<?php
session_start();
require_once('../config/db.php');

if (!isset($_SESSION['user'])) {
    http_response_code(401);
    echo json_encode(['error' => 'Unauthorized']);
    exit;
}

$search = trim($_GET['search'] ?? '');

if ($search !== '') {
    $stmt = $conn->prepare("SELECT id, username, full_name, role FROM users 
                            WHERE username LIKE :search OR full_name LIKE :search 
                            ORDER BY id DESC");
    $stmt->execute(['search' => "%$search%"]);
} else {
    $stmt = $conn->prepare("SELECT id, username, full_name, role FROM users ORDER BY id DESC");
    $stmt->execute();
}

$users = $stmt->fetchAll(PDO::FETCH_ASSOC);

header('Content-Type: application/json');
echo json_encode($users);