<?php
require_once '../config.php';

if (!isset($_SESSION['user_id']) || $_SESSION['username'] !== 'admin') {
    echo json_encode(['success' => false, 'error' => '无权限']);
    exit;
}

$input = json_decode(file_get_contents('php://input'), true);

if ($input && isset($input['user_id']) && isset($input['role'])) {
    try {
        $stmt = $pdo->prepare("UPDATE users SET role = ? WHERE id = ? AND username != 'admin'");
        $stmt->execute([$input['role'], $input['user_id']]);
        
        echo json_encode(['success' => true]);
    } catch(PDOException $e) {
        echo json_encode(['success' => false, 'error' => $e->getMessage()]);
    }
} else {
    echo json_encode(['success' => false, 'error' => '无效请求']);
}
?>