Untitled

<?php
namespace Auth;

use Connect\ConnectDB;

class User
{
    private $id;
    private $username;
    private $db;
    private $user_id;

    private $db_host = "localhost";
    private $db_name = "u0003130_jew";
    private $db_user = "root";
    private $db_pass = "";

    private $is_authorized = false;

    public function __construct($username = null, $password = null)
    {
        $this->username = $username;
        $this->connectDb($this->db_name, $this->db_user, $this->db_pass, $this->db_host);
    }

    public function __destruct()
    {
        $this->db = null;
    }

    public static function isAuthorized()
    {
        if (!empty($_SESSION["user_id"])) {
            return (bool) $_SESSION["user_id"];
        }
        return false;
    }

    public function passwordHash($password, $iterations = 10)
    {
        $options = [
            'cost' => $iterations,
        ];
        return password_hash($password,PASSWORD_BCRYPT ,$options);
    }


    public function verify($password, $hash){
        return password_verify($password, $hash);
    }
    public function authorize($username, $password, $remember=false)
    {
        $query = "select id, username,password from users where
            username = :username limit 1";
        $sth = $this->db->prepare($query);


        $sth->execute(
            array(
                ":username" => $username
            )
        );
        $this->user = $sth->fetch();

        if(!$this->user){
            $this->is_authorized = false;
            return false;
        }
        if(!$this->verify($password,$this->user['password'])){
            $this->is_authorized = false;
            return false;
        }
        $this->is_authorized = true;
        $this->user_id = $this->user['id'];
        $this->saveSession($remember);
        return true;

    }

    public function logout()
    {
        if (!empty($_SESSION["user_id"])) {
            unset($_SESSION["user_id"]);
            setcookie("sid","");
        }
    }

    public function saveSession($remember = false, $http_only = true, $days = 7)
    {
        $_SESSION["user_id"] = $this->user_id;

        if ($remember) {
            // Save session id in cookies
            $sid = session_id();

            $expire = time() + $days * 24 * 3600;
            $domain = ""; // default domain
            $secure = false;
            $path = "/";

            $cookie = setcookie("sid", $sid, $expire, $path, $domain, $secure, $http_only);
        }
    }

    public function create($username, $password) {


        $query = "insert into users (username, password)
            values (:username, :password)";
        $hash = $this->passwordHash($password);
        $sth = $this->db->prepare($query);

        try {
            $this->db->beginTransaction();
            $result = $sth->execute(
                array(
                    ':username' => $username,
                    ':password' => $hash

                )
            );
            $this->db->commit();
        } catch (\PDOException $e) {
            $this->db->rollback();
            echo "Database error: " . $e->getMessage();
            die();
        }

        if (!$result) {
            $info = $sth->errorInfo();
            printf("Database error %d %s", $info[1], $info[2]);
            die();
        }

        return $result;
    }

    public function connectdb($db_name, $db_user, $db_pass, $db_host)
    {
        try {
            $this->db = new \pdo("mysql:host=$db_host;dbname=$db_name;charset=utf-8", $db_user, $db_pass);
        } catch (\pdoexception $e) {
            echo "database error: " . $e->getmessage();
            die();
        }


        return $this;
    }
}