false, 'error' => 'Server error']); exit; } ob_end_clean(); header('Content-Type: application/json'); if (!isLoggedIn()) { echo json_encode(['success' => false, 'error' => 'Not authenticated']); exit; } try { $user = currentUser(); } catch (Throwable $e) { echo json_encode(['success' => false, 'error' => 'DB error']); exit; } if (!$user) { echo json_encode(['success' => false, 'error' => 'User not found']); exit; } // Sync session is_admin with DB value — catches admin elevation/demotion $_SESSION['is_admin'] = (int)$user['is_admin']; unset($user['password']); echo json_encode(['success' => true, 'user' => $user]);