Added authentication functionality and simple role based model

update_project_order.php

@@ -1,25 +1,27 @@
 <?php
 require 'db.php';
+require 'auth.php';
 
 header('Content-Type: application/json');
 
-$data = json_decode(file_get_contents('php://input'), true);
+require_login();
+$user_id = current_user_id();
 
+$data = json_decode(file_get_contents('php://input'), true);
 if (!$data || !is_array($data)) {
   echo json_encode(['success' => false, 'message' => 'Invalid input']);
   exit;
 }
 
-$stmt = $pdo->prepare("UPDATE projects SET sort_order = ? WHERE id = ?");
+$stmt = $pdo->prepare("UPDATE projects SET sort_order = ? WHERE id = ? AND user_id = ?");
 
 foreach ($data as $item) {
-  $id = $item['id'];
-  $order = $item['order'];
+  $id = $item['id'] ?? null;
+  $order = $item['order'] ?? null;
 
   if (!is_numeric($id) || !is_numeric($order)) continue;
 
-  $stmt->execute([$order, $id]);
+  $stmt->execute([(int)$order, (int)$id, $user_id]);
 }
 
 echo json_encode(['success' => true]);
-exit;