improving user mgmt

app-code/api/manage/fetch_users.php

@@ -2,9 +2,8 @@
 header('Content-Type: application/json');
 include "../utils/security.php";
 secure_session_start();
-//check for permisisons
-if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_admin_session() ) {
-    echo(json_encode(['success' => false, 'message'=>'not authenticated']));
+if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_admin_session()) {
+    echo(json_encode(['success' => false, 'message' => 'not authenticated']));
     exit();
 }
 include "../../config/config.php";
@@ -16,8 +15,24 @@ if ($conn->connect_error) {
     exit;
 }
 
-$query = "SELECT id, username FROM users";
-$stmt = $conn->prepare($query);
+$search = trim($_GET['search'] ?? '');
+$sort = $_GET['sort'] ?? 'id';
+$order = strtoupper($_GET['order'] ?? 'ASC') === 'DESC' ? 'DESC' : 'ASC';
+
+$allowedSorts = ['id', 'username'];
+if (!in_array($sort, $allowedSorts)) {
+    $sort = 'id';
+}
+
+if ($search !== '') {
+    $query = "SELECT id, username FROM users WHERE username LIKE ? ORDER BY $sort $order";
+    $stmt = $conn->prepare($query);
+    $like = '%' . $search . '%';
+    $stmt->bind_param('s', $like);
+} else {
+    $query = "SELECT id, username FROM users ORDER BY $sort $order";
+    $stmt = $conn->prepare($query);
+}
 
 if (!$stmt) {
     echo json_encode(['success' => false, 'message' => 'Failed to prepare statement']);
@@ -25,15 +40,14 @@ if (!$stmt) {
 }
 
 $stmt->execute();
-$result = $stmt->get_result();
+$stmt->store_result();
+$stmt->bind_result($id, $username);
 $users = [];
-
-while ($row = $result->fetch_assoc()) {
-    $users[] = $row;
+while ($stmt->fetch()) {
+    $users[] = ['id' => $id, 'username' => $username];
 }
-
 $stmt->close();
 $conn->close();
 
 echo json_encode(['success' => true, 'data' => $users]);
-?>
+?>