392 lines
12 KiB
PHP
392 lines
12 KiB
PHP
<?php
|
|
|
|
namespace Blog\Controller;
|
|
|
|
use Blog\Model\UserModel;
|
|
|
|
class UserController{
|
|
private $view;
|
|
private $db;
|
|
private $validData = array();
|
|
private $errors = array();
|
|
|
|
private $labels = [
|
|
"name" => "Vorname*",
|
|
"lastname" => "Nachname*",
|
|
"email" => "E-Mail*",
|
|
"password" => "Passwort*",
|
|
"role" => "Rolle*"
|
|
];
|
|
|
|
private $validLoginData = array();
|
|
private $loginErrors = array();
|
|
private $loginLabels = [
|
|
"email" => "E-Mail*",
|
|
"password" => "Passwort*",
|
|
];
|
|
|
|
private $changeUserLabels = [
|
|
'vorname' => 'Vorname',
|
|
'name' => 'Nachname',
|
|
'email' => 'E-Mail',
|
|
'password' => 'Passwort',
|
|
];
|
|
|
|
private $kursValidData = array();
|
|
private $kursErrors = array();
|
|
private $kursLabels = array(
|
|
"name" => "Name*",
|
|
"preis" => "€ Preis*",
|
|
"dauer" => "Dauer* (Stunden)",
|
|
"rabatt" => "Rabatt",
|
|
"kategorie" => "Kategorie",
|
|
"1" => "|",
|
|
"stadt" => "Stadt*",
|
|
"strasse" => "Straße und Nummer*",
|
|
"plz" => "PLZ*",
|
|
"2" => "|",
|
|
"beschreibung" => "Beschreibung");
|
|
|
|
public function __construct($view){
|
|
$this->db = new UserModel();
|
|
$this->view = $view;
|
|
}
|
|
|
|
public function showUserRegisterForm(){
|
|
if (!isset($this->errors)) {
|
|
$this->errors = [];
|
|
}
|
|
if (!isset($this->validData)) {
|
|
$this->validData = [];
|
|
}
|
|
|
|
$this->view->setVars([
|
|
'labels' => $this->labels,
|
|
'errors' => $this->errors,
|
|
'validData' => $this->validData
|
|
]);
|
|
|
|
}
|
|
|
|
public function showUserRegisterConfirmation(){
|
|
|
|
}
|
|
|
|
public function showUserLoginForm(){
|
|
$this->view->setVars([
|
|
'labels' => $this->loginLabels,
|
|
'errors' => $this->loginErrors,
|
|
'validData' => $this->validLoginData
|
|
]);
|
|
}
|
|
|
|
private function validateForm() {
|
|
foreach ($this->labels as $key => $label) {
|
|
if (!isset($_POST[$key]) || trim($_POST[$key]) === '') {
|
|
$this->errors[$key] = "Bitte $label angeben";
|
|
} else {
|
|
$this->validData[$key] = trim($_POST[$key]);
|
|
}
|
|
}
|
|
|
|
if (isset($this->validData['password'])) {
|
|
if (strlen($this->validData['password']) < 6) {
|
|
$this->errors['password'] = "Das Passwort muss mindestens 6 Zeichen lang sein.";
|
|
}
|
|
}
|
|
|
|
if (isset($this->validData['email']) && !filter_var($this->validData['email'], FILTER_VALIDATE_EMAIL)) {
|
|
$this->errors['email'] = "Bitte eine gültige E-Mail-Adresse eingeben.";
|
|
}
|
|
}
|
|
|
|
public function validateLoginForm(){
|
|
foreach ($this->loginLabels as $key => $label) {
|
|
if (isset($this->validData['password'])) {
|
|
if (strlen($this->validData['password']) < 6) {
|
|
$this->errors['password'] = "Das Passwort muss mindestens 6 Zeichen lang sein.";
|
|
}
|
|
}
|
|
|
|
if (isset($this->validData['email']) && !filter_var($this->validData['email'], FILTER_VALIDATE_EMAIL)) {
|
|
$this->errors['email'] = "Bitte eine gültige E-Mail-Adresse eingeben.";
|
|
}
|
|
}
|
|
}
|
|
|
|
public function validateKursForm(){
|
|
foreach ($this->kursLabels as $index => $value) {
|
|
if($value === "|") continue;
|
|
if (strpos($value, "*") !== false && (!isset($_POST[$index]) || empty($_POST[$index]))) {
|
|
$this->kursErrors[$index] = "Bitte " . $value . " eingeben";
|
|
} else {
|
|
$this->kursValidData[$index] = $_POST[$index] === '' ? null : $_POST[$index];
|
|
}
|
|
}
|
|
if (count($this->errors) > 0) {
|
|
$this->view->setDoMethodName("showUserAccountPage");
|
|
$this->showUserAccountPage();
|
|
} else {
|
|
if ($this->db->writeNewCourse($this->kursValidData, $_SESSION["user_id"])) {
|
|
$this->view->setDoMethodName("showNewKursConfirmation");
|
|
$this->showConfirmation();
|
|
}
|
|
}
|
|
}
|
|
|
|
public function validateEditKursForm(){
|
|
foreach ($this->kursLabels as $index => $value) {
|
|
if($value === "|") continue;
|
|
if (strpos($value, "*") !== false && (!isset($_POST[$index]) || empty($_POST[$index]))) {
|
|
$this->kursErrors[$index] = "Bitte " . $value . " eingeben";
|
|
} else {
|
|
$this->kursValidData[$index] = $_POST[$index] === '' ? null : $_POST[$index];
|
|
}
|
|
}
|
|
if (count($this->errors) > 0) {
|
|
$this->view->setDoMethodName("showUserAccountPage");
|
|
$this->showUserAccountPage();
|
|
} else {
|
|
if ($this->db->writeNewCourse($this->kursValidData, $_SESSION["user_id"])) {
|
|
$this->view->setDoMethodName("showKursEditedConfirmation");
|
|
$this->showConfirmation();
|
|
}
|
|
}
|
|
}
|
|
|
|
public function showConfirmation(){}
|
|
|
|
public function showUserLoginConfirmation(){
|
|
$userId = $this->getCurrentUserId();
|
|
$user = null;
|
|
if($userId){
|
|
$user = $this->db->getUserById($userId);
|
|
}
|
|
|
|
$path = "Views/User/showUserLoginConfirmation.phtml";
|
|
if(file_exists($path)){
|
|
include $path;
|
|
}
|
|
}
|
|
|
|
public function register(){
|
|
$this->validateForm();
|
|
|
|
if(count($this->errors) > 0){
|
|
$this->view->setDoMethodName("showUserRegisterForm");
|
|
$this->showUserRegisterForm();
|
|
} else{
|
|
$this->db->createUser($_POST);
|
|
$this->login();
|
|
}
|
|
}
|
|
|
|
public function login(){
|
|
$user = $this->db->getUserByEmail($_POST["email"]);
|
|
|
|
$this->validateLoginForm();
|
|
|
|
if(!$user){
|
|
$this->loginErrors['email'] = "Email oder Passwort ist falsch";
|
|
$this->view->setDoMethodName("showUserLoginForm");
|
|
$this->showUserLoginForm();
|
|
return;
|
|
}
|
|
|
|
$hash = hash('sha256', $_POST["password"] . $user["salt"]);
|
|
|
|
if($hash == $user["passwort"]){
|
|
$this->setUserSession($user);
|
|
$this->showUserLoginConfirmation();
|
|
}else{
|
|
echo "Falsches Passwort";
|
|
}
|
|
}
|
|
|
|
public function setUserSession(array $user){
|
|
$_SESSION["user_id"] = $user["id"];
|
|
$_SESSION["user_role"] = $user["role"];
|
|
$_SESSION["vorname"] = $user["vorname"];
|
|
$_SESSION["name"] = $user["name"];
|
|
}
|
|
|
|
public function clearUserSession(){
|
|
unset($_SESSION["user_id"], $_SESSION["user_role"], $_SESSION["vorname"], $_SESSION["name"]);
|
|
}
|
|
|
|
public function logout(){
|
|
$this->clearUserSession();
|
|
header("Location: index.php?controller=user&do=showUserLoginForm");
|
|
exit();
|
|
}
|
|
|
|
public function isUserLoggenIn(){
|
|
return isset($_SESSION["user_id"]) && $_SESSION["user_id"] != null;
|
|
}
|
|
|
|
public function getCurrentUserId(){
|
|
return $_SESSION["user_id"] ?? null;
|
|
}
|
|
|
|
public function showUserAccountPage (){
|
|
$this->view->setVars([
|
|
'labels' => $this->kursLabels,
|
|
'errors' => $this->kursErrors,
|
|
'validData' => $this->kursValidData
|
|
]);
|
|
}
|
|
|
|
public function showUserDeleteConfirmation(){
|
|
|
|
}
|
|
|
|
public function deleteAccount(){
|
|
$userId = $this->getCurrentUserId();
|
|
if($userId){
|
|
$this->db->deleteUser($userId);
|
|
$this->clearUserSession();
|
|
$this->view->setDoMethodName("showUserDeleteConfirmation");
|
|
$this->showUserDeleteConfirmation();
|
|
}
|
|
}
|
|
|
|
public function changeAccountDataRedirect(){
|
|
$userId = $this->getCurrentUserId();
|
|
if($userId){
|
|
$this->view->setDoMethodName("showUserChangeAccountSettings");
|
|
$this->showUserChangeAccountSettings();
|
|
}
|
|
}
|
|
|
|
public function showUserChangeAccountSettings(){
|
|
$userId = $this->getCurrentUserId();
|
|
if(!$userId){
|
|
header("Location: index.php?controller=user&do=showUserLoginForm");
|
|
exit();
|
|
}
|
|
|
|
$currentUser = $this->db->getUserById($userId);
|
|
if(!$currentUser){
|
|
throw new \Exception("User nicht gefunden");
|
|
}
|
|
|
|
$validData = [
|
|
'vorname' => $currentUser["vorname"],
|
|
'name' => $currentUser["name"],
|
|
'email' => $currentUser["email"],
|
|
];
|
|
|
|
$this->view->setVars([
|
|
'changeUserLabels' => $this->changeUserLabels,
|
|
'validData' => $validData,
|
|
'errors' => $this->errors,
|
|
]);
|
|
|
|
//$this->view->render('User/showUserChangeAccountSettings');
|
|
return;
|
|
}
|
|
|
|
public function updateAccountData()
|
|
{
|
|
$userId = $this->getCurrentUserId();
|
|
if (!$userId) {
|
|
header('Location: index.php?controller=user&do=showUserLoginForm');
|
|
exit;
|
|
}
|
|
|
|
$currentUser = $this->db->getUserById($userId);
|
|
if (!$currentUser) {
|
|
throw new \Exception('User nicht gefunden');
|
|
}
|
|
|
|
$submitted = [
|
|
'vorname' => trim($_POST['vorname'] ?? ''),
|
|
'name' => trim($_POST['name'] ?? ''),
|
|
'email' => trim($_POST['email'] ?? ''),
|
|
'password' => trim($_POST['password'] ?? ''),
|
|
];
|
|
|
|
$this->errors = [];
|
|
if (strlen($submitted['vorname']) < 2) {
|
|
$this->errors['vorname'] = 'Vorname muss mindestens 2 Zeichen haben.';
|
|
}
|
|
if (strlen($submitted['name']) < 2) {
|
|
$this->errors['name'] = 'Nachname muss mindestens 2 Zeichen haben.';
|
|
}
|
|
if (!filter_var($submitted['email'], FILTER_VALIDATE_EMAIL)) {
|
|
$this->errors['email'] = 'Ungültige E-Mail-Adresse.';
|
|
}
|
|
if ($submitted['password'] !== '' && strlen($submitted['password']) < 6) {
|
|
$this->errors['password'] = 'Passwort muss mindestens 6 Zeichen haben.';
|
|
}
|
|
|
|
|
|
if (count($this->errors) > 0) {
|
|
$this->view->setVars([
|
|
'changeUserLabels' => $this->changeUserLabels,
|
|
'validData' => $submitted,
|
|
'errors' => $this->errors,
|
|
]);
|
|
$this->view->render('User/showUserChangeAccountSettings');
|
|
return;
|
|
}
|
|
|
|
$updateData = [];
|
|
if ($submitted['vorname'] !== $currentUser['vorname']) {
|
|
$updateData['vorname'] = $submitted['vorname'];
|
|
}
|
|
if ($submitted['name'] !== $currentUser['name']) {
|
|
$updateData['name'] = $submitted['name'];
|
|
}
|
|
if ($submitted['email'] !== $currentUser['email']) {
|
|
$updateData['email'] = $submitted['email'];
|
|
}
|
|
if ($submitted['password'] !== '') {
|
|
// Passwort und Salt auf neu setzen
|
|
$salt = bin2hex(random_bytes(16));
|
|
$hash = hash('sha256', $submitted['password'] . $salt);
|
|
$updateData['passwort'] = $hash;
|
|
$updateData['salt'] = $salt;
|
|
}
|
|
|
|
|
|
if ($submitted['password'] !== '') {
|
|
$salt = bin2hex(random_bytes(16));
|
|
$hash = hash('sha256', $submitted['password'] . $salt);
|
|
$updateData['passwort'] = $hash;
|
|
$updateData['salt'] = $salt;
|
|
}
|
|
|
|
if (empty($updateData)) {
|
|
$this->message = 'Keine Änderungen festgestellt.';
|
|
$this->view->render('User/showUserChangeAccountSettings');
|
|
return;
|
|
}
|
|
|
|
$ok = $this->db->updateUserData($userId, $updateData);
|
|
|
|
if ($ok) {
|
|
$_SESSION['vorname'] = $updateData['name'] ?? $_SESSION['vorname'];
|
|
$_SESSION['name'] = $updateData['lastname'] ?? $_SESSION['name'];
|
|
$_SESSION['email'] = $updateData['email'] ?? $_SESSION['email'];
|
|
$this->message = 'Änderungen erfolgreich gespeichert.';
|
|
|
|
echo "ok";
|
|
|
|
header("Location: index.php?controller=user&do=showUserAccountPage");
|
|
exit();
|
|
} else {
|
|
$this->errors['general'] = 'Beim Speichern ist ein Fehler aufgetreten.';
|
|
$this->view->setVars([
|
|
'changeUserLabels' => $this->changeUserLabels,
|
|
'validData' => $submitted,
|
|
'errors' => $this->errors,
|
|
]);
|
|
$this->view->setDoMethodName('showUserChangeAccountSettings');
|
|
return;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
} |