72 lines
3.0 KiB
PHP
72 lines
3.0 KiB
PHP
<?php
|
|
|
|
namespace ppa\Model;
|
|
use ppa\Model\ParticipantModel;
|
|
//use ppb\Library\Msg;
|
|
use PDOException;
|
|
|
|
class UserModel extends Database
|
|
{
|
|
public function loginUser($username, $password)
|
|
{
|
|
$pdo = $this->linkDB();
|
|
if (!$pdo) return ['success' => false, 'message' => 'Database connection error.'];
|
|
try {
|
|
$stmt = $pdo->prepare("SELECT id, username, password, role FROM users WHERE username = ?");
|
|
$stmt->execute([$username]);
|
|
$user = $stmt->fetch();
|
|
|
|
if ($user && password_verify($password, $user['password'])) {
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['username'] = $user['username'];
|
|
$_SESSION['role'] = $user['role']; // Store role
|
|
return ['success' => true, 'message' => 'Login successful!'];
|
|
}
|
|
return ['success' => false, 'message' => 'Invalid username or password.'];
|
|
} catch (PDOException $e) {
|
|
error_log("Login Error: " . $e->getMessage());
|
|
return ['success' => false, 'message' => 'An error occurred during login.'];
|
|
}
|
|
}
|
|
|
|
function logoutUser()
|
|
{
|
|
session_unset();
|
|
session_destroy();
|
|
return ['success' => true, 'message' => 'Logged out successfully.'];
|
|
}
|
|
|
|
|
|
function registerUser($username, $password) {
|
|
$pdo = $this->linkDB();
|
|
if (!$pdo) return ['success' => false, 'message' => 'Database connection error.'];
|
|
$errors = [];
|
|
if (empty($username)) $errors[] = "Username is required.";
|
|
if (empty($password)) $errors[] = "Password is required.";
|
|
if (strlen($password) < 8) $errors[] = "Password must be at least 8 characters.";
|
|
if (!preg_match('/[A-Z]/', $password)) $errors[] = "Password needs an uppercase letter.";
|
|
if (!preg_match('/[a-z]/', $password)) $errors[] = "Password needs a lowercase letter.";
|
|
if (!preg_match('/[0-9]/', $password)) $errors[] = "Password needs a number.";
|
|
if (!preg_match('/[^A-Za-z0-9]/', $password)) $errors[] = "Password needs a special character.";
|
|
|
|
if (!empty($errors)) {
|
|
return ['success' => false, 'message' => implode("\\n", $errors)];
|
|
}
|
|
|
|
try {
|
|
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = ?");
|
|
$stmt->execute([$username]);
|
|
if ($stmt->fetch()) {
|
|
return ['success' => false, 'message' => 'Username already taken.'];
|
|
}
|
|
|
|
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
|
$stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (?, ?)"); // Role defaults to 'user'
|
|
$stmt->execute([$username, $hashedPassword]);
|
|
return ['success' => true, 'message' => 'Registration successful! Please login.'];
|
|
} catch (PDOException $e) {
|
|
error_log("Registration Error: " . $e->getMessage());
|
|
return ['success' => false, 'message' => 'An error occurred during registration.'];
|
|
}
|
|
}
|
|
} |