from database import get_conn

def get_device_id():
    return "SIMULATED_DEVICE_ID"  # ✅ Replace with actual device ID in production

def authenticate_user(email, password, device_id):
    conn = get_conn()
    cursor = conn.cursor()
    cursor.execute("SELECT password, device_id, role FROM users WHERE email=?", (email,))
    row = cursor.fetchone()
    if not row:
        return False, "User not found."  # ✅ Email doesn't exist
    if row[0] != password:
        return False, "Incorrect password."  # ✅ Wrong password
    if row[2] == "student":
        if row[1] and row[1] != device_id:
            return False, "Access denied: Different device."  # ✅ Device restriction check
        elif not row[1]:
            cursor.execute("UPDATE users SET device_id=? WHERE email=?", (device_id, email))
            conn.commit()  # ✅ First login, save the device
    conn.close()
    return True, "Login successful."  # ✅ Authenticated

def get_user_role(email):
    conn = get_conn()
    cursor = conn.cursor()
    cursor.execute("SELECT role FROM users WHERE email=?", (email,))
    row = cursor.fetchone()
    conn.close()  # ✅ GOOD: You added this
    return row[0] if row else None