PBBFA23CSE/Bib-Arts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Register und login gefixt

Browse Source
This commit is contained in:
Karsten Tlotzek 2025-06-30 09:56:52 +02:00
parent 36d6364cd0
commit ce23d839a3
4 changed files with 198 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
Controller/AuthController.php
View File

@ -32,23 +32,28 @@ class AuthController
} }
public function login() { public function login() {
$email = $_POST['email'] ?? ''; $email = $_POST['email'];
$password = $_POST['password'] ?? ''; $password = $_POST['password'];
$result = $this->model->login($email, $password); $result = $this->model->login($email, $password);
if ($result === true) { if ($result === true) {
$_SESSION['user'] = $email; $_SESSION['user'] = $email;
$this->view->setVars([
'loginSuccess' => true,
'email' => $email
]);
} else { } else {
$this->view->setVars([ $this->view->setVars([
'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."], 'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."],
'validData' => ['email' => $email] 'validData' => ['email' => $email],
'loginSuccess' => false
]); ]);
} }
} }
public function register() { public function register() {
$data = [ $data = [
'vorname' => $_POST['vorname'] ?? '', 'vorname' => $_POST['vorname'] ?? '',
'nachname' => $_POST['nachname'] ?? '', 'nachname' => $_POST['nachname'] ?? '',
@ -64,31 +69,55 @@ class AuthController
'isAdmin' => $_POST['isAdmin'] ?? false, 'isAdmin' => $_POST['isAdmin'] ?? false,
]; ];
// Passwortabgleich prüfen $errors = [];
if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) { if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) {
$_SESSION['auth_errors']['password'] = "Passwörter stimmen nicht überein."; $errors['password'] = "Passwörter stimmen nicht überein.";
$_SESSION['auth_validData'] = $data;
} }
$result = $this->model->register( if ($this->pwRequirementCheck($data['password'])) {
$data['email'], $data['password'], $data['straße'], $data['hausnr'], $errors
$data['ort'], $data['postleitzahl'], $data['land'], }
$data['vorname'], $data['nachname'], $data['tel'], $data['isAdmin']
); if (empty($errors)) {
$result = $this->model->register($data);
if ($result === true) { if ($result === true) {
//header("Location: /?controller=Auth&do=showConfirmation&msg=register"); $this->view->setVars([
exit; 'success' => "Registrierung war erfolgreich."
]);
} else { } else {
$_SESSION['auth_errors']['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen."; $errors['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen.";
$_SESSION['auth_validData'] = $data;
//header("Location: /?controller=Auth&do=showAuthForm");
//exit;
} }
} }
public function forgotPassword() $this->view->setVars([
{ 'errors' => $errors,
'validData' => $data
]);
}
private function pwRequirementCheck($password){
$error = [];
if(strlen($password) <= 8)
$error[] = "min 8 Charackter";
if(!preg_match("/[A-Z]/", $password))
$error[] = "min one large Character";
if(!preg_match("/[a-z]/", $password))
$error[] = "min one small charakter";
if(!preg_match("/[0-9]/", $password))
$error[] = "min one number";
if(!preg_match("[^a-zA-Z0-9\s]", $password));
$error[] = "min one special character";
if(empty($error))
return true;
else
return $error;
}
public function forgotPassword() {
$email = $_POST['email'] ?? ''; $email = $_POST['email'] ?? '';
if (empty($email)) { if (empty($email)) {
$_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben."; $_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben.";

120
Model/AuthModel.php
View File

@ -8,115 +8,115 @@ use PDOException;
class AuthModel extends Database class AuthModel extends Database
{ {
public function login($email, $password){ public function login(string $email, string $password)
$params = [":email" => $email]; {
$sql = "SELECT email, password, validUntil FROM user WHERE email = :email";
$pdo = $this->linkDB(); $pdo = $this->linkDB();
$sql = "SELECT email, password, validUntil FROM user WHERE email = :email";
$params = [":email" => $email];
try { try {
$sth = $pdo->prepare($sql); $sth = $pdo->prepare($sql);
$sth->execute($params); $sth->execute($params);
$user = $sth->fetch(PDO::FETCH_ASSOC); $user = $sth->fetch(PDO::FETCH_ASSOC);
} catch (PDOException $e) { } catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e); new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Benutzerdaten.", $e);
die; return "Interner Datenbankfehler."; // Nur für Debug sichtbar machen, sonst besser allgemein halten
} }
if (!$user) { if (!$user) {
return false; return "Benutzer mit dieser E-Mail wurde nicht gefunden.";
} }
if (!password_verify($password, $user['password'])) { if (!password_verify($password, $user['password'])) {
return false; return "Das eingegebene Passwort ist falsch.";
} }
try {
$now = new DateTime(); $now = new DateTime();
$validUntil = new DateTime($user['validUntil']); $validUntil = new DateTime($user['validUntil']);
if ($now > $validUntil) { if ($now > $validUntil) {
return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\"."; return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über \"Passwort vergessen\".";
}
} catch (\Exception $e) {
new \Blog\Library\ErrorMsg("Fehler beim Verarbeiten des Gültigkeitsdatums.", $e);
return "Fehler bei der Passwortprüfung.";
} }
return true; return true;
} }
public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone, $isAdmin) { public function register($data)
$rtn = $this->pwRequirementCheck($password); {
$rtn = $this->pwRequirementCheck($data['password']);
if ($rtn !== true) { if ($rtn !== true) {
return $rtn; return $rtn;
} }
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
return "Bitte geben Sie eine gültige E-Mail ein."; return "Bitte geben Sie eine gültige E-Mail ein.";
} }
$requiredFields = [$email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone]; $requiredFields = [
'email', 'password', 'straße', 'hausnr', 'ort', 'postleitzahl',
'land', 'vorname', 'nachname', 'tel'
];
foreach ($requiredFields as $field) { foreach ($requiredFields as $field) {
if (empty($field)) { if (empty($data[$field])) {
return "Bitte füllen Sie alle Felder aus"; return "Bitte füllen Sie alle Felder aus.";
} }
} }
try { if ($this->userExistsByEmail($data['email'])) {
$pdo = $this->linkDB(); return "Ein Account mit dieser E-Mail existiert bereits.";
$stmt = $pdo->prepare("SELECT userid FROM user WHERE email = :email");
$stmt->execute([':email' => $email]);
if($stmt-> fetch()){
return "Der Account mit der Email, existiert bereits.";
}
} catch (PDOException $e){
new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e);
die;
} }
$hashedPassword = password_hash($password, PASSWORD_DEFAULT); $hashedPassword = password_hash($data['password'], PASSWORD_DEFAULT);
$sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl, land,vorname, nachname, tel, isAdmin) $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl, land,vorname, nachname, tel, isAdmin)
VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land,:vorname, :nachname, :tel, :isAdmin)"; VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land,:vorname, :nachname, :tel, :isAdmin)";
$params = [
':email' => $data['email'],
':password' => $hashedPassword,
':straße' => $data['straße'],
':hausnr' => $data['hausnr'],
':ort' => $data['ort'],
':postleitzahl'=> $data['postleitzahl'],
':land'=> $data['land'],
':vorname' => $data['vorname'],
':nachname'=> $data['nachname'],
':tel' => $data['tel'],
':isAdmin' => $data['isAdmin'] ? 1 : 0,
];
try { try {
$pdo = $this->linkDB(); $pdo = $this->linkDB();
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute([ $stmt->execute($params);
':email' => $email, return true;
':password' => $hashedPassword,
':straße' => $street,
':hausnr' => $houseNumber,
':ort' => $city,
':postleitzahl' => $postalCode,
':land' => $country,
':vorname' => $firstName,
':nachname' => $lastName,
':tel' => $phone,
':isAdmin' => $isAdmin
]);
} catch (PDOException $e) { } catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
die; return false;
}
} }
private function userExistsByEmail($email) {
try {
$pdo = $this->linkDB();
$sql = "SELECT userid FROM user WHERE email = :email";
$params = [':email' => $email];
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
return (bool) $stmt->fetch();
} catch (\PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler bei der E-Mail-Prüfung", $e);
return false;
} }
private function pwRequirementCheck($password){
$error = [];
if(strlen($password) <= 8)
$error[] = "min 8 Charackter";
if(!preg_match("/[A-Z]/", $password))
$error[] = "min one large Character";
if(!preg_match("/[a-z]/", $password))
$error[] = "min one small charakter";
if(!preg_match("/[0-9]/", $password))
$error[] = "min one number";
if(!preg_match("[^a-zA-Z0-9\s]", $password));
$error[] = "min one special character";
if(empty($error))
return true;
else
return $error;
} }
public function pwForgot($email){ public function pwForgot($email){

24
Views/Auth/login.phtml
View File

@ -2,12 +2,32 @@
include dirname(__DIR__).'/header.phtml'; include dirname(__DIR__).'/header.phtml';
?> ?>
<?php if (isset($errors)) echo $errors["login"]?> <?php if (!empty($errors['login'])): ?>
<div class="error">
<?php echo htmlspecialchars($errors['login']); ?>
</div>
<?php elseif (!empty($loginSuccess)): ?>
<div class="msg"> <div class="msg">
<p>Login für user <?php echo $_SESSION["user"] ?>erfolgreich</p> <p>Login für Benutzer <?php echo htmlspecialchars($_SESSION["user"]); ?> erfolgreich</p>
<a href="?controller=Welcome&do=showWelcome">Weiter</a> <a href="?controller=Welcome&do=showWelcome">Weiter</a>
</div> </div>
<?php else: ?>
<!-- Formular anzeigen -->
<form method="post">
<input type="hidden" name="controller" value="Auth">
<input type="hidden" name="do" value="login">
<label for="email">E-Mail:</label>
<input type="email" name="email" id="email" value="<?= htmlspecialchars($validData['email'] ?? '') ?>">
<label for="password">Passwort:</label>
<input type="password" name="password" id="password">
<button type="submit">Einloggen</button>
</form>
<?php endif; ?>
<?php include dirname(__DIR__).'/footer.phtml'; ?> <?php include dirname(__DIR__).'/footer.phtml'; ?>

61
Views/Auth/register.phtml
View File

@ -1,12 +1,61 @@
<?php <?php include dirname(__DIR__).'/header.phtml'; ?>
include dirname(__DIR__).'/header.phtml';
?>
<div class="msg"> <?php if (!empty($success)) : ?>
<p>Erfolgreich registriert!</p> <div class="success-message" style="color: green; margin-bottom: 1em;">
<a href="?controller=Welcome&do=showWelcome">Weiter</a> <p><?php echo htmlspecialchars($success); ?></p>
</div> </div>
<?php endif; ?>
<?php if (!empty($errors)) : ?>
<div class="error-messages" style="color: red; margin-bottom: 1em;">
<ul>
<?php foreach ($errors as $field => $error) : ?>
<li><?php echo htmlspecialchars($error); ?></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
<form action="?controller=Auth&do=register" method="post">
<label for="vorname">Vorname:</label>
<input type="text" name="vorname" id="vorname" value="<?php echo htmlspecialchars($validData['vorname'] ?? ''); ?>" required>
<label for="nachname">Nachname:</label>
<input type="text" name="nachname" id="nachname" value="<?php echo htmlspecialchars($validData['nachname'] ?? ''); ?>" required>
<label for="straße">Straße:</label>
<input type="text" name="straße" id="straße" value="<?php echo htmlspecialchars($validData['straße'] ?? ''); ?>" required>
<label for="hausnr">Hausnummer:</label>
<input type="text" name="hausnr" id="hausnr" value="<?php echo htmlspecialchars($validData['hausnr'] ?? ''); ?>" required>
<label for="postleitzahl">Postleitzahl:</label>
<input type="text" name="postleitzahl" id="postleitzahl" value="<?php echo htmlspecialchars($validData['postleitzahl'] ?? ''); ?>" required>
<label for="ort">Ort:</label>
<input type="text" name="ort" id="ort" value="<?php echo htmlspecialchars($validData['ort'] ?? ''); ?>" required>
<label for="land">Land:</label>
<input type="text" name="land" id="land" value="<?php echo htmlspecialchars($validData['land'] ?? ''); ?>" required>
<label for="tel">Telefonnummer:</label>
<input type="text" name="tel" id="tel" value="<?php echo htmlspecialchars($validData['tel'] ?? ''); ?>">
<label for="email">E-Mail-Adresse:</label>
<input type="email" name="email" id="email" value="<?php echo htmlspecialchars($validData['email'] ?? ''); ?>" required>
<label for="password">Passwort:</label>
<input type="password" name="password" id="password" required>
<label for="password_repeat">Passwort wiederholen:</label>
<input type="password" name="password_repeat" id="password_repeat" required>
<label for="isAdmin">
<input type="checkbox" name="isAdmin" id="isAdmin" value="1" <?php echo (!empty($validData['isAdmin'])) ? 'checked' : ''; ?>>
Admin-Rechte
</label>
<button type="submit">Registrieren</button>
</form>
<?php include dirname(__DIR__).'/footer.phtml'; ?> <?php include dirname(__DIR__).'/footer.phtml'; ?>