158 lines
5.3 KiB
PHP
158 lines
5.3 KiB
PHP
<?php
|
|
|
|
namespace App\Controllers;
|
|
|
|
use App\Core\Controller;
|
|
|
|
class AuthController extends Controller {
|
|
|
|
public function loginForm() {
|
|
if (isset($_SESSION['user_id'])) {
|
|
$this->redirect('/profile');
|
|
}
|
|
$this->view('auth/login');
|
|
}
|
|
|
|
public function registerForm() {
|
|
if (isset($_SESSION['user_id'])) {
|
|
$this->redirect('/profile');
|
|
}
|
|
// Check GET first, then Session
|
|
$ref = $_GET['ref'] ?? ($_SESSION['global_ref'] ?? '');
|
|
$this->view('auth/register', ['ref' => $ref]);
|
|
}
|
|
|
|
public function login() {
|
|
$username = $_POST['username'] ?? '';
|
|
$password = $_POST['password'] ?? '';
|
|
|
|
$db = db_pdo();
|
|
$stmt = $db->prepare("SELECT * FROM users WHERE username = ? AND role = 'user'");
|
|
$stmt->execute([$username]);
|
|
$user = $stmt->fetch();
|
|
|
|
if ($user && password_verify($password, $user['password'])) {
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['username'] = $user['username'];
|
|
$_SESSION['role'] = $user['role'];
|
|
$this->redirect('/profile');
|
|
} else {
|
|
$this->view('auth/login', ['error' => 'Invalid username or password']);
|
|
}
|
|
}
|
|
|
|
public function register() {
|
|
$username = $_POST['username'] ?? '';
|
|
$password = $_POST['password'] ?? '';
|
|
$confirm_password = $_POST['confirm_password'] ?? '';
|
|
$ref_code = $_POST['ref_code'] ?? '';
|
|
|
|
if ($password !== $confirm_password) {
|
|
$this->view('auth/register', ['error' => 'Passwords do not match', 'ref' => $ref_code]);
|
|
return;
|
|
}
|
|
|
|
$db = db_pdo();
|
|
|
|
// Check if username exists
|
|
$stmt = $db->prepare("SELECT id FROM users WHERE username = ?");
|
|
$stmt->execute([$username]);
|
|
if ($stmt->fetch()) {
|
|
$this->view('auth/register', ['error' => 'Username already exists', 'ref' => $ref_code]);
|
|
return;
|
|
}
|
|
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
$referral_code = substr(md5(uniqid($username, true)), 0, 8);
|
|
|
|
$referred_by = null;
|
|
if (!empty($ref_code)) {
|
|
$stmt = $db->prepare("SELECT id FROM users WHERE referral_code = ?");
|
|
$stmt->execute([$ref_code]);
|
|
$referrer = $stmt->fetch();
|
|
if ($referrer) {
|
|
$referred_by = $referrer['id'];
|
|
}
|
|
}
|
|
|
|
$stmt = $db->prepare("INSERT INTO users (username, password, referral_code, referred_by, role, balance) VALUES (?, ?, ?, ?, 'user', 0)");
|
|
$stmt->execute([$username, $hashed_password, $referral_code, $referred_by]);
|
|
$userId = $db->lastInsertId();
|
|
|
|
if ($referred_by) {
|
|
// Reward referrer with points (not balance yet, as per previous logic)
|
|
$stmt = $db->prepare("UPDATE users SET points = points + 10, total_referrals = total_referrals + 1 WHERE id = ?");
|
|
$stmt->execute([$referred_by]);
|
|
}
|
|
|
|
$_SESSION['user_id'] = $userId;
|
|
$_SESSION['username'] = $username;
|
|
$_SESSION['role'] = 'user';
|
|
|
|
$this->redirect('/profile');
|
|
}
|
|
|
|
public function logout() {
|
|
session_destroy();
|
|
$this->redirect('/');
|
|
}
|
|
|
|
public function profile() {
|
|
if (!isset($_SESSION['user_id'])) {
|
|
$this->redirect('/login');
|
|
}
|
|
|
|
$db = db_pdo();
|
|
$stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
|
|
$stmt->execute([$_SESSION['user_id']]);
|
|
$user = $stmt->fetch();
|
|
|
|
$stmt = $db->prepare("SELECT * FROM withdrawals WHERE user_id = ? ORDER BY created_at DESC");
|
|
$stmt->execute([$user['id']]);
|
|
$withdrawals = $stmt->fetchAll();
|
|
|
|
$this->view('auth/profile', [
|
|
'user' => $user,
|
|
'withdrawals' => $withdrawals,
|
|
'success' => $_SESSION['success'] ?? null,
|
|
'error' => $_SESSION['error'] ?? null
|
|
]);
|
|
unset($_SESSION['success'], $_SESSION['error']);
|
|
}
|
|
|
|
public function requestWithdrawal() {
|
|
if (!isset($_SESSION['user_id'])) {
|
|
$this->redirect('/login');
|
|
}
|
|
|
|
$amount = (float)$_POST['amount'];
|
|
$method = $_POST['method'];
|
|
$details = $_POST['details'];
|
|
|
|
if ($amount < 10000) { // Minimum WD
|
|
$_SESSION['error'] = "Minimum withdrawal is Rp 10.000";
|
|
$this->redirect('/profile');
|
|
}
|
|
|
|
$db = db_pdo();
|
|
$stmt = $db->prepare("SELECT balance FROM users WHERE id = ?");
|
|
$stmt->execute([$_SESSION['user_id']]);
|
|
$balance = $stmt->fetchColumn();
|
|
|
|
if ($balance < $amount) {
|
|
$_SESSION['error'] = "Insufficient balance";
|
|
$this->redirect('/profile');
|
|
}
|
|
|
|
// Deduct balance
|
|
$stmt = $db->prepare("UPDATE users SET balance = balance - ? WHERE id = ?");
|
|
$stmt->execute([$amount, $_SESSION['user_id']]);
|
|
|
|
// Create WD request
|
|
$stmt = $db->prepare("INSERT INTO withdrawals (user_id, amount, method, account_details, status) VALUES (?, ?, ?, ?, 'pending')");
|
|
$stmt->execute([$_SESSION['user_id'], $amount, $method, $details]);
|
|
|
|
$_SESSION['success'] = "Withdrawal request submitted successfully";
|
|
$this->redirect('/profile');
|
|
}
|
|
} |