121 lines
4.9 KiB
PHP
121 lines
4.9 KiB
PHP
|
<?php
|
||
|
require_once 'config.php';
|
||
|
|
||
|
class Auth {
|
||
|
private $conn;
|
||
|
|
||
|
public function __construct($conn) {
|
||
|
$this->conn = $conn;
|
||
|
}
|
||
|
|
||
|
public function register($data) {
|
||
|
$username = sanitize_input($data['username']);
|
||
|
$email = sanitize_input($data['email']);
|
||
|
$password = password_hash($data['password'], PASSWORD_DEFAULT);
|
||
|
$full_name = sanitize_input($data['full_name']);
|
||
|
$phone = sanitize_input($data['phone']);
|
||
|
|
||
|
// Check if email exists
|
||
|
$stmt = $this->conn->prepare("SELECT id FROM users WHERE email = ?");
|
||
|
$stmt->bind_param("s", $email);
|
||
|
$stmt->execute();
|
||
|
if ($stmt->get_result()->num_rows > 0) {
|
||
|
return ['success' => false, 'message' => 'البريد الإلكتروني مسجل مسبقاً'];
|
||
|
}
|
||
|
|
||
|
// Insert new user
|
||
|
$stmt = $this->conn->prepare("INSERT INTO users (username, email, password, full_name, phone) VALUES (?, ?, ?, ?, ?)");
|
||
|
$stmt->bind_param("sssss", $username, $email, $password, $full_name, $phone);
|
||
|
|
||
|
if ($stmt->execute()) {
|
||
|
$user_id = $stmt->insert_id;
|
||
|
$this->login(['email' => $email, 'password' => $data['password']]);
|
||
|
return ['success' => true, 'message' => 'تم التسجيل بنجاح'];
|
||
|
}
|
||
|
|
||
|
return ['success' => false, 'message' => 'حدث خطأ أثناء التسجيل'];
|
||
|
}
|
||
|
|
||
|
public function login($data) {
|
||
|
$email = sanitize_input($data['email']);
|
||
|
$password = $data['password'];
|
||
|
|
||
|
$stmt = $this->conn->prepare("SELECT id, username, password, role FROM users WHERE email = ? AND is_active = 1");
|
||
|
$stmt->bind_param("s", $email);
|
||
|
$stmt->execute();
|
||
|
$result = $stmt->get_result();
|
||
|
|
||
|
if ($result->num_rows === 1) {
|
||
|
$user = $result->fetch_assoc();
|
||
|
if (password_verify($password, $user['password'])) {
|
||
|
$_SESSION['user_id'] = $user['id'];
|
||
|
$_SESSION['username'] = $user['username'];
|
||
|
$_SESSION['user_role'] = $user['role'];
|
||
|
return ['success' => true, 'message' => 'تم تسجيل الدخول بنجاح'];
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return ['success' => false, 'message' => 'البريد الإلكتروني أو كلمة المرور غير صحيحة'];
|
||
|
}
|
||
|
|
||
|
public function logout() {
|
||
|
session_destroy();
|
||
|
return ['success' => true, 'message' => 'تم تسجيل الخروج بنجاح'];
|
||
|
}
|
||
|
|
||
|
public function resetPassword($email) {
|
||
|
$email = sanitize_input($email);
|
||
|
$token = bin2hex(random_bytes(32));
|
||
|
$expires = date('Y-m-d H:i:s', strtotime('+1 hour'));
|
||
|
|
||
|
$stmt = $this->conn->prepare("UPDATE users SET reset_token = ?, reset_expires = ? WHERE email = ?");
|
||
|
$stmt->bind_param("sss", $token, $expires, $email);
|
||
|
|
||
|
if ($stmt->execute()) {
|
||
|
// Send reset email
|
||
|
$reset_link = SITE_URL . "/reset-password.php?token=" . $token;
|
||
|
// TODO: Implement email sending
|
||
|
return ['success' => true, 'message' => 'تم إرسال رابط إعادة تعيين كلمة المرور إلى بريدك الإلكتروني'];
|
||
|
}
|
||
|
|
||
|
return ['success' => false, 'message' => 'حدث خطأ أثناء إعادة تعيين كلمة المرور'];
|
||
|
}
|
||
|
|
||
|
public function updateProfile($user_id, $data) {
|
||
|
$full_name = sanitize_input($data['full_name']);
|
||
|
$phone = sanitize_input($data['phone']);
|
||
|
|
||
|
$stmt = $this->conn->prepare("UPDATE users SET full_name = ?, phone = ? WHERE id = ?");
|
||
|
$stmt->bind_param("ssi", $full_name, $phone, $user_id);
|
||
|
|
||
|
if ($stmt->execute()) {
|
||
|
return ['success' => true, 'message' => 'تم تحديث الملف الشخصي بنجاح'];
|
||
|
}
|
||
|
|
||
|
return ['success' => false, 'message' => 'حدث خطأ أثناء تحديث الملف الشخصي'];
|
||
|
}
|
||
|
|
||
|
public function changePassword($user_id, $old_password, $new_password) {
|
||
|
$stmt = $this->conn->prepare("SELECT password FROM users WHERE id = ?");
|
||
|
$stmt->bind_param("i", $user_id);
|
||
|
$stmt->execute();
|
||
|
$result = $stmt->get_result();
|
||
|
|
||
|
if ($result->num_rows === 1) {
|
||
|
$user = $result->fetch_assoc();
|
||
|
if (password_verify($old_password, $user['password'])) {
|
||
|
$hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
|
||
|
|
||
|
$stmt = $this->conn->prepare("UPDATE users SET password = ? WHERE id = ?");
|
||
|
$stmt->bind_param("si", $hashed_password, $user_id);
|
||
|
|
||
|
if ($stmt->execute()) {
|
||
|
return ['success' => true, 'message' => 'تم تغيير كلمة المرور بنجاح'];
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return ['success' => false, 'message' => 'كلمة المرور الحالية غير صحيحة'];
|
||
|
}
|
||
|
}
|