Added authentication functionality and simple role based model

auth.php

@@ -0,0 +1,36 @@
+<?php
+// auth.php
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+function is_logged_in(): bool {
+    return isset($_SESSION['user']) && isset($_SESSION['user']['id']);
+}
+
+function current_user_id(): int {
+    return intval($_SESSION['user']['id'] ?? 0);
+}
+
+function current_user_can_manage_settings(): bool {
+    return !empty($_SESSION['user']['can_manage_settings']);
+}
+
+function require_login(): void {
+    if (!is_logged_in()) {
+        http_response_code(401);
+        header('Content-Type: application/json');
+        echo json_encode(['success' => false, 'error' => 'Not authenticated']);
+        exit;
+    }
+}
+
+function require_can_manage_settings(): void {
+    require_login();
+    if (!current_user_can_manage_settings()) {
+        http_response_code(403);
+        header('Content-Type: application/json');
+        echo json_encode(['success' => false, 'error' => 'Forbidden']);
+        exit;
+    }
+}