// auth.php – simple login check
session_start();
$pdo = new PDO("mysql:host=localhost;dbname=asset_risk_manager", "username", "password", [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
]);

function login($username, $password) {
    global $pdo;
    $stmt = $pdo->prepare("SELECT user_id, password_hash FROM users WHERE username = ? AND is_active = 1");
    $stmt->execute([$username]);
    $user = $stmt->fetch();

    if ($user && password_verify($password, $user['password_hash'])) {
        $_SESSION['user_id'] = $user['user_id'];
        $pdo->prepare("UPDATE users SET last_login = NOW() WHERE user_id = ?")->execute([$user['user_id']]);
        return true;
    }
    return false;
}

function hasPermission($permission) {
    if (!isset($_SESSION['user_id'])) return false;
    
    global $pdo;
    $stmt = $pdo->prepare("
        SELECT COUNT(*) 
        FROM user_roles ur
        JOIN role_permissions rp ON ur.role_id = rp.role_id
        JOIN permissions p ON rp.permission_id = p.permission_id
        WHERE ur.user_id = ? AND p.permission_name = ?
    ");
    $stmt->execute([$_SESSION['user_id'], $permission]);
    return $stmt->fetchColumn() > 0;
}

// Example usage in a page
if (!hasPermission('risk.edit')) {
    die("Access denied");
}