getConnection(); try { $stmt = $db->prepare(" SELECT user_id, email, password_hash, full_name, phone, city, is_admin, is_active FROM users WHERE email = ? "); $stmt->execute([$email]); $user = $stmt->fetch(); if (!$user) { return ['success' => false, 'message' => 'Пользователь не найден']; } if (!$user['is_active']) { return ['success' => false, 'message' => 'Аккаунт заблокирован']; } if (!password_verify($password, $user['password_hash'])) { return ['success' => false, 'message' => 'Неверный пароль']; } $_SESSION['user_id'] = $user['user_id']; $_SESSION['user_email'] = $user['email']; $_SESSION['full_name'] = $user['full_name']; $_SESSION['user_phone'] = $user['phone'] ?? ''; $_SESSION['user_city'] = $user['city'] ?? ''; $_SESSION['isLoggedIn'] = true; $_SESSION['isAdmin'] = (bool)$user['is_admin']; $_SESSION['login_time'] = time(); $updateStmt = $db->prepare("UPDATE users SET last_login = CURRENT_TIMESTAMP WHERE user_id = ?"); $updateStmt->execute([$user['user_id']]); return ['success' => true, 'user' => $user]; } catch (PDOException $e) { return ['success' => false, 'message' => 'Ошибка базы данных']; } } function registerUser(array $data): array { $db = Database::getInstance()->getConnection(); $email = trim($data['email'] ?? ''); $password = $data['password'] ?? ''; $fullName = trim($data['full_name'] ?? ''); $phone = trim($data['phone'] ?? ''); $city = trim($data['city'] ?? ''); if (empty($email) || empty($password) || empty($fullName)) { return ['success' => false, 'message' => 'Заполните все обязательные поля']; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { return ['success' => false, 'message' => 'Некорректный email']; } if (strlen($password) < 6) { return ['success' => false, 'message' => 'Пароль должен содержать минимум 6 символов']; } try { $checkStmt = $db->prepare("SELECT user_id FROM users WHERE email = ?"); $checkStmt->execute([$email]); if ($checkStmt->fetch()) { return ['success' => false, 'message' => 'Пользователь с таким email уже существует']; } $passwordHash = password_hash($password, PASSWORD_DEFAULT); $stmt = $db->prepare(" INSERT INTO users (email, password_hash, full_name, phone, city, is_active) VALUES (?, ?, ?, ?, ?, TRUE) RETURNING user_id "); $stmt->execute([$email, $passwordHash, $fullName, $phone, $city]); $userId = $stmt->fetchColumn(); $_SESSION['user_id'] = $userId; $_SESSION['user_email'] = $email; $_SESSION['full_name'] = $fullName; $_SESSION['user_phone'] = $phone; $_SESSION['user_city'] = $city; $_SESSION['isLoggedIn'] = true; $_SESSION['isAdmin'] = false; $_SESSION['login_time'] = time(); return ['success' => true, 'user_id' => $userId]; } catch (PDOException $e) { return ['success' => false, 'message' => 'Ошибка базы данных: ' . $e->getMessage()]; } } function logoutUser(): void { $_SESSION = []; if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } session_destroy(); } function checkAdminAccess(): bool { if (!isset($_SESSION['isLoggedIn']) || $_SESSION['isLoggedIn'] !== true) { return false; } if (!isset($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true) { return false; } return true; }