<?php
require_once '../db/config.php';
session_start();

header('Content-Type: application/json');

if (!isset($_SESSION['user_id']) || !isset($_GET['id'])) {
    echo json_encode(['error' => 'Unauthorized']);
    exit;
}

$order_id = $_GET['id'];
$pdo = db();
$stmt = $pdo->prepare("SELECT status FROM orders WHERE id = ? AND user_id = ?");
$stmt->execute([$order_id, $_SESSION['user_id']]);
$order = $stmt->fetch();

if ($order) {
    echo json_encode(['status' => $order['status']]);
} else {
    echo json_encode(['error' => 'Not found']);
}