shubraVeil/includes/auth.php
2024-12-25 13:05:50 +02:00

121 lines
4.9 KiB
PHP

<?php
require_once 'config.php';
class Auth {
private $conn;
public function __construct($conn) {
$this->conn = $conn;
}
public function register($data) {
$username = sanitize_input($data['username']);
$email = sanitize_input($data['email']);
$password = password_hash($data['password'], PASSWORD_DEFAULT);
$full_name = sanitize_input($data['full_name']);
$phone = sanitize_input($data['phone']);
// Check if email exists
$stmt = $this->conn->prepare("SELECT id FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
if ($stmt->get_result()->num_rows > 0) {
return ['success' => false, 'message' => 'البريد الإلكتروني مسجل مسبقاً'];
}
// Insert new user
$stmt = $this->conn->prepare("INSERT INTO users (username, email, password, full_name, phone) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("sssss", $username, $email, $password, $full_name, $phone);
if ($stmt->execute()) {
$user_id = $stmt->insert_id;
$this->login(['email' => $email, 'password' => $data['password']]);
return ['success' => true, 'message' => 'تم التسجيل بنجاح'];
}
return ['success' => false, 'message' => 'حدث خطأ أثناء التسجيل'];
}
public function login($data) {
$email = sanitize_input($data['email']);
$password = $data['password'];
$stmt = $this->conn->prepare("SELECT id, username, password, role FROM users WHERE email = ? AND is_active = 1");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 1) {
$user = $result->fetch_assoc();
if (password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['user_role'] = $user['role'];
return ['success' => true, 'message' => 'تم تسجيل الدخول بنجاح'];
}
}
return ['success' => false, 'message' => 'البريد الإلكتروني أو كلمة المرور غير صحيحة'];
}
public function logout() {
session_destroy();
return ['success' => true, 'message' => 'تم تسجيل الخروج بنجاح'];
}
public function resetPassword($email) {
$email = sanitize_input($email);
$token = bin2hex(random_bytes(32));
$expires = date('Y-m-d H:i:s', strtotime('+1 hour'));
$stmt = $this->conn->prepare("UPDATE users SET reset_token = ?, reset_expires = ? WHERE email = ?");
$stmt->bind_param("sss", $token, $expires, $email);
if ($stmt->execute()) {
// Send reset email
$reset_link = SITE_URL . "/reset-password.php?token=" . $token;
// TODO: Implement email sending
return ['success' => true, 'message' => 'تم إرسال رابط إعادة تعيين كلمة المرور إلى بريدك الإلكتروني'];
}
return ['success' => false, 'message' => 'حدث خطأ أثناء إعادة تعيين كلمة المرور'];
}
public function updateProfile($user_id, $data) {
$full_name = sanitize_input($data['full_name']);
$phone = sanitize_input($data['phone']);
$stmt = $this->conn->prepare("UPDATE users SET full_name = ?, phone = ? WHERE id = ?");
$stmt->bind_param("ssi", $full_name, $phone, $user_id);
if ($stmt->execute()) {
return ['success' => true, 'message' => 'تم تحديث الملف الشخصي بنجاح'];
}
return ['success' => false, 'message' => 'حدث خطأ أثناء تحديث الملف الشخصي'];
}
public function changePassword($user_id, $old_password, $new_password) {
$stmt = $this->conn->prepare("SELECT password FROM users WHERE id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 1) {
$user = $result->fetch_assoc();
if (password_verify($old_password, $user['password'])) {
$hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
$stmt = $this->conn->prepare("UPDATE users SET password = ? WHERE id = ?");
$stmt->bind_param("si", $hashed_password, $user_id);
if ($stmt->execute()) {
return ['success' => true, 'message' => 'تم تغيير كلمة المرور بنجاح'];
}
}
}
return ['success' => false, 'message' => 'كلمة المرور الحالية غير صحيحة'];
}
}