<?php
session_start();
require_once "config.php";

/* =====================================================
   JANGAN AKSES auth.php LANGSUNG
===================================================== */
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header("Location: index.php");
    exit;
}

/* =====================================================
   REGISTER
===================================================== */
if (isset($_POST['btn-register'])) {

    $username = trim($_POST['username']);
    $email    = trim($_POST['email']);
    $password = $_POST['password'];
    $confirm  = $_POST['confirm_password'];

    // --- VALIDASI DASAR ---
    
    if (!$username || !$email || !$password || !$confirm) {
        // Balik ke index dengan pesan error
        header("Location: index.php?register_error=Data tidak boleh kosong");
        exit;
    }

    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        header("Location: index.php?register_error=Format email tidak valid");
        exit;
    }

    if (strlen($password) < 6) {
        header("Location: index.php?register_error=Password minimal 6 karakter");
        exit;
    }

    if ($password !== $confirm) {
        header("Location: index.php?register_error=Konfirmasi password tidak cocok");
        exit;
    }

    // --- CEK DATABASE (USER SUDAH ADA?) ---
    
    $cek = $conn->prepare("SELECT id FROM users WHERE username=? OR email=?");
    $cek->bind_param("ss", $username, $email);
    $cek->execute();
    $cek->store_result();

    if ($cek->num_rows > 0) {
        // INI YANG SEBELUMNYA MATI, SEKARANG REDIRECT:
        header("Location: index.php?register_error=Username atau Email sudah terdaftar!");
        exit;
    }
    $cek->close();
    
    // --- INSERT DATA BARU ---
    
    $hash = password_hash($password, PASSWORD_DEFAULT);
    $insert = $conn->prepare("INSERT INTO users (username,email,password) VALUES (?,?,?)");
    $insert->bind_param("sss", $username, $email, $hash);

    if ($insert->execute()) {
        // Register Berhasil -> Arahkan ke Login (atau mainboard)
        // Kita kosongkan error agar masuk ke state normal
        header("Location: index.php"); 
        exit;
    } else {
        header("Location: index.php?register_error=Gagal mendaftar, coba lagi nanti.");
        exit;
    }

    $insert->close();
}

/* =====================================================
   LOGIN
==================================================== */

if (isset($_POST['btn-login'])) {

    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt = $conn->prepare("SELECT * FROM users WHERE username=?");
    $stmt->bind_param("s", $username);
    $stmt->execute();

    $result = $stmt->get_result();
    $user = $result->fetch_assoc();

    // Cek Password
    if (!$user || !password_verify($password, $user['password'])) {
        // Redirect dengan parameter 'error=gagal' agar ditangkap JS Login
        header("Location: index.php?error=gagal");
        exit;
    }

    // Login Sukses
    $_SESSION['user'] = $user;
    header("Location: mainboard.php");
    exit;
}
?>