From 8d4376d31309eb5b9405bd261f429bbfa0e392c6 Mon Sep 17 00:00:00 2001
From: Max538 <max.schneider@arvato.com>
Date: Mon, 23 Jun 2025 10:17:17 +0200
Subject: [PATCH] fixed login function

---
 Model/AuthModel.php | 44 +++++++++++++++++++++++++++++---------------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/Model/AuthModel.php b/Model/AuthModel.php
index 46bd1b1..c97e456 100644
--- a/Model/AuthModel.php
+++ b/Model/AuthModel.php
@@ -2,33 +2,43 @@
 
 namespace Blog\Model;
 
+use Cassandra\Date;
 use PDOException;
 
 class AuthModel extends Database
 {
     public function login($email, $password){
-        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
-
-        $params=array();
-        $params[":email"] = $email;
-        $params[":password"] = $hashedPassword;
-
-        $sql = "SELECT email, password, validUntil FROM user WHERE email = $email  AND password = $password";
+        $params = [":email" => $email];
+        $sql = "SELECT email, password, validUntil FROM user WHERE email = :email";
 
         $pdo = $this->linkDB();
 
         try {
             $sth = $pdo->prepare($sql);
             $sth->execute($params);
-            $result = $sth->fetchAll();
+            $user = $sth->fetch(PDO::FETCH_ASSOC);
         } catch (PDOException $e) {
-            new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
+            new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e);
             die;
         }
-        if(new \DateTime() <= DateTime($result['validUntil']))
-            return $result ? true : false;
-        else
-            return "Ihr Passwort ist abgelaufen \n bitte erstellen Sie ein neues über: Passwort Vergessen";
+
+
+        if (!$user) {
+            return false;
+        }
+
+        if (!password_verify($password, $user['password'])) {
+            return false;
+        }
+
+        $now = new DateTime();
+        $validUntil = new DateTime($user['validUntil']);
+
+        if ($now > $validUntil) {
+            return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\".";
+        }
+
+        return true;
     }
 
     public function register($email, $password, $straße, $hausnr, $ort, $postleitzahl, $land, $vorname, $nachname, $tel)
@@ -123,14 +133,18 @@ class AuthModel extends Database
                 return false;
             }
 
+            $validUntil = (new DateTime())->add(new DateInterval('PT2H'))->format('Y-m-d H:i:s');
+
+
             $sql = "UPDATE user 
-                    SET passwort = :password
+                    SET passwort = :password AND validUntil = :validUntil
                     WHERE email = :email";
 
             $stmt = $pdo->prepare($sql);
             return $stmt->execute([
                 ':email' => $email,
-                ':password' => $hashedPassword
+                ':password' => $hashedPassword,
+                ':validUntil' => $validUntil
             ]);
         } catch (PDOException $e) {
             new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);