<?php
// /public_html/admin/auth_user.php
session_start();
require '../config/db_connect.php';

// 1. Security Check (Must be Admin)
if (!isset($_SESSION['user_id'])) { header("Location: ../login.php"); exit(); }
$my_id = $_SESSION['user_id'];
$check = $conn->query("SELECT role FROM users WHERE id = $my_id")->fetch_assoc();

if (($check['role'] ?? '') !== 'admin') { 
    die("Access Denied. Admins only."); 
}

// 2. Get Target User
if (isset($_GET['id'])) {
    $target_id = intval($_GET['id']);
    
    // Fetch Target Details
    $target = $conn->query("SELECT id, name, role FROM users WHERE id = $target_id")->fetch_assoc();
    
    if ($target) {
        // 3. SWAP SESSIONS (The Magic)
        $_SESSION['user_id'] = $target['id'];
        $_SESSION['user_name'] = $target['name'];
        $_SESSION['role'] = $target['role'];
        
        // Add a flag so we know we are impersonating (Optional: to show a banner "You are impersonating X")
        $_SESSION['impersonator_id'] = $my_id;

        // 4. Redirect to User Dashboard
        if ($target['role'] == 'reseller') {
            header("Location: ../reseller/index.php");
        } else {
            header("Location: ../dashboard/index.php");
        }
        exit();
    } else {
        die("User not found.");
    }
}
?>