redirect('/profile'); } $this->view('auth/login'); } public function registerForm() { if (isset($_SESSION['user_id'])) { $this->redirect('/profile'); } $ref = $_GET['ref'] ?? ''; $this->view('auth/register', ['ref' => $ref]); } public function login() { $username = $_POST['username'] ?? ''; $password = $_POST['password'] ?? ''; $db = db_pdo(); $stmt = $db->prepare("SELECT * FROM users WHERE username = ? AND role = 'user'"); $stmt->execute([$username]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; $this->redirect('/profile'); } else { $this->view('auth/login', ['error' => 'Invalid username or password']); } } public function register() { $username = $_POST['username'] ?? ''; $password = $_POST['password'] ?? ''; $confirm_password = $_POST['confirm_password'] ?? ''; $ref_code = $_POST['ref_code'] ?? ''; if ($password !== $confirm_password) { $this->view('auth/register', ['error' => 'Passwords do not match', 'ref' => $ref_code]); return; } $db = db_pdo(); // Check if username exists $stmt = $db->prepare("SELECT id FROM users WHERE username = ?"); $stmt->execute([$username]); if ($stmt->fetch()) { $this->view('auth/register', ['error' => 'Username already exists', 'ref' => $ref_code]); return; } $hashed_password = password_hash($password, PASSWORD_DEFAULT); $referral_code = substr(md5(uniqid($username, true)), 0, 8); $referred_by = null; if (!empty($ref_code)) { $stmt = $db->prepare("SELECT id FROM users WHERE referral_code = ?"); $stmt->execute([$ref_code]); $referrer = $stmt->fetch(); if ($referrer) { $referred_by = $referrer['id']; } } $stmt = $db->prepare("INSERT INTO users (username, password, referral_code, referred_by, role, balance) VALUES (?, ?, ?, ?, 'user', 0)"); $stmt->execute([$username, $hashed_password, $referral_code, $referred_by]); $userId = $db->lastInsertId(); if ($referred_by) { // Reward referrer with points (not balance yet, as per previous logic) $stmt = $db->prepare("UPDATE users SET points = points + 10, total_referrals = total_referrals + 1 WHERE id = ?"); $stmt->execute([$referred_by]); } $_SESSION['user_id'] = $userId; $_SESSION['username'] = $username; $_SESSION['role'] = 'user'; $this->redirect('/profile'); } public function logout() { session_destroy(); $this->redirect('/'); } public function profile() { if (!isset($_SESSION['user_id'])) { $this->redirect('/login'); } $db = db_pdo(); $stmt = $db->prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$_SESSION['user_id']]); $user = $stmt->fetch(); $stmt = $db->prepare("SELECT * FROM withdrawals WHERE user_id = ? ORDER BY created_at DESC"); $stmt->execute([$user['id']]); $withdrawals = $stmt->fetchAll(); $this->view('auth/profile', [ 'user' => $user, 'withdrawals' => $withdrawals, 'success' => $_SESSION['success'] ?? null, 'error' => $_SESSION['error'] ?? null ]); unset($_SESSION['success'], $_SESSION['error']); } public function requestWithdrawal() { if (!isset($_SESSION['user_id'])) { $this->redirect('/login'); } $amount = (float)$_POST['amount']; $method = $_POST['method']; $details = $_POST['details']; if ($amount < 10000) { // Minimum WD $_SESSION['error'] = "Minimum withdrawal is Rp 10.000"; $this->redirect('/profile'); } $db = db_pdo(); $stmt = $db->prepare("SELECT balance FROM users WHERE id = ?"); $stmt->execute([$_SESSION['user_id']]); $balance = $stmt->fetchColumn(); if ($balance < $amount) { $_SESSION['error'] = "Insufficient balance"; $this->redirect('/profile'); } // Deduct balance $stmt = $db->prepare("UPDATE users SET balance = balance - ? WHERE id = ?"); $stmt->execute([$amount, $_SESSION['user_id']]); // Create WD request $stmt = $db->prepare("INSERT INTO withdrawals (user_id, amount, method, account_details, status) VALUES (?, ?, ?, ?, 'pending')"); $stmt->execute([$_SESSION['user_id'], $amount, $method, $details]); $_SESSION['success'] = "Withdrawal request submitted successfully"; $this->redirect('/profile'); } }