53 lines
1.5 KiB
PHP
53 lines
1.5 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
include "../utils/security.php";
|
|
secure_session_start();
|
|
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_admin_session()) {
|
|
echo(json_encode(['success' => false, 'message' => 'not authenticated']));
|
|
exit();
|
|
}
|
|
include "../../config/config.php";
|
|
|
|
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
|
|
|
if ($conn->connect_error) {
|
|
echo json_encode(['success' => false, 'message' => 'Database connection failed: ' . $conn->connect_error]);
|
|
exit;
|
|
}
|
|
|
|
$search = trim($_GET['search'] ?? '');
|
|
$sort = $_GET['sort'] ?? 'id';
|
|
$order = strtoupper($_GET['order'] ?? 'ASC') === 'DESC' ? 'DESC' : 'ASC';
|
|
|
|
$allowedSorts = ['id', 'username'];
|
|
if (!in_array($sort, $allowedSorts)) {
|
|
$sort = 'id';
|
|
}
|
|
|
|
if ($search !== '') {
|
|
$query = "SELECT id, username FROM users WHERE username LIKE ? ORDER BY $sort $order";
|
|
$stmt = $conn->prepare($query);
|
|
$like = '%' . $search . '%';
|
|
$stmt->bind_param('s', $like);
|
|
} else {
|
|
$query = "SELECT id, username FROM users ORDER BY $sort $order";
|
|
$stmt = $conn->prepare($query);
|
|
}
|
|
|
|
if (!$stmt) {
|
|
echo json_encode(['success' => false, 'message' => 'Failed to prepare statement']);
|
|
exit;
|
|
}
|
|
|
|
$stmt->execute();
|
|
$stmt->store_result();
|
|
$stmt->bind_result($id, $username);
|
|
$users = [];
|
|
while ($stmt->fetch()) {
|
|
$users[] = ['id' => $id, 'username' => $username];
|
|
}
|
|
$stmt->close();
|
|
$conn->close();
|
|
|
|
echo json_encode(['success' => true, 'data' => $users]);
|
|
?>
|