true, 'message' => $msg, 'data' => $data]); exit; } function json_err(string $msg, int $code = 400): never { ob_clean(); // Discard any stray output/warnings header('Content-Type: application/json'); http_response_code($code); echo json_encode(['success' => false, 'error' => $msg]); exit; } function cors(): void { header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST, OPTIONS'); header('Access-Control-Allow-Headers: Content-Type, X-Token'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit; }