PBBFA23CSE/Bib-Arts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth angepasst

Browse Source
This commit is contained in:
Karsten Tlotzek 2025-06-27 10:24:21 +02:00
parent 5477e7fdd8
commit 36d6364cd0
4 changed files with 130 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
Controller/AuthController.php
View File

@ -6,130 +6,98 @@ use Blog\Model\AuthModel;
class AuthController class AuthController
{ {
protected $view; private $model;
private $db; private $view;
private $validData = array();
private $errors = array();
private $labels = array(
"email" => "E-Mail-Adresse",
"password" => "Passwort",
"password_repeat" => "Passwort wiederholen",
"old_password" => "Altes Passwort"
);
public function __construct($view) public function __construct($view)
{ {
$this->db = new AuthModel(); $this->model = new AuthModel();
$this->view = $view; $this->view = $view;
} }
public function showAuthForm() public function showAuthForm()
{ {
$this->view->setVars([ $this->view->setVars([
'labels' => $this->labels, 'labels' => [
'validData' => $this->validData, "email" => "E-Mail-Adresse",
'errors' => $this->errors "password" => "Passwort",
"password_repeat" => "Passwort wiederholen",
"old_password" => "Altes Passwort"
],
'errors' => $_SESSION['auth_errors'] ?? [],
'validData' => $_SESSION['auth_validData'] ?? []
]); ]);
unset($_SESSION['auth_errors'], $_SESSION['auth_validData']);
$this->view->render('auth/form');
} }
public function showConfirmation($message = "Aktion erfolgreich.") public function login() {
{
$this->view->setVars(['message' => $message]);
$this->view->render('auth/confirmation');
}
public function validateForm()
{
foreach ($this->labels as $index => $value) {
if (!isset($_POST[$index]) || empty($_POST[$index])) {
$this->errors[$index] = "Bitte " . $value . " angeben";
} else {
$this->validData[$index] = trim($_POST[$index]);
}
}
if (!empty($this->errors)) {
$this->view->setDoMethodName("showAuthForm");
$this->showAuthForm();
} else {
$this->view->setDoMethodName("showConfirmation");
$this->showConfirmation();
}
}
public function login()
{
$email = $_POST['email'] ?? ''; $email = $_POST['email'] ?? '';
$password = $_POST['password'] ?? ''; $password = $_POST['password'] ?? '';
if (empty($email) || empty($password)) { $result = $this->model->login($email, $password);
$this->errors['login'] = "Bitte E-Mail und Passwort eingeben.";
return $this->showAuthForm();
}
$result = $this->db->login($email, $password);
if ($result === true) { if ($result === true) {
$_SESSION['user'] = $email; $_SESSION['user'] = $email;
$this->showConfirmation("Login erfolgreich.");
} elseif (is_string($result)) {
$this->errors['login'] = $result;
$this->showAuthForm();
} else { } else {
$this->errors['login'] = "Login fehlgeschlagen."; $this->view->setVars([
$this->showAuthForm(); 'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."],
'validData' => ['email' => $email]
]);
} }
} }
public function register() public function register() {
{
$data = [ $data = [
'vorname' => $_POST['vorname'] ?? '',
'nachname' => $_POST['nachname'] ?? '',
'straße' => $_POST['straße'] ?? '',
'hausnr' => $_POST['hausnr'] ?? '',
'postleitzahl' => $_POST['postleitzahl'] ?? '',
'ort' => $_POST['ort'] ?? '',
'land' => $_POST['land'] ?? '',
'tel' => $_POST['tel'] ?? '',
'email' => $_POST['email'] ?? '', 'email' => $_POST['email'] ?? '',
'password' => $_POST['password'] ?? '', 'password' => $_POST['password'] ?? '',
'password_repeat' => $_POST['password_repeat'] ?? '', 'password_repeat' => $_POST['password_repeat'] ?? '',
'straße' => $_POST['straße'] ?? '', 'isAdmin' => $_POST['isAdmin'] ?? false,
'hausnr' => $_POST['hausnr'] ?? '',
'ort' => $_POST['ort'] ?? '',
'postleitzahl' => $_POST['postleitzahl'] ?? '',
'land' => $_POST['land'] ?? '',
'vorname' => $_POST['vorname'] ?? '',
'nachname' => $_POST['nachname'] ?? '',
'tel' => $_POST['tel'] ?? ''
]; ];
if (!$this->db->checkDoublePw($data['password'], $data['password_repeat'])) { // Passwortabgleich prüfen
$this->errors['password'] = "Passwörter stimmen nicht überein."; if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) {
return $this->showAuthForm(); $_SESSION['auth_errors']['password'] = "Passwörter stimmen nicht überein.";
$_SESSION['auth_validData'] = $data;
} }
$result = $this->db->register( $result = $this->model->register(
$data['email'], $data['password'], $data['straße'], $data['hausnr'], $data['email'], $data['password'], $data['straße'], $data['hausnr'],
$data['ort'], $data['postleitzahl'], $data['land'], $data['ort'], $data['postleitzahl'], $data['land'],
$data['vorname'], $data['nachname'], $data['tel'] $data['vorname'], $data['nachname'], $data['tel'], $data['isAdmin']
); );
if ($result === true) { if ($result === true) {
$this->showConfirmation("Registrierung erfolgreich."); //header("Location: /?controller=Auth&do=showConfirmation&msg=register");
} elseif (is_string($result)) { exit;
$this->errors['register'] = $result;
$this->showAuthForm();
} else { } else {
$this->errors['register'] = "Registrierung fehlgeschlagen."; $_SESSION['auth_errors']['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen.";
$this->showAuthForm(); $_SESSION['auth_validData'] = $data;
//header("Location: /?controller=Auth&do=showAuthForm");
//exit;
} }
} }
public function forgotPassword() public function forgotPassword()
{ {
$email = $_POST['email'] ?? ''; $email = $_POST['email'] ?? '';
if (empty($email)) { if (empty($email)) {
$this->errors['email'] = "Bitte E-Mail-Adresse angeben."; $_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben.";
return $this->showAuthForm(); header("Location: /?controller=Auth&do=showAuthForm");
exit;
} }
$this->model->pwForgot($email);
$this->db->pwForgot($email); header("Location: /?controller=Auth&do=showConfirmation&msg=pwforgot");
$this->showConfirmation("Ein temporäres Passwort wurde an Ihre E-Mail gesendet."); exit;
} }
public function changePassword() public function changePassword()
@ -139,21 +107,35 @@ class AuthController
$newpw = $_POST['password'] ?? ''; $newpw = $_POST['password'] ?? '';
$repeat = $_POST['password_repeat'] ?? ''; $repeat = $_POST['password_repeat'] ?? '';
if (!$this->db->checkDoublePw($newpw, $repeat)) { if (!$this->model->checkDoublePw($newpw, $repeat)) {
$this->errors['password'] = "Neue Passwörter stimmen nicht überein."; $_SESSION['auth_errors']['password'] = "Neue Passwörter stimmen nicht überein.";
return $this->showAuthForm(); header("Location: /?controller=Auth&do=showAuthForm");
exit;
} }
$result = $this->db->updatePassword($email, $oldpw, $newpw); $result = $this->model->updatePassword($email, $oldpw, $newpw);
if ($result === true) { if ($result === true) {
$this->showConfirmation("Passwort erfolgreich geändert."); header("Location: /?controller=Auth&do=showConfirmation&msg=pwchange");
} elseif (is_string($result)) { exit;
$this->errors['password'] = $result;
$this->showAuthForm();
} else { } else {
$this->errors['password'] = "Fehler beim Aktualisieren des Passworts."; $_SESSION['auth_errors']['password'] = is_string($result) ? $result : "Fehler beim Aktualisieren des Passworts.";
$this->showAuthForm(); header("Location: /?controller=Auth&do=showAuthForm");
exit;
} }
} }
}
public function showConfirmation()
{
$messages = [
'login' => "Login erfolgreich.",
'register' => "Registrierung erfolgreich.",
'pwforgot' => "Ein temporäres Passwort wurde an Ihre E-Mail gesendet.",
'pwchange' => "Passwort erfolgreich geändert."
];
$msgKey = $_GET['msg'] ?? '';
$message = $messages[$msgKey] ?? "Aktion erfolgreich.";
$this->view->setVars(['message' => $message]);
$this->view->render('auth/confirmation');
}
}

60
Model/AuthModel.php
View File

@ -2,7 +2,8 @@
namespace Blog\Model; namespace Blog\Model;
use Cassandra\Date; use DateTime;
use PDO;
use PDOException; use PDOException;
class AuthModel extends Database class AuthModel extends Database
@ -41,8 +42,7 @@ class AuthModel extends Database
return true; return true;
} }
public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone) public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone, $isAdmin) {
{
$rtn = $this->pwRequirementCheck($password); $rtn = $this->pwRequirementCheck($password);
if($rtn !== true){ if($rtn !== true){
return $rtn; return $rtn;
@ -61,41 +61,41 @@ class AuthModel extends Database
try { try {
$pdo = $this->linkDB(); $pdo = $this->linkDB();
$stmt = $pdo->prepare("SELECT id FROM user WHERE email = :email"); $stmt = $pdo->prepare("SELECT userid FROM user WHERE email = :email");
$stmt->execute([':email' => $email]); $stmt->execute([':email' => $email]);
if($stmt-> fetch()){ if($stmt-> fetch()){
return "Der Account mit der Email, existiert bereits."; return "Der Account mit der Email, existiert bereits.";
} }
} } catch (PDOException $e){
catch (PDOException $e){
new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e); new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e);
die; die;
} }
$hashedPassword = password_hash($password, PASSWORD_DEFAULT); $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel) $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel, isAdmin)
VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)"; VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel, :isAdmin)";
try{ try{
$pdo = $this->linkDB(); $pdo = $this->linkDB();
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
return $stmt->execute([ $stmt->execute([
':email' => $email, ':email' => $email,
':password' => $hashedPassword, ':password' => $hashedPassword,
':straße' => $street, ':straße' => $street,
':hausnr' => $houseNumber, ':hausnr' => $houseNumber,
':ort' => $city, ':ort' => $city,
':postleitzahl' => $postalCode, ':postleitzahl' => $postalCode,
':land' => $country, ':land' => $country,
':vorname' => $firstName, ':vorname' => $firstName,
':nachname' => $lastName, ':nachname' => $lastName,
':tel' => $phone ':tel' => $phone,
]); ':isAdmin' => $isAdmin
} catch (PDOException $e) { ]);
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); } catch (PDOException $e) {
die; new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
} die;
}
} }
@ -110,8 +110,8 @@ class AuthModel extends Database
$error[] = "min one small charakter"; $error[] = "min one small charakter";
if(!preg_match("/[0-9]/", $password)) if(!preg_match("/[0-9]/", $password))
$error[] = "min one number"; $error[] = "min one number";
if(!preg_match("/[ <>|°^,;·.:…\-_#'+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ ]/", $password)); if(!preg_match("[^a-zA-Z0-9\s]", $password));
$error[] = "min one of these: <>|°^,;·.:…\-_#'+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ"; $error[] = "min one special character";
if(empty($error)) if(empty($error))
return true; return true;

13
Views/Auth/login.phtml Normal file
View File

@ -0,0 +1,13 @@
<?php
include dirname(__DIR__).'/header.phtml';
?>
<?php if (isset($errors)) echo $errors["login"]?>
<div class="msg">
<p>Login für user <?php echo $_SESSION["user"] ?>erfolgreich</p>
<a href="?controller=Welcome&do=showWelcome">Weiter</a>
</div>
<?php include dirname(__DIR__).'/footer.phtml'; ?>

12
Views/Auth/register.phtml Normal file
View File

@ -0,0 +1,12 @@
<?php
include dirname(__DIR__).'/header.phtml';
?>
<div class="msg">
<p>Erfolgreich registriert!</p>
<a href="?controller=Welcome&do=showWelcome">Weiter</a>
</div>
<?php include dirname(__DIR__).'/footer.phtml'; ?>