<?php
// auth.php
if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

function is_logged_in(): bool {
    return isset($_SESSION['user']) && isset($_SESSION['user']['id']);
}

function current_user_id(): int {
    return intval($_SESSION['user']['id'] ?? 0);
}

function current_user_can_manage_settings(): bool {
    return !empty($_SESSION['user']['can_manage_settings']);
}

function require_login(): void {
    if (!is_logged_in()) {
        http_response_code(401);
        header('Content-Type: application/json');
        echo json_encode(['success' => false, 'error' => 'Not authenticated']);
        exit;
    }
}

function require_can_manage_settings(): void {
    require_login();
    if (!current_user_can_manage_settings()) {
        http_response_code(403);
        header('Content-Type: application/json');
        echo json_encode(['success' => false, 'error' => 'Forbidden']);
        exit;
    }
}