linkDB(); if (!$pdo) return ['success' => false, 'message' => 'Database connection error.']; try { $stmt = $pdo->prepare("SELECT id, username, password, role FROM users WHERE username = ?"); $stmt->execute([$username]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; // Store role return ['success' => true, 'message' => 'Login successful!']; } return ['success' => false, 'message' => 'Invalid username or password.']; } catch (PDOException $e) { error_log("Login Error: " . $e->getMessage()); return ['success' => false, 'message' => 'An error occurred during login.']; } } function logoutUser() { session_unset(); session_destroy(); return ['success' => true, 'message' => 'Logged out successfully.']; } function registerUser($username, $password) { $pdo = $this->linkDB(); if (!$pdo) return ['success' => false, 'message' => 'Database connection error.']; $errors = []; if (empty($username)) $errors[] = "Username is required."; if (empty($password)) $errors[] = "Password is required."; if (strlen($password) < 8) $errors[] = "Password must be at least 8 characters."; if (!preg_match('/[A-Z]/', $password)) $errors[] = "Password needs an uppercase letter."; if (!preg_match('/[a-z]/', $password)) $errors[] = "Password needs a lowercase letter."; if (!preg_match('/[0-9]/', $password)) $errors[] = "Password needs a number."; if (!preg_match('/[^A-Za-z0-9]/', $password)) $errors[] = "Password needs a special character."; if (!empty($errors)) { return ['success' => false, 'message' => ""]; } try { $stmt = $pdo->prepare("SELECT id FROM users WHERE username = ?"); $stmt->execute([$username]); if ($stmt->fetch()) { return ['success' => false, 'message' => 'Username already taken.']; } $hashedPassword = password_hash($password, PASSWORD_DEFAULT); $stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (?, ?)"); // Role defaults to 'user' $stmt->execute([$username, $hashedPassword]); return ['success' => true, 'message' => 'Registration successful! Please login.']; } catch (PDOException $e) { error_log("Registration Error: " . $e->getMessage()); return ['success' => false, 'message' => 'An error occurred during registration.']; } } }