From 5594d469dec65cce9a80030619b2ce3a407eecf9 Mon Sep 17 00:00:00 2001 From: Karsten Tlotzek Date: Thu, 12 Jun 2025 16:14:54 +0200 Subject: [PATCH 01/11] Test --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.php b/index.php index 9609eea..956dc5c 100644 --- a/index.php +++ b/index.php @@ -1,6 +1,6 @@ Date: Mon, 16 Jun 2025 15:12:13 +0200 Subject: [PATCH 02/11] implemented authcontroller logic --- Controller/AuthController.php | 55 +++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 Controller/AuthController.php diff --git a/Controller/AuthController.php b/Controller/AuthController.php new file mode 100644 index 0000000..646442c --- /dev/null +++ b/Controller/AuthController.php @@ -0,0 +1,55 @@ + "Name", "email" => "E-Mail-Adresse", "content" => "Nachricht"); + + + public function __construct($view) + { + $this->db = new AuthModel(); + $this->view = $view; + } + + public function showAuthForm() + { + $this->view->setVars([ + 'labels' => $this->labels, + 'validData' => $this->validData, + 'errors' => $this->errors + ]); + } + + public function showConfirmation() + { + + } + + public function validateForm(){ + foreach ($this->labels as $index => $value) { + if (!isset($_POST[$index]) || empty($_POST[$index])) { + $this->errors[$index] = "Bitte " . $value . " angeben"; + } else { + $this->validData[$index] = $_POST[$index]; + } + } + + if (count($this->errors) > 0) { + $this->view->setDoMethodName("showContactForm"); + $this->showContactForm(); + } else { + if ($this->db->writeContactData($this->validData)) { + $this->view->setDoMethodName("showConfirmation"); + $this->showConfirmation(); + } + } + } +} From 78e1e72ebada16bc5329660dd347ab0155ebc245 Mon Sep 17 00:00:00 2001 From: Max538 Date: Mon, 16 Jun 2025 15:12:28 +0200 Subject: [PATCH 03/11] implemented authmodel --- Model/AuthModel.php | 149 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 Model/AuthModel.php diff --git a/Model/AuthModel.php b/Model/AuthModel.php new file mode 100644 index 0000000..46bd1b1 --- /dev/null +++ b/Model/AuthModel.php @@ -0,0 +1,149 @@ +linkDB(); + + try { + $sth = $pdo->prepare($sql); + $sth->execute($params); + $result = $sth->fetchAll(); + } catch (PDOException $e) { + new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); + die; + } + if(new \DateTime() <= DateTime($result['validUntil'])) + return $result ? true : false; + else + return "Ihr Passwort ist abgelaufen \n bitte erstellen Sie ein neues über: Passwort Vergessen"; + } + + public function register($email, $password, $straße, $hausnr, $ort, $postleitzahl, $land, $vorname, $nachname, $tel) + { + $rtn = $this->pwRequirementCheck($password); + if($rtn !== true){ + return $rtn; + } + else{ + $hashedPassword = password_hash($password, PASSWORD_DEFAULT); + + $sql = "INSERT INTO user (email, passwort, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel) + VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)"; + + try{ + $pdo = $this->linkDB(); + $stmt = $pdo->prepare($sql); + return $stmt->execute([ + ':email' => $email, + ':password' => $hashedPassword, + ':straße' => $straße, + ':hausnr' => $hausnr, + ':ort' => $ort, + ':postleitzahl' => $postleitzahl, + ':land' => $land, + ':vorname' => $vorname, + ':nachname' => $nachname, + ':tel' => $tel + ]); + } catch (PDOException $e) { + new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); + die; + } + } + } + + private function pwRequirementCheck($password){ + $error = []; + + if(strlen($password) <= 8) + $error[] = "min 8 Charackter"; + if(!preg_match("/[A-Z]/", $password)) + $error[] = "min one large Character"; + if(!preg_match("/[a-z]/", $password)) + $error[] = "min one small charakter"; + if(!preg_match("/[0-9]/", $password)) + $error[] = "min one number"; + if(!preg_match("/[ <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ ]/", $password)); + $error[] = "min one of these: <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ"; + + if(empty($error)) + return true; + else + return $error; + } + + public function pwForgot($email){ + $randomPw = bin2hex(random_bytes(12 / 2)); + $hashedPassword = password_hash($randomPw, PASSWORD_DEFAULT); + + + + $betreff = "Passwort zurücksetzen bei bibArts"; + $nachricht = "Hallo,\n\nhier ihr temporäres Passwort:\n\n $randomPw \n\n Bitte beachten Sie, dass das Passwort nur 2 stunden Gülltig ist. \nViele Grüße,\nbibArts Team"; + + $header = "From: noreply@edu.bib.de\r\n"; + $header .= "Content-Type: text/plain; charset=UTF-8\r\n"; + + $maxTries = 5; + $try = 0; + $success = false; + + while ($try < $maxTries && !$success) { + $erfolg = mail($email, $betreff, $nachricht, $header); + $try++; + if (!$erfolg) { + error_log("Mailversuch $try an $email fehlgeschlagen."); + sleep(1); + } + } + } + + private function forgottenPwUpdate($email, $hashedPassword) + { + try{ + $pdo = $this->linkDB(); + + $sqlCheck = "SELECT COUNT(*) FROM user WHERE email = :email"; + $stmt = $pdo->prepare($sqlCheck); + $stmt->execute([':email' => $email]); + if ($stmt->fetchColumn() == 0) { + return false; + } + + $sql = "UPDATE user + SET passwort = :password + WHERE email = :email"; + + $stmt = $pdo->prepare($sql); + return $stmt->execute([ + ':email' => $email, + ':password' => $hashedPassword + ]); + } catch (PDOException $e) { + new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e); + die; + return false; + } + } + + public function checkDoublePw($password1, $password2){ + if($password1 === $password2){ + return true; + } + else + return false; + } +} From 49a8f6a1dc8ee14d82c243fab02d0ae4120ad1f9 Mon Sep 17 00:00:00 2001 From: Max538 Date: Mon, 16 Jun 2025 15:12:51 +0200 Subject: [PATCH 04/11] added database sql skript with changes --- bibarts.sql | 138 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 bibarts.sql diff --git a/bibarts.sql b/bibarts.sql new file mode 100644 index 0000000..ea6828d --- /dev/null +++ b/bibarts.sql @@ -0,0 +1,138 @@ +CREATE TABLE user ( + userid INT AUTO_INCREMENT PRIMARY KEY, + vorname VARCHAR(50), + nachname VARCHAR(50), + straße VARCHAR(100), + hausnr VARCHAR(10), + postleitzahl VARCHAR(10), + ort VARCHAR(50), + land VARCHAR(50), + tel VARCHAR(20), + email VARCHAR(100) UNIQUE, + isAdmin BOOLEAN DEFAULT FALSE, + password VARCHAR(255) +); + + +CREATE TABLE standort ( + standortid INT AUTO_INCREMENT PRIMARY KEY, + straße VARCHAR(100), + hausnr VARCHAR(10), + postleitzahl VARCHAR(10), + ort VARCHAR(50), + land VARCHAR(50), + tel VARCHAR(20), + email VARCHAR(100) +); + + +CREATE TABLE ausstellung ( + austellungid INT AUTO_INCREMENT PRIMARY KEY, + standortid INT, + datum_von DATE, + datum_bis DATE, + name VARCHAR(100), + beschreibung TEXT, + max_tickets INT, + FOREIGN KEY (standortid) REFERENCES Standort(standortid) +); + + +CREATE TABLE ticket ( + ticketid INT AUTO_INCREMENT PRIMARY KEY, + userid INT, + eventid INT, + kaufdatum DATE, + gültigkeitsdatum DATE, + preis DECIMAL(10,2), + FOREIGN KEY (userid) REFERENCES User(userid), + FOREIGN KEY (eventid) REFERENCES Ausstellung(austellungid) +); + + +CREATE TABLE gutschein ( + gutscheinid INT AUTO_INCREMENT PRIMARY KEY, + code VARCHAR(50) UNIQUE, + rabatt INT CHECK (rabatt BETWEEN 0 AND 100), + eventid INT, + gültigkeit DATE, + FOREIGN KEY (eventid) REFERENCES Ausstellung(austellungid) +); + + +CREATE TABLE news ( + newsid INT AUTO_INCREMENT PRIMARY KEY, + name VARCHAR(100), + beschreibung TEXT, + datum DATE +); + +--Testdaten + +INSERT INTO user (vorname, nachname, straße, hausnr, postleitzahl, ort, land, tel, email, isAdmin, password) +VALUES + ('Max', 'Muster', 'Musterstraße', '1', '12345', 'Musterstadt', 'Deutschland', '0123456789', 'max@muster.de', FALSE, 'passwort123'), + ('Anna', 'Beispiel', 'Beispielweg', '5a', '54321', 'Beispielstadt', 'Deutschland', '0987654321', 'anna@beispiel.de', TRUE, 'adminpass'); + + +INSERT INTO standort (straße, hausnr, postleitzahl, ort, land, tel, email) +VALUES + ('Galeriestraße', '10', '10115', 'Berlin', 'Deutschland', '030123456', 'kontakt@galerie-berlin.de'), + ('Kunstallee', '22b', '50667', 'Köln', 'Deutschland', '0221123456', 'info@kunst-koeln.de'); + + +INSERT INTO ausstellung (standortid, datum_von, datum_bis, name, beschreibung, max_tickets) +VALUES + (1, '2025-07-01', '2025-08-31', 'Moderne Meisterwerke', 'Eine Sammlung moderner Kunstwerke aus Europa.', 200), + (2, '2025-09-10', '2025-10-20', 'Kunst der Antike', 'Ausstellung antiker Skulpturen und Gemälde.', 150); + + +INSERT INTO gutschein (code, rabatt, eventid, gültigkeit) +VALUES + ('SOMMER2025', 15, 1, '2025-08-31'), + ('HERBST25', 25, 2, '2025-10-15'); + + +INSERT INTO ticket (userid, eventid, kaufdatum, gültigkeitsdatum, preis) +VALUES + (1, 1, '2025-06-01', '2025-07-15', 12.50), + (2, 2, '2025-06-05', '2025-09-15', 10.00); + + +INSERT INTO news (name, beschreibung, datum) +VALUES + ('Neuer Standort eröffnet', 'Unsere Galerie in Köln ist jetzt geöffnet!', '2025-06-01'), + ('Frühbucher-Rabatt', 'Sichern Sie sich jetzt 15% Rabatt auf unsere Sommerausstellung.', '2025-05-20'); + +--Änderungen: + +ALTER TABLE austellung + ADD preis decimal NOT NULL + +ALTER TABLE ticket + DROP COLUMN preis + + +ALTER TABLE user + MODIFY COLUMN userid INT NOT NULL AUTO_INCREMENT; + +ALTER TABLE ticket + MODIFY COLUMN ticketid INT NOT NULL AUTO_INCREMENT; + +ALTER TABLE standort + MODIFY COLUMN standortid INT NOT NULL AUTO_INCREMENT; + +ALTER TABLE news + MODIFY COLUMN newsid INT NOT NULL AUTO_INCREMENT; + +ALTER TABLE gutschein + MODIFY COLUMN gutscheinid INT NOT NULL AUTO_INCREMENT; + +ALTER TABLE ausstellung + MODIFY COLUMN austellungid INT NOT NULL AUTO_INCREMENT; + +ALTER TABLE user + MODIFY COLUMN isAdmin BOOLEAN DEFAULT FALSE; + +ALTER TABLE user + ADD validUntil DATETIME NOT NULL DEFAULT '3025-01-01 00:00:00'; \ No newline at end of file From 8d4376d31309eb5b9405bd261f429bbfa0e392c6 Mon Sep 17 00:00:00 2001 From: Max538 Date: Mon, 23 Jun 2025 10:17:17 +0200 Subject: [PATCH 05/11] fixed login function --- Model/AuthModel.php | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/Model/AuthModel.php b/Model/AuthModel.php index 46bd1b1..c97e456 100644 --- a/Model/AuthModel.php +++ b/Model/AuthModel.php @@ -2,33 +2,43 @@ namespace Blog\Model; +use Cassandra\Date; use PDOException; class AuthModel extends Database { public function login($email, $password){ - $hashedPassword = password_hash($password, PASSWORD_DEFAULT); - - $params=array(); - $params[":email"] = $email; - $params[":password"] = $hashedPassword; - - $sql = "SELECT email, password, validUntil FROM user WHERE email = $email AND password = $password"; + $params = [":email" => $email]; + $sql = "SELECT email, password, validUntil FROM user WHERE email = :email"; $pdo = $this->linkDB(); try { $sth = $pdo->prepare($sql); $sth->execute($params); - $result = $sth->fetchAll(); + $user = $sth->fetch(PDO::FETCH_ASSOC); } catch (PDOException $e) { - new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); + new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e); die; } - if(new \DateTime() <= DateTime($result['validUntil'])) - return $result ? true : false; - else - return "Ihr Passwort ist abgelaufen \n bitte erstellen Sie ein neues über: Passwort Vergessen"; + + + if (!$user) { + return false; + } + + if (!password_verify($password, $user['password'])) { + return false; + } + + $now = new DateTime(); + $validUntil = new DateTime($user['validUntil']); + + if ($now > $validUntil) { + return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\"."; + } + + return true; } public function register($email, $password, $straße, $hausnr, $ort, $postleitzahl, $land, $vorname, $nachname, $tel) @@ -123,14 +133,18 @@ class AuthModel extends Database return false; } + $validUntil = (new DateTime())->add(new DateInterval('PT2H'))->format('Y-m-d H:i:s'); + + $sql = "UPDATE user - SET passwort = :password + SET passwort = :password AND validUntil = :validUntil WHERE email = :email"; $stmt = $pdo->prepare($sql); return $stmt->execute([ ':email' => $email, - ':password' => $hashedPassword + ':password' => $hashedPassword, + ':validUntil' => $validUntil ]); } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e); From 5965e1df8161eb594ce6dd8dfd5b52f504a1f7df Mon Sep 17 00:00:00 2001 From: Max538 Date: Mon, 23 Jun 2025 10:35:55 +0200 Subject: [PATCH 06/11] implemented input validation for register function --- Model/AuthModel.php | 50 +++++++++++++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/Model/AuthModel.php b/Model/AuthModel.php index c97e456..89baa64 100644 --- a/Model/AuthModel.php +++ b/Model/AuthModel.php @@ -41,16 +41,40 @@ class AuthModel extends Database return true; } - public function register($email, $password, $straße, $hausnr, $ort, $postleitzahl, $land, $vorname, $nachname, $tel) + public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone) { $rtn = $this->pwRequirementCheck($password); if($rtn !== true){ return $rtn; } - else{ + + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + return "Bitte geben Sie eine gültige E-Mail ein."; + } + + $requiredFields = [$email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone]; + foreach ($requiredFields as $field) { + if (empty($field)) { + return "Bitte füllen Sie alle Felder aus"; + } + } + + try { + $pdo = $this->linkDB(); + $stmt = $pdo->prepare("SELECT id FROM user WHERE email = :email"); + $stmt->execute([':email' => $email]); + if($stmt-> fetch()){ + return "Der Account mit der Email, existiert bereits."; + } + } + catch (PDOException $e){ + new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e); + die; + } + $hashedPassword = password_hash($password, PASSWORD_DEFAULT); - $sql = "INSERT INTO user (email, passwort, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel) + $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel) VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)"; try{ @@ -59,20 +83,20 @@ class AuthModel extends Database return $stmt->execute([ ':email' => $email, ':password' => $hashedPassword, - ':straße' => $straße, - ':hausnr' => $hausnr, - ':ort' => $ort, - ':postleitzahl' => $postleitzahl, - ':land' => $land, - ':vorname' => $vorname, - ':nachname' => $nachname, - ':tel' => $tel + ':straße' => $street, + ':hausnr' => $houseNumber, + ':ort' => $city, + ':postleitzahl' => $postalCode, + ':land' => $country, + ':vorname' => $firstName, + ':nachname' => $lastName, + ':tel' => $phone ]); } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); die; } - } + } private function pwRequirementCheck($password){ @@ -137,7 +161,7 @@ class AuthModel extends Database $sql = "UPDATE user - SET passwort = :password AND validUntil = :validUntil + SET password = :password AND validUntil = :validUntil WHERE email = :email"; $stmt = $pdo->prepare($sql); From dd6e98fe28dfbc41edfb35edbd32139f5f070a50 Mon Sep 17 00:00:00 2001 From: Max538 Date: Mon, 23 Jun 2025 14:14:25 +0200 Subject: [PATCH 07/11] implemented update pw function --- Model/AuthModel.php | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/Model/AuthModel.php b/Model/AuthModel.php index 89baa64..e71d4c1 100644 --- a/Model/AuthModel.php +++ b/Model/AuthModel.php @@ -123,7 +123,7 @@ class AuthModel extends Database $randomPw = bin2hex(random_bytes(12 / 2)); $hashedPassword = password_hash($randomPw, PASSWORD_DEFAULT); - + $this->forgottenPwUpdate($email, $hashedPassword); $betreff = "Passwort zurücksetzen bei bibArts"; $nachricht = "Hallo,\n\nhier ihr temporäres Passwort:\n\n $randomPw \n\n Bitte beachten Sie, dass das Passwort nur 2 stunden Gülltig ist. \nViele Grüße,\nbibArts Team"; @@ -177,6 +177,35 @@ class AuthModel extends Database } } + public function updatePassword($email, $oldpw, $newpw){ + if(!$this->login($email, $oldpw)) { + return false; + } + + $requiredFields = [$email, $oldpw, $newpw]; + foreach ($requiredFields as $field) { + if (empty($field)) { + return "Bitte füllen Sie alle Felder aus"; + } + } + $hashedPassword = password_hash($newpw, PASSWORD_DEFAULT); + + $sql = "INSERT INTO user (email, password) + VALUES (:email, :password)"; + + try{ + $pdo = $this->linkDB(); + $stmt = $pdo->prepare($sql); + return $stmt->execute([ + ':email' => $email, + ':password' => $hashedPassword, + ]); + } catch (PDOException $e) { + new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); + die; + } + } + public function checkDoublePw($password1, $password2){ if($password1 === $password2){ return true; From db526e5bb2f793ae40681f12e3af6fa2493f8eef Mon Sep 17 00:00:00 2001 From: Max538 Date: Mon, 23 Jun 2025 14:22:43 +0200 Subject: [PATCH 08/11] implemented Controller logic --- Controller/AuthController.php | 130 ++++++++++++++++++++++++++++++---- 1 file changed, 117 insertions(+), 13 deletions(-) diff --git a/Controller/AuthController.php b/Controller/AuthController.php index 646442c..011ad75 100644 --- a/Controller/AuthController.php +++ b/Controller/AuthController.php @@ -10,8 +10,12 @@ class AuthController private $db; private $validData = array(); private $errors = array(); - private $labels = array("name" => "Name", "email" => "E-Mail-Adresse", "content" => "Nachricht"); - + private $labels = array( + "email" => "E-Mail-Adresse", + "password" => "Passwort", + "password_repeat" => "Passwort wiederholen", + "old_password" => "Altes Passwort" + ); public function __construct($view) { @@ -28,28 +32,128 @@ class AuthController ]); } - public function showConfirmation() + public function showConfirmation($message = "Aktion erfolgreich.") { - + $this->view->setVars(['message' => $message]); + $this->view->render('auth/confirmation'); } - public function validateForm(){ + public function validateForm() + { foreach ($this->labels as $index => $value) { if (!isset($_POST[$index]) || empty($_POST[$index])) { $this->errors[$index] = "Bitte " . $value . " angeben"; } else { - $this->validData[$index] = $_POST[$index]; + $this->validData[$index] = trim($_POST[$index]); } } - if (count($this->errors) > 0) { - $this->view->setDoMethodName("showContactForm"); - $this->showContactForm(); + if (!empty($this->errors)) { + $this->view->setDoMethodName("showAuthForm"); + $this->showAuthForm(); } else { - if ($this->db->writeContactData($this->validData)) { - $this->view->setDoMethodName("showConfirmation"); - $this->showConfirmation(); - } + $this->view->setDoMethodName("showConfirmation"); + $this->showConfirmation(); + } + } + + public function login() + { + $email = $_POST['email'] ?? ''; + $password = $_POST['password'] ?? ''; + + if (empty($email) || empty($password)) { + $this->errors['login'] = "Bitte E-Mail und Passwort eingeben."; + return $this->showAuthForm(); + } + + $result = $this->db->login($email, $password); + + if ($result === true) { + $_SESSION['user'] = $email; + $this->showConfirmation("Login erfolgreich."); + } elseif (is_string($result)) { + $this->errors['login'] = $result; + $this->showAuthForm(); + } else { + $this->errors['login'] = "Login fehlgeschlagen."; + $this->showAuthForm(); + } + } + + public function register() + { + $data = [ + 'email' => $_POST['email'] ?? '', + 'password' => $_POST['password'] ?? '', + 'password_repeat' => $_POST['password_repeat'] ?? '', + 'straße' => $_POST['straße'] ?? '', + 'hausnr' => $_POST['hausnr'] ?? '', + 'ort' => $_POST['ort'] ?? '', + 'postleitzahl' => $_POST['postleitzahl'] ?? '', + 'land' => $_POST['land'] ?? '', + 'vorname' => $_POST['vorname'] ?? '', + 'nachname' => $_POST['nachname'] ?? '', + 'tel' => $_POST['tel'] ?? '' + ]; + + if (!$this->db->checkDoublePw($data['password'], $data['password_repeat'])) { + $this->errors['password'] = "Passwörter stimmen nicht überein."; + return $this->showAuthForm(); + } + + $result = $this->db->register( + $data['email'], $data['password'], $data['straße'], $data['hausnr'], + $data['ort'], $data['postleitzahl'], $data['land'], + $data['vorname'], $data['nachname'], $data['tel'] + ); + + if ($result === true) { + $this->showConfirmation("Registrierung erfolgreich."); + } elseif (is_string($result)) { + $this->errors['register'] = $result; + $this->showAuthForm(); + } else { + $this->errors['register'] = "Registrierung fehlgeschlagen."; + $this->showAuthForm(); + } + } + + public function forgotPassword() + { + $email = $_POST['email'] ?? ''; + + if (empty($email)) { + $this->errors['email'] = "Bitte E-Mail-Adresse angeben."; + return $this->showAuthForm(); + } + + $this->db->pwForgot($email); + $this->showConfirmation("Ein temporäres Passwort wurde an Ihre E-Mail gesendet."); + } + + public function changePassword() + { + $email = $_POST['email'] ?? ''; + $oldpw = $_POST['old_password'] ?? ''; + $newpw = $_POST['password'] ?? ''; + $repeat = $_POST['password_repeat'] ?? ''; + + if (!$this->db->checkDoublePw($newpw, $repeat)) { + $this->errors['password'] = "Neue Passwörter stimmen nicht überein."; + return $this->showAuthForm(); + } + + $result = $this->db->updatePassword($email, $oldpw, $newpw); + + if ($result === true) { + $this->showConfirmation("Passwort erfolgreich geändert."); + } elseif (is_string($result)) { + $this->errors['password'] = $result; + $this->showAuthForm(); + } else { + $this->errors['password'] = "Fehler beim Aktualisieren des Passworts."; + $this->showAuthForm(); } } } From 5477e7fdd8296beb74f230d39e8fa4d4f6a4bc9f Mon Sep 17 00:00:00 2001 From: Max538 Date: Mon, 23 Jun 2025 14:23:00 +0200 Subject: [PATCH 09/11] fixed sql --- Model/AuthModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Model/AuthModel.php b/Model/AuthModel.php index e71d4c1..b1a4f03 100644 --- a/Model/AuthModel.php +++ b/Model/AuthModel.php @@ -161,7 +161,7 @@ class AuthModel extends Database $sql = "UPDATE user - SET password = :password AND validUntil = :validUntil + SET password = :password, validUntil = :validUntil WHERE email = :email"; $stmt = $pdo->prepare($sql); From 36d6364cd064c2a6cf0ea15ce85b32b373c1a526 Mon Sep 17 00:00:00 2001 From: Karsten Tlotzek Date: Fri, 27 Jun 2025 10:24:21 +0200 Subject: [PATCH 10/11] Auth angepasst --- Controller/AuthController.php | 168 +++++++++++++++------------------- Model/AuthModel.php | 60 ++++++------ Views/Auth/login.phtml | 13 +++ Views/Auth/register.phtml | 12 +++ 4 files changed, 130 insertions(+), 123 deletions(-) create mode 100644 Views/Auth/login.phtml create mode 100644 Views/Auth/register.phtml diff --git a/Controller/AuthController.php b/Controller/AuthController.php index 011ad75..0318532 100644 --- a/Controller/AuthController.php +++ b/Controller/AuthController.php @@ -6,130 +6,98 @@ use Blog\Model\AuthModel; class AuthController { - protected $view; - private $db; - private $validData = array(); - private $errors = array(); - private $labels = array( - "email" => "E-Mail-Adresse", - "password" => "Passwort", - "password_repeat" => "Passwort wiederholen", - "old_password" => "Altes Passwort" - ); + private $model; + private $view; public function __construct($view) { - $this->db = new AuthModel(); + $this->model = new AuthModel(); $this->view = $view; } public function showAuthForm() { $this->view->setVars([ - 'labels' => $this->labels, - 'validData' => $this->validData, - 'errors' => $this->errors + 'labels' => [ + "email" => "E-Mail-Adresse", + "password" => "Passwort", + "password_repeat" => "Passwort wiederholen", + "old_password" => "Altes Passwort" + ], + 'errors' => $_SESSION['auth_errors'] ?? [], + 'validData' => $_SESSION['auth_validData'] ?? [] ]); + unset($_SESSION['auth_errors'], $_SESSION['auth_validData']); + $this->view->render('auth/form'); } - public function showConfirmation($message = "Aktion erfolgreich.") - { - $this->view->setVars(['message' => $message]); - $this->view->render('auth/confirmation'); - } - - public function validateForm() - { - foreach ($this->labels as $index => $value) { - if (!isset($_POST[$index]) || empty($_POST[$index])) { - $this->errors[$index] = "Bitte " . $value . " angeben"; - } else { - $this->validData[$index] = trim($_POST[$index]); - } - } - - if (!empty($this->errors)) { - $this->view->setDoMethodName("showAuthForm"); - $this->showAuthForm(); - } else { - $this->view->setDoMethodName("showConfirmation"); - $this->showConfirmation(); - } - } - - public function login() - { + public function login() { $email = $_POST['email'] ?? ''; $password = $_POST['password'] ?? ''; - - if (empty($email) || empty($password)) { - $this->errors['login'] = "Bitte E-Mail und Passwort eingeben."; - return $this->showAuthForm(); - } - - $result = $this->db->login($email, $password); + + $result = $this->model->login($email, $password); if ($result === true) { $_SESSION['user'] = $email; - $this->showConfirmation("Login erfolgreich."); - } elseif (is_string($result)) { - $this->errors['login'] = $result; - $this->showAuthForm(); } else { - $this->errors['login'] = "Login fehlgeschlagen."; - $this->showAuthForm(); + $this->view->setVars([ + 'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."], + 'validData' => ['email' => $email] + ]); } } - public function register() - { + public function register() { + $data = [ + 'vorname' => $_POST['vorname'] ?? '', + 'nachname' => $_POST['nachname'] ?? '', + 'straße' => $_POST['straße'] ?? '', + 'hausnr' => $_POST['hausnr'] ?? '', + 'postleitzahl' => $_POST['postleitzahl'] ?? '', + 'ort' => $_POST['ort'] ?? '', + 'land' => $_POST['land'] ?? '', + 'tel' => $_POST['tel'] ?? '', 'email' => $_POST['email'] ?? '', 'password' => $_POST['password'] ?? '', 'password_repeat' => $_POST['password_repeat'] ?? '', - 'straße' => $_POST['straße'] ?? '', - 'hausnr' => $_POST['hausnr'] ?? '', - 'ort' => $_POST['ort'] ?? '', - 'postleitzahl' => $_POST['postleitzahl'] ?? '', - 'land' => $_POST['land'] ?? '', - 'vorname' => $_POST['vorname'] ?? '', - 'nachname' => $_POST['nachname'] ?? '', - 'tel' => $_POST['tel'] ?? '' + 'isAdmin' => $_POST['isAdmin'] ?? false, ]; - if (!$this->db->checkDoublePw($data['password'], $data['password_repeat'])) { - $this->errors['password'] = "Passwörter stimmen nicht überein."; - return $this->showAuthForm(); + // Passwortabgleich prüfen + if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) { + $_SESSION['auth_errors']['password'] = "Passwörter stimmen nicht überein."; + $_SESSION['auth_validData'] = $data; } - $result = $this->db->register( + $result = $this->model->register( $data['email'], $data['password'], $data['straße'], $data['hausnr'], $data['ort'], $data['postleitzahl'], $data['land'], - $data['vorname'], $data['nachname'], $data['tel'] - ); + $data['vorname'], $data['nachname'], $data['tel'], $data['isAdmin'] + ); if ($result === true) { - $this->showConfirmation("Registrierung erfolgreich."); - } elseif (is_string($result)) { - $this->errors['register'] = $result; - $this->showAuthForm(); + //header("Location: /?controller=Auth&do=showConfirmation&msg=register"); + exit; } else { - $this->errors['register'] = "Registrierung fehlgeschlagen."; - $this->showAuthForm(); + $_SESSION['auth_errors']['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen."; + $_SESSION['auth_validData'] = $data; + //header("Location: /?controller=Auth&do=showAuthForm"); + //exit; } } public function forgotPassword() { $email = $_POST['email'] ?? ''; - if (empty($email)) { - $this->errors['email'] = "Bitte E-Mail-Adresse angeben."; - return $this->showAuthForm(); + $_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben."; + header("Location: /?controller=Auth&do=showAuthForm"); + exit; } - - $this->db->pwForgot($email); - $this->showConfirmation("Ein temporäres Passwort wurde an Ihre E-Mail gesendet."); + $this->model->pwForgot($email); + header("Location: /?controller=Auth&do=showConfirmation&msg=pwforgot"); + exit; } public function changePassword() @@ -139,21 +107,35 @@ class AuthController $newpw = $_POST['password'] ?? ''; $repeat = $_POST['password_repeat'] ?? ''; - if (!$this->db->checkDoublePw($newpw, $repeat)) { - $this->errors['password'] = "Neue Passwörter stimmen nicht überein."; - return $this->showAuthForm(); + if (!$this->model->checkDoublePw($newpw, $repeat)) { + $_SESSION['auth_errors']['password'] = "Neue Passwörter stimmen nicht überein."; + header("Location: /?controller=Auth&do=showAuthForm"); + exit; } - $result = $this->db->updatePassword($email, $oldpw, $newpw); + $result = $this->model->updatePassword($email, $oldpw, $newpw); if ($result === true) { - $this->showConfirmation("Passwort erfolgreich geändert."); - } elseif (is_string($result)) { - $this->errors['password'] = $result; - $this->showAuthForm(); + header("Location: /?controller=Auth&do=showConfirmation&msg=pwchange"); + exit; } else { - $this->errors['password'] = "Fehler beim Aktualisieren des Passworts."; - $this->showAuthForm(); + $_SESSION['auth_errors']['password'] = is_string($result) ? $result : "Fehler beim Aktualisieren des Passworts."; + header("Location: /?controller=Auth&do=showAuthForm"); + exit; } } -} + + public function showConfirmation() + { + $messages = [ + 'login' => "Login erfolgreich.", + 'register' => "Registrierung erfolgreich.", + 'pwforgot' => "Ein temporäres Passwort wurde an Ihre E-Mail gesendet.", + 'pwchange' => "Passwort erfolgreich geändert." + ]; + $msgKey = $_GET['msg'] ?? ''; + $message = $messages[$msgKey] ?? "Aktion erfolgreich."; + $this->view->setVars(['message' => $message]); + $this->view->render('auth/confirmation'); + } +} \ No newline at end of file diff --git a/Model/AuthModel.php b/Model/AuthModel.php index b1a4f03..a21f613 100644 --- a/Model/AuthModel.php +++ b/Model/AuthModel.php @@ -2,7 +2,8 @@ namespace Blog\Model; -use Cassandra\Date; +use DateTime; +use PDO; use PDOException; class AuthModel extends Database @@ -41,8 +42,7 @@ class AuthModel extends Database return true; } - public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone) - { + public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone, $isAdmin) { $rtn = $this->pwRequirementCheck($password); if($rtn !== true){ return $rtn; @@ -61,41 +61,41 @@ class AuthModel extends Database try { $pdo = $this->linkDB(); - $stmt = $pdo->prepare("SELECT id FROM user WHERE email = :email"); + $stmt = $pdo->prepare("SELECT userid FROM user WHERE email = :email"); $stmt->execute([':email' => $email]); if($stmt-> fetch()){ return "Der Account mit der Email, existiert bereits."; } - } - catch (PDOException $e){ + } catch (PDOException $e){ new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e); die; } - $hashedPassword = password_hash($password, PASSWORD_DEFAULT); + $hashedPassword = password_hash($password, PASSWORD_DEFAULT); - $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel) - VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)"; + $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel, isAdmin) + VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel, :isAdmin)"; - try{ - $pdo = $this->linkDB(); - $stmt = $pdo->prepare($sql); - return $stmt->execute([ - ':email' => $email, - ':password' => $hashedPassword, - ':straße' => $street, - ':hausnr' => $houseNumber, - ':ort' => $city, - ':postleitzahl' => $postalCode, - ':land' => $country, - ':vorname' => $firstName, - ':nachname' => $lastName, - ':tel' => $phone - ]); - } catch (PDOException $e) { - new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); - die; - } + try{ + $pdo = $this->linkDB(); + $stmt = $pdo->prepare($sql); + $stmt->execute([ + ':email' => $email, + ':password' => $hashedPassword, + ':straße' => $street, + ':hausnr' => $houseNumber, + ':ort' => $city, + ':postleitzahl' => $postalCode, + ':land' => $country, + ':vorname' => $firstName, + ':nachname' => $lastName, + ':tel' => $phone, + ':isAdmin' => $isAdmin + ]); + } catch (PDOException $e) { + new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); + die; + } } @@ -110,8 +110,8 @@ class AuthModel extends Database $error[] = "min one small charakter"; if(!preg_match("/[0-9]/", $password)) $error[] = "min one number"; - if(!preg_match("/[ <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ ]/", $password)); - $error[] = "min one of these: <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ"; + if(!preg_match("[^a-zA-Z0-9\s]", $password)); + $error[] = "min one special character"; if(empty($error)) return true; diff --git a/Views/Auth/login.phtml b/Views/Auth/login.phtml new file mode 100644 index 0000000..f166976 --- /dev/null +++ b/Views/Auth/login.phtml @@ -0,0 +1,13 @@ + + + +
+

Login für user erfolgreich

+ Weiter +
+ + + + \ No newline at end of file diff --git a/Views/Auth/register.phtml b/Views/Auth/register.phtml new file mode 100644 index 0000000..1dac879 --- /dev/null +++ b/Views/Auth/register.phtml @@ -0,0 +1,12 @@ + + +
+

Erfolgreich registriert!

+ Weiter +
+ + + + \ No newline at end of file From ce23d839a315b85290a0d1b055e6b7692a0849c8 Mon Sep 17 00:00:00 2001 From: Karsten Tlotzek Date: Mon, 30 Jun 2025 09:56:52 +0200 Subject: [PATCH 11/11] Register und login gefixt --- Controller/AuthController.php | 77 +++++++++++++------ Model/AuthModel.php | 136 +++++++++++++++++----------------- Views/Auth/login.phtml | 24 +++++- Views/Auth/register.phtml | 61 +++++++++++++-- 4 files changed, 198 insertions(+), 100 deletions(-) diff --git a/Controller/AuthController.php b/Controller/AuthController.php index 0318532..51de72b 100644 --- a/Controller/AuthController.php +++ b/Controller/AuthController.php @@ -32,23 +32,28 @@ class AuthController } public function login() { - $email = $_POST['email'] ?? ''; - $password = $_POST['password'] ?? ''; - + $email = $_POST['email']; + $password = $_POST['password']; + $result = $this->model->login($email, $password); if ($result === true) { $_SESSION['user'] = $email; + + $this->view->setVars([ + 'loginSuccess' => true, + 'email' => $email + ]); } else { $this->view->setVars([ 'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."], - 'validData' => ['email' => $email] + 'validData' => ['email' => $email], + 'loginSuccess' => false ]); } } public function register() { - $data = [ 'vorname' => $_POST['vorname'] ?? '', 'nachname' => $_POST['nachname'] ?? '', @@ -64,31 +69,55 @@ class AuthController 'isAdmin' => $_POST['isAdmin'] ?? false, ]; - // Passwortabgleich prüfen + $errors = []; + if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) { - $_SESSION['auth_errors']['password'] = "Passwörter stimmen nicht überein."; - $_SESSION['auth_validData'] = $data; + $errors['password'] = "Passwörter stimmen nicht überein."; } - $result = $this->model->register( - $data['email'], $data['password'], $data['straße'], $data['hausnr'], - $data['ort'], $data['postleitzahl'], $data['land'], - $data['vorname'], $data['nachname'], $data['tel'], $data['isAdmin'] - ); - - if ($result === true) { - //header("Location: /?controller=Auth&do=showConfirmation&msg=register"); - exit; - } else { - $_SESSION['auth_errors']['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen."; - $_SESSION['auth_validData'] = $data; - //header("Location: /?controller=Auth&do=showAuthForm"); - //exit; + if ($this->pwRequirementCheck($data['password'])) { + $errors } + + if (empty($errors)) { + $result = $this->model->register($data); + + if ($result === true) { + $this->view->setVars([ + 'success' => "Registrierung war erfolgreich." + ]); + } else { + $errors['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen."; + } + } + + $this->view->setVars([ + 'errors' => $errors, + 'validData' => $data + ]); } - public function forgotPassword() - { + private function pwRequirementCheck($password){ + $error = []; + + if(strlen($password) <= 8) + $error[] = "min 8 Charackter"; + if(!preg_match("/[A-Z]/", $password)) + $error[] = "min one large Character"; + if(!preg_match("/[a-z]/", $password)) + $error[] = "min one small charakter"; + if(!preg_match("/[0-9]/", $password)) + $error[] = "min one number"; + if(!preg_match("[^a-zA-Z0-9\s]", $password)); + $error[] = "min one special character"; + + if(empty($error)) + return true; + else + return $error; + } + + public function forgotPassword() { $email = $_POST['email'] ?? ''; if (empty($email)) { $_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben."; diff --git a/Model/AuthModel.php b/Model/AuthModel.php index a21f613..aac8b39 100644 --- a/Model/AuthModel.php +++ b/Model/AuthModel.php @@ -8,115 +8,115 @@ use PDOException; class AuthModel extends Database { - public function login($email, $password){ - $params = [":email" => $email]; - $sql = "SELECT email, password, validUntil FROM user WHERE email = :email"; - + public function login(string $email, string $password) + { $pdo = $this->linkDB(); + $sql = "SELECT email, password, validUntil FROM user WHERE email = :email"; + $params = [":email" => $email]; try { $sth = $pdo->prepare($sql); $sth->execute($params); $user = $sth->fetch(PDO::FETCH_ASSOC); } catch (PDOException $e) { - new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e); - die; + new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Benutzerdaten.", $e); + return "Interner Datenbankfehler."; // Nur für Debug sichtbar machen, sonst besser allgemein halten } - if (!$user) { - return false; + return "Benutzer mit dieser E-Mail wurde nicht gefunden."; } if (!password_verify($password, $user['password'])) { - return false; + return "Das eingegebene Passwort ist falsch."; } - $now = new DateTime(); - $validUntil = new DateTime($user['validUntil']); + try { + $now = new DateTime(); + $validUntil = new DateTime($user['validUntil']); - if ($now > $validUntil) { - return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\"."; + if ($now > $validUntil) { + return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über \"Passwort vergessen\"."; + } + } catch (\Exception $e) { + new \Blog\Library\ErrorMsg("Fehler beim Verarbeiten des Gültigkeitsdatums.", $e); + return "Fehler bei der Passwortprüfung."; } return true; } - public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone, $isAdmin) { - $rtn = $this->pwRequirementCheck($password); - if($rtn !== true){ + public function register($data) + { + $rtn = $this->pwRequirementCheck($data['password']); + if ($rtn !== true) { return $rtn; } - if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) { return "Bitte geben Sie eine gültige E-Mail ein."; } - $requiredFields = [$email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone]; + $requiredFields = [ + 'email', 'password', 'straße', 'hausnr', 'ort', 'postleitzahl', + 'land', 'vorname', 'nachname', 'tel' + ]; + foreach ($requiredFields as $field) { - if (empty($field)) { - return "Bitte füllen Sie alle Felder aus"; + if (empty($data[$field])) { + return "Bitte füllen Sie alle Felder aus."; } } + if ($this->userExistsByEmail($data['email'])) { + return "Ein Account mit dieser E-Mail existiert bereits."; + } + + $hashedPassword = password_hash($data['password'], PASSWORD_DEFAULT); + + $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl, land,vorname, nachname, tel, isAdmin) + VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land,:vorname, :nachname, :tel, :isAdmin)"; + + $params = [ + ':email' => $data['email'], + ':password' => $hashedPassword, + ':straße' => $data['straße'], + ':hausnr' => $data['hausnr'], + ':ort' => $data['ort'], + ':postleitzahl'=> $data['postleitzahl'], + ':land'=> $data['land'], + ':vorname' => $data['vorname'], + ':nachname'=> $data['nachname'], + ':tel' => $data['tel'], + ':isAdmin' => $data['isAdmin'] ? 1 : 0, + ]; + try { - $pdo = $this->linkDB(); - $stmt = $pdo->prepare("SELECT userid FROM user WHERE email = :email"); - $stmt->execute([':email' => $email]); - if($stmt-> fetch()){ - return "Der Account mit der Email, existiert bereits."; - } - } catch (PDOException $e){ - new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e); - die; - } - - $hashedPassword = password_hash($password, PASSWORD_DEFAULT); - - $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel, isAdmin) - VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel, :isAdmin)"; - - try{ $pdo = $this->linkDB(); $stmt = $pdo->prepare($sql); - $stmt->execute([ - ':email' => $email, - ':password' => $hashedPassword, - ':straße' => $street, - ':hausnr' => $houseNumber, - ':ort' => $city, - ':postleitzahl' => $postalCode, - ':land' => $country, - ':vorname' => $firstName, - ':nachname' => $lastName, - ':tel' => $phone, - ':isAdmin' => $isAdmin - ]); + $stmt->execute($params); + return true; } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); - die; + return false; } - } - private function pwRequirementCheck($password){ - $error = []; + private function userExistsByEmail($email) { + try { + $pdo = $this->linkDB(); - if(strlen($password) <= 8) - $error[] = "min 8 Charackter"; - if(!preg_match("/[A-Z]/", $password)) - $error[] = "min one large Character"; - if(!preg_match("/[a-z]/", $password)) - $error[] = "min one small charakter"; - if(!preg_match("/[0-9]/", $password)) - $error[] = "min one number"; - if(!preg_match("[^a-zA-Z0-9\s]", $password)); - $error[] = "min one special character"; + $sql = "SELECT userid FROM user WHERE email = :email"; + $params = [':email' => $email]; - if(empty($error)) - return true; - else - return $error; + $stmt = $pdo->prepare($sql); + $stmt->execute($params); + + return (bool) $stmt->fetch(); + } catch (\PDOException $e) { + new \Blog\Library\ErrorMsg("Fehler bei der E-Mail-Prüfung", $e); + return false; + } } public function pwForgot($email){ diff --git a/Views/Auth/login.phtml b/Views/Auth/login.phtml index f166976..685fe4f 100644 --- a/Views/Auth/login.phtml +++ b/Views/Auth/login.phtml @@ -2,12 +2,32 @@ include dirname(__DIR__).'/header.phtml'; ?> - + +
+ +
+ +
-

Login für user erfolgreich

+

Login für Benutzer erfolgreich

Weiter
+ + +
+ + + + + + + + + + +
+ \ No newline at end of file diff --git a/Views/Auth/register.phtml b/Views/Auth/register.phtml index 1dac879..4d2f91c 100644 --- a/Views/Auth/register.phtml +++ b/Views/Auth/register.phtml @@ -1,12 +1,61 @@ - + -
-

Erfolgreich registriert!

- Weiter + +
+

+ + +
+
    + $error) : ?> +
    • + +
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
\ No newline at end of file