web_work/includes/auth.php

<?php

require_once __DIR__ . '/../config/database.php';

function loginUser(string $email, string $password): array {
    $db = Database::getInstance()->getConnection();

    try {
        $stmt = $db->prepare("
            SELECT user_id, email, password_hash, full_name, phone, city, is_admin, is_active
            FROM users WHERE email = ?
        ");
        $stmt->execute([$email]);
        $user = $stmt->fetch();

        if (!$user) {
            return ['success' => false, 'message' => 'Пользователь не найден'];
        }

        if (!$user['is_active']) {
            return ['success' => false, 'message' => 'Аккаунт заблокирован'];
        }

        if (!password_verify($password, $user['password_hash'])) {
            return ['success' => false, 'message' => 'Неверный пароль'];
        }

        $_SESSION['user_id'] = $user['user_id'];
        $_SESSION['user_email'] = $user['email'];
        $_SESSION['full_name'] = $user['full_name'];
        $_SESSION['user_phone'] = $user['phone'] ?? '';
        $_SESSION['user_city'] = $user['city'] ?? '';
        $_SESSION['isLoggedIn'] = true;
        $_SESSION['isAdmin'] = (bool)$user['is_admin'];
        $_SESSION['login_time'] = time();

        $updateStmt = $db->prepare("UPDATE users SET last_login = CURRENT_TIMESTAMP WHERE user_id = ?");
        $updateStmt->execute([$user['user_id']]);

        return ['success' => true, 'user' => $user];

    } catch (PDOException $e) {
        return ['success' => false, 'message' => 'Ошибка базы данных'];
    }
}

function registerUser(array $data): array {
    $db = Database::getInstance()->getConnection();

    $email = trim($data['email'] ?? '');
    $password = $data['password'] ?? '';
    $fullName = trim($data['full_name'] ?? '');
    $phone = trim($data['phone'] ?? '');
    $city = trim($data['city'] ?? '');

    if (empty($email) || empty($password) || empty($fullName)) {
        return ['success' => false, 'message' => 'Заполните все обязательные поля'];
    }

    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        return ['success' => false, 'message' => 'Некорректный email'];
    }

    if (strlen($password) < 6) {
        return ['success' => false, 'message' => 'Пароль должен содержать минимум 6 символов'];
    }

    try {

        $checkStmt = $db->prepare("SELECT user_id FROM users WHERE email = ?");
        $checkStmt->execute([$email]);

        if ($checkStmt->fetch()) {
            return ['success' => false, 'message' => 'Пользователь с таким email уже существует'];
        }

        $passwordHash = password_hash($password, PASSWORD_DEFAULT);

        $stmt = $db->prepare("
            INSERT INTO users (email, password_hash, full_name, phone, city, is_active)
            VALUES (?, ?, ?, ?, ?, TRUE)
            RETURNING user_id
        ");
        $stmt->execute([$email, $passwordHash, $fullName, $phone, $city]);
        $userId = $stmt->fetchColumn();

        $_SESSION['user_id'] = $userId;
        $_SESSION['user_email'] = $email;
        $_SESSION['full_name'] = $fullName;
        $_SESSION['user_phone'] = $phone;
        $_SESSION['user_city'] = $city;
        $_SESSION['isLoggedIn'] = true;
        $_SESSION['isAdmin'] = false;
        $_SESSION['login_time'] = time();

        return ['success' => true, 'user_id' => $userId];

    } catch (PDOException $e) {
        return ['success' => false, 'message' => 'Ошибка базы данных: ' . $e->getMessage()];
    }
}

function logoutUser(): void {
    $_SESSION = [];

    if (ini_get("session.use_cookies")) {
        $params = session_get_cookie_params();
        setcookie(session_name(), '', time() - 42000,
            $params["path"], $params["domain"],
            $params["secure"], $params["httponly"]
        );
    }

    session_destroy();
}

function checkAdminAccess(): bool {
    if (!isset($_SESSION['isLoggedIn']) || $_SESSION['isLoggedIn'] !== true) {
        return false;
    }

    if (!isset($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true) {
        return false;
    }

    return true;
}