<?php
require_once 'db.php';

function authenticateUser ($username, $password) {
    $pdo = getDbConnection();
    $stmt = $pdo->prepare("SELECT id, password, is_admin FROM users WHERE username = ?");
    $stmt->execute([$username]);
    $user = $stmt->fetch();

    if ($user && password_verify($password, $user['password'])) {
        session_start();
        $_SESSION['user_id'] = $user['id'];
        $_SESSION['username'] = $user['username'];
        return true;
    }
    return false;
}

function checkAuth() {
    session_start();
    if (!isset($_SESSION['user_id'])) {
        header('Location: login.php');
        exit();
    }
}

function checkAdminAuth() {
    session_start();

    if (!isset($_SESSION['user_id'])) {
        $_SESSION['message'] = 'You Must be logged in to access this page.';
        header('Location: login.php');
        exit();
    }

    $pdo = getDbConnection();
    $stmt = $pdo->prepare("SELECT is_admin FROM users WHERE id = ?");
    $stmt->execute([$_SESSION['user_id']]);
    $user = $stmt->fetch();

    if (!$user || $user['is_admin'] !=1) {
        $_SESSION['message'] = 'You do NOT have the required permission to access that page.';
        header('Location: dashboard.php');
        exit();
    }
}

function isAdmin() {
    session_start();

    if (!isset($_SESSION['user_id'])) {
        return false;
    }

    $pdo = getDbConnection();
    $stmt = $pdo->prepare("SELECT is_admin FROM users WHERE id = ?");
    $stmt->execute([$_SESSION['user_id']]);
    $user = $stmt->fetch();

    return ($user && $user['is_admin'] == 1);
}

function logout() {
    session_start();
    session_unset();
    session_destroy();
    header('Location: login.php');
    exit();
}
?>