false, 'error' => 'csrf']); return; } Router::redirect('admin'); return; } $userId = (int) ($_SESSION['user']['id'] ?? 0); if ($userId <= 0) { http_response_code(401); if (Request::wantsJson()) { Router::json(['ok' => false, 'error' => 'unauthorized']); return; } Router::redirect('login'); return; } $theme = trim((string) ($_POST['theme'] ?? '')); if (!in_array($theme, ['light', 'dark'], true)) { http_response_code(400); if (Request::wantsJson()) { Router::json(['ok' => false, 'error' => 'invalid_theme']); return; } Router::redirect('admin'); return; } $updated = UserService::setTheme($userId, $theme); if (!$updated) { http_response_code(500); if (Request::wantsJson()) { Router::json(['ok' => false, 'error' => 'update_failed']); return; } Router::redirect('admin'); return; } $_SESSION['user']['theme'] = $theme; if (Request::wantsJson()) { Router::json(['ok' => true, 'theme' => $theme]); return; } Router::redirect('admin');