tinker_tickets/api/get_users.php

<?php
/**
 * Get Users API
 * Returns list of users for @mentions autocomplete
 */

ini_set('display_errors', 0);
error_reporting(E_ALL);

require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
RateLimitMiddleware::apply('api');

try {
    require_once dirname(__DIR__) . '/config/config.php';

    // Check authentication
    session_start();
    if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
        http_response_code(401);
        echo json_encode(['success' => false, 'error' => 'Authentication required']);
        exit;
    }

    $conn = new mysqli(
        $GLOBALS['config']['DB_HOST'],
        $GLOBALS['config']['DB_USER'],
        $GLOBALS['config']['DB_PASS'],
        $GLOBALS['config']['DB_NAME']
    );

    if ($conn->connect_error) {
        throw new Exception("Database connection failed");
    }

    header('Content-Type: application/json');

    // Get all active users for mentions
    $sql = "SELECT user_id, username, display_name FROM users WHERE is_active = 1 ORDER BY display_name, username";
    $result = $conn->query($sql);

    $users = [];
    while ($row = $result->fetch_assoc()) {
        $users[] = [
            'user_id' => $row['user_id'],
            'username' => $row['username'],
            'display_name' => $row['display_name']
        ];
    }

    echo json_encode(['success' => true, 'users' => $users]);

    $conn->close();

} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}