pagedev.pl/models/User.php

<?php

class User
{
    private $db;

    public function __construct()
    {
        $this->db = Database::getInstance()->getConnection();
    }

    public function authenticate($username, $password)
    {
        $stmt = $this->db->prepare("SELECT * FROM users WHERE username = ?");
        $stmt->execute([$username]);
        $user = $stmt->fetch(PDO::FETCH_ASSOC);

        if ($user && password_verify($password, $user['password'])) {
            return $user;
        }

        return false;
    }

    public function generateVerificationCode($userId)
    {
        // Generowanie 6-cyfrowego kodu
        $code = sprintf('%06d', random_int(0, 999999));
        
        // Ustawienie czasu wygaśnięcia (15 minut)
        $expiresAt = date('Y-m-d H:i:s', strtotime('+15 minutes'));
        
        // Usuwanie starych nieużytych kodów dla tego użytkownika
        $stmt = $this->db->prepare("DELETE FROM verification_codes WHERE user_id = ? AND used = 0");
        $stmt->execute([$userId]);
        
        // Zapisywanie nowego kodu
        $stmt = $this->db->prepare("INSERT INTO verification_codes (user_id, code, expires_at) VALUES (?, ?, ?)");
        $stmt->execute([$userId, $code, $expiresAt]);
        
        return $code;
    }

    public function verifyCode($userId, $code)
    {
        $stmt = $this->db->prepare("
            SELECT * FROM verification_codes 
            WHERE user_id = ? AND code = ? AND used = 0 AND expires_at > datetime('now')
            ORDER BY created_at DESC LIMIT 1
        ");
        $stmt->execute([$userId, $code]);
        $verification = $stmt->fetch(PDO::FETCH_ASSOC);

        if ($verification) {
            // Oznaczenie kodu jako użyty
            $stmt = $this->db->prepare("UPDATE verification_codes SET used = 1 WHERE id = ?");
            $stmt->execute([$verification['id']]);
            return true;
        }

        return false;
    }

    public function getUserById($userId)
    {
        $stmt = $this->db->prepare("SELECT * FROM users WHERE id = ?");
        $stmt->execute([$userId]);
        return $stmt->fetch(PDO::FETCH_ASSOC);
    }
}