From 36d6364cd064c2a6cf0ea15ce85b32b373c1a526 Mon Sep 17 00:00:00 2001 From: Karsten Tlotzek Date: Fri, 27 Jun 2025 10:24:21 +0200 Subject: [PATCH] Auth angepasst --- Controller/AuthController.php | 168 +++++++++++++++------------------- Model/AuthModel.php | 60 ++++++------ Views/Auth/login.phtml | 13 +++ Views/Auth/register.phtml | 12 +++ 4 files changed, 130 insertions(+), 123 deletions(-) create mode 100644 Views/Auth/login.phtml create mode 100644 Views/Auth/register.phtml diff --git a/Controller/AuthController.php b/Controller/AuthController.php index 011ad75..0318532 100644 --- a/Controller/AuthController.php +++ b/Controller/AuthController.php @@ -6,130 +6,98 @@ use Blog\Model\AuthModel; class AuthController { - protected $view; - private $db; - private $validData = array(); - private $errors = array(); - private $labels = array( - "email" => "E-Mail-Adresse", - "password" => "Passwort", - "password_repeat" => "Passwort wiederholen", - "old_password" => "Altes Passwort" - ); + private $model; + private $view; public function __construct($view) { - $this->db = new AuthModel(); + $this->model = new AuthModel(); $this->view = $view; } public function showAuthForm() { $this->view->setVars([ - 'labels' => $this->labels, - 'validData' => $this->validData, - 'errors' => $this->errors + 'labels' => [ + "email" => "E-Mail-Adresse", + "password" => "Passwort", + "password_repeat" => "Passwort wiederholen", + "old_password" => "Altes Passwort" + ], + 'errors' => $_SESSION['auth_errors'] ?? [], + 'validData' => $_SESSION['auth_validData'] ?? [] ]); + unset($_SESSION['auth_errors'], $_SESSION['auth_validData']); + $this->view->render('auth/form'); } - public function showConfirmation($message = "Aktion erfolgreich.") - { - $this->view->setVars(['message' => $message]); - $this->view->render('auth/confirmation'); - } - - public function validateForm() - { - foreach ($this->labels as $index => $value) { - if (!isset($_POST[$index]) || empty($_POST[$index])) { - $this->errors[$index] = "Bitte " . $value . " angeben"; - } else { - $this->validData[$index] = trim($_POST[$index]); - } - } - - if (!empty($this->errors)) { - $this->view->setDoMethodName("showAuthForm"); - $this->showAuthForm(); - } else { - $this->view->setDoMethodName("showConfirmation"); - $this->showConfirmation(); - } - } - - public function login() - { + public function login() { $email = $_POST['email'] ?? ''; $password = $_POST['password'] ?? ''; - - if (empty($email) || empty($password)) { - $this->errors['login'] = "Bitte E-Mail und Passwort eingeben."; - return $this->showAuthForm(); - } - - $result = $this->db->login($email, $password); + + $result = $this->model->login($email, $password); if ($result === true) { $_SESSION['user'] = $email; - $this->showConfirmation("Login erfolgreich."); - } elseif (is_string($result)) { - $this->errors['login'] = $result; - $this->showAuthForm(); } else { - $this->errors['login'] = "Login fehlgeschlagen."; - $this->showAuthForm(); + $this->view->setVars([ + 'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."], + 'validData' => ['email' => $email] + ]); } } - public function register() - { + public function register() { + $data = [ + 'vorname' => $_POST['vorname'] ?? '', + 'nachname' => $_POST['nachname'] ?? '', + 'straße' => $_POST['straße'] ?? '', + 'hausnr' => $_POST['hausnr'] ?? '', + 'postleitzahl' => $_POST['postleitzahl'] ?? '', + 'ort' => $_POST['ort'] ?? '', + 'land' => $_POST['land'] ?? '', + 'tel' => $_POST['tel'] ?? '', 'email' => $_POST['email'] ?? '', 'password' => $_POST['password'] ?? '', 'password_repeat' => $_POST['password_repeat'] ?? '', - 'straße' => $_POST['straße'] ?? '', - 'hausnr' => $_POST['hausnr'] ?? '', - 'ort' => $_POST['ort'] ?? '', - 'postleitzahl' => $_POST['postleitzahl'] ?? '', - 'land' => $_POST['land'] ?? '', - 'vorname' => $_POST['vorname'] ?? '', - 'nachname' => $_POST['nachname'] ?? '', - 'tel' => $_POST['tel'] ?? '' + 'isAdmin' => $_POST['isAdmin'] ?? false, ]; - if (!$this->db->checkDoublePw($data['password'], $data['password_repeat'])) { - $this->errors['password'] = "Passwörter stimmen nicht überein."; - return $this->showAuthForm(); + // Passwortabgleich prüfen + if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) { + $_SESSION['auth_errors']['password'] = "Passwörter stimmen nicht überein."; + $_SESSION['auth_validData'] = $data; } - $result = $this->db->register( + $result = $this->model->register( $data['email'], $data['password'], $data['straße'], $data['hausnr'], $data['ort'], $data['postleitzahl'], $data['land'], - $data['vorname'], $data['nachname'], $data['tel'] - ); + $data['vorname'], $data['nachname'], $data['tel'], $data['isAdmin'] + ); if ($result === true) { - $this->showConfirmation("Registrierung erfolgreich."); - } elseif (is_string($result)) { - $this->errors['register'] = $result; - $this->showAuthForm(); + //header("Location: /?controller=Auth&do=showConfirmation&msg=register"); + exit; } else { - $this->errors['register'] = "Registrierung fehlgeschlagen."; - $this->showAuthForm(); + $_SESSION['auth_errors']['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen."; + $_SESSION['auth_validData'] = $data; + //header("Location: /?controller=Auth&do=showAuthForm"); + //exit; } } public function forgotPassword() { $email = $_POST['email'] ?? ''; - if (empty($email)) { - $this->errors['email'] = "Bitte E-Mail-Adresse angeben."; - return $this->showAuthForm(); + $_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben."; + header("Location: /?controller=Auth&do=showAuthForm"); + exit; } - - $this->db->pwForgot($email); - $this->showConfirmation("Ein temporäres Passwort wurde an Ihre E-Mail gesendet."); + $this->model->pwForgot($email); + header("Location: /?controller=Auth&do=showConfirmation&msg=pwforgot"); + exit; } public function changePassword() @@ -139,21 +107,35 @@ class AuthController $newpw = $_POST['password'] ?? ''; $repeat = $_POST['password_repeat'] ?? ''; - if (!$this->db->checkDoublePw($newpw, $repeat)) { - $this->errors['password'] = "Neue Passwörter stimmen nicht überein."; - return $this->showAuthForm(); + if (!$this->model->checkDoublePw($newpw, $repeat)) { + $_SESSION['auth_errors']['password'] = "Neue Passwörter stimmen nicht überein."; + header("Location: /?controller=Auth&do=showAuthForm"); + exit; } - $result = $this->db->updatePassword($email, $oldpw, $newpw); + $result = $this->model->updatePassword($email, $oldpw, $newpw); if ($result === true) { - $this->showConfirmation("Passwort erfolgreich geändert."); - } elseif (is_string($result)) { - $this->errors['password'] = $result; - $this->showAuthForm(); + header("Location: /?controller=Auth&do=showConfirmation&msg=pwchange"); + exit; } else { - $this->errors['password'] = "Fehler beim Aktualisieren des Passworts."; - $this->showAuthForm(); + $_SESSION['auth_errors']['password'] = is_string($result) ? $result : "Fehler beim Aktualisieren des Passworts."; + header("Location: /?controller=Auth&do=showAuthForm"); + exit; } } -} + + public function showConfirmation() + { + $messages = [ + 'login' => "Login erfolgreich.", + 'register' => "Registrierung erfolgreich.", + 'pwforgot' => "Ein temporäres Passwort wurde an Ihre E-Mail gesendet.", + 'pwchange' => "Passwort erfolgreich geändert." + ]; + $msgKey = $_GET['msg'] ?? ''; + $message = $messages[$msgKey] ?? "Aktion erfolgreich."; + $this->view->setVars(['message' => $message]); + $this->view->render('auth/confirmation'); + } +} \ No newline at end of file diff --git a/Model/AuthModel.php b/Model/AuthModel.php index b1a4f03..a21f613 100644 --- a/Model/AuthModel.php +++ b/Model/AuthModel.php @@ -2,7 +2,8 @@ namespace Blog\Model; -use Cassandra\Date; +use DateTime; +use PDO; use PDOException; class AuthModel extends Database @@ -41,8 +42,7 @@ class AuthModel extends Database return true; } - public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone) - { + public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone, $isAdmin) { $rtn = $this->pwRequirementCheck($password); if($rtn !== true){ return $rtn; @@ -61,41 +61,41 @@ class AuthModel extends Database try { $pdo = $this->linkDB(); - $stmt = $pdo->prepare("SELECT id FROM user WHERE email = :email"); + $stmt = $pdo->prepare("SELECT userid FROM user WHERE email = :email"); $stmt->execute([':email' => $email]); if($stmt-> fetch()){ return "Der Account mit der Email, existiert bereits."; } - } - catch (PDOException $e){ + } catch (PDOException $e){ new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e); die; } - $hashedPassword = password_hash($password, PASSWORD_DEFAULT); + $hashedPassword = password_hash($password, PASSWORD_DEFAULT); - $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel) - VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)"; + $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel, isAdmin) + VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel, :isAdmin)"; - try{ - $pdo = $this->linkDB(); - $stmt = $pdo->prepare($sql); - return $stmt->execute([ - ':email' => $email, - ':password' => $hashedPassword, - ':straße' => $street, - ':hausnr' => $houseNumber, - ':ort' => $city, - ':postleitzahl' => $postalCode, - ':land' => $country, - ':vorname' => $firstName, - ':nachname' => $lastName, - ':tel' => $phone - ]); - } catch (PDOException $e) { - new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); - die; - } + try{ + $pdo = $this->linkDB(); + $stmt = $pdo->prepare($sql); + $stmt->execute([ + ':email' => $email, + ':password' => $hashedPassword, + ':straße' => $street, + ':hausnr' => $houseNumber, + ':ort' => $city, + ':postleitzahl' => $postalCode, + ':land' => $country, + ':vorname' => $firstName, + ':nachname' => $lastName, + ':tel' => $phone, + ':isAdmin' => $isAdmin + ]); + } catch (PDOException $e) { + new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); + die; + } } @@ -110,8 +110,8 @@ class AuthModel extends Database $error[] = "min one small charakter"; if(!preg_match("/[0-9]/", $password)) $error[] = "min one number"; - if(!preg_match("/[ <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ ]/", $password)); - $error[] = "min one of these: <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ"; + if(!preg_match("[^a-zA-Z0-9\s]", $password)); + $error[] = "min one special character"; if(empty($error)) return true; diff --git a/Views/Auth/login.phtml b/Views/Auth/login.phtml new file mode 100644 index 0000000..f166976 --- /dev/null +++ b/Views/Auth/login.phtml @@ -0,0 +1,13 @@ + + + +
+

Login für user erfolgreich

+ Weiter +
+ + + + \ No newline at end of file diff --git a/Views/Auth/register.phtml b/Views/Auth/register.phtml new file mode 100644 index 0000000..1dac879 --- /dev/null +++ b/Views/Auth/register.phtml @@ -0,0 +1,12 @@ + + +
+

Erfolgreich registriert!

+ Weiter +
+ + + + \ No newline at end of file