fixed login function

2025-06-23 10:17:17 +02:00 · 2025-06-23 10:17:17 +02:00 · 8d4376d313
commit 8d4376d313
parent 49a8f6a1dc
1 changed files with 29 additions and 15 deletions
--- a/Model/AuthModel.php
+++ b/Model/AuthModel.php
@ -2,33 +2,43 @@

 namespace Blog\Model;

+use Cassandra\Date;
 use PDOException;

 class AuthModel extends Database
 {
    public function login($email, $password){
-        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
-
-        $params=array();
-        $params[":email"] = $email;
-        $params[":password"] = $hashedPassword;
-
-        $sql = "SELECT email, password, validUntil FROM user WHERE email = $email  AND password = $password";
+        $params = [":email" => $email];
+        $sql = "SELECT email, password, validUntil FROM user WHERE email = :email";

        $pdo = $this->linkDB();

        try {
            $sth = $pdo->prepare($sql);
            $sth->execute($params);
-            $result = $sth->fetchAll();
+            $user = $sth->fetch(PDO::FETCH_ASSOC);
        } catch (PDOException $e) {
-            new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
+            new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e);
            die;
        }
-        if(new \DateTime() <= DateTime($result['validUntil']))
-            return $result ? true : false;
-        else
-            return "Ihr Passwort ist abgelaufen \n bitte erstellen Sie ein neues über: Passwort Vergessen";
+
+
+        if (!$user) {
+            return false;
+        }
+
+        if (!password_verify($password, $user['password'])) {
+            return false;
+        }
+
+        $now = new DateTime();
+        $validUntil = new DateTime($user['validUntil']);
+
+        if ($now > $validUntil) {
+            return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\".";
+        }
+
+        return true;
    }

    public function register($email, $password, $straße, $hausnr, $ort, $postleitzahl, $land, $vorname, $nachname, $tel)
@ -123,14 +133,18 @@ class AuthModel extends Database
                return false;
            }

+            $validUntil = (new DateTime())->add(new DateInterval('PT2H'))->format('Y-m-d H:i:s');
+
+
            $sql = "UPDATE user 
-                    SET passwort = :password
+                    SET passwort = :password AND validUntil = :validUntil
                    WHERE email = :email";

            $stmt = $pdo->prepare($sql);
            return $stmt->execute([
                ':email' => $email,
-                ':password' => $hashedPassword
+                ':password' => $hashedPassword,
+                ':validUntil' => $validUntil
            ]);
        } catch (PDOException $e) {
            new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);