user/models/User.

js file (const mongoose = require('mongoose');

const userSchema = new mongoose.Schema({

name: { type: String, required: true }, // ইউজারের নাম
email: { type: String, required: true, unique: true },
password: { type: String, required: true },
balance: { type: Number, default: 20 }, // শুরুতে ২০ টাকা
isBlocked: { type: Boolean, default: false } // ব্লক সিস্টেম ✅
});

module.exports = mongoose.model('User', userSchema);

user/server.js file code (const express = require('express');
const mongoose = require('mongoose');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const User = require('./models/User');
const auth = require('./middleware/auth');
const bodyParser = require('body-parser');
const cors = require('cors');
const path = require('path');

const app = express();

const PORT = 8080;
const JWT_SECRET = "mySuperSecretKey123";

mongoose.connect("mongodb+srv://
arafathrhaman0:[email protected]/", {
useNewUrlParser: true,
useUnifiedTopology: true
});

app.use(cors());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(express.json());
app.use(express.static("public"));

app.get('/', (req, res) => res.redirect('/login'));

app.get('/login', (req, res) => res.sendFile(path.join(__dirname,
'/views/login.html')));
app.get('/register', (req, res) => res.sendFile(path.join(__dirname,
'/views/register.html')));

app.get('/dashboard', (req, res) => res.sendFile(path.join(__dirname,

'/views/dashboard.html')));
app.get('/deposit', (req, res) => res.sendFile(path.join(__dirname,
'views/deposit.html')));
app.get('/withdraw', (req, res) => res.sendFile(path.join(__dirname,
'views/withdraw.html')));
app.get('/bonus', (req, res) => res.sendFile(path.join(__dirname,
'views/bonus.html')));
app.get('/team', (req, res) => res.sendFile(path.join(__dirname,
'views/team.html')));
app.get('/deposit-history', (req, res) => res.sendFile(path.join(__dirname,
'views/deposit-history.html')));
app.get('/withdraw-history', (req, res) => res.sendFile(path.join(__dirname,
'views/withdraw-history.html')));
app.get('/profile', (req, res) => res.sendFile(path.join(__dirname,
'views/profile.html')));
app.get('/api/user-info', auth, async (req, res) => {
 try {
const user = await User.findById(req.user.userId).select('name balance');
if (!user) return res.status(404).send('User not found');
res.json(user);
} catch (err) {
res.status(500).send('Server error');
}
});

app.post('/register', async (req, res) => {

const { name, email, password } = req.body;
if (!name || !email || !password) return res.status(400).send('Missing name,
email or password');

const existingUser = await User.findOne({ email });

if (existingUser) return res.status(400).send('Email already in use');

const hashedPassword = await bcrypt.hash(password, 10);

const user = new User({
name,
email,
password: hashedPassword,
balance: 20 // নতুন ইউজারকে ২০ টাকা দেওয়া হচ্ছে
});

await user.save();
res.status(201).send('User registered');
});

app.post('/login', async (req, res) => {

const { email, password } = req.body;
if (!email || !password) return res.status(400).send('Missing credentials');

const user = await User.findOne({ email });

if (!user) return res.status(400).send('Invalid email');

// 🔒 Check if user is blocked

if (user.isBlocked) {
return res.status(403).send('Your account has been blocked');
}

const isMatch = await bcrypt.compare(password, user.password);

if (!isMatch) return res.status(400).send('Wrong password');

const token = jwt.sign(

{ userId: user._id, email: user.email },
JWT_SECRET,
{ expiresIn: '1h' }
);

res.json({ token });

});

app.get('/api/protected', auth, (req, res) => {

res.send(`Hello ${req.user.email}, you accessed protected data.`);
});

app.listen(PORT, () => {
console.log(`Server running on http://localhost:${PORT}`);
});)
user/index.html (<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Auth App</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="/style.css" />
</head>
<body>
<div class="container">
<div class="form-container" id="form-box">
<h2 id="form-title">Login</h2>
<form id="authForm">
<input type="text" id="name" placeholder="Your Name"
style="display:none" /><br>
<input type="email" id="email" placeholder="Email" required /><br />
<input type="password" id="password" placeholder="Password" required
/><br />
<button type="submit" id="submitBtn">Login</button>
</form>
<p id="message" style="font-weight:bold; margin-top:10px;"></p>
<p id="toggleText">
Don't have an account?
<a href="#" onclick="toggleForm()">Register</a>
</p>
</div>
</div>

<script>
let isLogin = true;

function toggleForm() {
isLogin = !isLogin;
document.getElementById('form-title').innerText = isLogin ? 'Login' :
'Register';
document.getElementById('submitBtn').innerText = isLogin ? 'Login' :
'Register';
document.getElementById('message').innerText = '';
document.getElementById('name').style.display = isLogin ? 'none' : 'block';
document.getElementById('toggleText').innerHTML = isLogin
? `Don't have an account? <a href="#" onclick="toggleForm()">Register</a>`
: `Already have an account? <a href="#" onclick="toggleForm()">Login</a>`;
}

document.getElementById('authForm').onsubmit = async function (e) {

e.preventDefault();
const messageEl = document.getElementById('message');
messageEl.innerText = '';

const route = isLogin ? '/login' : '/register';

const bodyData = {
email: document.getElementById('email').value,
password: document.getElementById('password').value
};
if (!isLogin) {
bodyData.name = document.getElementById('name').value;
}
 try {
const res = await fetch(route, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(bodyData)
});

const text = await res.text();

if (res.ok) {
messageEl.style.color = 'green';

if (isLogin) {
try {
const data = JSON.parse(text);
if (data.token) {
localStorage.setItem('token', data.token);
messageEl.innerText = 'Login successful! Redirecting...';
setTimeout(() => window.location.href = '/dashboard', 1000);
} else {
messageEl.innerText = 'Login success, but no token received.';
}
} catch {
messageEl.innerText = 'Login successful.';
}
} else {
messageEl.innerText = 'Registration successful! You can now login.';
}
} else {
messageEl.style.color = 'red';
messageEl.innerText = text || 'Something went wrong.';
}
} catch (err) {
messageEl.style.color = 'red';
messageEl.innerText = 'Network error. Please try again.';
}
};
</script>
</body>
</html>)
admin/routes/users.js (// routes/users.js
const express = require('express');
const router = express.Router();
const User = require('../models/User');

// Get all users

router.get('/', async (req, res) => {
try {
const users = await User.find();
res.json(users);
} catch (err) {
res.status(500).json({ message: 'Server error' });
}
});

// Block user
router.put('/block/:id', async (req, res) => {
try {
await User.findByIdAndUpdate(req.params.id, { blocked: true });
 res.json({ message: 'User blocked' });
} catch (err) {
res.status(500).json({ message: 'Error blocking user' });
}
});

// Unblock user
router.put('/unblock/:id', async (req, res) => {
try {
await User.findByIdAndUpdate(req.params.id, { blocked: false });
res.json({ message: 'User unblocked' });
} catch (err) {
res.status(500).json({ message: 'Error unblocking user' });
}
});

// Delete user
router.delete('/delete/:id', async (req, res) => {
try {
await User.findByIdAndDelete(req.params.id);
res.json({ message: 'User deleted' });
} catch (err) {
res.status(500).json({ message: 'Error deleting user' });
}
});

router.post('/block-user/:id', async (req, res) => {

await User.findByIdAndUpdate(req.params.id, { isBlocked: true });
res.status(200).json({ message: 'User blocked successfully' });
});

module.exports = router;)