<?php
session_start();
require_once 'db/config.php';

function register($name, $email, $password, $sponsor_code) {
    $db = db();
    $sponsor_id = null;
    if ($sponsor_code) {
        $stmt = $db->prepare("SELECT id FROM users WHERE referral_code = ?");
        $stmt->execute([$sponsor_code]);
        $sponsor = $stmt->fetch();
        if (!$sponsor) {
            return 'Invalid sponsor code.';
        }
        $sponsor_id = $sponsor['id'];
    }

    $password_hash = password_hash($password, PASSWORD_BCRYPT);
    $referral_code = uniqid();

    try {
        $stmt = $db->prepare("INSERT INTO users (name, email, password, referral_code, sponsor_id) VALUES (?, ?, ?, ?, ?)");
        $stmt->execute([$name, $email, $password_hash, $referral_code, $sponsor_id]);
        return true;
    } catch (PDOException $e) {
        if ($e->errorInfo[1] == 1062) {
            return 'Email already exists.';
        }
        return $e->getMessage();
    }
}

function login($email, $password) {
    $db = db();
    $stmt = $db->prepare("SELECT * FROM users WHERE email = ?");
    $stmt->execute([$email]);
    $user = $stmt->fetch();

    if ($user && password_verify($password, $user['password'])) {
        $_SESSION['user_id'] = $user['id'];
        return true;
    }
    return false;
}

function get_user_by_id($id) {
    $db = db();
    $stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
    $stmt->execute([$id]);
    return $stmt->fetch();
}

function get_downline($user_id) {
    $db = db();
    $stmt = $db->prepare("SELECT * FROM users WHERE sponsor_id = ?");
    $stmt->execute([$user_id]);
    return $stmt->fetchAll();
}