From ce23d839a315b85290a0d1b055e6b7692a0849c8 Mon Sep 17 00:00:00 2001 From: Karsten Tlotzek Date: Mon, 30 Jun 2025 09:56:52 +0200 Subject: [PATCH] Register und login gefixt --- Controller/AuthController.php | 77 +++++++++++++------ Model/AuthModel.php | 136 +++++++++++++++++----------------- Views/Auth/login.phtml | 24 +++++- Views/Auth/register.phtml | 61 +++++++++++++-- 4 files changed, 198 insertions(+), 100 deletions(-) diff --git a/Controller/AuthController.php b/Controller/AuthController.php index 0318532..51de72b 100644 --- a/Controller/AuthController.php +++ b/Controller/AuthController.php @@ -32,23 +32,28 @@ class AuthController } public function login() { - $email = $_POST['email'] ?? ''; - $password = $_POST['password'] ?? ''; - + $email = $_POST['email']; + $password = $_POST['password']; + $result = $this->model->login($email, $password); if ($result === true) { $_SESSION['user'] = $email; + + $this->view->setVars([ + 'loginSuccess' => true, + 'email' => $email + ]); } else { $this->view->setVars([ 'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."], - 'validData' => ['email' => $email] + 'validData' => ['email' => $email], + 'loginSuccess' => false ]); } } public function register() { - $data = [ 'vorname' => $_POST['vorname'] ?? '', 'nachname' => $_POST['nachname'] ?? '', @@ -64,31 +69,55 @@ class AuthController 'isAdmin' => $_POST['isAdmin'] ?? false, ]; - // Passwortabgleich prüfen + $errors = []; + if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) { - $_SESSION['auth_errors']['password'] = "Passwörter stimmen nicht überein."; - $_SESSION['auth_validData'] = $data; + $errors['password'] = "Passwörter stimmen nicht überein."; } - $result = $this->model->register( - $data['email'], $data['password'], $data['straße'], $data['hausnr'], - $data['ort'], $data['postleitzahl'], $data['land'], - $data['vorname'], $data['nachname'], $data['tel'], $data['isAdmin'] - ); - - if ($result === true) { - //header("Location: /?controller=Auth&do=showConfirmation&msg=register"); - exit; - } else { - $_SESSION['auth_errors']['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen."; - $_SESSION['auth_validData'] = $data; - //header("Location: /?controller=Auth&do=showAuthForm"); - //exit; + if ($this->pwRequirementCheck($data['password'])) { + $errors } + + if (empty($errors)) { + $result = $this->model->register($data); + + if ($result === true) { + $this->view->setVars([ + 'success' => "Registrierung war erfolgreich." + ]); + } else { + $errors['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen."; + } + } + + $this->view->setVars([ + 'errors' => $errors, + 'validData' => $data + ]); } - public function forgotPassword() - { + private function pwRequirementCheck($password){ + $error = []; + + if(strlen($password) <= 8) + $error[] = "min 8 Charackter"; + if(!preg_match("/[A-Z]/", $password)) + $error[] = "min one large Character"; + if(!preg_match("/[a-z]/", $password)) + $error[] = "min one small charakter"; + if(!preg_match("/[0-9]/", $password)) + $error[] = "min one number"; + if(!preg_match("[^a-zA-Z0-9\s]", $password)); + $error[] = "min one special character"; + + if(empty($error)) + return true; + else + return $error; + } + + public function forgotPassword() { $email = $_POST['email'] ?? ''; if (empty($email)) { $_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben."; diff --git a/Model/AuthModel.php b/Model/AuthModel.php index a21f613..aac8b39 100644 --- a/Model/AuthModel.php +++ b/Model/AuthModel.php @@ -8,115 +8,115 @@ use PDOException; class AuthModel extends Database { - public function login($email, $password){ - $params = [":email" => $email]; - $sql = "SELECT email, password, validUntil FROM user WHERE email = :email"; - + public function login(string $email, string $password) + { $pdo = $this->linkDB(); + $sql = "SELECT email, password, validUntil FROM user WHERE email = :email"; + $params = [":email" => $email]; try { $sth = $pdo->prepare($sql); $sth->execute($params); $user = $sth->fetch(PDO::FETCH_ASSOC); } catch (PDOException $e) { - new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e); - die; + new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Benutzerdaten.", $e); + return "Interner Datenbankfehler."; // Nur für Debug sichtbar machen, sonst besser allgemein halten } - if (!$user) { - return false; + return "Benutzer mit dieser E-Mail wurde nicht gefunden."; } if (!password_verify($password, $user['password'])) { - return false; + return "Das eingegebene Passwort ist falsch."; } - $now = new DateTime(); - $validUntil = new DateTime($user['validUntil']); + try { + $now = new DateTime(); + $validUntil = new DateTime($user['validUntil']); - if ($now > $validUntil) { - return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\"."; + if ($now > $validUntil) { + return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über \"Passwort vergessen\"."; + } + } catch (\Exception $e) { + new \Blog\Library\ErrorMsg("Fehler beim Verarbeiten des Gültigkeitsdatums.", $e); + return "Fehler bei der Passwortprüfung."; } return true; } - public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone, $isAdmin) { - $rtn = $this->pwRequirementCheck($password); - if($rtn !== true){ + public function register($data) + { + $rtn = $this->pwRequirementCheck($data['password']); + if ($rtn !== true) { return $rtn; } - if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) { return "Bitte geben Sie eine gültige E-Mail ein."; } - $requiredFields = [$email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone]; + $requiredFields = [ + 'email', 'password', 'straße', 'hausnr', 'ort', 'postleitzahl', + 'land', 'vorname', 'nachname', 'tel' + ]; + foreach ($requiredFields as $field) { - if (empty($field)) { - return "Bitte füllen Sie alle Felder aus"; + if (empty($data[$field])) { + return "Bitte füllen Sie alle Felder aus."; } } + if ($this->userExistsByEmail($data['email'])) { + return "Ein Account mit dieser E-Mail existiert bereits."; + } + + $hashedPassword = password_hash($data['password'], PASSWORD_DEFAULT); + + $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl, land,vorname, nachname, tel, isAdmin) + VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land,:vorname, :nachname, :tel, :isAdmin)"; + + $params = [ + ':email' => $data['email'], + ':password' => $hashedPassword, + ':straße' => $data['straße'], + ':hausnr' => $data['hausnr'], + ':ort' => $data['ort'], + ':postleitzahl'=> $data['postleitzahl'], + ':land'=> $data['land'], + ':vorname' => $data['vorname'], + ':nachname'=> $data['nachname'], + ':tel' => $data['tel'], + ':isAdmin' => $data['isAdmin'] ? 1 : 0, + ]; + try { - $pdo = $this->linkDB(); - $stmt = $pdo->prepare("SELECT userid FROM user WHERE email = :email"); - $stmt->execute([':email' => $email]); - if($stmt-> fetch()){ - return "Der Account mit der Email, existiert bereits."; - } - } catch (PDOException $e){ - new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e); - die; - } - - $hashedPassword = password_hash($password, PASSWORD_DEFAULT); - - $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel, isAdmin) - VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel, :isAdmin)"; - - try{ $pdo = $this->linkDB(); $stmt = $pdo->prepare($sql); - $stmt->execute([ - ':email' => $email, - ':password' => $hashedPassword, - ':straße' => $street, - ':hausnr' => $houseNumber, - ':ort' => $city, - ':postleitzahl' => $postalCode, - ':land' => $country, - ':vorname' => $firstName, - ':nachname' => $lastName, - ':tel' => $phone, - ':isAdmin' => $isAdmin - ]); + $stmt->execute($params); + return true; } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); - die; + return false; } - } - private function pwRequirementCheck($password){ - $error = []; + private function userExistsByEmail($email) { + try { + $pdo = $this->linkDB(); - if(strlen($password) <= 8) - $error[] = "min 8 Charackter"; - if(!preg_match("/[A-Z]/", $password)) - $error[] = "min one large Character"; - if(!preg_match("/[a-z]/", $password)) - $error[] = "min one small charakter"; - if(!preg_match("/[0-9]/", $password)) - $error[] = "min one number"; - if(!preg_match("[^a-zA-Z0-9\s]", $password)); - $error[] = "min one special character"; + $sql = "SELECT userid FROM user WHERE email = :email"; + $params = [':email' => $email]; - if(empty($error)) - return true; - else - return $error; + $stmt = $pdo->prepare($sql); + $stmt->execute($params); + + return (bool) $stmt->fetch(); + } catch (\PDOException $e) { + new \Blog\Library\ErrorMsg("Fehler bei der E-Mail-Prüfung", $e); + return false; + } } public function pwForgot($email){ diff --git a/Views/Auth/login.phtml b/Views/Auth/login.phtml index f166976..685fe4f 100644 --- a/Views/Auth/login.phtml +++ b/Views/Auth/login.phtml @@ -2,12 +2,32 @@ include dirname(__DIR__).'/header.phtml'; ?> - + +
+ +
+ +
-

Login für user erfolgreich

+

Login für Benutzer erfolgreich

Weiter
+ + +
+ + + + + + + + + + +
+ \ No newline at end of file diff --git a/Views/Auth/register.phtml b/Views/Auth/register.phtml index 1dac879..4d2f91c 100644 --- a/Views/Auth/register.phtml +++ b/Views/Auth/register.phtml @@ -1,12 +1,61 @@ - + -
-

Erfolgreich registriert!

- Weiter + +
+

+ + +
+
    + $error) : ?> +
    • + +
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
\ No newline at end of file