implemented input validation for register function

2025-06-23 10:35:55 +02:00 · 2025-06-23 10:35:55 +02:00 · 5965e1df81
commit 5965e1df81
parent 8d4376d313
1 changed files with 37 additions and 13 deletions
--- a/Model/AuthModel.php
+++ b/Model/AuthModel.php
@ -41,16 +41,40 @@ class AuthModel extends Database
        return true;
    }

-    public function register($email, $password, $straße, $hausnr, $ort, $postleitzahl, $land, $vorname, $nachname, $tel)
+    public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone)
    {
        $rtn = $this->pwRequirementCheck($password);
        if($rtn !== true){
            return $rtn;
        }
-        else{
+
+        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+            return "Bitte geben Sie eine gültige E-Mail ein.";
+        }
+
+        $requiredFields = [$email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone];
+        foreach ($requiredFields as $field) {
+            if (empty($field)) {
+                return "Bitte füllen Sie alle Felder aus";
+            }
+        }
+
+        try {
+            $pdo = $this->linkDB();
+            $stmt = $pdo->prepare("SELECT id FROM user WHERE email = :email");
+            $stmt->execute([':email' => $email]);
+            if($stmt-> fetch()){
+                return "Der Account mit der Email, existiert bereits.";
+            }
+        }
+        catch (PDOException $e){
+            new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e);
+            die;
+        }
+
            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);

-            $sql = "INSERT INTO user (email, passwort, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel) 
+            $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel) 
                    VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)";

            try{
@ -59,20 +83,20 @@ class AuthModel extends Database
                return $stmt->execute([
                    ':email' => $email,
                    ':password' => $hashedPassword,
-                    ':straße' => $straße,
-                    ':hausnr' => $hausnr,
-                    ':ort' => $ort,
-                    ':postleitzahl' => $postleitzahl,
-                    ':land' => $land,
-                    ':vorname' => $vorname,
-                    ':nachname' => $nachname,
-                    ':tel' => $tel
+                    ':straße' => $street,
+                    ':hausnr' => $houseNumber,
+                    ':ort' => $city,
+                    ':postleitzahl' => $postalCode,
+                    ':land' => $country,
+                    ':vorname' => $firstName,
+                    ':nachname' => $lastName,
+                    ':tel' => $phone
                ]);
            } catch (PDOException $e) {
                new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
                die;
            }
-        }
+
    }

    private function pwRequirementCheck($password){
@ -137,7 +161,7 @@ class AuthModel extends Database


            $sql = "UPDATE user 
-                    SET passwort = :password AND validUntil = :validUntil
+                    SET password = :password AND validUntil = :validUntil
                    WHERE email = :email";

            $stmt = $pdo->prepare($sql);