From 449dd10302a27a690b127a60b54de9793b53c22f Mon Sep 17 00:00:00 2001
From: pbbfa23abi <karol.bielski@edu.bib.de>
Date: Wed, 9 Jul 2025 11:11:30 +0200
Subject: [PATCH 1/6] AdminForm in UserAccountPage gemergt

---
 Controller/AdminController.php                | 66 ---------------
 Controller/UserController.php                 | 43 +++++++++-
 Model/AdminModel.php                          | 81 -------------------
 Model/UserModel.php                           | 72 +++++++++++++++++
 Views/{Admin => User}/showAdminForm.phtml     | 18 ++---
 .../showNewKursConfirmation.phtml}            |  0
 Views/User/showUserAccountPage.phtml          | 10 ++-
 Views/header.phtml                            |  9 ---
 8 files changed, 129 insertions(+), 170 deletions(-)
 delete mode 100644 Controller/AdminController.php
 delete mode 100644 Model/AdminModel.php
 rename Views/{Admin => User}/showAdminForm.phtml (90%)
 rename Views/{Admin/showConfirmation.phtml => User/showNewKursConfirmation.phtml} (100%)

diff --git a/Controller/AdminController.php b/Controller/AdminController.php
deleted file mode 100644
index aeb17f4..0000000
--- a/Controller/AdminController.php
+++ /dev/null
@@ -1,66 +0,0 @@
-<?php
-	
-namespace Blog\Controller;
-
-use Blog\Model\AdminModel;
-
-class AdminController
-{
-    protected $view;
-    private $db;
-    private $validData = array();
-    private $errors = array();
-    private $labels = array(
-    "name" => "Name*", 
-    "preis" => "€ Preis*",  
-    "dauer" => "Dauer* (Stunden)",
-    "rabatt" => "Rabatt", 
-    "kategorie" => "Kategorie",
-    "|" => "", 
-    "stadt" => "Stadt*", 
-    "strasse" => "Straße und Nummer*", 
-    "plz" => "PLZ*",
-    "|" => "",
-    "beschreibung" => "Beschreibung");	
-    
-    
-    public function __construct($view) 
-    {
-        $this->db = new AdminModel();
-        $this->view = $view;
-    }
-     
-    public function showAdminForm()
-    {
-        $this->view->setVars([
-            'labels' => $this->labels,
-            'validData' => $this->validData,
-            'errors' => $this->errors
-        ]);
-    }
-
-    public function showConfirmation()
-    {
-
-    }
-
-    public function validateForm(){
-        foreach ($this->labels as $index => $value) {
-            if (strpos($value, "*") !== false && (!isset($_POST[$index]) || empty($_POST[$index]))) {
-                $this->errors[$index] = "Bitte " . $value . " eingeben";
-            } else {
-                $this->validData[$index] = $_POST[$index] === '' ? null : $_POST[$index];
-            }       
-        }
-        if (count($this->errors) > 0) {
-            $this->view->setDoMethodName("showAdminForm");
-            $this->showAdminForm();
-        } else {
-            if ($this->db->writeNewCourse($this->validData, $_SESSION["user_id"])) {
-                $this->view->setDoMethodName("showConfirmation");
-                $this->showConfirmation();
-            }
-        }
-    }
-}
-?>
\ No newline at end of file
diff --git a/Controller/UserController.php b/Controller/UserController.php
index 92aaadd..b0d5004 100644
--- a/Controller/UserController.php
+++ b/Controller/UserController.php
@@ -32,6 +32,21 @@ class UserController{
         'password' => 'Passwort*',
     ];
 
+    private $kursValidData = array();
+    private $kursErrors = array();
+    private $kursLabels = array(
+    "name" => "Name*", 
+    "preis" => "€ Preis*",  
+    "dauer" => "Dauer* (Stunden)",
+    "rabatt" => "Rabatt", 
+    "kategorie" => "Kategorie",
+    "1" => "|", 
+    "stadt" => "Stadt*", 
+    "strasse" => "Straße und Nummer*", 
+    "plz" => "PLZ*",
+    "2" => "|",
+    "beschreibung" => "Beschreibung");	
+
     public function __construct($view){
         $this->db = new UserModel();
         $this->view = $view;
@@ -99,6 +114,28 @@ class UserController{
         }
     }
 
+    public function validateKursForm(){
+        foreach ($this->kursLabels as $index => $value) {
+            if($value === "|") continue;
+            if (strpos($value, "*") !== false && (!isset($_POST[$index]) || empty($_POST[$index]))) {
+                $this->kursErrors[$index] = "Bitte " . $value . " eingeben";
+            } else {
+                $this->kursValidData[$index] = $_POST[$index] === '' ? null : $_POST[$index];
+            }       
+        }
+        if (count($this->errors) > 0) {
+            $this->view->setDoMethodName("showUserAccountPage");
+            $this->showUserAccountPage();
+        } else {
+            if ($this->db->writeNewCourse($this->kursValidData, $_SESSION["user_id"])) {
+                $this->view->setDoMethodName("showNewKursConfirmation");
+                $this->showConfirmation();
+            }
+        }
+    }
+
+    public function showConfirmation(){}
+
     public function showUserLoginConfirmation(){
         $userId = $this->getCurrentUserId();
         $user = null;
@@ -172,7 +209,11 @@ class UserController{
     }
 
     public function showUserAccountPage (){
-        
+        $this->view->setVars([
+            'labels' => $this->kursLabels,
+            'errors' => $this->kursErrors,
+            'validData' => $this->kursValidData
+        ]);
     }
 
     public function showUserDeleteConfirmation(){
diff --git a/Model/AdminModel.php b/Model/AdminModel.php
deleted file mode 100644
index 98b771d..0000000
--- a/Model/AdminModel.php
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php
-
-namespace Blog\Model;
-
-use PDOException;
-
-class AdminModel extends Database
-{
-    private function writeNewAddress($values) {
-        $guid = $this->createUUID();
-
-        $sql = "INSERT INTO ort (`id`, `stadt`, `strasse`, `plz`) VALUES (
-            :guid, :stadt, :strasse, :plz);";
-
-        $pdo = $this->linkDB();
-
-        try {
-            $sth = $pdo->prepare($sql);
-            $sth->execute(array(":guid" => $guid,
-                ":stadt" => $values["stadt"],
-                ":strasse" => $values["strasse"],
-                ":plz" => $values["plz"],
-            ));
-            return $guid;
-        } catch (PDOException $e) {
-            new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); 
-            die;
-        }
-    }
-
-    public function writeNewCourse($values, $kursleiterId)
-    {
-        // Bleibt übrig wenn Adresse erstellt wird aber Kurs nicht weil Error
-        $addressId = $this->writeNewAddress($values);
-
-        $guid = $this->createUUID();
-
-        $sql = "INSERT INTO kurs (`id`, `name`, `preis`, `dauer`, `rabatt`, `kategorie`, `beschreibung`, `kurseleiter`, `ort_id`) VALUES (
-            :guid, :name, :preis, :dauer, :rabatt, :kategorie, :beschreibung, :kurseleiter, :ort_id);";
-
-        $pdo = $this->linkDB();
-
-        try {
-            $sth = $pdo->prepare($sql);
-            $sth->execute(array(":guid" => $guid,
-                ":name" => $values["name"],
-                ":preis" => $values["preis"],
-                ":dauer" => $values["dauer"],
-                ":rabatt" => $values["rabatt"],
-                ":kategorie" => $values["kategorie"],
-                ":beschreibung" => $values["beschreibung"],
-                ":kurseleiter" => $kursleiterId,
-                "ort_id" => $addressId
-            ));
-        } catch (PDOException $e) {
-            new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); 
-            die;
-        }
-                
-        return true;
-    }
-
-    public function getMyCourses() {
-        $sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, o.stadt, o.strasse, o.plz, b.note, b.kommentar
-                FROM kurs AS k
-                JOIN ort AS o ON o.id = k.ort_id
-                LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
-                ORDER BY k.name;";
-
-        $pdo = $this->linkDB();
-
-        try {
-            $sth = $pdo->prepare($sql);
-            $sth->execute();
-            return $sth->fetchAll(\PDO::FETCH_ASSOC);
-        } catch (PDOException $e) {
-            new \Blog\Library\ErrorMsg("Fehler beim Lesen der Daten.", $e); 
-            die;
-        }
-    }
-}
\ No newline at end of file
diff --git a/Model/UserModel.php b/Model/UserModel.php
index 8e940ad..4dd93a7 100644
--- a/Model/UserModel.php
+++ b/Model/UserModel.php
@@ -102,4 +102,76 @@ class UserModel extends Database
 
     }
 
+    private function writeNewAddress($values) {
+        $guid = $this->createUUID();
+
+        $sql = "INSERT INTO ort (`id`, `stadt`, `strasse`, `plz`) VALUES (
+            :guid, :stadt, :strasse, :plz);";
+
+        $pdo = $this->linkDB();
+
+        try {
+            $sth = $pdo->prepare($sql);
+            $sth->execute(array(":guid" => $guid,
+                ":stadt" => $values["stadt"],
+                ":strasse" => $values["strasse"],
+                ":plz" => $values["plz"],
+            ));
+            return $guid;
+        } catch (PDOException $e) {
+            new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); 
+            die;
+        }
+    }
+
+    public function writeNewCourse($values, $kursleiterId)
+    {
+        // Bleibt übrig wenn Adresse erstellt wird aber Kurs nicht weil Error
+        $addressId = $this->writeNewAddress($values);
+
+        $guid = $this->createUUID();
+
+        $sql = "INSERT INTO kurs (`id`, `name`, `preis`, `dauer`, `rabatt`, `kategorie`, `beschreibung`, `kurseleiter`, `ort_id`) VALUES (
+            :guid, :name, :preis, :dauer, :rabatt, :kategorie, :beschreibung, :kurseleiter, :ort_id);";
+
+        $pdo = $this->linkDB();
+
+        try {
+            $sth = $pdo->prepare($sql);
+            $sth->execute(array(":guid" => $guid,
+                ":name" => $values["name"],
+                ":preis" => $values["preis"],
+                ":dauer" => $values["dauer"],
+                ":rabatt" => $values["rabatt"],
+                ":kategorie" => $values["kategorie"],
+                ":beschreibung" => $values["beschreibung"],
+                ":kurseleiter" => $kursleiterId,
+                "ort_id" => $addressId
+            ));
+        } catch (PDOException $e) {
+            new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); 
+            die;
+        }
+                
+        return true;
+    }
+
+    public function getMyCourses() {
+        $sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, o.stadt, o.strasse, o.plz, b.note, b.kommentar
+                FROM kurs AS k
+                JOIN ort AS o ON o.id = k.ort_id
+                LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
+                ORDER BY k.name;";
+
+        $pdo = $this->linkDB();
+
+        try {
+            $sth = $pdo->prepare($sql);
+            $sth->execute();
+            return $sth->fetchAll(\PDO::FETCH_ASSOC);
+        } catch (PDOException $e) {
+            new \Blog\Library\ErrorMsg("Fehler beim Lesen der Daten.", $e); 
+            die;
+        }
+    }
 }
\ No newline at end of file
diff --git a/Views/Admin/showAdminForm.phtml b/Views/User/showAdminForm.phtml
similarity index 90%
rename from Views/Admin/showAdminForm.phtml
rename to Views/User/showAdminForm.phtml
index 138f254..4929a03 100644
--- a/Views/Admin/showAdminForm.phtml
+++ b/Views/User/showAdminForm.phtml
@@ -1,7 +1,3 @@
-<?php
-include dirname(__DIR__).'/header.phtml';
-?>    
-
 <h2>Neuer Kurs</h2>
 <form method="post">
 <?php
@@ -30,25 +26,25 @@ function createInputField($label, $name, $errors, $validData, $type = 'input') {
 }
     echo '<div style="margin-top: 32px;" class="form-grid-3">';
     foreach ($labels as $name => $label) {
-        if($name === "|") {
+        if($label === "|") {
             echo '</div>';
             echo '<div style="margin-top: 32px;" class="form-grid-3">';
         } else {
             echo createInputField($label, $name, $errors, $validData, $type = $name === 'beschreibung' ? 'textarea' : 'input');
         }
-    }
+    }   
     echo '</div>';
 ?>
-    <input type="hidden" name="controller" value="admin">       
-    <input type="hidden" name="do" value="validateForm">
+    <input type="hidden" name="controller" value="user">       
+    <input type="hidden" name="do" value="validateKursForm">
     <div class="form-grid-3" style="margin-top: 16px;">
         <input style="grid-column: 3;" type="submit" name="submit" value="Absenden">
     </div>
 </form>
 
 <?php
-$adminModel = new \Blog\Model\AdminModel();
-$courses = $adminModel->getMyCourses();
+$userModel = new \Blog\Model\UserModel();
+$courses = $userModel->getMyCourses();
 $doc = new DOMDocument('1.0', 'UTF-8');
 
 if (!empty($courses)) {
@@ -95,5 +91,3 @@ if (!empty($courses)) {
     echo '<p>Keine Kurse gefunden.</p>';
 }
 ?>
-
-<?php include dirname(__DIR__).'/footer.phtml'; ?>
\ No newline at end of file
diff --git a/Views/Admin/showConfirmation.phtml b/Views/User/showNewKursConfirmation.phtml
similarity index 100%
rename from Views/Admin/showConfirmation.phtml
rename to Views/User/showNewKursConfirmation.phtml
diff --git a/Views/User/showUserAccountPage.phtml b/Views/User/showUserAccountPage.phtml
index 41bd45b..cacb05b 100644
--- a/Views/User/showUserAccountPage.phtml
+++ b/Views/User/showUserAccountPage.phtml
@@ -30,5 +30,13 @@
                 </div>
             </div>
         </div>
+        <?php
+            if(isset($_SESSION["user_id"]) && $_SESSION["user_id"] != null) {
+                include dirname(__DIR__).'/User/showAdminForm.phtml';
+            }
+        ?>
     </div>
-</article>
\ No newline at end of file
+</article>
+
+
+<?php include dirname(__DIR__).'/footer.phtml'; ?>
\ No newline at end of file
diff --git a/Views/header.phtml b/Views/header.phtml
index 0b8a8aa..4ef8ad2 100644
--- a/Views/header.phtml
+++ b/Views/header.phtml
@@ -20,21 +20,12 @@
             <div style="column-gap: 8px;" class="d-flex-between">
                 <div style="column-gap: 8px;" class="d-flex-between">
                     <?php if (isset($_SESSION['user_id']) && $_SESSION['user_id'] !== null): ?>
-                        <?php if($_SESSION['user_role'] == 'leiter'): ?>
-                        <a style="column-gap: 16px;" class="btn" href="?controller=Admin&do=showAdminForm">
-                            <?php echo ($_SESSION['vorname'] ?? "") . " " . ($_SESSION['name'] ?? "") . ", " . ($_SESSION['user_role']) ?>
-                            <span class="btn btn-user">
-                                <span class="material-icons">person</span>
-                            </span>
-                        </a>
-                        <?php else: ?>
                         <a style="column-gap: 16px;" class="btn" href="?controller=User&do=showUserAccountPage">
                             <?php echo ($_SESSION['vorname'] ?? "") . " " . ($_SESSION['name'] ?? "") . ", " . ($_SESSION['user_role']) ?>
                             <span class="btn btn-user">
                                 <span class="material-icons">person</span>
                             </span>
                         </a>
-                        <?php endif; ?>
                     <?php else: ?>
                         <a class="btn" href="?controller=User&do=showUserLoginForm">Anmeldung</a>
                         <a class="btn btn-primary" href="?controller=User&do=showUserRegisterForm">Registration</a>

From 3d0fcc42c4c6f8f00034469acbf95abd25e67b60 Mon Sep 17 00:00:00 2001
From: Illia Hromovoi <illia.hromovoi@edu.bib.de>
Date: Wed, 9 Jul 2025 11:12:30 +0200
Subject: [PATCH 2/6] weiter mit change user data

---
 Controller/UserController.php                 | 51 ++++++++++++-------
 .../User/showUserChangeAccountSettings.phtml  |  4 +-
 2 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/Controller/UserController.php b/Controller/UserController.php
index 92aaadd..4d1cfdf 100644
--- a/Controller/UserController.php
+++ b/Controller/UserController.php
@@ -26,8 +26,8 @@ class UserController{
     ];
 
     private $changeUserLabels = [
-        'name'     => 'Vorname*',
-        'lastname' => 'Nachname*',
+        'vorname'  => 'Vorname*',
+        'name'     => 'Nachname*',
         'email'    => 'E-Mail*',
         'password' => 'Passwort*',
     ];
@@ -210,19 +210,19 @@ class UserController{
         }
 
         $validData = [
+             'vorname' => $currentUser["vorname"],
             'name' => $currentUser["name"],
-            'vorname' => $currentUser["vorname"],
             'email' => $currentUser["email"],
         ];
 
         $this->view->setVars([
-            'labels'    => $this->changeUserLabels,
-            'validData' => $validData,
-            'errors'    => $this->errors,
-            'message'   => $this->message ?? null,
+            'changeUserLabels'    => $this->changeUserLabels,
+            'validData'           => $validData,
+            'errors'              => $this->errors,
         ]);
 
-        $this->view->render('User/showUserChangeAccountSettings');
+        //$this->view->render('User/showUserChangeAccountSettings');
+        return; 
     }
 
     public function updateAccountData()
@@ -259,46 +259,59 @@ class UserController{
             $this->errors['password'] = 'Passwort muss mindestens 6 Zeichen haben.';
         }
 
+
         if (count($this->errors) > 0) {
             $this->view->setVars([
                 'labels'    => $this->changeUserLabels,
                 'validData' => $submitted,
                 'errors'    => $this->errors,
             ]);
-            return $this->showUserChangeAccountSettings();
+             return; 
+             $this->view->render('User/showUserChangeAccountSettings');
         }
 
         $updateData = [];
-        foreach (['name','lastname','email'] as $field) {
-            if ($submitted[$field] !== $currentUser[$field]) {
-                $updateData[$field] = $submitted[$field];
-            }
+        if ($submitted['name'] !== $currentUser['firstname']) {
+        $updateData['firstname'] = $submitted['name'];  // PHP name = DB firstname
         }
+        if ($submitted['lastname'] !== $currentUser['name']) {
+            $updateData['name'] = $submitted['lastname'];   // PHP lastname = DB name
+        }
+        if ($submitted['email'] !== $currentUser['email']) {
+            $updateData['email'] = $submitted['email'];
+        }
+
+        
         if ($submitted['password'] !== '') {
-            $salt               = bin2hex(random_bytes(16));
-            $hash               = hash('sha256', $submitted['password'] . $salt);
+            $salt = bin2hex(random_bytes(16));
+            $hash = hash('sha256', $submitted['password'] . $salt);
             $updateData['passwort'] = $hash;
-            $updateData['salt']     = $salt;
+            $updateData['salt'] = $salt;
         }
 
         if (empty($updateData)) {
             $this->message = 'Keine Änderungen festgestellt.';
-            return $this->showUserChangeAccountSettings();
+             $this->view->render('User/showUserChangeAccountSettings');
+            return; 
         }
 
         $ok = $this->db->updateUserData($userId, $updateData);
 
         if ($ok) {
-            // Session‑Werte aktualisieren
             $_SESSION['vorname'] = $updateData['name']     ?? $_SESSION['vorname'];
             $_SESSION['name']    = $updateData['lastname'] ?? $_SESSION['name'];
             $_SESSION['email']   = $updateData['email']    ?? $_SESSION['email'];
             $this->message       = 'Änderungen erfolgreich gespeichert.';
+
+             header("Location: index.php?controller=user&do=showUserAccountPage");
+            exit();
         } else {
             $this->errors['general'] = 'Beim Speichern ist ein Fehler aufgetreten.';
+            return;
         }
 
-        return $this->showUserChangeAccountSettings();
+        $this->view->render('User/showUserAccountPage');
+        return; 
     }
 
 
diff --git a/Views/User/showUserChangeAccountSettings.phtml b/Views/User/showUserChangeAccountSettings.phtml
index 2d8cf33..aa22ca6 100644
--- a/Views/User/showUserChangeAccountSettings.phtml
+++ b/Views/User/showUserChangeAccountSettings.phtml
@@ -14,9 +14,9 @@ include dirname(__DIR__).'/header.phtml';
                         <?php if ($key === 'password'): ?>
                             <input type="password" name="<?= $key ?>" id="reg_<?= $key ?>">
                         <?php elseif($key === 'email'): ?>
-                            <input type="email" name="<?= $key ?>" id="reg_<?= $key ?>">
+                            <input type="email" name="<?= $key ?>" id="reg_<?= $key ?>" value="<?= htmlspecialchars($validData[$key] ?? '') ?>">
                         <?php else: ?>
-                            <input type="text" name="<?= $key ?>" id="reg_<?= $key ?>" value="<?= htmlspecialchars($validData[$key] ?? '') ?>">
+                            <input type="text" name="<?= $key ?>" id="reg_<?= $key ?>" value="<?= htmlspecialchars($validData[$key] ?? $_SESSION['vorname']) ?>">
                         <?php endif; ?>
 
                         <?php if (!empty($errors[$key])): ?>

From 3964f90a3098143386ebf97d6a89da4a5e8951f4 Mon Sep 17 00:00:00 2001
From: illia Hromovoi <illia.hromovoi@edu.bib.de>
Date: Thu, 10 Jul 2025 10:20:36 +0200
Subject: [PATCH 3/6] =?UTF-8?q?user=20change=20info=20+=20add=20hovers=20f?=
 =?UTF-8?q?=C3=BCr=20buttons?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CSS/Element/button.css               | 26 +++++++++++++
 CSS/Element/sidebar.css              | 32 +++++++++++++++
 CSS/style.css                        |  5 +++
 CSS/variables.css                    |  8 +++-
 Controller/UserController.php        | 43 ++++++++++++++-------
 Views/User/showUserAccountPage.phtml | 58 +++++++++++++++++-----------
 6 files changed, 134 insertions(+), 38 deletions(-)
 create mode 100644 CSS/Element/sidebar.css

diff --git a/CSS/Element/button.css b/CSS/Element/button.css
index 9f9edea..eed5813 100644
--- a/CSS/Element/button.css
+++ b/CSS/Element/button.css
@@ -56,3 +56,29 @@
 .btn-logout{
   background-color: red;
 }
+
+.btn-userchange{
+  background-color: var(--brand-white);
+  color: var(--brand-background);
+}
+
+/* Hovers */
+.btn-primary:hover {
+  background-color: var(--brand-primary-hover);
+}
+
+.btn-secondary:hover {
+  background-color: var(--bg-muted-hover);
+}
+
+.btn-accent:hover {
+  background-color: var(--fullblock-hover);
+}
+
+.btn-danger:hover {
+  background-color: var(--error-hover);
+}
+
+.btn-userchange:hover, .btn-logout:hover{
+  opacity: 0.95;
+}
diff --git a/CSS/Element/sidebar.css b/CSS/Element/sidebar.css
new file mode 100644
index 0000000..e20a2dc
--- /dev/null
+++ b/CSS/Element/sidebar.css
@@ -0,0 +1,32 @@
+.sidebar {
+    width: 200px;
+    background-color: transparent;
+    height: 100%;
+}
+
+.sidebar nav ul {
+    margin: 0;
+    padding: 0;
+}
+
+.sidebar nav ul li {
+    margin-bottom: 0.5rem;
+    list-style: none;
+}
+
+.sidebar nav ul li a {
+    text-decoration: none;
+    color: #333;
+    display: block;
+    padding: 0.5rem;
+    border-radius: 4px;
+}
+
+.sidebar nav ul li a:hover {
+    background-color: #e2e6ea;
+}
+
+.sidebar button{
+    width: 100%;
+    padding: 10px 10px;
+}
diff --git a/CSS/style.css b/CSS/style.css
index 367bdb9..106edd8 100644
--- a/CSS/style.css
+++ b/CSS/style.css
@@ -6,6 +6,7 @@
 @import url(Element/form.css);
 @import url(Element/button.css);
 @import url(Element/card.css);
+@import url(Element/sidebar.css);
 
 *,
 *:before,
@@ -37,6 +38,10 @@ h2 {
   color: orange;
 }
 
+*, button, a {
+  transition: background-color 0.2s, color 0.2s;
+}
+
 main {
   margin-top: 190px;
 }
diff --git a/CSS/variables.css b/CSS/variables.css
index 080a92e..b85371f 100644
--- a/CSS/variables.css
+++ b/CSS/variables.css
@@ -8,7 +8,6 @@
     --input-placeholder: #998E82;
     --error: #FF0000;
 
-
     /*Fonts*/
     --font-family-main: "Inter", sans-serif;
     --font-family-headline: "Source Serif 4", serif;
@@ -24,4 +23,11 @@
 
     --h-md: 48px;
     --border-primary: 1px solid #998E82;
+
+    /* Hover Variants */
+    --brand-primary-hover:       #FF9E33;
+    --brand-background-hover:    #2A231F;
+    --bg-muted-hover:            #6A6A6A;
+    --fullblock-hover:           #00008B;
+    --error-hover:               #CC0000;
 }
\ No newline at end of file
diff --git a/Controller/UserController.php b/Controller/UserController.php
index 7be2598..5837577 100644
--- a/Controller/UserController.php
+++ b/Controller/UserController.php
@@ -280,18 +280,18 @@ class UserController{
         }
 
         $submitted = [
+            'vorname'  => trim($_POST['vorname']  ?? ''),
             'name'     => trim($_POST['name']     ?? ''),
-            'lastname' => trim($_POST['lastname'] ?? ''),
             'email'    => trim($_POST['email']    ?? ''),
             'password' => trim($_POST['password'] ?? ''),
         ];
 
         $this->errors = [];
-        if (strlen($submitted['name']) < 2) {
-            $this->errors['name'] = 'Vorname muss mindestens 2 Zeichen haben.';
+        if (strlen($submitted['vorname']) < 2) {
+            $this->errors['vorname'] = 'Vorname muss mindestens 2 Zeichen haben.';
         }
-        if (strlen($submitted['lastname']) < 2) {
-            $this->errors['lastname'] = 'Nachname muss mindestens 2 Zeichen haben.';
+        if (strlen($submitted['name']) < 2) {
+            $this->errors['name'] = 'Nachname muss mindestens 2 Zeichen haben.';
         }
         if (!filter_var($submitted['email'], FILTER_VALIDATE_EMAIL)) {
             $this->errors['email'] = 'Ungültige E-Mail-Adresse.';
@@ -303,24 +303,31 @@ class UserController{
 
         if (count($this->errors) > 0) {
             $this->view->setVars([
-                'labels'    => $this->changeUserLabels,
-                'validData' => $submitted,
-                'errors'    => $this->errors,
+                'changeUserLabels' => $this->changeUserLabels,
+                'validData'        => $submitted,
+                'errors'           => $this->errors,
             ]);
-             return; 
              $this->view->render('User/showUserChangeAccountSettings');
+            return;
         }
 
         $updateData = [];
-        if ($submitted['name'] !== $currentUser['firstname']) {
-        $updateData['firstname'] = $submitted['name'];  // PHP name = DB firstname
+        if ($submitted['vorname'] !== $currentUser['vorname']) {
+            $updateData['vorname'] = $submitted['vorname'];
         }
-        if ($submitted['lastname'] !== $currentUser['name']) {
-            $updateData['name'] = $submitted['lastname'];   // PHP lastname = DB name
+        if ($submitted['name'] !== $currentUser['name']) {
+            $updateData['name'] = $submitted['name'];
         }
         if ($submitted['email'] !== $currentUser['email']) {
             $updateData['email'] = $submitted['email'];
         }
+        if ($submitted['password'] !== '') {
+            // Passwort und Salt auf neu setzen
+            $salt = bin2hex(random_bytes(16));
+            $hash = hash('sha256', $submitted['password'] . $salt);
+            $updateData['passwort'] = $hash;
+            $updateData['salt']     = $salt;
+        }
 
         
         if ($submitted['password'] !== '') {
@@ -344,15 +351,21 @@ class UserController{
             $_SESSION['email']   = $updateData['email']    ?? $_SESSION['email'];
             $this->message       = 'Änderungen erfolgreich gespeichert.';
 
+            echo "ok";
+
              header("Location: index.php?controller=user&do=showUserAccountPage");
             exit();
         } else {
             $this->errors['general'] = 'Beim Speichern ist ein Fehler aufgetreten.';
+            $this->view->setVars([
+                'changeUserLabels' => $this->changeUserLabels,
+                'validData'        => $submitted,
+                'errors'           => $this->errors,
+            ]);
+            $this->view->setDoMethodName('showUserChangeAccountSettings');
             return;
         }
 
-        $this->view->render('User/showUserAccountPage');
-        return; 
     }
 
 
diff --git a/Views/User/showUserAccountPage.phtml b/Views/User/showUserAccountPage.phtml
index cacb05b..3b0e0ef 100644
--- a/Views/User/showUserAccountPage.phtml
+++ b/Views/User/showUserAccountPage.phtml
@@ -6,28 +6,42 @@
     <div class="container">
         <div class="row">
             <div class="col-12">
-                <h1>Hallo,
-                    <?php echo ($_SESSION['vorname'] ?? "") . " " . ($_SESSION['name'] ?? "") ?>
-                    </br>
-                    Hier können Sie ihren Account verwalten.
-                </h1>
-                <div class="row">   
-                    <form method="post">
-                        <input type="hidden" name="controller" value="user">
-                        <input type="hidden" name="do" value="logout">
-                        <button type="submit" class="btn btn-logout">Ausloggen</button>
-                    </form>
-                    <form method="post">
-                        <input type="hidden" name="controller" value="user">
-                        <input type="hidden" name="do" value="deleteAccount">
-                        <button type="submit" class="btn btn-logout">Meinen Account löschen</button>
-                    </form>
-                    <form method="post">
-                        <input type="hidden" name="controller" value="user">
-                        <input type="hidden" name="do" value="changeAccountDataRedirect">
-                        <button type="submit" class="btn btn-logout">Meine Kontodaten ändern</button>
-                    </form>
-                </div>
+               <div class="row">
+                   <div class="col-8">
+                       <h1>Hallo,
+                           <?php echo ($_SESSION['vorname'] ?? "") . " " . ($_SESSION['name'] ?? "") ?>
+                           </br>
+                           Hier können Sie ihren Account verwalten.
+                       </h1>
+                   </div>
+                   <div class="col-4 sidebar">
+                       <nav>
+                           <ul>
+                               <li>
+                                   <form method="post">
+                                       <input type="hidden" name="controller" value="user">
+                                       <input type="hidden" name="do" value="logout">
+                                       <button type="submit" class="btn btn-primary">Ausloggen</button>
+                                   </form>
+                               </li>
+                               <li>
+                                   <form method="post">
+                                       <input type="hidden" name="controller" value="user">
+                                       <input type="hidden" name="do" value="changeAccountDataRedirect">
+                                       <button type="submit" class="btn btn-userchange">Meine Kontodaten ändern</button>
+                                   </form>
+                               </li>
+                               <li>
+                                   <form method="post">
+                                       <input type="hidden" name="controller" value="user">
+                                       <input type="hidden" name="do" value="deleteAccount">
+                                       <button type="submit" class="btn btn-logout">Meinen Account löschen</button>
+                                   </form>
+                               </li>
+                           </ul>
+                       </nav>
+                   </div>
+               </div>
             </div>
         </div>
         <?php

From 6fd7b8d918d197f468e49e8a8158995bddbfa4ad Mon Sep 17 00:00:00 2001
From: pbbfa23abi <karol.bielski@edu.bib.de>
Date: Wed, 9 Jul 2025 11:15:31 +0200
Subject: [PATCH 4/6] user_role check im admin view

---
 Views/User/showUserAccountPage.phtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Views/User/showUserAccountPage.phtml b/Views/User/showUserAccountPage.phtml
index 3b0e0ef..e5cad1c 100644
--- a/Views/User/showUserAccountPage.phtml
+++ b/Views/User/showUserAccountPage.phtml
@@ -45,7 +45,7 @@
             </div>
         </div>
         <?php
-            if(isset($_SESSION["user_id"]) && $_SESSION["user_id"] != null) {
+            if(isset($_SESSION["user_id"]) && $_SESSION["user_id"] != null && $_SESSION["user_role"] == "leiter") {
                 include dirname(__DIR__).'/User/showAdminForm.phtml';
             }
         ?>

From af6f6238ae48ebed5befe00ed8ffe37d7fc6ef95 Mon Sep 17 00:00:00 2001
From: pbbfa23abi <karol.bielski@edu.bib.de>
Date: Thu, 10 Jul 2025 10:57:30 +0200
Subject: [PATCH 5/6] kurs bearbeiten

---
 Controller/UserController.php               | 20 ++++++
 Model/UserModel.php                         | 72 ++++++++++++++++++++-
 Views/User/showAdminForm.phtml              | 37 +++++++++--
 Views/User/showKursEditedConfirmation.phtml | 12 ++++
 Views/User/showNewKursConfirmation.phtml    |  2 +-
 5 files changed, 134 insertions(+), 9 deletions(-)
 create mode 100644 Views/User/showKursEditedConfirmation.phtml

diff --git a/Controller/UserController.php b/Controller/UserController.php
index 5837577..aff9823 100644
--- a/Controller/UserController.php
+++ b/Controller/UserController.php
@@ -134,6 +134,26 @@ class UserController{
         }
     }
 
+    public function validateEditKursForm(){
+        foreach ($this->kursLabels as $index => $value) {
+            if($value === "|") continue;
+            if (strpos($value, "*") !== false && (!isset($_POST[$index]) || empty($_POST[$index]))) {
+                $this->kursErrors[$index] = "Bitte " . $value . " eingeben";
+            } else {
+                $this->kursValidData[$index] = $_POST[$index] === '' ? null : $_POST[$index];
+            }       
+        }
+        if (count($this->errors) > 0) {
+            $this->view->setDoMethodName("showUserAccountPage");
+            $this->showUserAccountPage();
+        } else {
+            if ($this->db->writeNewCourse($this->kursValidData, $_SESSION["user_id"])) {
+                $this->view->setDoMethodName("showKursEditedConfirmation");
+                $this->showConfirmation();
+            }
+        }
+    }
+
     public function showConfirmation(){}
 
     public function showUserLoginConfirmation(){
diff --git a/Model/UserModel.php b/Model/UserModel.php
index 4dd93a7..98c01c9 100644
--- a/Model/UserModel.php
+++ b/Model/UserModel.php
@@ -157,7 +157,7 @@ class UserModel extends Database
     }
 
     public function getMyCourses() {
-        $sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, o.stadt, o.strasse, o.plz, b.note, b.kommentar
+        $sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, k.ort_id, o.stadt, o.strasse, o.plz, b.note, b.kommentar
                 FROM kurs AS k
                 JOIN ort AS o ON o.id = k.ort_id
                 LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
@@ -174,4 +174,74 @@ class UserModel extends Database
             die;
         }
     }
+
+    public function updateCourse($course) {
+        $pdo = $this->linkDB();
+
+        try {
+            if (isset($course['ort_id'])) {
+                $this->updateAddress($course);
+                $addressId = $course['ort_id'];
+            } else {
+                $addressId = $this->writeNewAddress($course);
+            }
+
+            $sql = "UPDATE kurs SET 
+                        `name` = :name,
+                        `preis` = :preis,
+                        `dauer` = :dauer,
+                        `rabatt` = :rabatt,
+                        `kategorie` = :kategorie,
+                        `beschreibung` = :beschreibung,
+                        `ort_id` = :ort_id
+                    WHERE `id` = :id";
+
+            $sth = $pdo->prepare($sql);
+            $sth->execute([
+                ':id' => $course['id'],
+                ':name' => $course['name'],
+                ':preis' => $course['preis'],
+                ':dauer' => $course['dauer'],
+                ':rabatt' => $course['rabatt'],
+                ':kategorie' => $course['kategorie'],
+                ':beschreibung' => $course['beschreibung'],
+                ':ort_id' => $addressId
+            ]);
+
+        } catch (PDOException $e) {
+            new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren des Kurses.", $e);
+            die;
+        }
+
+        return true;
+    }
+
+    public function updateAddress($data) {
+        $pdo = $this->linkDB();
+
+        if (!isset($data['ort_id'])) {
+            throw new \Exception("Keine Adress-ID vorhanden zum Aktualisieren.");
+        }
+
+        $sql = "UPDATE ort SET 
+                    `strasse` = :strasse,
+                    `stadt` = :stadt,
+                    `plz` = :plz
+                WHERE `id` = :id";
+
+        try {
+            $sth = $pdo->prepare($sql);
+            $sth->execute([
+                ':id' => $data['ort_id'],
+                ':strasse' => $data['strasse'],
+                ':stadt' => $data['stadt'],
+                ':plz' => $data['plz']
+            ]);
+        } catch (PDOException $e) {
+            new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Adresse.", $e);
+            die;
+        }
+
+        return true;
+    }
 }
\ No newline at end of file
diff --git a/Views/User/showAdminForm.phtml b/Views/User/showAdminForm.phtml
index 4929a03..0e5cff4 100644
--- a/Views/User/showAdminForm.phtml
+++ b/Views/User/showAdminForm.phtml
@@ -1,6 +1,21 @@
 <h2>Neuer Kurs</h2>
 <form method="post">
 <?php
+$userModel = new \Blog\Model\UserModel();
+$courses = $userModel->getMyCourses();
+$id = $_GET["id"] ?? null;
+
+$selectedCourse = null;
+foreach ($courses as $course) {
+    if ($course['id'] === $id) {
+        $selectedCourse = $course;
+        break;
+    }
+}
+$validData = $selectedCourse ?? null;
+$isEditing = $validData != null;
+$saveLabel = $isEditing ? "Speichern" : "Erstellen";
+
 function createInputField($label, $name, $errors, $validData, $type = 'input') {
     $errorClass = isset($errors[$name]) ? 'error' : '';
     $value = htmlspecialchars($validData[$name] ?? '');
@@ -36,15 +51,18 @@ function createInputField($label, $name, $errors, $validData, $type = 'input') {
     echo '</div>';
 ?>
     <input type="hidden" name="controller" value="user">       
-    <input type="hidden" name="do" value="validateKursForm">
-    <div class="form-grid-3" style="margin-top: 16px;">
-        <input style="grid-column: 3;" type="submit" name="submit" value="Absenden">
-    </div>
+    <?php
+        $action = $isEditing ? 'validateEditKursForm' : 'validateKursForm';
+        echo <<<HTML
+            <input type="hidden" name="do" value="{$action}">
+            <div class="form-grid-3" style="margin-top: 16px;">
+                <input style="grid-column: 3;" type="submit" name="submit" value="{$saveLabel}">
+            </div>
+        HTML;
+    ?>
 </form>
 
 <?php
-$userModel = new \Blog\Model\UserModel();
-$courses = $userModel->getMyCourses();
 $doc = new DOMDocument('1.0', 'UTF-8');
 
 if (!empty($courses)) {
@@ -52,7 +70,7 @@ if (!empty($courses)) {
     foreach ($courses as $kurs) {
         $courseCard = $doc->createElement('div');
         $courseCard->setAttribute('class', 'course-card');
-
+        
         $courseImage = $doc->createElement('div');
         $courseImage->setAttribute('class', 'course-image');
         $courseCard->appendChild($courseImage);
@@ -84,6 +102,11 @@ if (!empty($courses)) {
         $category = $doc->createElement('div', htmlspecialchars($kurs['kategorie'] ?? 'Keine Kategorie'));
         $courseRight->appendChild($category);
 
+        $editLink = $doc->createElement('a', "Bearbeiten");
+        $editLink->setAttribute('href', '?controller=User&do=showUserAccountPage&id=' . $kurs['id']);
+        $editLink->setAttribute('class', 'course-card-link');
+        $courseRight->appendChild($editLink);
+
         echo $doc->saveHTML($courseCard);
     }
     echo '</div>';
diff --git a/Views/User/showKursEditedConfirmation.phtml b/Views/User/showKursEditedConfirmation.phtml
new file mode 100644
index 0000000..effcbd2
--- /dev/null
+++ b/Views/User/showKursEditedConfirmation.phtml
@@ -0,0 +1,12 @@
+<?php
+include dirname(__DIR__).'/header.phtml';
+?>    
+
+<div class="msg">
+<p>Kurs erfolgreich bearbeitet.</p>
+<a href="?controller=User&do=showUserAccountPage">Weiter</a>
+</div>
+
+
+
+<?php include dirname(__DIR__).'/footer.phtml'; ?>
\ No newline at end of file
diff --git a/Views/User/showNewKursConfirmation.phtml b/Views/User/showNewKursConfirmation.phtml
index 35de568..7ee139a 100644
--- a/Views/User/showNewKursConfirmation.phtml
+++ b/Views/User/showNewKursConfirmation.phtml
@@ -4,7 +4,7 @@ include dirname(__DIR__).'/header.phtml';
 
 <div class="msg">
 <p>Kurs erfolgreich erstellt.</p>
-<a href="?controller=Welcome&do=showWelcome">Weiter</a>
+<a href="?controller=User&do=showUserAccountPage">Weiter</a>
 </div>
 
 

From 4e243976dbcd4821f21842b1b9196992a5d6f303 Mon Sep 17 00:00:00 2001
From: pbbfa23abi <karol.bielski@edu.bib.de>
Date: Thu, 10 Jul 2025 11:32:32 +0200
Subject: [PATCH 6/6] fixes

---
 CSS/Element/form.css                  | 13 ++++--------
 CSS/variables.css                     |  1 +
 Model/UserModel.php                   | 29 +++++++++++++++++++++------
 Views/User/showUserRegisterForm.phtml |  4 +---
 4 files changed, 29 insertions(+), 18 deletions(-)

diff --git a/CSS/Element/form.css b/CSS/Element/form.css
index 2ab719d..2064c7c 100644
--- a/CSS/Element/form.css
+++ b/CSS/Element/form.css
@@ -95,21 +95,16 @@ form .error {
   grid-template-columns: auto !important;
 }
 
-/* fix radio buttons registration */
 .radio {
   flex-direction: row;
-  justify-content: space-between;
   max-width: 290px;
   align-items: center;
-}
-
-.radio {
-  display: flex;
-  flex-direction: row;
-  align-items: center;
-  gap: 10px;
+  gap: 24px;
+  
 }
 
 .radio input {
   margin-top: 0;
+  height: var(--h-sm);
+  width: var(--h-sm);
 }
diff --git a/CSS/variables.css b/CSS/variables.css
index b85371f..0db4045 100644
--- a/CSS/variables.css
+++ b/CSS/variables.css
@@ -21,6 +21,7 @@
     /*Font-Weight*/
     --font-weight-semibold: 600;
 
+    --h-sm: 24px;
     --h-md: 48px;
     --border-primary: 1px solid #998E82;
 
diff --git a/Model/UserModel.php b/Model/UserModel.php
index 98c01c9..a5ac67e 100644
--- a/Model/UserModel.php
+++ b/Model/UserModel.php
@@ -157,17 +157,33 @@ class UserModel extends Database
     }
 
     public function getMyCourses() {
-        $sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, k.ort_id, o.stadt, o.strasse, o.plz, b.note, b.kommentar
-                FROM kurs AS k
-                JOIN ort AS o ON o.id = k.ort_id
-                LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
-                ORDER BY k.name;";
+        $personId = $_SESSION["user_id"];
+        $isKursleiter = $_SESSION["user_role"] === "leiter";
 
         $pdo = $this->linkDB();
 
+        if ($isKursleiter) {
+            $sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, k.ort_id,
+                        o.stadt, o.strasse, o.plz, b.note, b.kommentar
+                    FROM kurs AS k
+                    JOIN ort AS o ON o.id = k.ort_id
+                    LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
+                    WHERE k.kursleiter = :personId
+                    ORDER BY k.name";
+        } else {
+            $sql = "SELECT k.id, k.name, k.preis, k.dauer, k.rabatt, k.kategorie, k.beschreibung, k.ort_id,
+                        o.stadt, o.strasse, o.plz, b.note, b.kommentar
+                    FROM kurs_user AS ku
+                    JOIN kurs AS k ON k.id = ku.kurs_id
+                    JOIN ort AS o ON o.id = k.ort_id
+                    LEFT JOIN bewertungen AS b ON b.kurs_id = k.id
+                    WHERE ku.user_id = :personId
+                    ORDER BY k.name";
+        }
+
         try {
             $sth = $pdo->prepare($sql);
-            $sth->execute();
+            $sth->execute([':personId' => $personId]);
             return $sth->fetchAll(\PDO::FETCH_ASSOC);
         } catch (PDOException $e) {
             new \Blog\Library\ErrorMsg("Fehler beim Lesen der Daten.", $e); 
@@ -175,6 +191,7 @@ class UserModel extends Database
         }
     }
 
+
     public function updateCourse($course) {
         $pdo = $this->linkDB();
 
diff --git a/Views/User/showUserRegisterForm.phtml b/Views/User/showUserRegisterForm.phtml
index 2d8671a..4a3ccee 100644
--- a/Views/User/showUserRegisterForm.phtml
+++ b/Views/User/showUserRegisterForm.phtml
@@ -6,11 +6,9 @@
     <div class="row">
         <div class="col-12">
             <h1>Registration</h1>
-
             <form method="post" class="form-grid">
-
                 <?php foreach ($labels as $key => $label): ?>
-                    <div class="input">
+                    <div class="input <?= $key === 'role' ? "radio" : "" ?>">
                         <label for="reg_<?= $key ?>"><?= $label ?></label>
                         <?php if ($key === 'password'): ?>
                         <input type="password" name="<?= $key ?>" id="reg_<?= $key ?>" required>