<?php 

use PDO;

class Auth{

    private $pdo;

    /**
     * Constructor method to initialize the database connection and start the session
     */

    public function __construct($host, $dbname, $username, $password){
        $dsn = "mysql:host=$host;dbname=$dbname;charset=utf8mb4";

        /**
         * Instantiate the PDO object with the DSN, username, and password, and set attributes. 
         * Then start a new session
        */
        
        $this->pdo = new PDO($dsn, $username. $password, [
            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        ]);

        session_start();
    }

    /**
    * Method to autenticate the user based on the provided routes.
    */

    public function login($username, $password){
        $sql = "SELECT * FROM users WHERE username = :username or email = :email LIMIT 1";

        /**
         * Prepare the SQL query for execution.
         * Then txecute the query with the provided username and password parameters and 
         * fetch the user record from the database.
         */
        
        $query = $this->pdo->prepare($query);
        $query->execute([
            ":username" => $username,
            ":password" => $password
        ]);
        
        $user = $query->fetch();

        /**
         * Check if the provided password is verified against the hashed password in the database.
         * If correct, store user information in a session.
         * 
         * Return true indicating a successful login
         */

        if($user && password_verify($password, $user['password'])){
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['username'] = $user['username'];

            return true;
        }

        return false;
    }

}

?>