'Authentication required']); exit; } try { // Use fully-qualified class names to ensure the Firebase JWT classes are found $decoded = \Firebase\JWT\JWT::decode($token, new \Firebase\JWT\Key(JWT_SECRET, 'HS256')); // Verify user still exists and is active (tolerant of missing is_active column) global $pdo; $stmt = $pdo->prepare("SELECT * FROM admin_users WHERE id = ?"); $stmt->execute([$decoded->user_id]); $user = $stmt->fetch(); // If is_active column exists, enforce it; otherwise assume active $inactive = false; if ($user && array_key_exists('is_active', $user) && (int)$user['is_active'] !== 1) { $inactive = true; } if (!$user || $inactive) { $accept = $_SERVER['HTTP_ACCEPT'] ?? ''; $isBrowser = strpos($accept, 'text/html') !== false || (isset($_SERVER['REQUEST_URI']) && (strpos($_SERVER['REQUEST_URI'], '.php') !== false)); if ($isBrowser) { header('Content-Type: text/html; charset=utf-8'); echo "

Admin user not found or inactive. Please check your database.

"; exit; } http_response_code(401); echo json_encode(['message' => 'User not found or inactive']); exit; } // Check role if specified if ($required_role && (!isset($user['role']) || $user['role'] !== $required_role)) { http_response_code(403); echo json_encode(['message' => 'Insufficient permissions']); exit; } // Set global user data global $current_user; $current_user = $user; return $decoded; } catch (Exception $e) { $accept = $_SERVER['HTTP_ACCEPT'] ?? ''; $isBrowser = strpos($accept, 'text/html') !== false || (isset($_SERVER['REQUEST_URI']) && (strpos($_SERVER['REQUEST_URI'], '.php') !== false)); if ($isBrowser) { header('Location: /admin_login.php'); exit; } http_response_code(401); echo json_encode(['message' => 'Invalid or expired token', 'error' => $e->getMessage()]); exit; } } // Call requireAuth() to protect the current page with admin role requireAuth('admin'); ?>