Implement comprehensive improvement plan (Phases 1-6)

Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants

Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields

Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows

Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles

Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
  Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
  manage_recurring, custom_fields, get_users
- Add admin routes in index.php

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

api/get_users.php

@@ -1,33 +1,57 @@
 <?php
-session_start();
-require_once dirname(__DIR__) . '/config/config.php';
-require_once dirname(__DIR__) . '/models/UserModel.php';
+/**
+ * Get Users API
+ * Returns list of users for @mentions autocomplete
+ */
 
-header('Content-Type: application/json');
+ini_set('display_errors', 0);
+error_reporting(E_ALL);
 
-// Check authentication
-if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
-    echo json_encode(['success' => false, 'error' => 'Not authenticated']);
-    exit;
+require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
+RateLimitMiddleware::apply('api');
+
+try {
+    require_once dirname(__DIR__) . '/config/config.php';
+
+    // Check authentication
+    session_start();
+    if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
+        http_response_code(401);
+        echo json_encode(['success' => false, 'error' => 'Authentication required']);
+        exit;
+    }
+
+    $conn = new mysqli(
+        $GLOBALS['config']['DB_HOST'],
+        $GLOBALS['config']['DB_USER'],
+        $GLOBALS['config']['DB_PASS'],
+        $GLOBALS['config']['DB_NAME']
+    );
+
+    if ($conn->connect_error) {
+        throw new Exception("Database connection failed");
+    }
+
+    header('Content-Type: application/json');
+
+    // Get all active users for mentions
+    $sql = "SELECT user_id, username, display_name FROM users WHERE is_active = 1 ORDER BY display_name, username";
+    $result = $conn->query($sql);
+
+    $users = [];
+    while ($row = $result->fetch_assoc()) {
+        $users[] = [
+            'user_id' => $row['user_id'],
+            'username' => $row['username'],
+            'display_name' => $row['display_name']
+        ];
+    }
+
+    echo json_encode(['success' => true, 'users' => $users]);
+
+    $conn->close();
+
+} catch (Exception $e) {
+    http_response_code(500);
+    echo json_encode(['success' => false, 'error' => $e->getMessage()]);
 }
-
-// Create database connection
-$conn = new mysqli(
-    $GLOBALS['config']['DB_HOST'],
-    $GLOBALS['config']['DB_USER'],
-    $GLOBALS['config']['DB_PASS'],
-    $GLOBALS['config']['DB_NAME']
-);
-
-if ($conn->connect_error) {
-    echo json_encode(['success' => false, 'error' => 'Database connection failed']);
-    exit;
-}
-
-// Get all users
-$userModel = new UserModel($conn);
-$users = $userModel->getAllUsers();
-
-$conn->close();
-
-echo json_encode(['success' => true, 'users' => $users]);