<?php
require_once __DIR__ . '/db.php';

function authStart(): void {
    if (session_status() === PHP_SESSION_NONE) {
        session_start();
    }
}

function authCheck(): bool {
    authStart();
    return !empty($_SESSION['user_id']);
}

function authRequire(): void {
    if (!authCheck()) {
        header('Location: login.php');
        exit;
    }
}

function authLogin(string $username, string $password): bool {
    $db = getDB();
    $stmt = $db->prepare('SELECT id, password_hash FROM usuarios WHERE username = ?');
    $stmt->execute([$username]);
    $user = $stmt->fetch();

    if ($user && password_verify($password, $user['password_hash'])) {
        authStart();
        session_regenerate_id(true);
        $_SESSION['user_id'] = $user['id'];
        $_SESSION['username'] = $username;
        return true;
    }
    return false;
}

function authLogout(): void {
    authStart();
    $_SESSION = [];
    session_destroy();
}