<?php
ob_start();
session_start();
date_default_timezone_set("Asia/Jakarta");
include('../config/koneksi.php');

// Fungsi cek login
function isLoggedIn(){
    return (isset($_SESSION['user']) && !empty($_SESSION['user']) && isset($_SESSION['token']) && !empty($_SESSION['token']));
}

// Jika sudah login, langsung ke dashboard
if (isLoggedIn()) {
    header('location:dashboard.php');
    exit;
}

$last_login = date('Y-m-d H:i:s');
$user = mysqli_real_escape_string($conn, $_POST['user'] ?? '');
$pass = mysqli_real_escape_string($conn, $_POST['pass'] ?? '');

if (empty($user) && empty($pass)) {
    header('location:index.php?error=1'); // Username & Password kosong
    exit;
} elseif (empty($user)) {
    header('location:index.php?error=2'); // Username kosong
    exit;
} elseif (empty($pass)) {
    header('location:index.php?error=3'); // Password kosong
    exit;
}

// Ambil data user dari database
$q = mysqli_query($conn, "SELECT * FROM tb_user WHERE user='$user'") or die(mysqli_error($conn));
if (mysqli_num_rows($q) > 0) {
    $user_data = mysqli_fetch_assoc($q);
    $password_db = $user_data['pass'];

    if (password_verify($pass, $password_db)) {
        // Generate dan simpan token baru
        $token = insertToken($user_data['cuid']);

        $_SESSION['user'] = $user;
        $_SESSION['token'] = $token;

        // Cek level user
        if (in_array($user_data['level'], ['reseller', 'vip', 'user'])) {
            session_unset();
            session_destroy();
            header('location:index.php?error=5'); // tidak berhak akses
            exit;
        }

        // Update last login
        mysqli_query($conn, "UPDATE tb_user SET last_login='$last_login' WHERE user='$user'") or die(mysqli_error($conn));

        // Arahkan ke dashboard admin
        header('location:dashboard.php');
        exit;
    } else {
        // Password salah
        session_unset();
        session_destroy();
        header('location:index.php?error=3');
        exit;
    }
} else {
    // Username tidak ditemukan
    header('location:index.php?error=4');
    exit;
}


// ============= FUNGSI ==============

// Buat token baru dan simpan di tb_token & tb_user
function insertToken($user_id = 0) {
    $conn = $GLOBALS['conn'];
    if (empty($user_id)) return false;

    $token = generateToken();

    // Insert ke tb_token
    $sql_insert_token = "INSERT INTO tb_token (token) VALUES ('$token')";
    mysqli_query($conn, $sql_insert_token) or die(mysqli_error($conn));
    $token_id = mysqli_insert_id($conn);

    // Update ke tb_user
    $sql_update_user = "UPDATE tb_user SET token_id = '$token_id' WHERE cuid = '$user_id'";
    mysqli_query($conn, $sql_update_user) or die(mysqli_error($conn));

    return $token;
}

// Generate token random
function generateToken() {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $token = '';
    for ($i = 0; $i < 16; $i++) {
        $token .= $characters[rand(0, strlen($characters) - 1)];
    }
    return md5(microtime(true) . $token);
}
?>