settings = $settings; $this->db = $db; $this->session = new Session($settings); } /** * Attempt to login a user. * * @param string $email * @param string $password * @return bool */ public function attempt(string $email, string $password): bool { // Fetch user by email $user = $this->db->first("SELECT * FROM users WHERE email = ?", [$email]); if ($user && password_verify($password, $user['password'])) { // Login successful $this->login($user); return true; } return false; } /** * Log in a user by ID. * * @param array|object $user */ public function login($user): void { $this->session->put('user_id', is_array($user) ? $user['id'] : $user->id); $this->session->put('user', $user); // Regenerate session ID to prevent fixation session_regenerate_id(true); } /** * Log out the current user. */ public function logout(): void { $this->session->forget('user_id'); $this->session->forget('user'); session_destroy(); session_start(); // Restart session after destroy } /** * Get the currently authenticated user. * * @return mixed|null */ public function user() { if ($this->check()) { return $this->session->get('user'); } return null; } /** * Check if a user is authenticated. * * @return bool */ public function check(): bool { return $this->session->has('user_id'); } /** * Get the authenticated user ID. * * @return mixed|null */ public function id() { return $this->session->get('user_id'); } /** * Authenticate via remember token (optional). */ // ...}