<?php
// app/controllers/AuthController.php

require_once __DIR__ . '/../config/database.php';
require_once __DIR__ . '/../models/User.php';

session_start();

class AuthController {
    private $userModel;

    public function __construct() {
        global $pdo; // Use the connection from database.php
        $this->userModel = new User($pdo);
    }

    public function login() {
        $error = '';

        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
            $password = $_POST['password'];

            $result = $this->userModel->login($email, $password);

            if (is_array($result)) {
                // Login Success: Set Session
                $_SESSION['user_id'] = $result['id'];
                $_SESSION['user_name'] = $result['name'];
                $_SESSION['user_role'] = $result['role'];
                
                // Redirect to Dashboard
                header('Location: /index.php'); 
                exit;
            } elseif ($result === "Account suspended.") {
                $error = "Your account has been deactivated.";
            } else {
                $error = "Invalid email or password.";
            }
        }

        // Load the Login View
        require_once __DIR__ . '/../views/auth/login.php';
    }

    public function logout() {
        session_destroy();
        header('Location: /login.php');
        exit;
    }
}
?>