<?php
require_once 'db/config.php';
require_once 'auth-check.php';

// Only Admins can access this page
if ($_SESSION['user_role'] !== 'Admin') {
    header('Location: index.php?error=access_denied');
    exit;
}

$user_id = $_GET['id'] ?? null;

if (!$user_id) {
    header('Location: users.php');
    exit;
}

// Prevent user from deleting themselves
if ($user_id == $_SESSION['user_id']) {
    header('Location: users.php?error=self_delete');
    exit;
}

try {
    $pdo = db();
    $stmt = $pdo->prepare('DELETE FROM users WHERE id = ?');
    $stmt->execute([$user_id]);

    header("Location: users.php?success=user_deleted");
    exit;

} catch (PDOException $e) {
    // In a real app, log this error.
    header("Location: users.php?error=db_error");
    exit;
}