NetTown
/
nettown_backend


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
							<?php

namespace Models;

use Libs\Database;

class UserModel
{
    private \PDO $pdo;

    public function __construct()
    {
        $this->pdo = Database::pdo();
    }

    /**
     * Valida credenciais de login e retorna dados do usuário se válido.
     *
     * @param string $username
     * @param string $password Plain-text password para verificar
     * @return array|null Dados do usuário (user_id, user_name, etc.) ou null se inválido
     */
    public function validateLogin(string $email, string $password): ?array
    {
        $stmt = $this->pdo->prepare("SELECT user_id, company_id, user_name, user_phone, user_email, user_role, user_password FROM \"user\" WHERE user_email = :email AND user_deleted_at = 'infinity'");
        $stmt->execute(['email' => mb_strtolower(trim($email))]);
        $user = $stmt->fetch(\PDO::FETCH_ASSOC);

        if ($user && password_verify($password, $user['user_password'])) {
            unset($user['user_password']);
            return $user;
        }

        return null;
    }

    /**
     * Cria um novo usuário com senha hasheada e gera chaves API.
     *
     * @param string $username
     * @param string $password Plain-text password
     * @param string $flag Default 'a' para ativo
     * @return array|bool Dados do usuário criado (incluindo api_key) ou false em erro
     */
    public function createUser(int $companyId, string $email, string $password, string $phone, string $role, ?string $name = null)
    {
        $normalizedEmail = mb_strtolower(trim($email));
        $normalizedPhone = trim($phone);
        $normalizedRole = trim($role);
        $normalizedName = $name !== null ? trim($name) : null;

        if ($normalizedName === '') {
            $normalizedName = null;
        }

        $stmt = $this->pdo->prepare('SELECT user_id FROM "user" WHERE user_email = :email');
        $stmt->execute(['email' => $normalizedEmail]);
        if ($stmt->fetch()) {
            return false;
        }

        $hash = password_hash($password, PASSWORD_DEFAULT);

        try {
            $stmt = $this->pdo->prepare("INSERT INTO \"user\" (company_id, user_name, user_phone, user_email, user_role, user_password) VALUES (:company_id, :user_name, :user_phone, :user_email, :user_role, :user_password) RETURNING user_id, company_id, user_name, user_phone, user_email, user_role, user_created_at");

            $stmt->execute([
                'company_id' => $companyId,
                'user_name' => $normalizedName,
                'user_phone' => $normalizedPhone,
                'user_email' => $normalizedEmail,
                'user_role' => $normalizedRole,
                'user_password' => $hash,
            ]);

            $createdUser = $stmt->fetch(\PDO::FETCH_ASSOC);
        } catch (\PDOException $e) {
            return false;
        }

        if (!$createdUser) {
            return false;
        }

        return [
            'user_id' => (int) $createdUser['user_id'],
            'company_id' => (int) $createdUser['company_id'],
            'user_name' => $createdUser['user_name'],
            'user_phone' => $createdUser['user_phone'],
            'user_email' => $createdUser['user_email'],
            'user_role' => $createdUser['user_role'],
            'user_created_at' => $createdUser['user_created_at'],
        ];
    }
}