PBBFA23CSE/Bib-Arts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth angepasst

Browse Source
This commit is contained in:
Karsten Tlotzek 2025-06-27 10:24:21 +02:00
parent 5477e7fdd8
commit 36d6364cd0
4 changed files with 130 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
Controller/AuthController.php
View File

@ -6,130 +6,98 @@ use Blog\Model\AuthModel;
class AuthController
{
protected $view;
private $db;
private $validData = array();
private $errors = array();
private $labels = array(
"email" => "E-Mail-Adresse",
"password" => "Passwort",
"password_repeat" => "Passwort wiederholen",
"old_password" => "Altes Passwort"
);
private $model;
private $view;
public function __construct($view)
{
$this->db = new AuthModel();
$this->model = new AuthModel();
$this->view = $view;
}
public function showAuthForm()
{
$this->view->setVars([
'labels' => $this->labels,
'validData' => $this->validData,
'errors' => $this->errors
'labels' => [
"email" => "E-Mail-Adresse",
"password" => "Passwort",
"password_repeat" => "Passwort wiederholen",
"old_password" => "Altes Passwort"
],
'errors' => $_SESSION['auth_errors'] ?? [],
'validData' => $_SESSION['auth_validData'] ?? []
]);
unset($_SESSION['auth_errors'], $_SESSION['auth_validData']);
$this->view->render('auth/form');
}
public function showConfirmation($message = "Aktion erfolgreich.")
{
$this->view->setVars(['message' => $message]);
$this->view->render('auth/confirmation');
}
public function validateForm()
{
foreach ($this->labels as $index => $value) {
if (!isset($_POST[$index]) || empty($_POST[$index])) {
$this->errors[$index] = "Bitte " . $value . " angeben";
} else {
$this->validData[$index] = trim($_POST[$index]);
}
}
if (!empty($this->errors)) {
$this->view->setDoMethodName("showAuthForm");
$this->showAuthForm();
} else {
$this->view->setDoMethodName("showConfirmation");
$this->showConfirmation();
}
}
public function login()
{
public function login() {
$email = $_POST['email'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($email) || empty($password)) {
$this->errors['login'] = "Bitte E-Mail und Passwort eingeben.";
return $this->showAuthForm();
}
$result = $this->db->login($email, $password);
$result = $this->model->login($email, $password);
if ($result === true) {
$_SESSION['user'] = $email;
$this->showConfirmation("Login erfolgreich.");
} elseif (is_string($result)) {
$this->errors['login'] = $result;
$this->showAuthForm();
} else {
$this->errors['login'] = "Login fehlgeschlagen.";
$this->showAuthForm();
$this->view->setVars([
'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."],
'validData' => ['email' => $email]
]);
}
}
public function register()
{
public function register() {
$data = [
'vorname' => $_POST['vorname'] ?? '',
'nachname' => $_POST['nachname'] ?? '',
'straße' => $_POST['straße'] ?? '',
'hausnr' => $_POST['hausnr'] ?? '',
'postleitzahl' => $_POST['postleitzahl'] ?? '',
'ort' => $_POST['ort'] ?? '',
'land' => $_POST['land'] ?? '',
'tel' => $_POST['tel'] ?? '',
'email' => $_POST['email'] ?? '',
'password' => $_POST['password'] ?? '',
'password_repeat' => $_POST['password_repeat'] ?? '',
'straße' => $_POST['straße'] ?? '',
'hausnr' => $_POST['hausnr'] ?? '',
'ort' => $_POST['ort'] ?? '',
'postleitzahl' => $_POST['postleitzahl'] ?? '',
'land' => $_POST['land'] ?? '',
'vorname' => $_POST['vorname'] ?? '',
'nachname' => $_POST['nachname'] ?? '',
'tel' => $_POST['tel'] ?? ''
'isAdmin' => $_POST['isAdmin'] ?? false,
];
if (!$this->db->checkDoublePw($data['password'], $data['password_repeat'])) {
$this->errors['password'] = "Passwörter stimmen nicht überein.";
return $this->showAuthForm();
// Passwortabgleich prüfen
if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) {
$_SESSION['auth_errors']['password'] = "Passwörter stimmen nicht überein.";
$_SESSION['auth_validData'] = $data;
}
$result = $this->db->register(
$result = $this->model->register(
$data['email'], $data['password'], $data['straße'], $data['hausnr'],
$data['ort'], $data['postleitzahl'], $data['land'],
$data['vorname'], $data['nachname'], $data['tel']
$data['vorname'], $data['nachname'], $data['tel'], $data['isAdmin']
);
if ($result === true) {
$this->showConfirmation("Registrierung erfolgreich.");
} elseif (is_string($result)) {
$this->errors['register'] = $result;
$this->showAuthForm();
//header("Location: /?controller=Auth&do=showConfirmation&msg=register");
exit;
} else {
$this->errors['register'] = "Registrierung fehlgeschlagen.";
$this->showAuthForm();
$_SESSION['auth_errors']['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen.";
$_SESSION['auth_validData'] = $data;
//header("Location: /?controller=Auth&do=showAuthForm");
//exit;
}
}
public function forgotPassword()
{
$email = $_POST['email'] ?? '';
if (empty($email)) {
$this->errors['email'] = "Bitte E-Mail-Adresse angeben.";
return $this->showAuthForm();
$_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben.";
header("Location: /?controller=Auth&do=showAuthForm");
exit;
}
$this->db->pwForgot($email);
$this->showConfirmation("Ein temporäres Passwort wurde an Ihre E-Mail gesendet.");
$this->model->pwForgot($email);
header("Location: /?controller=Auth&do=showConfirmation&msg=pwforgot");
exit;
}
public function changePassword()
@ -139,21 +107,35 @@ class AuthController
$newpw = $_POST['password'] ?? '';
$repeat = $_POST['password_repeat'] ?? '';
if (!$this->db->checkDoublePw($newpw, $repeat)) {
$this->errors['password'] = "Neue Passwörter stimmen nicht überein.";
return $this->showAuthForm();
if (!$this->model->checkDoublePw($newpw, $repeat)) {
$_SESSION['auth_errors']['password'] = "Neue Passwörter stimmen nicht überein.";
header("Location: /?controller=Auth&do=showAuthForm");
exit;
}
$result = $this->db->updatePassword($email, $oldpw, $newpw);
$result = $this->model->updatePassword($email, $oldpw, $newpw);
if ($result === true) {
$this->showConfirmation("Passwort erfolgreich geändert.");
} elseif (is_string($result)) {
$this->errors['password'] = $result;
$this->showAuthForm();
header("Location: /?controller=Auth&do=showConfirmation&msg=pwchange");
exit;
} else {
$this->errors['password'] = "Fehler beim Aktualisieren des Passworts.";
$this->showAuthForm();
$_SESSION['auth_errors']['password'] = is_string($result) ? $result : "Fehler beim Aktualisieren des Passworts.";
header("Location: /?controller=Auth&do=showAuthForm");
exit;
}
}
public function showConfirmation()
{
$messages = [
'login' => "Login erfolgreich.",
'register' => "Registrierung erfolgreich.",
'pwforgot' => "Ein temporäres Passwort wurde an Ihre E-Mail gesendet.",
'pwchange' => "Passwort erfolgreich geändert."
];
$msgKey = $_GET['msg'] ?? '';
$message = $messages[$msgKey] ?? "Aktion erfolgreich.";
$this->view->setVars(['message' => $message]);
$this->view->render('auth/confirmation');
}
}

24
Model/AuthModel.php
View File

@ -2,7 +2,8 @@
namespace Blog\Model;
use Cassandra\Date;
use DateTime;
use PDO;
use PDOException;
class AuthModel extends Database
@ -41,8 +42,7 @@ class AuthModel extends Database
return true;
}
public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone)
{
public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone, $isAdmin) {
$rtn = $this->pwRequirementCheck($password);
if($rtn !== true){
return $rtn;
@ -61,26 +61,25 @@ class AuthModel extends Database
try {
$pdo = $this->linkDB();
$stmt = $pdo->prepare("SELECT id FROM user WHERE email = :email");
$stmt = $pdo->prepare("SELECT userid FROM user WHERE email = :email");
$stmt->execute([':email' => $email]);
if($stmt-> fetch()){
return "Der Account mit der Email, existiert bereits.";
}
}
catch (PDOException $e){
} catch (PDOException $e){
new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e);
die;
}
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel)
VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)";
$sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel, isAdmin)
VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel, :isAdmin)";
try{
$pdo = $this->linkDB();
$stmt = $pdo->prepare($sql);
return $stmt->execute([
$stmt->execute([
':email' => $email,
':password' => $hashedPassword,
':straße' => $street,
@ -90,7 +89,8 @@ class AuthModel extends Database
':land' => $country,
':vorname' => $firstName,
':nachname' => $lastName,
':tel' => $phone
':tel' => $phone,
':isAdmin' => $isAdmin
]);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
@ -110,8 +110,8 @@ class AuthModel extends Database
$error[] = "min one small charakter";
if(!preg_match("/[0-9]/", $password))
$error[] = "min one number";
if(!preg_match("/[ <>|°^,;·.:…\-_#'+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ ]/", $password));
$error[] = "min one of these: <>|°^,;·.:…\-_#'+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ";
if(!preg_match("[^a-zA-Z0-9\s]", $password));
$error[] = "min one special character";
if(empty($error))
return true;

13
Views/Auth/login.phtml Normal file
View File

@ -0,0 +1,13 @@
<?php
include dirname(__DIR__).'/header.phtml';
?>
<?php if (isset($errors)) echo $errors["login"]?>
<div class="msg">
<p>Login für user <?php echo $_SESSION["user"] ?>erfolgreich</p>
<a href="?controller=Welcome&do=showWelcome">Weiter</a>
</div>
<?php include dirname(__DIR__).'/footer.phtml'; ?>

12
Views/Auth/register.phtml Normal file
View File

@ -0,0 +1,12 @@
<?php
include dirname(__DIR__).'/header.phtml';
?>
<div class="msg">
<p>Erfolgreich registriert!</p>
<a href="?controller=Welcome&do=showWelcome">Weiter</a>
</div>
<?php include dirname(__DIR__).'/footer.phtml'; ?>