Register und login gefixt

Controller/AuthController.php

@@ -32,23 +32,28 @@ class AuthController
     }
 
     public function login() {
-        $email = $_POST['email'] ?? '';
+        $email = $_POST['email'];
-        $password = $_POST['password'] ?? '';
+        $password = $_POST['password'];
 
         $result = $this->model->login($email, $password);
 
         if ($result === true) {
             $_SESSION['user'] = $email;
+
+            $this->view->setVars([
+                'loginSuccess' => true,
+                'email' => $email
+            ]);
         } else {
             $this->view->setVars([
                 'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."],
-                'validData' => ['email' => $email]
+                'validData' => ['email' => $email],
+                'loginSuccess' => false
             ]);
         }
     }
 
     public function register() {
-
         $data = [
             'vorname' => $_POST['vorname'] ?? '',
             'nachname' => $_POST['nachname'] ?? '',
@@ -64,31 +69,55 @@ class AuthController
             'isAdmin' => $_POST['isAdmin'] ?? false,
         ];
 
-        // Passwortabgleich prüfen
+        $errors = [];
+
         if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) {
-            $_SESSION['auth_errors']['password'] = "Passwörter stimmen nicht überein.";
+            $errors['password'] = "Passwörter stimmen nicht überein.";
-            $_SESSION['auth_validData'] = $data;
         }
 
-        $result = $this->model->register(
+        if ($this->pwRequirementCheck($data['password'])) {
-            $data['email'], $data['password'], $data['straße'], $data['hausnr'],
+            $errors
-            $data['ort'], $data['postleitzahl'], $data['land'],
+        }
-            $data['vorname'], $data['nachname'], $data['tel'], $data['isAdmin']
+
-        );  
+        if (empty($errors)) {
+            $result = $this->model->register($data);
 
             if ($result === true) {
-            //header("Location: /?controller=Auth&do=showConfirmation&msg=register");
+                $this->view->setVars([
-            exit;
+                    'success' => "Registrierung war erfolgreich."
+                ]);
             } else {
-            $_SESSION['auth_errors']['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen.";
+                $errors['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen.";
-            $_SESSION['auth_validData'] = $data;
-            //header("Location: /?controller=Auth&do=showAuthForm");
-            //exit;
             }
         }
 
-    public function forgotPassword()
+        $this->view->setVars([
-    {
+            'errors' => $errors,
+            'validData' => $data
+        ]);
+    }
+
+    private function pwRequirementCheck($password){
+        $error = [];
+
+        if(strlen($password) <= 8)
+            $error[] = "min 8 Charackter";
+        if(!preg_match("/[A-Z]/", $password))
+            $error[] = "min one large Character";
+        if(!preg_match("/[a-z]/", $password))
+            $error[] = "min one small charakter";
+        if(!preg_match("/[0-9]/", $password))
+            $error[] = "min one number";
+        if(!preg_match("[^a-zA-Z0-9\s]", $password));
+        $error[] = "min one special character";
+
+        if(empty($error))
+            return true;
+        else
+            return $error;
+    }
+
+    public function forgotPassword() {
         $email = $_POST['email'] ?? '';
         if (empty($email)) {
             $_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben.";

Model/AuthModel.php

@@ -8,115 +8,115 @@ use PDOException;
 
 class AuthModel extends Database
 {
-    public function login($email, $password){
+    public function login(string $email, string $password)
-        $params = [":email" => $email];
+    {
-        $sql = "SELECT email, password, validUntil FROM user WHERE email = :email";
-
         $pdo = $this->linkDB();
+        $sql = "SELECT email, password, validUntil FROM user WHERE email = :email";
+        $params = [":email" => $email];
 
         try {
             $sth = $pdo->prepare($sql);
             $sth->execute($params);
             $user = $sth->fetch(PDO::FETCH_ASSOC);
         } catch (PDOException $e) {
-            new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e);
+            new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Benutzerdaten.", $e);
-            die;
+            return "Interner Datenbankfehler."; // Nur für Debug sichtbar machen, sonst besser allgemein halten
         }
 
-
         if (!$user) {
-            return false;
+            return "Benutzer mit dieser E-Mail wurde nicht gefunden.";
         }
 
         if (!password_verify($password, $user['password'])) {
-            return false;
+            return "Das eingegebene Passwort ist falsch.";
         }
 
+        try {
             $now = new DateTime();
             $validUntil = new DateTime($user['validUntil']);
 
             if ($now > $validUntil) {
-            return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\".";
+                return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über \"Passwort vergessen\".";
+            }
+        } catch (\Exception $e) {
+            new \Blog\Library\ErrorMsg("Fehler beim Verarbeiten des Gültigkeitsdatums.", $e);
+            return "Fehler bei der Passwortprüfung.";
         }
 
         return true;
     }
 
-    public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone, $isAdmin) {
+    public function register($data)
-        $rtn = $this->pwRequirementCheck($password);
+    {
-        if($rtn !== true){
+        $rtn = $this->pwRequirementCheck($data['password']);
+        if ($rtn !== true) {
             return $rtn;
         }
 
-        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
             return "Bitte geben Sie eine gültige E-Mail ein.";
         }
 
-        $requiredFields = [$email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone];
+        $requiredFields = [
+            'email', 'password', 'straße', 'hausnr', 'ort', 'postleitzahl',
+            'land', 'vorname', 'nachname', 'tel'
+        ];
+
         foreach ($requiredFields as $field) {
-            if (empty($field)) {
+            if (empty($data[$field])) {
-                return "Bitte füllen Sie alle Felder aus";
+                return "Bitte füllen Sie alle Felder aus.";
             }
         }
 
+        if ($this->userExistsByEmail($data['email'])) {
+            return "Ein Account mit dieser E-Mail existiert bereits.";
+        }
+
+        $hashedPassword = password_hash($data['password'], PASSWORD_DEFAULT);
+
+        $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl, land,vorname, nachname, tel, isAdmin) 
+                VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land,:vorname, :nachname, :tel, :isAdmin)";
+
+        $params = [
+            ':email' => $data['email'],
+            ':password' => $hashedPassword,
+            ':straße' => $data['straße'],
+            ':hausnr' => $data['hausnr'],
+            ':ort' => $data['ort'],
+            ':postleitzahl'=> $data['postleitzahl'],
+            ':land'=> $data['land'],
+            ':vorname' => $data['vorname'],
+            ':nachname'=> $data['nachname'],
+            ':tel' => $data['tel'],
+            ':isAdmin' => $data['isAdmin'] ? 1 : 0,
+        ];
+
         try {
-            $pdo = $this->linkDB();
-            $stmt = $pdo->prepare("SELECT userid FROM user WHERE email = :email");
-            $stmt->execute([':email' => $email]);
-            if($stmt-> fetch()){
-                return "Der Account mit der Email, existiert bereits.";
-            }
-        } catch (PDOException $e){
-            new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e);
-            die;
-        }
-
-        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
-
-        $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel, isAdmin) 
-                VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel, :isAdmin)";
-
-        try{
             $pdo = $this->linkDB();
             $stmt = $pdo->prepare($sql);
-            $stmt->execute([
+            $stmt->execute($params);
-                ':email' => $email,
+            return true;
-                ':password' => $hashedPassword,
-                ':straße' => $street,
-                ':hausnr' => $houseNumber,
-                ':ort' => $city,
-                ':postleitzahl' => $postalCode,
-                ':land' => $country,
-                ':vorname' => $firstName,
-                ':nachname' => $lastName,
-                ':tel' => $phone,
-                ':isAdmin' => $isAdmin
-            ]);
         } catch (PDOException $e) {
             new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
-            die;
+            return false;
+        }
     }
 
+    private function userExistsByEmail($email) {
+        try {
+            $pdo = $this->linkDB();
+
+            $sql = "SELECT userid FROM user WHERE email = :email";
+            $params = [':email' => $email];
+
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute($params);
+
+            return (bool) $stmt->fetch();
+        } catch (\PDOException $e) {
+            new \Blog\Library\ErrorMsg("Fehler bei der E-Mail-Prüfung", $e);
+            return false;
         }
-
-    private function pwRequirementCheck($password){
-        $error = [];
-
-        if(strlen($password) <= 8)
-            $error[] = "min 8 Charackter";
-        if(!preg_match("/[A-Z]/", $password))
-            $error[] = "min one large Character";
-        if(!preg_match("/[a-z]/", $password))
-            $error[] = "min one small charakter";
-        if(!preg_match("/[0-9]/", $password))
-            $error[] = "min one number";
-        if(!preg_match("[^a-zA-Z0-9\s]", $password));
-            $error[] = "min one special character";
-
-        if(empty($error))
-            return true;
-        else
-            return $error;
     }
 
     public function pwForgot($email){

Views/Auth/login.phtml

@@ -2,12 +2,32 @@
 include dirname(__DIR__).'/header.phtml';
 ?>
 
-<?php if (isset($errors)) echo $errors["login"]?>
+<?php if (!empty($errors['login'])): ?>
+    <div class="error">
+        <?php echo htmlspecialchars($errors['login']); ?>
+    </div>
+
+<?php elseif (!empty($loginSuccess)): ?>
     <div class="msg">
-        <p>Login für user <?php echo $_SESSION["user"] ?>erfolgreich</p>
+        <p>Login für Benutzer <?php echo htmlspecialchars($_SESSION["user"]); ?> erfolgreich</p>
         <a href="?controller=Welcome&do=showWelcome">Weiter</a>
     </div>
 
+<?php else: ?>
+    <!-- Formular anzeigen -->
+    <form method="post">
+        <input type="hidden" name="controller" value="Auth">
+        <input type="hidden" name="do" value="login">
+
+        <label for="email">E-Mail:</label>
+        <input type="email" name="email" id="email" value="<?= htmlspecialchars($validData['email'] ?? '') ?>">
+
+        <label for="password">Passwort:</label>
+        <input type="password" name="password" id="password">
+
+        <button type="submit">Einloggen</button>
+    </form>
+<?php endif; ?>
 
 
 <?php include dirname(__DIR__).'/footer.phtml'; ?>

Views/Auth/register.phtml

@@ -1,12 +1,61 @@
-<?php
+<?php include dirname(__DIR__).'/header.phtml'; ?>
-include dirname(__DIR__).'/header.phtml';
-?>
 
-    <div class="msg">
+<?php if (!empty($success)) : ?>
-        <p>Erfolgreich registriert!</p>
+    <div class="success-message" style="color: green; margin-bottom: 1em;">
-        <a href="?controller=Welcome&do=showWelcome">Weiter</a>
+        <p><?php echo htmlspecialchars($success); ?></p>
     </div>
+<?php endif; ?>
 
+<?php if (!empty($errors)) : ?>
+    <div class="error-messages" style="color: red; margin-bottom: 1em;">
+        <ul>
+            <?php foreach ($errors as $field => $error) : ?>
+                <li><?php echo htmlspecialchars($error); ?></li>
+            <?php endforeach; ?>
+        </ul>
+    </div>
+<?php endif; ?>
 
+    <form action="?controller=Auth&do=register" method="post">
+        <label for="vorname">Vorname:</label>
+        <input type="text" name="vorname" id="vorname" value="<?php echo htmlspecialchars($validData['vorname'] ?? ''); ?>" required>
+
+        <label for="nachname">Nachname:</label>
+        <input type="text" name="nachname" id="nachname" value="<?php echo htmlspecialchars($validData['nachname'] ?? ''); ?>" required>
+
+        <label for="straße">Straße:</label>
+        <input type="text" name="straße" id="straße" value="<?php echo htmlspecialchars($validData['straße'] ?? ''); ?>" required>
+
+        <label for="hausnr">Hausnummer:</label>
+        <input type="text" name="hausnr" id="hausnr" value="<?php echo htmlspecialchars($validData['hausnr'] ?? ''); ?>" required>
+
+        <label for="postleitzahl">Postleitzahl:</label>
+        <input type="text" name="postleitzahl" id="postleitzahl" value="<?php echo htmlspecialchars($validData['postleitzahl'] ?? ''); ?>" required>
+
+        <label for="ort">Ort:</label>
+        <input type="text" name="ort" id="ort" value="<?php echo htmlspecialchars($validData['ort'] ?? ''); ?>" required>
+
+        <label for="land">Land:</label>
+        <input type="text" name="land" id="land" value="<?php echo htmlspecialchars($validData['land'] ?? ''); ?>" required>
+
+        <label for="tel">Telefonnummer:</label>
+        <input type="text" name="tel" id="tel" value="<?php echo htmlspecialchars($validData['tel'] ?? ''); ?>">
+
+        <label for="email">E-Mail-Adresse:</label>
+        <input type="email" name="email" id="email" value="<?php echo htmlspecialchars($validData['email'] ?? ''); ?>" required>
+
+        <label for="password">Passwort:</label>
+        <input type="password" name="password" id="password" required>
+
+        <label for="password_repeat">Passwort wiederholen:</label>
+        <input type="password" name="password_repeat" id="password_repeat" required>
+
+        <label for="isAdmin">
+            <input type="checkbox" name="isAdmin" id="isAdmin" value="1" <?php echo (!empty($validData['isAdmin'])) ? 'checked' : ''; ?>>
+            Admin-Rechte
+        </label>
+
+        <button type="submit">Registrieren</button>
+    </form>
 
 <?php include dirname(__DIR__).'/footer.phtml'; ?>