'error', 'message' => 'Forbidden: Admins only.']); exit; } try { $pdo = db(); // Select all users but omit the password hash $stmt = $pdo->query('SELECT id, username, email, role, created_at FROM users ORDER BY created_at DESC'); $users = $stmt->fetchAll(); echo json_encode(['status' => 'success', 'users' => $users]); } catch (PDOException $e) { http_response_code(500); echo json_encode(['status' => 'error', 'message' => 'Database error: ' . $e->getMessage()]); }