implemented authmodel

Model/AuthModel.php

@@ -0,0 +1,149 @@
+<?php
+
+namespace Blog\Model;
+
+use PDOException;
+
+class AuthModel extends Database
+{
+    public function login($email, $password){
+        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+
+        $params=array();
+        $params[":email"] = $email;
+        $params[":password"] = $hashedPassword;
+
+        $sql = "SELECT email, password, validUntil FROM user WHERE email = $email  AND password = $password";
+
+        $pdo = $this->linkDB();
+
+        try {
+            $sth = $pdo->prepare($sql);
+            $sth->execute($params);
+            $result = $sth->fetchAll();
+        } catch (PDOException $e) {
+            new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
+            die;
+        }
+        if(new \DateTime() <= DateTime($result['validUntil']))
+            return $result ? true : false;
+        else
+            return "Ihr Passwort ist abgelaufen \n bitte erstellen Sie ein neues über: Passwort Vergessen";
+    }
+
+    public function register($email, $password, $straße, $hausnr, $ort, $postleitzahl, $land, $vorname, $nachname, $tel)
+    {
+        $rtn = $this->pwRequirementCheck($password);
+        if($rtn !== true){
+            return $rtn;
+        }
+        else{
+            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+
+            $sql = "INSERT INTO user (email, passwort, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel) 
+                    VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)";
+
+            try{
+                $pdo = $this->linkDB();
+                $stmt = $pdo->prepare($sql);
+                return $stmt->execute([
+                    ':email' => $email,
+                    ':password' => $hashedPassword,
+                    ':straße' => $straße,
+                    ':hausnr' => $hausnr,
+                    ':ort' => $ort,
+                    ':postleitzahl' => $postleitzahl,
+                    ':land' => $land,
+                    ':vorname' => $vorname,
+                    ':nachname' => $nachname,
+                    ':tel' => $tel
+                ]);
+            } catch (PDOException $e) {
+                new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
+                die;
+            }
+        }
+    }
+
+    private function pwRequirementCheck($password){
+        $error = [];
+
+        if(strlen($password) <= 8)
+            $error[] = "min 8 Charackter";
+        if(!preg_match("/[A-Z]/", $password))
+            $error[] = "min one large Character";
+        if(!preg_match("/[a-z]/", $password))
+            $error[] = "min one small charakter";
+        if(!preg_match("/[0-9]/", $password))
+            $error[] = "min one number";
+        if(!preg_match("/[ <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ ]/", $password));
+            $error[] = "min one of these: <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ";
+
+        if(empty($error))
+            return true;
+        else
+            return $error;
+    }
+
+    public function pwForgot($email){
+        $randomPw = bin2hex(random_bytes(12 / 2));
+        $hashedPassword = password_hash($randomPw, PASSWORD_DEFAULT);
+
+
+
+        $betreff = "Passwort zurücksetzen bei bibArts";
+        $nachricht = "Hallo,\n\nhier ihr temporäres Passwort:\n\n $randomPw \n\n Bitte beachten Sie, dass das Passwort nur 2 stunden Gülltig ist. \nViele Grüße,\nbibArts Team";
+
+        $header = "From: noreply@edu.bib.de\r\n";
+        $header .= "Content-Type: text/plain; charset=UTF-8\r\n";
+
+        $maxTries = 5;
+        $try = 0;
+        $success = false;
+
+        while ($try < $maxTries && !$success) {
+            $erfolg = mail($email, $betreff, $nachricht, $header);
+            $try++;
+            if (!$erfolg) {
+                error_log("Mailversuch $try an $email fehlgeschlagen.");
+                sleep(1);
+            }
+        }
+    }
+
+    private function forgottenPwUpdate($email, $hashedPassword)
+    {
+        try{
+            $pdo = $this->linkDB();
+
+            $sqlCheck = "SELECT COUNT(*) FROM user WHERE email = :email";
+            $stmt = $pdo->prepare($sqlCheck);
+            $stmt->execute([':email' => $email]);
+            if ($stmt->fetchColumn() == 0) {
+                return false;
+            }
+
+            $sql = "UPDATE user 
+                    SET passwort = :password
+                    WHERE email = :email";
+
+            $stmt = $pdo->prepare($sql);
+            return $stmt->execute([
+                ':email' => $email,
+                ':password' => $hashedPassword
+            ]);
+        } catch (PDOException $e) {
+            new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);
+            die;
+            return false;
+        }
+    }
+
+    public function checkDoublePw($password1, $password2){
+        if($password1 === $password2){
+            return true;
+        }
+        else
+            return false;
+    }
+}