window.location.href='$path';";
}
exit;
}
// Permission helpers
function canView() {
if (isAdmin()) return true;
return $_SESSION['can_view'] ?? false;
}
function canAdd() {
if (isAdmin()) return true;
return $_SESSION['can_add'] ?? false;
}
function canEdit() {
if (isAdmin()) return true;
return $_SESSION['can_edit'] ?? false;
}
function canViewInternal() {
if (isAdmin()) return true;
return canView();
}
function canDelete() {
if (isAdmin()) return true;
return $_SESSION['can_delete'] ?? false;
}
// Fetch user info (theme and permissions)
$user_theme = 'light';
$current_user = null;
if (isLoggedIn()) {
$stmt = db()->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$current_user = $stmt->fetch();
if ($current_user) {
$user_theme = $current_user['theme'] ?: 'light';
$_SESSION['can_view'] = (bool)$current_user['can_view'];
$_SESSION['can_add'] = (bool)$current_user['can_add'];
$_SESSION['can_edit'] = (bool)$current_user['can_edit'];
$_SESSION['can_delete'] = (bool)$current_user['can_delete'];
$_SESSION['name'] = $current_user['full_name'] ?: $current_user['username'];
$_SESSION['user_role'] = strtolower($current_user['role']);
$_SESSION['role'] = strtolower($current_user['role']);
}
}
// Auth Check (after fetch to ensure session is updated)
if (!isLoggedIn() && basename($_SERVER['PHP_SELF']) !== 'login.php' && basename($_SERVER['PHP_SELF']) !== 'forgot_password.php') {
redirect('login.php');
}
// Fetch charity info for header/favicon
$charity_stmt = db()->query("SELECT * FROM charity_settings WHERE id = 1");
$charity_info = $charity_stmt->fetch();
?>
<?= htmlspecialchars($charity_info['charity_name'] ?? 'نظام إدارة البريد') ?>