<?php
require_once 'auth-check.php';
if ($_SESSION['user_role'] !== 'Admin') {
    header("Location: index.php?error=access_denied");
    exit;
}
require_once 'db/config.php';

if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
    header("Location: users.php");
    exit;
}

$user_id = $_GET['id'];

// Prevent deleting the default admin user (ID = 1)
if ($user_id == 1) {
    header("Location: users.php?error=cannot_delete_admin");
    exit;
}

try {
    $pdo = db();
    $stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
    $stmt->execute([$user_id]);

    header("Location: users.php?success=user_deleted");
    exit;

} catch (PDOException $e) {
    header("Location: users.php?error=db_error");
    exit;
}
?>