<?php
class UserModel {
private $db;
public function __construct() {
$database = new Database();
$this->db = $database->connect();
}
public function login($usuario, $password) {
// Usar Prepared Statements para seguridad (evita SQL Injection)
$stmt = $this->db->prepare("SELECT * FROM usuarios WHERE USR = ? AND PAS = ?");
$stmt->bind_param("ss", $usuario, $password);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
return $result->fetch_assoc(); // Retorna los datos del usuario (GRADO, etc)
} else {
return false;
}
}
public function getUserGrade($usuario) {
$stmt = $this->db->prepare("SELECT GRADO FROM usuarios WHERE USR = ?");
$stmt->bind_param("s", $usuario);
$stmt->execute();
$result = $stmt->get_result();
$data = $result->fetch_assoc();
return $data['GRADO'] ?? 0;
}
}
?>