db = Database::getInstance(); } public function register(string $username, string $email, string $password): array { // Validate inputs if (strlen($username) < 3 || strlen($username) > 30) { return ['success' => false, 'message' => 'Username must be 3–30 characters.']; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { return ['success' => false, 'message' => 'Invalid email address.']; } if (strlen($password) < 6) { return ['success' => false, 'message' => 'Password must be at least 6 characters.']; } // Check existing $stmt = $this->db->prepare("SELECT id FROM users WHERE username=? OR email=?"); $stmt->execute([$username, $email]); if ($stmt->fetch()) { return ['success' => false, 'message' => 'Username or email already taken.']; } $hash = password_hash($password, HASH_ALGO, ['cost' => HASH_COST]); $stmt = $this->db->prepare( "INSERT INTO users (username, email, password) VALUES (?, ?, ?)" ); $stmt->execute([$username, $email, $hash]); $userId = (int)$this->db->lastInsertId(); $this->createSession($userId, $username, $email); return ['success' => true, 'message' => 'Account created successfully!']; } public function login(string $usernameOrEmail, string $password): array { $stmt = $this->db->prepare( "SELECT id, username, email, password FROM users WHERE username=? OR email=?" ); $stmt->execute([$usernameOrEmail, $usernameOrEmail]); $user = $stmt->fetch(); if (!$user || !password_verify($password, $user['password'])) { return ['success' => false, 'message' => 'Invalid credentials.']; } // Update last login $this->db->prepare("UPDATE users SET last_login=CURRENT_TIMESTAMP WHERE id=?") ->execute([$user['id']]); $this->createSession($user['id'], $user['username'], $user['email']); return ['success' => true, 'message' => 'Welcome back, ' . $user['username'] . '!']; }