db = $database->getConnection(); } public function login($username, $password) { $query = "SELECT id, username, password, role FROM users WHERE username = :username"; $stmt = $this->db->prepare($query); $stmt->bindParam(':username', $username); $stmt->execute(); if($stmt->rowCount() > 0) { $row = $stmt->fetch(PDO::FETCH_ASSOC); if(password_verify($password, $row['password'])) { $_SESSION['user_id'] = $row['id']; $_SESSION['username'] = $row['username']; $_SESSION['role'] = $row['role']; return true; } } return false; } public function logout() { session_destroy(); return true; } public function isLoggedIn() { return isset($_SESSION['user_id']); } public function isAdmin() { return isset($_SESSION['role']) && $_SESSION['role'] === 'admin'; } public function requireLogin() { if(!$this->isLoggedIn()) { header('Location: /admin/login.php'); exit(); } } public function requireAdmin() { $this->requireLogin(); if(!$this->isAdmin()) { header('Location: /admin/dashboard.php'); exit(); } } } ?>