<?php

require_once("Database.class.php");

class User 
{
    private $user_id = null;

    public function __construct($user_id)
    {
        $this->user_id = $user_id;
    }

    public function id() {
        return $this->user_id;
    }

    public static function authenticate($username, $password) 
    {
        $escaped_username = Database::escape_string($username);
        $query = "SELECT `password`, `user_id` FROM `users` WHERE username='$escaped_username';";
        $result = Database::execute_query($query);

        if ($result->num_rows == 1) 
        {
            $user = $result->fetch_assoc();
            if (password_verify($password, $user["password"]))
            {
                return new self($user["user_id"]);
            }
        } 
        
        return false;
    }

    public static function register($username, $password, $admin=false)
    {
        $escaped_username = Database::escape_string($username);
        $hashed_password = password_hash($password, PASSWORD_DEFAULT);
        $admin_status = (int)$admin;

        if (!password_verify($password, $hashed_password))
        {
            die("Something went wrong trying to hash the password...");
        }

        $query = "INSERT INTO `users` (`email`, `password`, `is_admin`) VALUES ('$escaped_username', '$hashed_password', $admin_status);";

        if (!Database::execute_query($query)) {
            return false;
        }

        $id_query = "SELECT `user_id` FROM `users` WHERE `email` = '$escaped_username';";
        $id_result = Database::execute_query($id_query);

        if ($id_result->num_rows == 1) {
            return new self($id_result->fetch_assoc()["user_id"]);
        }
        return false;
    }
}