38751-vm/app/Controllers/AuthController.php

<?php

namespace App\Controllers;

use App\Core\Controller;

class AuthController extends Controller {
    
    public function loginForm() {
        if (isset($_SESSION['user_id'])) {
            $this->redirect('/profile');
        }
        $this->view('auth/login');
    }

    public function registerForm() {
        if (isset($_SESSION['user_id'])) {
            $this->redirect('/profile');
        }
        $ref = $_GET['ref'] ?? '';
        $this->view('auth/register', ['ref' => $ref]);
    }

    public function login() {
        $username = $_POST['username'] ?? '';
        $password = $_POST['password'] ?? '';

        $db = db_pdo();
        $stmt = $db->prepare("SELECT * FROM users WHERE username = ? AND role = 'user'");
        $stmt->execute([$username]);
        $user = $stmt->fetch();

        if ($user && password_verify($password, $user['password'])) {
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['username'] = $user['username'];
            $_SESSION['role'] = $user['role'];
            $this->redirect('/profile');
        } else {
            $this->view('auth/login', ['error' => 'Invalid username or password']);
        }
    }

    public function register() {
        $username = $_POST['username'] ?? '';
        $password = $_POST['password'] ?? '';
        $confirm_password = $_POST['confirm_password'] ?? '';
        $ref_code = $_POST['ref_code'] ?? '';

        if ($password !== $confirm_password) {
            $this->view('auth/register', ['error' => 'Passwords do not match', 'ref' => $ref_code]);
            return;
        }

        $db = db_pdo();
        
        // Check if username exists
        $stmt = $db->prepare("SELECT id FROM users WHERE username = ?");
        $stmt->execute([$username]);
        if ($stmt->fetch()) {
            $this->view('auth/register', ['error' => 'Username already exists', 'ref' => $ref_code]);
            return;
        }

        $hashed_password = password_hash($password, PASSWORD_DEFAULT);
        $referral_code = substr(md5(uniqid($username, true)), 0, 8);
        
        $referred_by = null;
        if (!empty($ref_code)) {
            $stmt = $db->prepare("SELECT id FROM users WHERE referral_code = ?");
            $stmt->execute([$ref_code]);
            $referrer = $stmt->fetch();
            if ($referrer) {
                $referred_by = $referrer['id'];
            }
        }

        $stmt = $db->prepare("INSERT INTO users (username, password, referral_code, referred_by, role, balance) VALUES (?, ?, ?, ?, 'user', 0)");
        $stmt->execute([$username, $hashed_password, $referral_code, $referred_by]);
        $userId = $db->lastInsertId();

        if ($referred_by) {
            // Reward referrer with points (not balance yet, as per previous logic)
            $stmt = $db->prepare("UPDATE users SET points = points + 10, total_referrals = total_referrals + 1 WHERE id = ?");
            $stmt->execute([$referred_by]);
        }

        $_SESSION['user_id'] = $userId;
        $_SESSION['username'] = $username;
        $_SESSION['role'] = 'user';
        
        $this->redirect('/profile');
    }

    public function logout() {
        session_destroy();
        $this->redirect('/');
    }

    public function profile() {
        if (!isset($_SESSION['user_id'])) {
            $this->redirect('/login');
        }
        
        $db = db_pdo();
        $stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
        $stmt->execute([$_SESSION['user_id']]);
        $user = $stmt->fetch();

        $stmt = $db->prepare("SELECT * FROM withdrawals WHERE user_id = ? ORDER BY created_at DESC");
        $stmt->execute([$user['id']]);
        $withdrawals = $stmt->fetchAll();
        
        $this->view('auth/profile', [
            'user' => $user,
            'withdrawals' => $withdrawals,
            'success' => $_SESSION['success'] ?? null,
            'error' => $_SESSION['error'] ?? null
        ]);
        unset($_SESSION['success'], $_SESSION['error']);
    }

    public function requestWithdrawal() {
        if (!isset($_SESSION['user_id'])) {
            $this->redirect('/login');
        }

        $amount = (float)$_POST['amount'];
        $method = $_POST['method'];
        $details = $_POST['details'];

        if ($amount < 10000) { // Minimum WD
            $_SESSION['error'] = "Minimum withdrawal is Rp 10.000";
            $this->redirect('/profile');
        }

        $db = db_pdo();
        $stmt = $db->prepare("SELECT balance FROM users WHERE id = ?");
        $stmt->execute([$_SESSION['user_id']]);
        $balance = $stmt->fetchColumn();

        if ($balance < $amount) {
            $_SESSION['error'] = "Insufficient balance";
            $this->redirect('/profile');
        }

        // Deduct balance
        $stmt = $db->prepare("UPDATE users SET balance = balance - ? WHERE id = ?");
        $stmt->execute([$amount, $_SESSION['user_id']]);

        // Create WD request
        $stmt = $db->prepare("INSERT INTO withdrawals (user_id, amount, method, account_details, status) VALUES (?, ?, ?, ?, 'pending')");
        $stmt->execute([$_SESSION['user_id'], $amount, $method, $details]);

        $_SESSION['success'] = "Withdrawal request submitted successfully";
        $this->redirect('/profile');
    }
}