<?php
session_start();
require_once "Config.php";

// ===================== REGISTER =====================
if (isset($_POST['btn-register'])) {

    $username = trim($_POST['username']);
    $email    = trim($_POST['email']);
    $password = $_POST['password'];
    $confirm  = $_POST['confirm_password'];

    // validasi
    if (!$username || !$email || !$password || !$confirm) {
        header("Location: index.php?error=kosong");
        exit;
    }

    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        header("Location: index.php?error=email");
        exit;
    }

    if (strlen($password) < 6) {
        header("Location: index.php?error=pass");
        exit;
    }

    if ($password !== $confirm) {
        header("Location: index.php?error=confirm");
        exit;
    }

    // cek user
    $cek = mysqli_prepare($conn, "SELECT id FROM users WHERE username=? OR email=?");
    mysqli_stmt_bind_param($cek, "ss", $username, $email);
    mysqli_stmt_execute($cek);
    mysqli_stmt_store_result($cek);

    if (mysqli_stmt_num_rows($cek) > 0) {
        header("Location: index.php?error=exist");
        exit;
    }

    mysqli_stmt_close($cek);

    // simpan
    $hash = password_hash($password, PASSWORD_DEFAULT);
    $insert = mysqli_prepare($conn, "INSERT INTO users (username,email,password) VALUES (?,?,?)");
    mysqli_stmt_bind_param($insert, "sss", $username, $email, $hash);
    mysqli_stmt_execute($insert);
    mysqli_stmt_close($insert);

    header("Location: index.php?success=register");
    exit;
}

// ===================== LOGIN =====================
if (isset($_POST['btn-login'])) {

    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt = mysqli_prepare($conn, "SELECT * FROM users WHERE username=?");
    mysqli_stmt_bind_param($stmt, "s", $username);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $user = mysqli_fetch_assoc($result);

    if (!$user || !password_verify($password, $user['password'])) {
        header("Location: index.php?error=login");
        exit;
    }

    $_SESSION['user'] = $user;

    header("Location: mainboard.php");
    exit;
}