] ?? 'now')) ?>">
480 |                     </div>
481 |                     <div class="mb-3">
482 |                         <label class="form-label">投票结束时间</label>
483 |                         <input type="datetime-local" class="form-control" id="votingEndTime"
484 |                                value="<?= date('Y-m-d\TH:i', strtotime($settings['voting_end_time'] ?? '+7 days')) ?>">
485 |                     </div>
486 |                     <div class="mb-3">
487 |                         <label class="form-label">显示实时票数</label>
488 |                         <select class="form-select" id="showRealTimeResults">
489 |                             <option value="1" <?= ($settings['show_results'] ?? 1) ? 'selected' : '' ?>>显示</option>
490 |                             <option value="0" <?= ($settings['show_results'] ?? 1) ? '' : 'selected' ?>>隐藏</option>
491 |                         </select>
492 |                     </div>
493 |                     <div class="mb-3">
494 |                         <button class="btn btn-primary" onclick="updateSettings()">保存设置</button>
495 |                         <button class="btn btn-danger ms-2" onclick="resetAllVotes()">重置所有票数</button>
496 |                     </div>
497 |                 </div>
498 |             </div>
499 |         </div>
500 |     </div>
501 | 
502 |     <div class="modal fade" id="addCandidateModal">
503 |         <div class="modal-dialog">
504 |             <div class="modal-content">
505 |                 <div class="modal-header">
506 |                     <h5 class="modal-title">添加候选人</h5>
507 |                     <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
508 |                 </div>
509 |                 <div class="modal-body">
510 |                     <form id="addCandidateForm">
511 |                         <div class="mb-3">
512 |                             <label>名称</label>
513 |                             <input type="text" name="name" class="form-control" required>
514 |                         </div>
515 |                         <button type="submit" class="btn btn-primary">添加</button>
516 |                     </form>
517 |                 </div>
518 |             </div>
519 |         </div>
520 |     </div>
521 | 
522 |     <div class="modal fade" id="addUserModal">
523 |         <div class="modal-dialog">
524 |             <div class="modal-content">
525 |                 <div class="modal-header">
526 |                     <h5 class="modal-title">添加用户</h5>
527 |                     <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
528 |                 </div>
529 |                 <div class="modal-body">
530 |                     <form id="addUserForm">
531 |                         <div class="mb-3">
532 |                             <label>用户名</label>
533 |                             <input type="text" name="username" class="form-control" required>
534 |                         </div>
535 |                         <div class="mb-3">
536 |                             <label>密码</label>
537 |                             <input type="password" name="password" class="form-control" required>
538 |                         </div>
539 |                         <button type="submit" class="btn btn-primary">添加</button>
540 |                     </form>
541 |                 </div>
542 |             </div>
543 |         </div>
544 |     </div>
545 | 
546 |     <div class="modal fade" id="resetVotesModal">
547 |         <div class="modal-dialog">
548 |             <div class="modal-content">
549 |                 <div class="modal-header">
550 |                     <h5 class="modal-title">重置票数</h5>
551 |                     <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
552 |                 </div>
553 |                 <div class="modal-body">
554 |                     <form id="resetVotesForm">
555 |                         <input type="hidden" name="candidate_id" id="resetVotesCandidateId">
556 |                         <button type="submit" class="btn btn-primary">重置</button>
557 |                     </form>
558 |                 </div>
559 |             </div>
560 |         </div>
561 |     </div>
562 | 
563 |     <div class="modal fade" id="changePasswordModal">
564 |         <div class="modal-dialog">
565 |             <div class="modal-content">
566 |                 <div class="modal-header">
567 |                     <h5 class="modal-title">修改密码</h5>
568 |                     <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
569 |                 </div>
570 |                 <div class="modal-body">
571 |                     <form id="changePasswordForm">
572 |                         <div class="mb-3">
573 |                             <label>当前密码</label>
574 |                             <input type="password" name="current_password" class="form-control" required>
575 |                         </div>
576 |                         <div class="mb-3">
577 |                             <label>新密码</label>
578 |                             <input type="password" name="new_password" class="form-control" required>
579 |                         </div>
580 |                         <div class="mb-3">
581 |                             <label>确认新密码</label>
582 |                             <input type="password" name="confirm_password" class="form-control" required>
583 |                         </div>
584 |                         <button type="submit" class="btn btn-primary">修改</button>
585 |                     </form>
586 |                 </div>
587 |             </div>
588 |         </div>
589 |     </div>
590 | 
591 |     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
592 |     <script>
593 |     document.getElementById('addUserForm').onsubmit = function(e) {
594 |         e.preventDefault();
595 |         const formData = new FormData(this);
596 |         
597 |         fetch('add_user.php', {
598 |             method: 'POST',
599 |             body: formData
600 |         })
601 |         .then(response => response.json())
602 |         .then(data => {
603 |             if (data.success) {
604 |                 location.reload();
605 |             }
606 |         });
607 |     };
608 | 
609 |     function deleteUser(userId) {
610 |         if (confirm('确定要删除该用户吗？')) {
611 |             fetch('delete_user.php', {
612 |                 method: 'POST',
613 |                 headers: {
614 |                     'Content-Type': 'application/x-www-form-urlencoded',
615 |                 },
616 |                 body: `user_id=${userId}`
617 |             })
618 |             .then(response => response.json())
619 |             .then(data => {
620 |                 if (data.success) {
621 |                     location.reload();
622 |                 }
623 |             });
624 |         }
625 |     }
626 | 
627 |     function resetPassword(userId) {
628 |         const newPassword = prompt('请输入新密码：');
629 |         if (newPassword) {
630 |             fetch('reset_password.php', {
631 |                 method: 'POST',
632 |                 headers: {
633 |                     'Content-Type': 'application/x-www-form-urlencoded',
634 |                 },
635 |                 body: `user_id=${userId}&password=${newPassword}`
636 |             })
637 |             .then(response => response.json())
638 |             .then(data => {
639 |                 if (data.success) {
640 |                     alert('密码已重置');
641 |                 }
642 |             });
643 |         }
644 |     }
645 | 
646 |     function updateUserRole(userId, isAdmin) {
647 |         fetch('update_user_role.php', {
648 |             method: 'POST',
649 |             headers: {
650 |                 'Content-Type': 'application/x-www-form-urlencoded',
651 |             },
652 |             body: `user_id=${userId}&is_admin=${isAdmin}`
653 |         })
654 |         .then(response => response.json())
655 |         .then(data => {
656 |             if (data.success) {
657 |                 alert('用户权限已更新');
658 |             }
659 |         });
660 |     }
661 | 
662 |     function updateCandidateName(id, name) {
663 |         fetch('update_candidate.php', {
664 |             method: 'POST',
665 |             headers: {
666 |                 'Content-Type': 'application/x-www-form-urlencoded',
667 |             },
668 |             body: `id=${id}&name=${encodeURIComponent(name)}`
669 |         })
670 |         .then(response => response.json())
671 |         .then(data => {
672 |             if (data.success) {
673 |                 alert('名称已更新');
674 |             }
675 |         });
676 |     }
677 | 
678 |     function resetVotes(candidateId) {
679 |         document.getElementById('resetVotesCandidateId').value = candidateId;
680 |         new bootstrap.Modal(document.getElementById('resetVotesModal')).show();
681 |     }
682 | 
683 |     function resetAllVotes() {
684 |         if (confirm('确定要重置所有候选人的票数吗？')) {
685 |             fetch('reset_all_votes.php', {
686 |                 method: 'POST'
687 |             })
688 |             .then(response => response.json())
689 |             .then(data => {
690 |                 if (data.success) {
691 |                     location.reload();
692 |                 }
693 |             });
694 |         }
695 |     }
696 | 
697 |     function deleteCandidate(id) {
698 |         if (confirm('确定要删除该候选人吗？')) {
699 |             fetch('delete_candidate.php', {
700 |                 method: 'POST',
701 |                 headers: {
702 |                     'Content-Type': 'application/x-www-form-urlencoded',
703 |                 },
704 |                 body: `id=${id}`
705 |             })
706 |             .then(response => response.json())
707 |             .then(data => {
708 |                 if (data.success) {
709 |                     location.reload();
710 |                 }
711 |             });
712 |         }
713 |     }
714 | 
715 |     document.getElementById('addCandidateForm').onsubmit = function(e) {
716 |         e.preventDefault();
717 |         const formData = new FormData(this);
718 |         
719 |         fetch('add_candidate.php', {
720 |             method: 'POST',
721 |             body: formData
722 |         })
723 |         .then(response => response.json())
724 |         .then(data => {
725 |             if (data.success) {
726 |                 location.reload();
727 |             }
728 |         });
729 |     };
730 | 
731 |     document.getElementById('resetVotesForm').onsubmit = function(e) {
732 |         e.preventDefault();
733 |         const candidateId = document.getElementById('resetVotesCandidateId').value;
734 |         
735 |         fetch('reset_votes.php', {
736 |             method: 'POST',
737 |             headers: {
738 |                 'Content-Type': 'application/x-www-form-urlencoded',
739 |             },
740 |             body: `candidate_id=${candidateId}`
741 |         })
742 |         .then(response => response.json())
743 |         .then(data => {
744 |             if (data.success) {
745 |                 location.reload();
746 |             } else {
747 |                 alert('重置票数失败：' + (data.message || '未知错误'));
748 |             }
749 |         })
750 |         .catch(error => {
751 |             alert('重置票数失败：' + error);
752 |         });
753 |     };
754 | 
755 |     document.getElementById('changePasswordForm').onsubmit = function(e) {
756 |         e.preventDefault();
757 |         const formData = new FormData(this);
758 |         
759 |         if (formData.get('new_password') !== formData.get('confirm_password')) {
760 |             alert('两次输入的新密码不一致');
761 |             return;
762 |         }
763 |         
764 |         fetch('change_password.php', {
765 |             method: 'POST',
766 |             body: formData
767 |         })
768 |         .then(response => response.json())
769 |         .then(data => {
770 |             if (data.success) {
771 |                 alert('密码修改成功');
772 |                 this.reset();
773 |                 bootstrap.Modal.getInstance(document.getElementById('changePasswordModal')).hide();
774 |             } else {
775 |                 alert(data.message || '密码修改失败');
776 |             }
777 |         })
778 |         .catch(error => {
779 |             alert('密码修改失败：' + error);
780 |         });
781 |     };
782 | 
783 |     function updateSettings() {
784 |         const settings = {
785 |             voting_name: document.getElementById('votingSystemName').value,
786 |             max_votes_per_user: document.getElementById('maxVotesPerUser').value,
787 |             voting_enabled: document.getElementById('votingStatus').value,
788 |             voting_start_time: document.getElementById('votingStartTime').value,
789 |             voting_end_time: document.getElementById('votingEndTime').value,
790 |             show_results: document.getElementById('showRealTimeResults').value
791 |         };
792 |         
793 |         fetch('update_settings.php', {
794 |             method: 'POST',
795 |             headers: {
796 |                 'Content-Type': 'application/json',
797 |             },
798 |             body: JSON.stringify(settings)
799 |         })
800 |         .then(response => response.json())
801 |         .then(data => {
802 |             if (data.success) {
803 |                 alert('设置已更新');
804 |                 document.querySelector('.navbar-brand').textContent = settings.voting_name;
805 |             } else {
806 |                 alert('更新设置失败：' + (data.message || '未知错误'));
807 |             }
808 |         })
809 |         .catch(error => {
810 |             alert('更新设置失败：' + error);
811 |         });
812 |     }
813 |     </script>
814 | </body>
815 | </html> 
816 | </html> 


--------------------------------------------------------------------------------
/api/change_password.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '未登录']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ?
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | $user = $stmt->fetch();
19 | 
20 | if (!$user) {
21 |     echo json_encode(['success' => false, 'message' => '用户不存在']);
22 |     exit;
23 | }
24 | 
25 | $current_password = $_POST['current_password'] ?? '';
26 | if (!password_verify($current_password, $user['password'])) {
27 |     echo json_encode(['success' => false, 'message' => '当前密码错误']);
28 |     exit;
29 | }
30 | 
31 | $new_password = $_POST['new_password'] ?? '';
32 | $hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
33 | 
34 | $stmt = $pdo->prepare("UPDATE users SET password = ? WHERE id = ?");
35 | $result = $stmt->execute([$hashed_password, $user['id']]);
36 | 
37 | echo json_encode(['success' => $result]); 


--------------------------------------------------------------------------------
/api/config.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | $host = getenv('DB_HOST');
 3 | $dbname = getenv('DB_NAME');
 4 | $username = getenv('DB_USER');
 5 | $password = getenv('DB_PASSWORD');
 6 | 
 7 | try {
 8 |     $pdo = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8mb4", $username, $password);
 9 |     $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
10 | } catch(PDOException $e) {
11 |     die("连接失败: " . $e->getMessage());
12 | } 


--------------------------------------------------------------------------------
/api/dash.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | require_once 'config.php';
  3 | 
  4 | $auth_token = $_COOKIE['auth_token'] ?? '';
  5 | if (!$auth_token) {
  6 |     header('Location: /api/login.php');
  7 |     exit;
  8 | }
  9 | 
 10 | $stmt = $pdo->prepare("
 11 |     SELECT u.* 
 12 |     FROM users u 
 13 |     JOIN user_tokens t ON u.id = t.user_id 
 14 |     WHERE t.token = ?
 15 |     LIMIT 1
 16 | ");
 17 | $stmt->execute([$auth_token]);
 18 | $user = $stmt->fetch();
 19 | 
 20 | if (!$user) {
 21 |     header('Location: login.php');
 22 |     exit;
 23 | }
 24 | 
 25 | $stmt = $pdo->query("SELECT * FROM settings WHERE id = 1");
 26 | $settings = $stmt->fetch();
 27 | 
 28 | $now = new DateTime();
 29 | $startTime = new DateTime($settings['voting_start_time']);
 30 | $endTime = new DateTime($settings['voting_end_time']);
 31 | $votingEnabled = $settings['voting_enabled'] && $now >= $startTime && $now <= $endTime;
 32 | 
 33 | $stmt = $pdo->prepare("SELECT COUNT(*) as vote_count FROM votes WHERE user_id = ?");
 34 | $stmt->execute([$user['id']]);
 35 | $userVoteCount = $stmt->fetch()['vote_count'];
 36 | $canVote = $userVoteCount < $settings['max_votes_per_user'];
 37 | 
 38 | $stmt = $pdo->query("
 39 |     SELECT c.*, COUNT(v.id) as vote_count 
 40 |     FROM candidates c 
 41 |     LEFT JOIN votes v ON c.id = v.candidate_id 
 42 |     GROUP BY c.id 
 43 |     ORDER BY COUNT(v.id) DESC
 44 | ");
 45 | $candidates = $stmt->fetchAll();
 46 | ?>
 47 | 
 48 | <!DOCTYPE html>
 49 | <html>
 50 | <head>
 51 |     <title><?= htmlspecialchars($settings['voting_name']) ?></title>
 52 |     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
 53 |     <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
 54 |     <style>
 55 |         body {
 56 |             background-color: #f0f2f5;
 57 |         }
 58 |         .navbar {
 59 |             background: linear-gradient(135deg, #1a1a1a 0%, #2c3e50 100%);
 60 |             box-shadow: 0 2px 4px rgba(0,0,0,0.1);
 61 |         }
 62 |         .navbar-brand {
 63 |             color: white !important;
 64 |             font-size: 1.5rem;
 65 |             font-weight: bold;
 66 |         }
 67 |         .user-info {
 68 |             color: #fff;
 69 |         }
 70 |         .card {
 71 |             border-radius: 12px;
 72 |             box-shadow: 0 4px 12px rgba(0, 0, 0, 0.05);
 73 |         }
 74 |         .card-header {
 75 |             background: linear-gradient(135deg, #1a1a1a 0%, #2c3e50 100%);
 76 |             color: white;
 77 |             font-weight: 600;
 78 |             padding: 1.2rem 1.5rem;
 79 |             border: none;
 80 |         }
 81 |         .card-body {
 82 |             padding: 1.5rem;
 83 |             background: white;
 84 |         }
 85 |         .btn-primary {
 86 |             background: linear-gradient(135deg, #0056b3 0%, #0088ff 100%);
 87 |             border: none;
 88 |             font-weight: 500;
 89 |             color: white !important;
 90 |         }
 91 |         .btn-primary:hover {
 92 |             background-color: #003d82;
 93 |             border-color: #003d82;
 94 |         }
 95 |         .btn-outline-danger {
 96 |             color: #fff;
 97 |             border-color: #fff;
 98 |         }
 99 |         .btn-outline-danger:hover {
100 |             background-color: #dc3545;
101 |             color: #fff;
102 |         }
103 |         .vote-count {
104 |             font-size: 1.5rem;
105 |             font-weight: 700;
106 |             color: #0056b3;
107 |             margin-bottom: 1rem;
108 |         }
109 |         .alert {
110 |             border-radius: 12px;
111 |             padding: 1rem 1.5rem;
112 |             border: none;
113 |             background: linear-gradient(135deg, rgba(255,255,255,0.9) 0%, rgba(255,255,255,0.8) 100%);
114 |             backdrop-filter: blur(10px);
115 |             box-shadow: 0 4px 12px rgba(0, 0, 0, 0.05);
116 |         }
117 |         .chart-container {
118 |             background: white;
119 |             border-radius: 16px;
120 |             padding: 1.5rem;
121 |             margin-bottom: 2rem;
122 |             box-shadow: 0 4px 12px rgba(0,0,0,0.05);
123 |         }
124 |         .card-text {
125 |             color: #2c3e50;
126 |         }
127 |         .btn-primary[disabled] {
128 |             background: #6c757d;
129 |             color: rgba(255,255,255,0.8) !important;
130 |             opacity: 0.8;
131 |         }
132 |         #votes-count {
133 |             color: #2c3e50;
134 |             font-weight: bold;
135 |         }
136 |         
137 |         @media (max-width: 768px) {
138 |             .container {
139 |                 padding: 0.5rem;
140 |                 max-width: 100%;
141 |             }
142 |             
143 |             .navbar {
144 |                 padding: 0.5rem;
145 |             }
146 |             
147 |             .navbar-brand {
148 |                 font-size: 1.2rem;
149 |             }
150 |             
151 |             .user-info {
152 |                 display: flex;
153 |                 flex-direction: column;
154 |                 align-items: flex-end;
155 |                 gap: 0.5rem;
156 |                 font-size: 0.9rem;
157 |             }
158 |             
159 |             .user-info .btn {
160 |                 padding: 0.3rem 0.8rem;
161 |                 font-size: 0.9rem;
162 |             }
163 |             
164 |             .col-md-4 {
165 |                 width: 100%;
166 |                 padding: 0 0.5rem;
167 |             }
168 |             
169 |             .card {
170 |                 margin-bottom: 0.8rem;
171 |             }
172 |             
173 |             .card-header {
174 |                 padding: 0.8rem;
175 |                 font-size: 1rem;
176 |             }
177 |             
178 |             .card-body {
179 |                 padding: 0.8rem;
180 |             }
181 |             
182 |             .vote-count {
183 |                 font-size: 1.1rem;
184 |                 margin-bottom: 0.8rem;
185 |             }
186 |             
187 |             .alert {
188 |                 padding: 0.8rem;
189 |                 margin: 0.5rem 0;
190 |                 font-size: 0.9rem;
191 |             }
192 |             
193 |             .chart-container {
194 |                 padding: 0.8rem;
195 |                 margin: 0.5rem 0 1rem 0;
196 |                 height: 200px !important;
197 |             }
198 |             
199 |             canvas {
200 |                 height: 200px !important;
201 |             }
202 |             
203 |             .btn-primary {
204 |                 padding: 0.5rem;
205 |                 font-size: 0.95rem;
206 |             }
207 |         }
208 |         
209 |         @media (max-width: 480px) {
210 |             .navbar-brand {
211 |                 font-size: 1rem;
212 |             }
213 |             
214 |             .user-info {
215 |                 font-size: 0.85rem;
216 |             }
217 |             
218 |             .card-header {
219 |                 font-size: 0.95rem;
220 |             }
221 |             
222 |             .vote-count {
223 |                 font-size: 1rem;
224 |             }
225 |             
226 |             .alert {
227 |                 font-size: 0.85rem;
228 |             }
229 |         }
230 |     </style>
231 | </head>
232 | <body>
233 |     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
234 |     <nav class="navbar">
235 |         <div class="container">
236 |             <span class="navbar-brand"><?= htmlspecialchars($settings['voting_name']) ?></span>
237 |             <div class="user-info">
238 |                 <span class="me-3">欢迎，<?= htmlspecialchars($user['username']) ?></span>
239 |                 <a href="logout.php" class="btn btn-outline-danger">退出登录</a>
240 |             </div>
241 |         </div>
242 |     </nav>
243 | 
244 |     <div class="container">
245 |         <div id="vote-status-alert" class="alert 
246 |             <?php if (!$votingEnabled): ?>
247 |                 alert-danger
248 |             <?php elseif ($userVoteCount >= $settings['max_votes_per_user']): ?>
249 |                 alert-info
250 |             <?php else: ?>
251 |                 alert-warning
252 |             <?php endif; ?>">
253 |             <?php if (!$votingEnabled): ?>
254 |                 <?php if (!$settings['voting_enabled']): ?>
255 |                     投票已暂停
256 |                 <?php elseif ($now < $startTime): ?>
257 |                     投票还未开始，开始时间：<?= $startTime->format('Y-m-d H:i') ?>
258 |                 <?php else: ?>
259 |                     投票已结束
260 |                 <?php endif; ?>
261 |             <?php elseif ($userVoteCount >= $settings['max_votes_per_user']): ?>
262 |                 您已完成所有可投票数（<?= $settings['max_votes_per_user'] ?>票），感谢参与！
263 |             <?php else: ?>
264 |                 您还可以投<?= $settings['max_votes_per_user'] - $userVoteCount ?>票
265 |             <?php endif; ?>
266 |         </div>
267 | 
268 |         <?php if ($settings['show_results'] || $userVoteCount >= $settings['max_votes_per_user']): ?>
269 |             <div class="card mb-4">
270 |                 <div class="card-header">实时投票结果</div>
271 |                 <div class="card-body chart-container">
272 |                     <canvas id="voteBarChart" style="height: 300px;"></canvas>
273 |                 </div>
274 |             </div>
275 |         <?php endif; ?>
276 |         
277 |         <div class="row">
278 |             <?php foreach ($candidates as $candidate): ?>
279 |             <div class="col-md-4 mb-4">
280 |                 <div class="card h-100">
281 |                     <div class="card-header"><?= htmlspecialchars($candidate['name']) ?></div>
282 |                     <div class="card-body">
283 |                         <p class="card-text vote-count">当前票数: <span id="votes-<?= $candidate['id'] ?>"><?= $candidate['vote_count'] ?></span></p>
284 |                         <button class="btn btn-primary vote-btn w-100" 
285 |                                 data-id="<?= $candidate['id'] ?>"
286 |                                 <?= $userVoteCount >= $settings['max_votes_per_user'] ? 'disabled' : '' ?>>
287 |                             <?= $userVoteCount >= $settings['max_votes_per_user'] ? '已投票' : '投票' ?>
288 |                         </button>
289 |                     </div>
290 |                 </div>
291 |             </div>
292 |             <?php endforeach; ?>
293 |         </div>
294 |     </div>
295 | 
296 |     <script>
297 |     const chart = new Chart(document.getElementById('voteBarChart'), {
298 |         type: 'bar',
299 |         data: {
300 |             labels: [],
301 |             datasets: [{
302 |                 data: [],
303 |                 backgroundColor: 'rgba(54, 162, 235, 0.8)',
304 |                 borderColor: 'rgba(54, 162, 235, 1)',
305 |                 borderWidth: 1
306 |             }]
307 |         },
308 |         options: {
309 |             indexAxis: 'y',
310 |             animation: {
311 |                 duration: 1000
312 |             },
313 |             plugins: {
314 |                 legend: {
315 |                     display: false
316 |                 }
317 |             },
318 |             scales: {
319 |                 x: {
320 |                     beginAtZero: true
321 |                 }
322 |             }
323 |         }
324 |     });
325 | 
326 |     function updateChart(data) {
327 |         data.sort((a, b) => b.vote_count - a.vote_count);
328 |         chart.data.labels = data.map(c => c.name);
329 |         chart.data.datasets[0].data = data.map(c => c.vote_count);
330 |         chart.update();
331 |     }
332 | 
333 |     function updateVotes() {
334 |         fetch('get_votes.php')
335 |             .then(response => response.json())
336 |             .then(data => {
337 |                 data.forEach(candidate => {
338 |                     document.getElementById(`votes-${candidate.id}`).textContent = candidate.vote_count;
339 |                 });
340 |                 updateChart(data);
341 |             });
342 |     }
343 | 
344 |     setInterval(updateVotes, 500);
345 |     document.querySelectorAll('.vote-btn').forEach(btn => {
346 |         btn.addEventListener('click', function() {
347 |             if (!confirm('确定要投票给这位候选人吗？投票后将无法更改！')) {
348 |                 return;
349 |             }
350 |             
351 |             const candidateId = this.dataset.id;
352 |             fetch('vote.php', {
353 |                 method: 'POST',
354 |                 headers: {
355 |                     'Content-Type': 'application/x-www-form-urlencoded',
356 |                 },
357 |                 body: `candidate_id=${candidateId}`
358 |             })
359 |             .then(response => response.json())
360 |             .then(data => {
361 |                 if (data.success) {
362 |                     alert('投票成功！');
363 |                     const alertDiv = document.getElementById('vote-status-alert');
364 |                     alertDiv.className = 'alert alert-info';
365 |                     alertDiv.innerHTML = '<i class="fas fa-check-circle"></i> 您已经完成投票，感谢参与！';
366 |                     document.querySelectorAll('.vote-btn').forEach(b => {
367 |                         b.disabled = true;
368 |                         b.textContent = '已投票';
369 |                     });
370 |                     updateVotes();
371 |                 } else {
372 |                     alert(data.message || '投票失败，请稍后重试');
373 |                 }
374 |             })
375 |             .catch(error => {
376 |                 alert('系统错误，请稍后重试');
377 |             });
378 |         });
379 |     });
380 | 
381 |     updateVotes();
382 |     </script>
383 | </body>
384 | </html>
385 | 


--------------------------------------------------------------------------------
/api/delete_candidate.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '未登录']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ? AND u.is_admin = 1
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | if (!$stmt->fetch()) {
19 |     echo json_encode(['success' => false, 'message' => '无权限']);
20 |     exit;
21 | }
22 | 
23 | $id = $_POST['id'] ?? '';
24 | 
25 | if (!$id) {
26 |     echo json_encode(['success' => false, 'message' => '参数错误']);
27 |     exit;
28 | }
29 | 
30 | $pdo->beginTransaction();
31 | 
32 | try {
33 |     $stmt = $pdo->prepare("DELETE FROM votes WHERE candidate_id = ?");
34 |     $stmt->execute([$id]);
35 |     $stmt = $pdo->prepare("DELETE FROM candidates WHERE id = ?");
36 |     $stmt->execute([$id]);
37 |     $pdo->commit();
38 |     echo json_encode(['success' => true]);
39 | } catch (Exception $e) {
40 |     $pdo->rollBack();
41 |     echo json_encode(['success' => false, 'message' => $e->getMessage()]);
42 | } 


--------------------------------------------------------------------------------
/api/delete_user.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '未登录']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ? AND u.is_admin = 1
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | $admin = $stmt->fetch();
19 | 
20 | if (!$admin) {
21 |     echo json_encode(['success' => false, 'message' => '无权限']);
22 |     exit;
23 | }
24 | 
25 | $user_id = $_POST['user_id'] ?? '';
26 | if (!$user_id) {
27 |     echo json_encode(['success' => false, 'message' => '参数错误']);
28 |     exit;
29 | }
30 | 
31 | try {
32 |     $pdo->beginTransaction();
33 |     $stmt = $pdo->prepare("DELETE FROM votes WHERE user_id = ?");
34 |     $stmt->execute([$user_id]);
35 |     $stmt = $pdo->prepare("DELETE FROM user_tokens WHERE user_id = ?");
36 |     $stmt->execute([$user_id]);
37 |     $stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
38 |     $stmt->execute([$user_id]);
39 |     $pdo->commit();
40 |     
41 |     echo json_encode(['success' => true]);
42 | } catch (Exception $e) {
43 |     $pdo->rollBack();
44 |     echo json_encode(['success' => false, 'message' => '删除失败：' . $e->getMessage()]);
45 | } 


--------------------------------------------------------------------------------
/api/get_votes.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode([]);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ?
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | $user = $stmt->fetch();
19 | 
20 | if (!$user) {
21 |     echo json_encode([]);
22 |     exit;
23 | }
24 | 
25 | $stmt = $pdo->query("SELECT * FROM settings WHERE id = 1");
26 | $settings = $stmt->fetch();
27 | 
28 | $stmt = $pdo->prepare("SELECT COUNT(*) as vote_count FROM votes WHERE user_id = ?");
29 | $stmt->execute([$user['id']]);
30 | $userVoteCount = $stmt->fetch()['vote_count'];
31 | 
32 | if (!$settings['show_results'] && $userVoteCount < $settings['max_votes_per_user']) {
33 |     echo json_encode([]);
34 |     exit;
35 | }
36 | 
37 | $stmt = $pdo->query("
38 |     SELECT 
39 |         c.id,
40 |         c.name,
41 |         COUNT(v.id) as vote_count 
42 |     FROM candidates c 
43 |     LEFT JOIN votes v ON c.id = v.candidate_id 
44 |     GROUP BY c.id 
45 |     ORDER BY vote_count DESC
46 | ");
47 | 
48 | $candidates = $stmt->fetchAll(PDO::FETCH_ASSOC);
49 | 
50 | header('Content-Type: application/json');
51 | 
52 | echo json_encode($candidates); 


--------------------------------------------------------------------------------
/api/install.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | require_once 'config.php';
  3 | 
  4 | $error = '';
  5 | $success = '';
  6 | 
  7 | try {
  8 |     $tables = ['candidates', 'settings', 'user_tokens', 'users', 'votes'];
  9 |     $existing_tables = [];
 10 |     
 11 |     foreach ($tables as $table) {
 12 |         $stmt = $pdo->prepare("SHOW TABLES LIKE ?");
 13 |         $stmt->execute([$table]);
 14 |         if ($stmt->fetch()) {
 15 |             $existing_tables[] = $table;
 16 |         }
 17 |     }
 18 |     
 19 |     if (count($existing_tables) === count($tables)) {
 20 |         header('Location: /api/login.php');
 21 |         exit;
 22 |     }
 23 | 
 24 |     if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 25 |         $pdo->exec('SET FOREIGN_KEY_CHECKS=0');
 26 |         $sql = "
 27 |         DROP TABLE IF EXISTS `candidates`;
 28 |         DROP TABLE IF EXISTS `settings`;
 29 |         DROP TABLE IF EXISTS `user_tokens`;
 30 |         DROP TABLE IF EXISTS `users`;
 31 |         DROP TABLE IF EXISTS `votes`;
 32 | 
 33 |         CREATE TABLE `candidates` (
 34 |             `id` int NOT NULL AUTO_INCREMENT,
 35 |             `name` varchar(100) NOT NULL,
 36 |             `created_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
 37 |             PRIMARY KEY (`id`)
 38 |         );
 39 | 
 40 |         CREATE TABLE `settings` (
 41 |             `id` int NOT NULL,
 42 |             `voting_name` varchar(255) NOT NULL DEFAULT '投票系统',
 43 |             `created_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
 44 |             `updated_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
 45 |             `max_votes_per_user` int NOT NULL DEFAULT '1',
 46 |             `voting_enabled` tinyint(1) NOT NULL DEFAULT '1',
 47 |             `voting_start_time` datetime DEFAULT NULL,
 48 |             `voting_end_time` datetime DEFAULT NULL,
 49 |             `show_results` tinyint(1) NOT NULL DEFAULT '1',
 50 |             PRIMARY KEY (`id`)
 51 |         );
 52 | 
 53 |         CREATE TABLE `users` (
 54 |             `id` int NOT NULL AUTO_INCREMENT,
 55 |             `username` varchar(50) NOT NULL,
 56 |             `password` varchar(255) NOT NULL,
 57 |             `is_admin` tinyint(1) DEFAULT '0',
 58 |             `created_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
 59 |             PRIMARY KEY (`id`),
 60 |             UNIQUE KEY `username` (`username`)
 61 |         );
 62 | 
 63 |         CREATE TABLE `user_tokens` (
 64 |             `id` int NOT NULL AUTO_INCREMENT,
 65 |             `user_id` int NOT NULL,
 66 |             `token` varchar(36) NOT NULL,
 67 |             `created_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
 68 |             PRIMARY KEY (`id`),
 69 |             KEY `user_id` (`user_id`),
 70 |             CONSTRAINT `user_tokens_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`)
 71 |         );
 72 | 
 73 |         CREATE TABLE `votes` (
 74 |             `id` int NOT NULL AUTO_INCREMENT,
 75 |             `user_id` int DEFAULT NULL,
 76 |             `candidate_id` int DEFAULT NULL,
 77 |             `created_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
 78 |             PRIMARY KEY (`id`),
 79 |             KEY `user_id` (`user_id`),
 80 |             KEY `candidate_id` (`candidate_id`),
 81 |             CONSTRAINT `votes_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`),
 82 |             CONSTRAINT `votes_ibfk_2` FOREIGN KEY (`candidate_id`) REFERENCES `candidates` (`id`)
 83 |         )";
 84 | 
 85 |         $pdo->exec($sql);
 86 |         $admin_password = password_hash('admin', PASSWORD_DEFAULT);
 87 |         $stmt = $pdo->prepare("INSERT INTO users (username, password, is_admin) VALUES (?, ?, 1)");
 88 |         $stmt->execute(['admin', $admin_password]);
 89 |         $stmt = $pdo->prepare("INSERT INTO settings (id, voting_name) VALUES (1, '投票系统')");
 90 |         $stmt->execute();
 91 |         $pdo->exec('SET FOREIGN_KEY_CHECKS=1');
 92 |         $success = '安装成功！默认管理员账号：admin，密码：admin';
 93 |     }
 94 | 
 95 | } catch(PDOException $e) {
 96 |     $error = '安装过程出错：' . $e->getMessage();
 97 | }
 98 | ?>
 99 | 
100 | <!DOCTYPE html>
101 | <html>
102 | <head>
103 |     <title>投票系统 - 安装</title>
104 |     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
105 |     <style>
106 |         body {
107 |             background: linear-gradient(120deg, #84fab0 0%, #8fd3f4 100%);
108 |             min-height: 100vh;
109 |             display: flex;
110 |             align-items: center;
111 |             font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
112 |         }
113 |         .container {
114 |             padding: 2rem 1rem;
115 |         }
116 |         .card {
117 |             border: none;
118 |             border-radius: 20px;
119 |             box-shadow: 0 15px 35px rgba(0, 0, 0, 0.1);
120 |             backdrop-filter: blur(10px);
121 |             background: rgba(255, 255, 255, 0.9);
122 |             transition: transform 0.3s ease;
123 |         }
124 |         .card:hover {
125 |             transform: translateY(-5px);
126 |         }
127 |         .card-header {
128 |             background: linear-gradient(120deg, #2b4c7d 0%, #1e88e5 100%);
129 |             color: white;
130 |             border-radius: 20px 20px 0 0 !important;
131 |             padding: 2rem;
132 |             text-align: center;
133 |             font-size: 1.5rem;
134 |             font-weight: 600;
135 |             border: none;
136 |         }
137 |         .card-body {
138 |             padding: 2rem;
139 |         }
140 |         .btn-primary {
141 |             background: linear-gradient(120deg, #2b4c7d 0%, #1e88e5 100%);
142 |             border: none;
143 |             padding: 1rem 2rem;
144 |             font-weight: 600;
145 |             width: 100%;
146 |             border-radius: 10px;
147 |             transition: all 0.3s ease;
148 |         }
149 |         .btn-primary:hover {
150 |             transform: translateY(-2px);
151 |             box-shadow: 0 5px 15px rgba(0, 0, 0, 0.2);
152 |         }
153 |         .btn-success {
154 |             background: linear-gradient(120deg, #28a745 0%, #20c997 100%);
155 |             border: none;
156 |             padding: 1rem 2rem;
157 |             font-weight: 600;
158 |             width: 100%;
159 |             border-radius: 10px;
160 |             transition: all 0.3s ease;
161 |         }
162 |         .btn-success:hover {
163 |             transform: translateY(-2px);
164 |             box-shadow: 0 5px 15px rgba(0, 0, 0, 0.2);
165 |         }
166 |         .alert {
167 |             border-radius: 10px;
168 |             padding: 1rem;
169 |             margin-bottom: 1.5rem;
170 |         }
171 |         .logo-container {
172 |             text-align: center;
173 |             margin-bottom: 1.5rem;
174 |         }
175 |         .logo-text {
176 |             font-size: 2.5rem;
177 |             font-weight: 700;
178 |             color: #2b4c7d;
179 |             margin: 1rem 0;
180 |         }
181 |     </style>
182 | </head>
183 | <body>
184 |     <div class="container">
185 |         <div class="row justify-content-center">
186 |             <div class="col-md-6">
187 |                 <div class="card">
188 |                     <div class="card-header">
189 |                         <div class="logo-container">
190 |                             <div class="logo-text">投票系统</div>
191 |                         </div>
192 |                         系统安装向导
193 |                     </div>
194 |                     <div class="card-body">
195 |                         <?php if ($error): ?>
196 |                             <div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
197 |                         <?php endif; ?>
198 |                         
199 |                         <?php if ($success): ?>
200 |                             <div class="alert alert-success">
201 |                                 <?= htmlspecialchars($success) ?>
202 |                                 <br><br>
203 |                                 <a href="/api/login.php" class="btn btn-success">立即登录</a>
204 |                             </div>
205 |                         <?php else: ?>
206 |                             <p class="mb-4 text-center">欢迎使用投票系统，点击下方按钮开始安装：</p>
207 |                             <form method="POST">
208 |                                 <button type="submit" class="btn btn-primary">开始安装</button>
209 |                             </form>
210 |                         <?php endif; ?>
211 |                     </div>
212 |                 </div>
213 |             </div>
214 |         </div>
215 |     </div>
216 | </body>
217 | </html> 


--------------------------------------------------------------------------------
/api/login.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | require_once 'config.php';
  3 | 
  4 | $error = '';
  5 | 
  6 | // 检查数据库表是否存在
  7 | try {
  8 |     $tables = ['candidates', 'settings', 'user_tokens', 'users', 'votes'];
  9 |     $missing_tables = [];
 10 |     
 11 |     foreach ($tables as $table) {
 12 |         $stmt = $pdo->prepare("SHOW TABLES LIKE ?");
 13 |         $stmt->execute([$table]);
 14 |         if (!$stmt->fetch()) {
 15 |             $missing_tables[] = $table;
 16 |         }
 17 |     }
 18 |     
 19 |     if (!empty($missing_tables)) {
 20 |         header('Location: /api/install.php');
 21 |         exit;
 22 |     }
 23 | } catch(PDOException $e) {
 24 |     $error = '数据库连接错误，请检查配置！';
 25 | }
 26 | 
 27 | if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 28 |     $username = $_POST['username'];
 29 |     $password = $_POST['password'];
 30 |     
 31 |     try {
 32 |         $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
 33 |         $stmt->execute([$username]);
 34 |         $user = $stmt->fetch();
 35 |         
 36 |         if ($user && password_verify($password, $user['password'])) {
 37 |             $token = uniqid(rand(), true);
 38 |             $stmt = $pdo->prepare("INSERT INTO user_tokens (user_id, token) VALUES (?, ?)");
 39 |             $stmt->execute([$user['id'], $token]);
 40 |             setcookie('auth_token', $token, time() + (7 * 24 * 60 * 60), '/');
 41 |             
 42 |             if ($user['is_admin']) {
 43 |                 header('Location: /api/admin.php');
 44 |             } else {
 45 |                 header('Location: /api/dash.php');
 46 |             }
 47 |             exit;
 48 |         } else {
 49 |             $error = '用户名或密码错误！';
 50 |         }
 51 |     } catch(PDOException $e) {
 52 |         $error = '系统错误，请稍后再试！';
 53 |     }
 54 | }
 55 | ?>
 56 | 
 57 | <!DOCTYPE html>
 58 | <html>
 59 | <head>
 60 |     <title>投票系统 - 登录</title>
 61 |     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
 62 |     <style>
 63 |         body {
 64 |             background: linear-gradient(135deg, #f0f2f5 0%, #e6e9f0 100%);
 65 |             height: 100vh;
 66 |             display: flex;
 67 |             align-items: center;
 68 |             font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
 69 |         }
 70 |         .card {
 71 |             border: none;
 72 |             border-radius: 16px;
 73 |             box-shadow: 0 8px 24px rgba(0, 0, 0, 0.08);
 74 |             overflow: hidden;
 75 |             transition: transform 0.3s ease;
 76 |         }
 77 |         .card:hover {
 78 |             transform: translateY(-5px);
 79 |         }
 80 |         .card-header {
 81 |             background: linear-gradient(135deg, #1a1a1a 0%, #2c3e50 100%);
 82 |             color: white;
 83 |             border-radius: 16px 16px 0 0 !important;
 84 |             padding: 1.5rem;
 85 |             font-size: 1.25rem;
 86 |             font-weight: 600;
 87 |             border: none;
 88 |         }
 89 |         .card-body {
 90 |             padding: 2rem;
 91 |         }
 92 |         .form-control {
 93 |             border-radius: 10px;
 94 |             padding: 0.8rem 1.2rem;
 95 |             border: 1px solid #e0e0e0;
 96 |             background-color: #f8f9fa;
 97 |             transition: all 0.3s ease;
 98 |         }
 99 |         .form-control:focus {
100 |             border-color: #0056b3;
101 |             box-shadow: 0 0 0 0.2rem rgba(0, 86, 179, 0.25);
102 |             background-color: #fff;
103 |         }
104 |         .btn-primary {
105 |             background: linear-gradient(135deg, #0056b3 0%, #0088ff 100%);
106 |             border: none;
107 |             padding: 0.8rem;
108 |             font-weight: 600;
109 |             letter-spacing: 1px;
110 |             border-radius: 10px;
111 |             width: 100%;
112 |             transition: all 0.3s ease;
113 |         }
114 |         .btn-primary:hover {
115 |             background: linear-gradient(135deg, #003d82 0%, #0056b3 100%);
116 |             transform: translateY(-2px);
117 |             box-shadow: 0 4px 12px rgba(0, 86, 179, 0.2);
118 |         }
119 |         .alert {
120 |             border: none;
121 |             border-radius: 8px;
122 |             padding: 1rem 1.5rem;
123 |             margin-bottom: 1.5rem;
124 |             background: rgba(220, 53, 69, 0.1);
125 |             color: #dc3545;
126 |         }
127 |         .system-title {
128 |             text-align: center;
129 |             background: linear-gradient(135deg, #1a1a1a 0%, #2c3e50 100%);
130 |             -webkit-background-clip: text;
131 |             -webkit-text-fill-color: transparent;
132 |             font-size: 2.5rem;
133 |             font-weight: 800;
134 |             margin-bottom: 2rem;
135 |             letter-spacing: -0.5px;
136 |         }
137 |         label {
138 |             font-weight: 500;
139 |             color: #495057;
140 |             margin-bottom: 0.5rem;
141 |         }
142 |         .mb-4 {
143 |             margin-bottom: 1.5rem !important;
144 |         }
145 |         @media (max-width: 768px) {
146 |             body {
147 |                 padding: 1rem;
148 |             }
149 |             
150 |             .container {
151 |                 padding: 0;
152 |                 width: 100%;
153 |             }
154 |             
155 |             .col-md-5 {
156 |                 padding: 0;
157 |                 width: 100%;
158 |             }
159 |             
160 |             .system-title {
161 |                 font-size: 2rem;
162 |                 margin-bottom: 1.5rem;
163 |             }
164 |             
165 |             .card {
166 |                 margin: 0;
167 |                 box-shadow: 0 4px 12px rgba(0, 0, 0, 0.05);
168 |             }
169 |             
170 |             .card-header {
171 |                 padding: 1rem;
172 |                 font-size: 1.1rem;
173 |             }
174 |             
175 |             .card-body {
176 |                 padding: 1.2rem;
177 |             }
178 |             
179 |             .form-control {
180 |                 padding: 0.6rem 1rem;
181 |                 font-size: 0.95rem;
182 |                 height: auto;
183 |             }
184 |             
185 |             .btn-primary {
186 |                 padding: 0.8rem;
187 |                 font-size: 1rem;
188 |             }
189 |             
190 |             .alert {
191 |                 padding: 0.8rem;
192 |                 font-size: 0.9rem;
193 |                 margin-bottom: 1rem;
194 |             }
195 |             
196 |             label {
197 |                 font-size: 0.9rem;
198 |                 margin-bottom: 0.4rem;
199 |             }
200 |         }
201 |         
202 |         @media (max-width: 480px) {
203 |             body {
204 |                 padding: 0.8rem;
205 |             }
206 |             
207 |             .system-title {
208 |                 font-size: 1.8rem;
209 |                 margin-bottom: 1.2rem;
210 |             }
211 |             
212 |             .card-header {
213 |                 padding: 0.8rem;
214 |                 font-size: 1rem;
215 |             }
216 |             
217 |             .card-body {
218 |                 padding: 1rem;
219 |             }
220 |             
221 |             .form-control {
222 |                 padding: 0.5rem 0.8rem;
223 |                 font-size: 0.9rem;
224 |             }
225 |             
226 |             .btn-primary {
227 |                 padding: 0.7rem;
228 |                 font-size: 0.95rem;
229 |             }
230 |             
231 |             .alert {
232 |                 padding: 0.7rem;
233 |                 font-size: 0.85rem;
234 |             }
235 |             
236 |             label {
237 |                 font-size: 0.85rem;
238 |             }
239 |         }
240 |     </style>
241 | </head>
242 | <body>
243 |     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
244 |     <div class="container">
245 |         <div class="row justify-content-center">
246 |             <div class="col-md-5">
247 |                 <h1 class="system-title">投票系统</h1>
248 |                 <div class="card">
249 |                     <div class="card-header">用户登录</div>
250 |                     <div class="card-body">
251 |                         <?php if ($error): ?>
252 |                             <div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
253 |                         <?php endif; ?>
254 |                         <form method="POST">
255 |                             <div class="mb-4">
256 |                                 <label>用户名</label>
257 |                                 <input type="text" name="username" class="form-control" required>
258 |                             </div>
259 |                             <div class="mb-4">
260 |                                 <label>密码</label>
261 |                                 <input type="password" name="password" class="form-control" required>
262 |                             </div>
263 |                             <button type="submit" class="btn btn-primary">登 录</button>
264 |                         </form>
265 |                     </div>
266 |                 </div>
267 |             </div>
268 |         </div>
269 |     </div>
270 | </body>
271 | </html> 


--------------------------------------------------------------------------------
/api/logout.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | require_once 'config.php';
  3 | $auth_token = $_COOKIE['auth_token'] ?? '';
  4 | 
  5 | if ($auth_token) {
  6 |     try {
  7 |         $stmt = $pdo->prepare("DELETE FROM user_tokens WHERE token = ?");
  8 |         $stmt->execute([$auth_token]);
  9 |         setcookie('auth_token', '', time() - 3600, '/');
 10 |         $success = true;
 11 |     } catch (Exception $e) {
 12 |         $success = false;
 13 |         $error_message = '登出失败：' . $e->getMessage();
 14 |     }
 15 | } else {
 16 |     $success = true;
 17 | }
 18 | ?>
 19 | 
 20 | <!DOCTYPE html>
 21 | <html>
 22 | <head>
 23 |     <title>退出登录</title>
 24 |     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
 25 |     <style>
 26 |         body {
 27 |             background: linear-gradient(135deg, #f0f2f5 0%, #e6e9f0 100%);
 28 |             height: 100vh;
 29 |             display: flex;
 30 |             align-items: center;
 31 |             justify-content: center;
 32 |         }
 33 |         .logout-card {
 34 |             background: white;
 35 |             border-radius: 16px;
 36 |             box-shadow: 0 8px 24px rgba(0, 0, 0, 0.08);
 37 |             padding: 2rem;
 38 |             text-align: center;
 39 |             width: 100%;
 40 |             max-width: 400px;
 41 |         }
 42 |         .icon-container {
 43 |             margin-bottom: 1.5rem;
 44 |         }
 45 |         .success-icon {
 46 |             width: 64px;
 47 |             height: 64px;
 48 |             background: linear-gradient(135deg, #0056b3 0%, #0088ff 100%);
 49 |             border-radius: 50%;
 50 |             display: inline-flex;
 51 |             align-items: center;
 52 |             justify-content: center;
 53 |             color: white;
 54 |             font-size: 2rem;
 55 |         }
 56 |         .error-icon {
 57 |             width: 64px;
 58 |             height: 64px;
 59 |             background: linear-gradient(135deg, #dc3545 0%, #ff4d5b 100%);
 60 |             border-radius: 50%;
 61 |             display: inline-flex;
 62 |             align-items: center;
 63 |             justify-content: center;
 64 |             color: white;
 65 |             font-size: 2rem;
 66 |         }
 67 |         .message {
 68 |             font-size: 1.2rem;
 69 |             margin-bottom: 1rem;
 70 |             color: #1a1a1a;
 71 |         }
 72 |         .countdown {
 73 |             color: #666;
 74 |             font-size: 0.9rem;
 75 |         }
 76 |         @keyframes spin {
 77 |             0% { transform: rotate(0deg); }
 78 |             100% { transform: rotate(360deg); }
 79 |         }
 80 |         .loading {
 81 |             animation: spin 2s linear infinite;
 82 |         }
 83 |     </style>
 84 | </head>
 85 | <body>
 86 |     <div class="logout-card">
 87 |         <div class="icon-container">
 88 |             <?php if ($success): ?>
 89 |                 <div class="success-icon">✓</div>
 90 |             <?php else: ?>
 91 |                 <div class="error-icon">✕</div>
 92 |             <?php endif; ?>
 93 |         </div>
 94 |         
 95 |         <div class="message">
 96 |             <?php if ($success): ?>
 97 |                 退出登录成功
 98 |             <?php else: ?>
 99 |                 <?= htmlspecialchars($error_message) ?>
100 |             <?php endif; ?>
101 |         </div>
102 |         
103 |         <?php if ($success): ?>
104 |             <div class="countdown">
105 |                 <span id="countdown">3</span> 秒后返回登录页面
106 |             </div>
107 |         <?php endif; ?>
108 |     </div>
109 | 
110 |     <script>
111 |         <?php if ($success): ?>
112 |         let count = 3;
113 |         const countdownElement = document.getElementById('countdown');
114 |         
115 |         const countdown = setInterval(() => {
116 |             count--;
117 |             countdownElement.textContent = count;
118 |             
119 |             if (count <= 0) {
120 |                 clearInterval(countdown);
121 |                 window.location.href = 'login.php';
122 |             }
123 |         }, 1000);
124 |         <?php endif; ?>
125 |     </script>
126 | </body>
127 | </html> 


--------------------------------------------------------------------------------
/api/password.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | $hash = '';
 3 | $password = '';
 4 | 
 5 | if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 6 |     $password = $_POST['password'] ?? '';
 7 |     if ($password) {
 8 |         $hash = password_hash($password, PASSWORD_DEFAULT);
 9 |     }
10 | }
11 | ?>
12 | 
13 | <!DOCTYPE html>
14 | <html>
15 | <head>
16 |     <title>密码哈希生成器</title>
17 |     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
18 | </head>
19 | <body>
20 |     <div class="container mt-5">
21 |         <div class="row justify-content-center">
22 |             <div class="col-md-6">
23 |                 <div class="card">
24 |                     <div class="card-header">密码哈希生成器</div>
25 |                     <div class="card-body">
26 |                         <form method="POST">
27 |                             <div class="mb-3">
28 |                                 <label>输入密码</label>
29 |                                 <input type="text" name="password" class="form-control" required>
30 |                             </div>
31 |                             <button type="submit" class="btn btn-primary">生成哈希</button>
32 |                         </form>
33 |                         
34 |                         <?php if ($hash): ?>
35 |                         <div class="mt-4">
36 |                             <h5>生成结果：</h5>
37 |                             <div class="alert alert-info">
38 |                                 <p><strong>原始密码：</strong> <?= htmlspecialchars($password) ?></p>
39 |                                 <p><strong>哈希值：</strong> <?= htmlspecialchars($hash) ?></p>
40 |                             </div>
41 |                         </div>
42 |                         <?php endif; ?>
43 |                     </div>
44 |                 </div>
45 |             </div>
46 |         </div>
47 |     </div>
48 | </body>
49 | </html> 


--------------------------------------------------------------------------------
/api/reset_all_votes.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '未登录']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ? AND u.is_admin = 1
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | if (!$stmt->fetch()) {
19 |     echo json_encode(['success' => false, 'message' => '无权限']);
20 |     exit;
21 | }
22 | 
23 | $stmt = $pdo->query("TRUNCATE TABLE votes");
24 | echo json_encode(['success' => true]); 


--------------------------------------------------------------------------------
/api/reset_votes.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '未登录']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ? AND u.is_admin = 1
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | if (!$stmt->fetch()) {
19 |     echo json_encode(['success' => false, 'message' => '无权限']);
20 |     exit;
21 | }
22 | 
23 | $candidate_id = $_POST['candidate_id'] ?? '';
24 | 
25 | if (!$candidate_id) {
26 |     echo json_encode(['success' => false, 'message' => '参数错误']);
27 |     exit;
28 | }
29 | 
30 | $stmt = $pdo->prepare("DELETE FROM votes WHERE candidate_id = ?");
31 | $result = $stmt->execute([$candidate_id]);
32 | 
33 | echo json_encode(['success' => $result]); 


--------------------------------------------------------------------------------
/api/update_candidate.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '未登录']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ? AND u.is_admin = 1
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | if (!$stmt->fetch()) {
19 |     echo json_encode(['success' => false, 'message' => '无权限']);
20 |     exit;
21 | }
22 | 
23 | $id = $_POST['id'] ?? '';
24 | $name = $_POST['name'] ?? '';
25 | 
26 | if (!$id || !$name) {
27 |     echo json_encode(['success' => false, 'message' => '参数错误']);
28 |     exit;
29 | }
30 | 
31 | $stmt = $pdo->prepare("UPDATE candidates SET name = ? WHERE id = ?");
32 | $result = $stmt->execute([$name, $id]);
33 | 
34 | echo json_encode(['success' => $result]); 


--------------------------------------------------------------------------------
/api/update_settings.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '未登录']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ? AND u.is_admin = 1
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | $admin = $stmt->fetch();
19 | 
20 | if (!$admin) {
21 |     echo json_encode(['success' => false, 'message' => '无权限']);
22 |     exit;
23 | }
24 | 
25 | $data = json_decode(file_get_contents('php://input'), true);
26 | 
27 | if (empty($data['voting_name'])) {
28 |     echo json_encode(['success' => false, 'message' => '投票系统名称不能为空']);
29 |     exit;
30 | }
31 | 
32 | try {
33 |     $stmt = $pdo->prepare("
34 |         INSERT INTO settings (
35 |             id, 
36 |             voting_name, 
37 |             max_votes_per_user, 
38 |             voting_enabled,
39 |             voting_start_time,
40 |             voting_end_time,
41 |             show_results
42 |         ) VALUES (
43 |             1, ?, ?, ?, ?, ?, ?
44 |         ) ON DUPLICATE KEY UPDATE 
45 |             voting_name = ?,
46 |             max_votes_per_user = ?,
47 |             voting_enabled = ?,
48 |             voting_start_time = ?,
49 |             voting_end_time = ?,
50 |             show_results = ?
51 |     ");
52 |     
53 |     $params = [
54 |         $data['voting_name'],
55 |         (int)$data['max_votes_per_user'],
56 |         (int)$data['voting_enabled'],
57 |         $data['voting_start_time'],
58 |         $data['voting_end_time'],
59 |         (int)$data['show_results'],
60 |         $data['voting_name'],
61 |         (int)$data['max_votes_per_user'],
62 |         (int)$data['voting_enabled'],
63 |         $data['voting_start_time'],
64 |         $data['voting_end_time'],
65 |         (int)$data['show_results']
66 |     ];
67 |     
68 |     $stmt->execute($params);
69 |     echo json_encode(['success' => true]);
70 | } catch (PDOException $e) {
71 |     echo json_encode(['success' => false, 'message' => '数据库错误']);
72 | } 


--------------------------------------------------------------------------------
/api/update_user_role.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | $auth_token = $_COOKIE['auth_token'] ?? '';
 5 | if (!$auth_token) {
 6 |     echo json_encode(['success' => false, 'message' => '未登录']);
 7 |     exit;
 8 | }
 9 | 
10 | $stmt = $pdo->prepare("
11 |     SELECT u.* 
12 |     FROM users u 
13 |     JOIN user_tokens t ON u.id = t.user_id 
14 |     WHERE t.token = ? AND u.is_admin = 1
15 |     LIMIT 1
16 | ");
17 | $stmt->execute([$auth_token]);
18 | if (!$stmt->fetch()) {
19 |     echo json_encode(['success' => false, 'message' => '无权限']);
20 |     exit;
21 | }
22 | 
23 | $user_id = $_POST['user_id'] ?? '';
24 | $is_admin = $_POST['is_admin'] ?? '';
25 | 
26 | if (!$user_id) {
27 |     echo json_encode(['success' => false, 'message' => '参数错误']);
28 |     exit;
29 | }
30 | 
31 | $stmt = $pdo->prepare("UPDATE users SET is_admin = ? WHERE id = ?");
32 | $result = $stmt->execute([$is_admin, $user_id]);
33 | 
34 | echo json_encode(['success' => $result]); 


--------------------------------------------------------------------------------
/api/update_votes.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | header('Content-Type: application/json');
 5 | 
 6 | $auth_token = $_COOKIE['auth_token'] ?? '';
 7 | if (!$auth_token) {
 8 |     echo json_encode(['success' => false, 'message' => '未登录']);
 9 |     exit;
10 | }
11 | 
12 | $stmt = $pdo->prepare("
13 |     SELECT u.* 
14 |     FROM users u 
15 |     JOIN user_tokens t ON u.id = t.user_id 
16 |     WHERE t.token = ? AND u.is_admin = 1
17 |     LIMIT 1
18 | ");
19 | $stmt->execute([$auth_token]);
20 | $admin = $stmt->fetch();
21 | 
22 | if (!$admin) {
23 |     echo json_encode(['success' => false, 'message' => '无权限']);
24 |     exit;
25 | }
26 | 
27 | $candidate_id = filter_input(INPUT_POST, 'candidate_id', FILTER_VALIDATE_INT);
28 | $votes = filter_input(INPUT_POST, 'votes', FILTER_VALIDATE_INT);
29 | 
30 | if ($candidate_id === false || $candidate_id === null || $votes === false || $votes === null || $votes < 0) {
31 |     echo json_encode(['success' => false, 'message' => '参数无效']);
32 |     exit;
33 | }
34 | 
35 | try {
36 |     $stmt = $pdo->prepare("
37 |         UPDATE candidates 
38 |         SET votes_count = ? 
39 |         WHERE id = ?
40 |     ");
41 |     
42 |     if (!$stmt->execute([$votes, $candidate_id])) {
43 |         throw new Exception('更新失败');
44 |     }
45 |     
46 |     if ($stmt->rowCount() === 0) {
47 |         throw new Exception('候选人不存在');
48 |     }
49 |     
50 |     echo json_encode(['success' => true, 'message' => '更新成功']);
51 |     exit;
52 | } catch (Exception $e) {
53 |     echo json_encode(['success' => false, 'message' => $e->getMessage()]);
54 |     exit;
55 | }


--------------------------------------------------------------------------------
/api/vote.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require_once 'config.php';
 3 | 
 4 | header('Content-Type: application/json');
 5 | 
 6 | $auth_token = $_COOKIE['auth_token'] ?? '';
 7 | if (!$auth_token) {
 8 |     echo json_encode(['success' => false, 'message' => '请先登录']);
 9 |     exit;
10 | }
11 | 
12 | $stmt = $pdo->prepare("
13 |     SELECT u.* 
14 |     FROM users u 
15 |     JOIN user_tokens t ON u.id = t.user_id 
16 |     WHERE t.token = ?
17 |     LIMIT 1
18 | ");
19 | $stmt->execute([$auth_token]);
20 | $user = $stmt->fetch();
21 | 
22 | if (!$user) {
23 |     echo json_encode(['success' => false, 'message' => '用户验证失败']);
24 |     exit;
25 | }
26 | 
27 | if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
28 |     echo json_encode(['success' => false, 'message' => '无效的请求方法']);
29 |     exit;
30 | }
31 | 
32 | $candidate_id = $_POST['candidate_id'] ?? '';
33 | if (!$candidate_id) {
34 |     echo json_encode(['success' => false, 'message' => '请选择候选人']);
35 |     exit;
36 | }
37 | 
38 | $stmt = $pdo->prepare("SELECT id FROM votes WHERE user_id = ?");
39 | $stmt->execute([$user['id']]);
40 | if ($stmt->fetch()) {
41 |     echo json_encode(['success' => false, 'message' => '您已经投过票了']);
42 |     exit;
43 | }
44 | 
45 | $stmt = $pdo->prepare("SELECT id FROM candidates WHERE id = ?");
46 | $stmt->execute([$candidate_id]);
47 | if (!$stmt->fetch()) {
48 |     echo json_encode(['success' => false, 'message' => '无效的候选人']);
49 |     exit;
50 | }
51 | 
52 | $stmt = $pdo->query("SELECT * FROM settings WHERE id = 1");
53 | $settings = $stmt->fetch();
54 | 
55 | if (!$settings['voting_enabled']) {
56 |     echo json_encode(['success' => false, 'message' => '投票已暂停']);
57 |     exit;
58 | }
59 | 
60 | $now = new DateTime();
61 | $startTime = new DateTime($settings['voting_start_time']);
62 | $endTime = new DateTime($settings['voting_end_time']);
63 | 
64 | if ($now < $startTime) {
65 |     echo json_encode(['success' => false, 'message' => '投票还未开始']);
66 |     exit;
67 | }
68 | 
69 | if ($now > $endTime) {
70 |     echo json_encode(['success' => false, 'message' => '投票已结束']);
71 |     exit;
72 | }
73 | 
74 | $stmt = $pdo->prepare("SELECT COUNT(*) as vote_count FROM votes WHERE user_id = ?");
75 | $stmt->execute([$user['id']]);
76 | $userVoteCount = $stmt->fetch()['vote_count'];
77 | 
78 | if ($userVoteCount >= $settings['max_votes_per_user']) {
79 |     echo json_encode(['success' => false, 'message' => '您已达到最大投票次数']);
80 |     exit;
81 | }
82 | 
83 | try {
84 |     $pdo->beginTransaction();
85 |     $stmt = $pdo->prepare("INSERT INTO votes (user_id, candidate_id, created_at) VALUES (?, ?, NOW())");
86 |     $stmt->execute([$user['id'], $candidate_id]);
87 |     $pdo->commit();
88 |     
89 |     echo json_encode(['success' => true, 'message' => '投票成功']);
90 | } catch (Exception $e) {
91 |     $pdo->rollBack();
92 |     echo json_encode(['success' => false, 'message' => $e->getMessage()]);
93 | } 


--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 | <head>
 4 |     <meta http-equiv="refresh" content="0; url=/api/login.php">
 5 |     <title>跳转中...</title>
 6 | </head>
 7 | <body>
 8 |     <p>正在跳转到登录页面...</p>
 9 | </body>
10 | </html>
11 | 


--------------------------------------------------------------------------------
/vercel.json:
--------------------------------------------------------------------------------
1 | {
2 |     "functions": {
3 |       "api/*.php": {
4 |         "runtime": "vercel-php@0.7.3"
5 |       }
6 |     }
7 |   }


--------------------------------------------------------------------------------