prepare("SELECT * FROM users WHERE username = ?"); $stmt->execute([$username]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && $user['password'] === $password) { // ⚠️ هنا خلي بالك: الأفضل تستخدم password_hash و password_verify echo json_encode([ "success" => true, "user" => [ "id" => $user['id'], "username" => $user['username'], "role" => $user['role'], "phone" => $user['phone'] ?? null ] ]); } else { echo json_encode(["success" => false, "error" => "Invalid credentials"]); } exit; } // CRUD for users switch ($method) { case 'GET': $stmt = $pdo->query("SELECT id, username, role, phone FROM users ORDER BY id DESC"); echo json_encode($stmt->fetchAll(PDO::FETCH_ASSOC)); break; case 'POST': $data = json_decode(file_get_contents("php://input"), true); $username = $data['username'] ?? ''; $password = $data['password'] ?? ''; $role = $data['role'] ?? 'member'; $phone = $data['phone'] ?? null; $stmt = $pdo->prepare("INSERT INTO users (username,password,role,phone) VALUES (?,?,?,?)"); $stmt->execute([$username,$password,$role,$phone]); echo json_encode(["success" => true, "id" => $pdo->lastInsertId()]); break; case 'PUT': parse_str($_SERVER['QUERY_STRING'], $query); $id = $query['id'] ?? 0; $data = json_decode(file_get_contents("php://input"), true); $username = $data['username'] ?? ''; $password = $data['password'] ?? ''; $role = $data['role'] ?? 'member'; $phone = $data['phone'] ?? null; $stmt = $pdo->prepare("UPDATE users SET username=?, password=?, role=?, phone=? WHERE id=?"); $stmt->execute([$username,$password,$role,$phone,$id]); echo json_encode(["success" => true]); break; case 'DELETE': parse_str($_SERVER['QUERY_STRING'], $query); $id = $query['id'] ?? 0; $stmt = $pdo->prepare("DELETE FROM users WHERE id=?"); $stmt->execute([$id]); echo json_encode(["success" => true]); break; default: echo json_encode(["error" => "Unsupported request"]); }