diff --git a/Controller/UserController.php b/Controller/UserController.php index f35db59..92aaadd 100644 --- a/Controller/UserController.php +++ b/Controller/UserController.php @@ -25,6 +25,13 @@ class UserController{ "password" => "Passwort*", ]; + private $changeUserLabels = [ + 'name' => 'Vorname*', + 'lastname' => 'Nachname*', + 'email' => 'E-Mail*', + 'password' => 'Passwort*', + ]; + public function __construct($view){ $this->db = new UserModel(); $this->view = $view; @@ -173,7 +180,7 @@ class UserController{ } public function deleteAccount(){ - $userId = $_SESSION["user_id"] ?? ""; + $userId = $this->getCurrentUserId(); if($userId){ $this->db->deleteUser($userId); $this->clearUserSession(); @@ -182,13 +189,117 @@ class UserController{ } } - public function changeAccountData(){ - $userId = $_SESSION["user_id"] ?? ""; + public function changeAccountDataRedirect(){ + $userId = $this->getCurrentUserId(); if($userId){ - $this->db->changeUserData($userId); - $this->setUserSession($user); - $this->view->setDoMethodName("showUserDeleteConfirmation"); - $this->showUserDeleteConfirmation(); + $this->view->setDoMethodName("showUserChangeAccountSettings"); + $this->showUserChangeAccountSettings(); } } + + public function showUserChangeAccountSettings(){ + $userId = $this->getCurrentUserId(); + if(!$userId){ + header("Location: index.php?controller=user&do=showUserLoginForm"); + exit(); + } + + $currentUser = $this->db->getUserById($userId); + if(!$currentUser){ + throw new \Exception("User nicht gefunden"); + } + + $validData = [ + 'name' => $currentUser["name"], + 'vorname' => $currentUser["vorname"], + 'email' => $currentUser["email"], + ]; + + $this->view->setVars([ + 'labels' => $this->changeUserLabels, + 'validData' => $validData, + 'errors' => $this->errors, + 'message' => $this->message ?? null, + ]); + + $this->view->render('User/showUserChangeAccountSettings'); + } + + public function updateAccountData() + { + $userId = $this->getCurrentUserId(); + if (!$userId) { + header('Location: index.php?controller=user&do=showUserLoginForm'); + exit; + } + + $currentUser = $this->db->getUserById($userId); + if (!$currentUser) { + throw new \Exception('User nicht gefunden'); + } + + $submitted = [ + 'name' => trim($_POST['name'] ?? ''), + 'lastname' => trim($_POST['lastname'] ?? ''), + 'email' => trim($_POST['email'] ?? ''), + 'password' => trim($_POST['password'] ?? ''), + ]; + + $this->errors = []; + if (strlen($submitted['name']) < 2) { + $this->errors['name'] = 'Vorname muss mindestens 2 Zeichen haben.'; + } + if (strlen($submitted['lastname']) < 2) { + $this->errors['lastname'] = 'Nachname muss mindestens 2 Zeichen haben.'; + } + if (!filter_var($submitted['email'], FILTER_VALIDATE_EMAIL)) { + $this->errors['email'] = 'Ungültige E-Mail-Adresse.'; + } + if ($submitted['password'] !== '' && strlen($submitted['password']) < 6) { + $this->errors['password'] = 'Passwort muss mindestens 6 Zeichen haben.'; + } + + if (count($this->errors) > 0) { + $this->view->setVars([ + 'labels' => $this->changeUserLabels, + 'validData' => $submitted, + 'errors' => $this->errors, + ]); + return $this->showUserChangeAccountSettings(); + } + + $updateData = []; + foreach (['name','lastname','email'] as $field) { + if ($submitted[$field] !== $currentUser[$field]) { + $updateData[$field] = $submitted[$field]; + } + } + if ($submitted['password'] !== '') { + $salt = bin2hex(random_bytes(16)); + $hash = hash('sha256', $submitted['password'] . $salt); + $updateData['passwort'] = $hash; + $updateData['salt'] = $salt; + } + + if (empty($updateData)) { + $this->message = 'Keine Änderungen festgestellt.'; + return $this->showUserChangeAccountSettings(); + } + + $ok = $this->db->updateUserData($userId, $updateData); + + if ($ok) { + // Session‑Werte aktualisieren + $_SESSION['vorname'] = $updateData['name'] ?? $_SESSION['vorname']; + $_SESSION['name'] = $updateData['lastname'] ?? $_SESSION['name']; + $_SESSION['email'] = $updateData['email'] ?? $_SESSION['email']; + $this->message = 'Änderungen erfolgreich gespeichert.'; + } else { + $this->errors['general'] = 'Beim Speichern ist ein Fehler aufgetreten.'; + } + + return $this->showUserChangeAccountSettings(); + } + + } \ No newline at end of file diff --git a/Model/UserModel.php b/Model/UserModel.php index 8099c34..8e940ad 100644 --- a/Model/UserModel.php +++ b/Model/UserModel.php @@ -67,4 +67,39 @@ class UserModel extends Database $sth->execute(); } + public function updateUserData($id, $values){ + $pdo = $this->linkDB(); + $fields = []; + $params = [':id' => $id]; + + if(!empty($values["password"])){ + $salt = bin2hex(random_bytes(16)); + $hash = hash('sha256', $values["password"] . $salt); + $fields["password"] = "´passwort´ = :password"; + $fields["salt"] = "´salt´ = :salt"; + $params[":password"] = $hash; + $params[":salt"] = $salt; + } + + foreach (['name','vorname','email'] as $col) { + if (isset($values[$col])) { + $fields[] = "`{$col}` = :{$col}"; + $params[":{$col}"] = $values[$col]; + } + } + + $sql = "UPDATE user + SET " . implode(", ", $fields) . " + where id = :id"; + + try { + $sth = $pdo->prepare($sql); + $sth->execute($params); + } catch (PDOException $e) { + new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e); + die; + } + + } + } \ No newline at end of file diff --git a/Views/User/showUserAccountPage.phtml b/Views/User/showUserAccountPage.phtml index d75be5b..41bd45b 100644 --- a/Views/User/showUserAccountPage.phtml +++ b/Views/User/showUserAccountPage.phtml @@ -6,7 +6,7 @@
-

Hallo, +

Hallo,
Hier können Sie ihren Account verwalten. @@ -24,7 +24,7 @@
- +

diff --git a/Views/User/showUserChangeAccountSettings.phtml b/Views/User/showUserChangeAccountSettings.phtml new file mode 100644 index 0000000..2d8cf33 --- /dev/null +++ b/Views/User/showUserChangeAccountSettings.phtml @@ -0,0 +1,34 @@ + + +
+
+
+

Change Account Info

+ +
+ $label): ?> +
+ + + + + + + + + + +
+ +
+ + + + + +
+
+
+
\ No newline at end of file