first commit

i/auth.php

@@ -0,0 +1,70 @@
+<?php
+require_once 'db.php';
+
+function authenticateUser ($username, $password) {
+    $pdo = getDbConnection();
+    $stmt = $pdo->prepare("SELECT id, password, is_admin FROM users WHERE username = ?");
+    $stmt->execute([$username]);
+    $user = $stmt->fetch();
+
+    if ($user && password_verify($password, $user['password'])) {
+        session_start();
+        $_SESSION['user_id'] = $user['id'];
+        $_SESSION['username'] = $user['username'];
+        return true;
+    }
+    return false;
+}
+
+function checkAuth() {
+    session_start();
+    if (!isset($_SESSION['user_id'])) {
+        header('Location: login.php');
+        exit();
+    }
+}
+
+function checkAdminAuth() {
+    session_start();
+
+    if (!isset($_SESSION['user_id'])) {
+        $_SESSION['message'] = 'You Must be logged in to access this page.';
+        header('Location: login.php');
+        exit();
+    }
+
+    $pdo = getDbConnection();
+    $stmt = $pdo->prepare("SELECT is_admin FROM users WHERE id = ?");
+    $stmt->execute([$_SESSION['user_id']]);
+    $user = $stmt->fetch();
+
+    if (!$user || $user['is_admin'] !=1) {
+        $_SESSION['message'] = 'You do NOT have the required permission to access that page.';
+        header('Location: dashboard.php');
+        exit();
+    }
+}
+
+function isAdmin() {
+    session_start();
+
+    if (!isset($_SESSION['user_id'])) {
+        return false;
+    }
+
+    $pdo = getDbConnection();
+    $stmt = $pdo->prepare("SELECT is_admin FROM users WHERE id = ?");
+    $stmt->execute([$_SESSION['user_id']]);
+    $user = $stmt->fetch();
+
+    return ($user && $user['is_admin'] == 1);
+}
+
+function logout() {
+    session_start();
+    session_unset();
+    session_destroy();
+    header('Location: login.php');
+    exit();
+}
+?>