vpr_backand/Model/UserModel.php

<?php
// Mohammad Reda Mohammad
namespace ppb\Model;
use ppb\Library\Msg;

class UserModel extends Database
{
    public function getAll()
    {
        $pdo = $this->linkDB();
        $sql = "SELECT uid, username, email, created_at FROM users"; // don’t expose password hash

        try {
            $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
            $sth = $pdo->prepare($sql);
            $sth->execute();

            $result = $sth->fetchAll(\PDO::FETCH_ASSOC);

            $sth->closeCursor();
            $pdo = null;

            return $result;
        } catch (\PDOException $e) {
            return ["error" => $e->getMessage()];
        }
    }

    public function insert($data)
    {
        $pdo = $this->linkDB();
        $sql = "INSERT INTO users (username, email, password_hash) 
                VALUES (:username, :email, :password_hash)";

        try {
            $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
            $sth = $pdo->prepare($sql);
            $sth->bindValue(':username', $data['username']);
            $sth->bindValue(':email', $data['email']);
            $sth->bindValue(':password_hash', password_hash($data['password'], PASSWORD_BCRYPT));
            $sth->execute();

            $sth->closeCursor();
            $pdo = null;

            return ["success" => true, "message" => "User created"];
        } catch (\PDOException $e) {
            return ["error" => $e->getMessage()];
        }
    }

    public function update($data)
    {
        $pdo = $this->linkDB();
        $sql = "UPDATE users 
                   SET username = :username, 
                       email = :email 
                 WHERE uid = :uid";

        try {
            $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
            $sth = $pdo->prepare($sql);
            $sth->bindValue(':uid', $data['uid']);
            $sth->bindValue(':username', $data['username']);
            $sth->bindValue(':email', $data['email']);
            $sth->execute();

            $sth->closeCursor();
            $pdo = null;

            return ["success" => true, "message" => "User updated"];
        } catch (\PDOException $e) {
            return ["error" => $e->getMessage()];
        }
    }
}