<?php
session_start();
require_once('./config.php');

// 验证用户是否登录
if (!isset($_SESSION['user_id'])) {
    die("未授权访问！");
}

// 获取当前用户ID
$currentUserId = $_SESSION['user_id'];

// 查询当前用户等级
$stmt = $conn->prepare("SELECT level FROM users WHERE id = ?");
$stmt->bind_param("i", $currentUserId);
$stmt->execute();
$result = $stmt->get_result();
$userData = $result->fetch_assoc();
$stmt->close();

// 检查是否为管理员（等级4）
if ($userData['level'] != 4) {
    die("权限不足！");
}

// 处理编辑用户逻辑
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $userId = $_POST['user_id'];
    $username = $_POST['username'];
    $level = $_POST['level'];
    $points = $_POST['points'];
    $email = $_POST['email'];
    
    $stmt = $conn->prepare("UPDATE users SET username=?, level=?, points=?, email=? WHERE id=?");
    $stmt->bind_param("siisi", $username, $level, $points, $email, $userId);
    
    if ($stmt->execute()) {
        echo "用户更新成功！";
    } else {
        echo "更新失败：" . $stmt->error;
    }
    $stmt->close();
}

$conn->close();
?>