<?php
session_start();
require_once "config.php";

/* =====================================================
   JANGAN AKSES auth.php LANGSUNG
===================================================== */
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header("Location: index.php");
    exit;
}

/* =====================================================
   REGISTER
===================================================== */
if (isset($_POST['btn-register'])) {

    $username = trim($_POST['username']);
    $email    = trim($_POST['email']);
    $password = $_POST['password'];
    $confirm  = $_POST['confirm_password'];

    // Validasi sederhana
    if (empty($username) || empty($email) || empty($password) || empty($confirm)) {
        $_SESSION['error'] = "Semua kolom wajib diisi!";
        header("Location: index.php");
        exit;
    }

    if ($password !== $confirm) {
        $_SESSION['error'] = "Konfirmasi password tidak cocok!";
        header("Location: index.php");
        exit;
    }

    // Cek user sudah ada atau belum
    $cek = $conn->prepare("SELECT id FROM users WHERE username=? OR email=?");
    $cek->bind_param("ss", $username, $email);
    $cek->execute();
    $cek->store_result();

    if ($cek->num_rows > 0) {
        $_SESSION['error'] = "Username atau Email sudah terdaftar!";
        header("Location: index.php");
        exit;
    }
    $cek->close();

    // Insert ke database
    $hash = password_hash($password, PASSWORD_DEFAULT);
    $insert = $conn->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
    $insert->bind_param("sss", $username, $email, $hash);

    if ($insert->execute()) {
        $_SESSION['success'] = "Registrasi berhasil! Silakan login.";
    } else {
        $_SESSION['error'] = "Terjadi kesalahan sistem: " . $conn->error;
    }

    $insert->close();
    header("Location: index.php"); // Kembali ke index
    exit;
}

/* =====================================================
   LOGIN
===================================================== */
if (isset($_POST['btn-login'])) {

    $username = trim($_POST['username']);
    $password = $_POST['password'];

    $stmt = $conn->prepare("SELECT * FROM users WHERE username=?");
    $stmt->bind_param("s", $username);
    $stmt->execute();

    $result = $stmt->get_result();
    $user = $result->fetch_assoc();

    if ($user && password_verify($password, $user['password'])) {
        // Login Sukses
        $_SESSION['user'] = $user;
        header("Location: mainboard.php"); // Pastikan file ini ada!
        exit;
    } else {
        // Login Gagal
        $_SESSION['error'] = "Username atau Password salah!";
        header("Location: index.php");
        exit;
    }
}
?>