<?php
session_start();
require_once "../db.php";

if (!isset($_SESSION['user_id']) || $_SESSION['username'] !== "admin") {
    die("Access denied.");
}

$user_id = intval($_POST['user_id'] ?? 0);

// Mark user as banned
$pdo->prepare("UPDATE users SET banned = 1 WHERE id = ?")
    ->execute([$user_id]);

// Optional: log them out if they are currently logged in
if (isset($_SESSION['user_id']) && $_SESSION['user_id'] == $user_id) {
    session_destroy();
}

header("Location: ../admin/moderate.php");
exit;