conn = $conn; } public function register($data) { $username = sanitize_input($data['username']); $email = sanitize_input($data['email']); $password = password_hash($data['password'], PASSWORD_DEFAULT); $full_name = sanitize_input($data['full_name']); $phone = sanitize_input($data['phone']); // Check if email exists $stmt = $this->conn->prepare("SELECT id FROM users WHERE email = ?"); $stmt->bind_param("s", $email); $stmt->execute(); if ($stmt->get_result()->num_rows > 0) { return ['success' => false, 'message' => 'البريد الإلكتروني مسجل مسبقاً']; } // Insert new user $stmt = $this->conn->prepare("INSERT INTO users (username, email, password, full_name, phone) VALUES (?, ?, ?, ?, ?)"); $stmt->bind_param("sssss", $username, $email, $password, $full_name, $phone); if ($stmt->execute()) { $user_id = $stmt->insert_id; $this->login(['email' => $email, 'password' => $data['password']]); return ['success' => true, 'message' => 'تم التسجيل بنجاح']; } return ['success' => false, 'message' => 'حدث خطأ أثناء التسجيل']; } public function login($data) { $email = sanitize_input($data['email']); $password = $data['password']; $stmt = $this->conn->prepare("SELECT id, username, password, role FROM users WHERE email = ? AND is_active = 1"); $stmt->bind_param("s", $email); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows === 1) { $user = $result->fetch_assoc(); if (password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['user_role'] = $user['role']; return ['success' => true, 'message' => 'تم تسجيل الدخول بنجاح']; } } return ['success' => false, 'message' => 'البريد الإلكتروني أو كلمة المرور غير صحيحة']; } public function logout() { session_destroy(); return ['success' => true, 'message' => 'تم تسجيل الخروج بنجاح']; } public function resetPassword($email) { $email = sanitize_input($email); $token = bin2hex(random_bytes(32)); $expires = date('Y-m-d H:i:s', strtotime('+1 hour')); $stmt = $this->conn->prepare("UPDATE users SET reset_token = ?, reset_expires = ? WHERE email = ?"); $stmt->bind_param("sss", $token, $expires, $email); if ($stmt->execute()) { // Send reset email $reset_link = SITE_URL . "/reset-password.php?token=" . $token; // TODO: Implement email sending return ['success' => true, 'message' => 'تم إرسال رابط إعادة تعيين كلمة المرور إلى بريدك الإلكتروني']; } return ['success' => false, 'message' => 'حدث خطأ أثناء إعادة تعيين كلمة المرور']; } public function updateProfile($user_id, $data) { $full_name = sanitize_input($data['full_name']); $phone = sanitize_input($data['phone']); $stmt = $this->conn->prepare("UPDATE users SET full_name = ?, phone = ? WHERE id = ?"); $stmt->bind_param("ssi", $full_name, $phone, $user_id); if ($stmt->execute()) { return ['success' => true, 'message' => 'تم تحديث الملف الشخصي بنجاح']; } return ['success' => false, 'message' => 'حدث خطأ أثناء تحديث الملف الشخصي']; } public function changePassword($user_id, $old_password, $new_password) { $stmt = $this->conn->prepare("SELECT password FROM users WHERE id = ?"); $stmt->bind_param("i", $user_id); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows === 1) { $user = $result->fetch_assoc(); if (password_verify($old_password, $user['password'])) { $hashed_password = password_hash($new_password, PASSWORD_DEFAULT); $stmt = $this->conn->prepare("UPDATE users SET password = ? WHERE id = ?"); $stmt->bind_param("si", $hashed_password, $user_id); if ($stmt->execute()) { return ['success' => true, 'message' => 'تم تغيير كلمة المرور بنجاح']; } } } return ['success' => false, 'message' => 'كلمة المرور الحالية غير صحيحة']; } }