EIANotesApp/Model/UserModel.php

72 lines
3.0 KiB
PHP

<?php
namespace ppa\Model;
use ppa\Model\ParticipantModel;
//use ppb\Library\Msg;
use PDOException;
class UserModel extends Database
{
public function loginUser($username, $password)
{
$pdo = $this->linkDB();
if (!$pdo) return ['success' => false, 'message' => 'Database connection error.'];
try {
$stmt = $pdo->prepare("SELECT id, username, password, role FROM users WHERE username = ?");
$stmt->execute([$username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role']; // Store role
return ['success' => true, 'message' => 'Login successful!'];
}
return ['success' => false, 'message' => 'Invalid username or password.'];
} catch (PDOException $e) {
error_log("Login Error: " . $e->getMessage());
return ['success' => false, 'message' => 'An error occurred during login.'];
}
}
function logoutUser()
{
session_unset();
session_destroy();
return ['success' => true, 'message' => 'Logged out successfully.'];
}
function registerUser($username, $password) {
$pdo = $this->linkDB();
if (!$pdo) return ['success' => false, 'message' => 'Database connection error.'];
$errors = [];
if (empty($username)) $errors[] = "Username is required.";
if (empty($password)) $errors[] = "Password is required.";
if (strlen($password) < 8) $errors[] = "Password must be at least 8 characters.";
if (!preg_match('/[A-Z]/', $password)) $errors[] = "Password needs an uppercase letter.";
if (!preg_match('/[a-z]/', $password)) $errors[] = "Password needs a lowercase letter.";
if (!preg_match('/[0-9]/', $password)) $errors[] = "Password needs a number.";
if (!preg_match('/[^A-Za-z0-9]/', $password)) $errors[] = "Password needs a special character.";
if (!empty($errors)) {
return ['success' => false, 'message' => implode("\\n", $errors)];
}
try {
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = ?");
$stmt->execute([$username]);
if ($stmt->fetch()) {
return ['success' => false, 'message' => 'Username already taken.'];
}
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (?, ?)"); // Role defaults to 'user'
$stmt->execute([$username, $hashedPassword]);
return ['success' => true, 'message' => 'Registration successful! Please login.'];
} catch (PDOException $e) {
error_log("Registration Error: " . $e->getMessage());
return ['success' => false, 'message' => 'An error occurred during registration.'];
}
}
}