From b7caa9be78701409c9c0cbd730b6c962ad691058 Mon Sep 17 00:00:00 2001
From: Jakob Weber <Jakob.Weber@edu.bib.de>
Date: Wed, 3 Sep 2025 10:45:29 +0200
Subject: [PATCH] Dateien nach "Backend" hochladen

---
 Backend/users.php | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 Backend/users.php

diff --git a/Backend/users.php b/Backend/users.php
new file mode 100644
index 0000000..43862ec
--- /dev/null
+++ b/Backend/users.php
@@ -0,0 +1,26 @@
+<?php
+require "db.php";
+$a = $_GET['action'] ?? '';
+$b = body();
+
+if ($a==="register") {
+  $u = trim($b["username"]??"");
+  $p = trim($b["password"]??"");
+  if ($u==""||$p=="") out(false,"username/password required",[],400);
+  $st=db()->prepare("SELECT 1 FROM users WHERE username=?");
+  $st->execute([$u]);
+  if ($st->fetch()) out(false,"exists",[],409);
+  $hash=password_hash($p,PASSWORD_DEFAULT);
+  db()->prepare("INSERT INTO users(username,pass_hash) VALUES(?,?)")->execute([$u,$hash]);
+  out(true,"registered",["user_id"=>db()->lastInsertId()]);
+}
+if ($a==="login") {
+  $u = trim($b["username"]??"");
+  $p = trim($b["password"]??"");
+  $st=db()->prepare("SELECT * FROM users WHERE username=?");
+  $st->execute([$u]);
+  $r=$st->fetch();
+  if(!$r || !password_verify($p,$r["pass_hash"])) out(false,"invalid",[],401);
+  out(true,"ok",["user_id"=>$r["user_id"],"username"=>$u]);
+}
+out(false,"unknown action",[],404);