refactor: Validierungslogik ins Model verschoben

- pwRequirementCheck und checkDoublePw aus Controller ins Model
- Alle Passwort- und E-Mail-Validierungen jetzt zentral im Model
- Controller macht nur noch Request/Response Handling
- Saubere MVC-Trennung
This commit is contained in:
Karsten Tlotzek 2025-06-30 21:18:04 +02:00
parent d711bc6152
commit d24d914c8c
10 changed files with 96 additions and 265 deletions

View File

@ -71,9 +71,9 @@ class AuthController
$data = [
'vorname' => $_POST['vorname'] ?? '',
'nachname' => $_POST['nachname'] ?? '',
'straße' => $_POST['straße'] ?? '',
'straße' => $_POST['strasse'] ?? '',
'hausnr' => $_POST['hausnr'] ?? '',
'postleitzahl' => $_POST['postleitzahl'] ?? '',
'plz' => $_POST['plz'] ?? '',
'ort' => $_POST['ort'] ?? '',
'land' => $_POST['land'] ?? '',
'tel' => $_POST['tel'] ?? '',
@ -83,52 +83,18 @@ class AuthController
'isAdmin' => $_POST['isAdmin'] ?? false,
];
$errors = [];
$result = $this->model->register($data);
if (!$this->model->checkDoublePw($data['password'], $data['password_repeat'])) {
$errors['password'] = "Passwörter stimmen nicht überein.";
if ($result === true) {
$this->view->setVars(['success' => 'Registrierung erfolgreich!']);
$this->view->render('Auth/showAuthForm');
exit;
} else {
$errors['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen.";
$this->view->setVars(['errors' => $errors, 'validData' => $data]);
$this->view->render('Auth/showRegistrationForm');
exit;
}
if ($this->pwRequirementCheck($data['password'])) {
$errors['password'] = "Passwort muss mindestens 8 Zeichen lang sein und mindestens ein Großbuchstabe, ein Kleinbuchstabe, eine Zahl und ein Sonderzeichen enthalten.";
}
if (empty($errors)) {
$result = $this->model->register($data);
if ($result === true) {
$this->view->setVars([
'success' => "Registrierung war erfolgreich."
]);
} else {
$errors['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen.";
}
}
$this->view->setVars([
'errors' => $errors,
'validData' => $data
]);
}
private function pwRequirementCheck($password){
$error = [];
if(strlen($password) <= 8)
$error[] = "min 8 Charackter";
if(!preg_match("/[A-Z]/", $password))
$error[] = "min one large Character";
if(!preg_match("/[a-z]/", $password))
$error[] = "min one small charakter";
if(!preg_match("/[0-9]/", $password))
$error[] = "min one number";
if(!preg_match("[^a-zA-Z0-9\s]", $password));
$error[] = "min one special character";
if(empty($error))
return true;
else
return $error;
}
public function forgotPassword() {

View File

@ -1,10 +0,0 @@
<?php
namespace Blog\Controller;
class RegisterController {
function showRegisterPage()
{
}
}

View File

@ -46,13 +46,7 @@ class AuthModel extends Database
return true;
}
public function register($data)
{
$rtn = $this->pwRequirementCheck($data['password']);
if ($rtn !== true) {
return $rtn;
}
public function register($data) {
if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
return "Bitte geben Sie eine gültige E-Mail ein.";
}
@ -72,6 +66,15 @@ class AuthModel extends Database
return "Ein Account mit dieser E-Mail existiert bereits.";
}
// Passwort-Validierung
if (!$this->checkDoublePw($data['password'], $data['password_repeat'])) {
return "Passwörter stimmen nicht überein.";
}
if ($this->pwRequirementCheck($data['password']) !== true) {
return "Passwort muss mindestens 8 Zeichen lang sein und mindestens ein Großbuchstabe, ein Kleinbuchstabe, eine Zahl und ein Sonderzeichen enthalten.";
}
$hashedPassword = password_hash($data['password'], PASSWORD_DEFAULT);
$sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl, land,vorname, nachname, tel, isAdmin)
@ -145,8 +148,7 @@ class AuthModel extends Database
}
}
private function forgottenPwUpdate($email, $hashedPassword)
{
private function forgottenPwUpdate($email, $hashedPassword) {
try{
$pdo = $this->linkDB();
@ -213,4 +215,24 @@ class AuthModel extends Database
else
return false;
}
public function pwRequirementCheck($password){
$error = [];
if(strlen($password) <= 8)
$error[] = "min 8 Charackter";
if(!preg_match("/[A-Z]/", $password))
$error[] = "min one large Character";
if(!preg_match("/[a-z]/", $password))
$error[] = "min one small charakter";
if(!preg_match("/[0-9]/", $password))
$error[] = "min one number";
if(!preg_match("[^a-zA-Z0-9\s]", $password));
$error[] = "min one special character";
if(empty($error))
return true;
else
return $error;
}
}

View File

@ -1,38 +0,0 @@
<?php
include dirname(__DIR__).'/header.phtml';
?>
<div class="login-page-bg">
<div class="login-container">
<h2 class="login-title">Login</h2>
<?php if (!empty($errors['login'])): ?>
<div class="login-error">
<?php echo htmlspecialchars($errors['login']); ?>
</div>
<?php elseif (!empty($loginSuccess)): ?>
<div class="login-success">
<p>Login f&uuml;r Benutzer <?php echo htmlspecialchars($_SESSION["user"]); ?> erfolgreich</p>
<a class="login-link" href="?controller=Welcome&do=showWelcome">Weiter</a>
</div>
<?php else: ?>
<form method="post" class="login-form">
<input type="hidden" name="controller" value="Auth">
<input type="hidden" name="do" value="login">
<div class="login-field">
<label for="email">E-Mail:</label>
<input type="email" name="email" id="email" value="<?= htmlspecialchars($validData['email'] ?? '') ?>">
</div>
<div class="login-field">
<label for="password">Passwort:</label>
<input type="password" name="password" id="password">
</div>
<button class="login-btn" type="submit">Einloggen</button>
</form>
<div style="text-align:center; margin-top: 1.5em;">
<a href="?controller=Auth&do=register" class="login-link">Konto erstellen</a>
</div>
<?php endif; ?>
</div>
</div>
<?php include dirname(__DIR__).'/footer.phtml'; ?>

View File

@ -1,65 +0,0 @@
<?php include dirname(__DIR__).'/header.phtml'; ?>
<?php if (!empty($success)) : ?>
<div class="success-message" style="color: green; margin-bottom: 1em;">
<p><?php echo htmlspecialchars($success); ?></p>
</div>
<?php endif; ?>
<?php if (!empty($errors)) : ?>
<div class="error-messages" style="color: red; margin-bottom: 1em;">
<ul>
<?php foreach ($errors as $field => $error) : ?>
<li><?php echo htmlspecialchars($error); ?></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
<form action="?controller=Auth&do=register" method="post">
<label for="vorname">Vorname:</label>
<input type="text" name="vorname" id="vorname" value="<?php echo htmlspecialchars($validData['vorname'] ?? ''); ?>" required>
<label for="nachname">Nachname:</label>
<input type="text" name="nachname" id="nachname" value="<?php echo htmlspecialchars($validData['nachname'] ?? ''); ?>" required>
<label for="straße">Straße:</label>
<input type="text" name="straße" id="straße" value="<?php echo htmlspecialchars($validData['straße'] ?? ''); ?>" required>
<label for="hausnr">Hausnummer:</label>
<input type="text" name="hausnr" id="hausnr" value="<?php echo htmlspecialchars($validData['hausnr'] ?? ''); ?>" required>
<label for="postleitzahl">Postleitzahl:</label>
<input type="text" name="postleitzahl" id="postleitzahl" value="<?php echo htmlspecialchars($validData['postleitzahl'] ?? ''); ?>" required>
<label for="ort">Ort:</label>
<input type="text" name="ort" id="ort" value="<?php echo htmlspecialchars($validData['ort'] ?? ''); ?>" required>
<label for="land">Land:</label>
<input type="text" name="land" id="land" value="<?php echo htmlspecialchars($validData['land'] ?? ''); ?>" required>
<label for="tel">Telefonnummer:</label>
<input type="text" name="tel" id="tel" value="<?php echo htmlspecialchars($validData['tel'] ?? ''); ?>">
<label for="email">E-Mail-Adresse:</label>
<input type="email" name="email" id="email" value="<?php echo htmlspecialchars($validData['email'] ?? ''); ?>" required>
<label for="password">Passwort:</label>
<input type="password" name="password" id="password" required>
<label for="password_repeat">Passwort wiederholen:</label>
<input type="password" name="password_repeat" id="password_repeat" required>
<label for="isAdmin">
<input type="checkbox" name="isAdmin" id="isAdmin" value="1" <?php echo (!empty($validData['isAdmin'])) ? 'checked' : ''; ?>>
Admin-Rechte
</label>
<button type="submit">Registrieren</button>
</form>
<div style="text-align:center; margin-top: 1.5em;">
<a href="?controller=Auth&do=showAuthForm" class="login-link">Bereits registriert? Hier einloggen</a>
</div>
<?php include dirname(__DIR__).'/footer.phtml'; ?>

View File

@ -5,19 +5,20 @@ include dirname(__DIR__) . '/header.phtml';
<div class="inhalt">
<div class="login-container">
<h1>Anmelden</h1>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-email" type="text" placeholder="E-Mail">
</label>
<form class="form-horizontal" action="index.php" method="post">
<input type="hidden" name="controller" value="Auth">
<input type="hidden" name="do" value="login">
<label for="email">E-Mail</label>
<input class="input-email" type="email" name="email" id="email" placeholder="E-Mail" required>
<label for="password">Passwort</label>
<input class="input-passwort" type="password" name="password" id="password" placeholder="Passwort" required>
<button class="button-loggin" type="submit">Login</button>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-passwort" type="text" placeholder="Passwort">
</label>
</form>
<button class="button-loggin">Login</button>
<a class="link-passwort-vergessen">Passwort vergessen?</a>
<a class="link-konto-erstellen" href="?controller=Auth&do=showRegistrationForm">Konto erstellen</a>
<div style="text-align:center; margin-top: 1.5em;">
<a class="link-passwort-vergessen">Passwort vergessen?</a>
<br>
<a class="link-konto-erstellen" href="?controller=Auth&do=showRegistrationForm">Konto erstellen</a>
</div>
</div>
</div>

View File

@ -1,69 +1,54 @@
<?php
include dirname(__DIR__) . '/header.phtml';
?>
<div class="inhalt">
<div class="login-container">
<h1>Registrieren</h1>
<form class="form-horizontal" action="#" method="post">
<form class="form-horizontal" action="index.php" method="post">
<input type="hidden" name="controller" value="Auth">
<input type="hidden" name="do" value="register">
<label>
<input class="input-vorname" type="text" placeholder="Vorname">
<input class="input-vorname" type="text" name="vorname" placeholder="Vorname">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-nachname" type="text" placeholder="Nachname">
<input class="input-nachname" type="text" name="nachname" placeholder="Nachname">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-email" type="text" placeholder="E-Mail">
<input class="input-email" type="text" name="email" placeholder="E-Mail">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-passwort" type="text" placeholder="Passwort">
<input class="input-passwort" type="password" name="password" placeholder="Passwort">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-passwort-repeat" type="text" placeholder="Passwort wiederholen">
<input class="input-passwort-repeat" type="password" name="password_repeat" placeholder="Passwort wiederholen">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-strasse" type="text" placeholder="Straße">
<input class="input-strasse" type="text" name="strasse" placeholder="Straße">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-hausnr" type="text" placeholder="Hausnr.">
<input class="input-hausnr" type="text" name="hausnr" placeholder="Hausnr.">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-postleitzahl" type="text" placeholder="Postleitzahl">
<input class="input-postleitzahl" type="text" name="plz" placeholder="Postleitzahl">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-ort" type="text" placeholder="Ort">
<input class="input-ort" type="text" name="ort" placeholder="Ort">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-land" type="text" placeholder="Land">
<input class="input-land" type="text" name="land" placeholder="Land">
</label>
</form>
<form class="form-horizontal" action="#" method="post">
<label>
<input class="input-tel" type="text" placeholder="Telefonnr.">
<input class="input-tel" type="text" name="tel" placeholder="Telefonnr.">
</label>
<button class="button-register" type="submit">Registrieren</button>
</form>
<button class="button-register">Registrieren</button>
<div style="text-align:center; margin-top: 1.5em;">
<a href="?controller=Auth&do=showAuthForm" class="login-link">Bereits registriert? Hier einloggen</a>
<a href="?controller=Auth&do=showAuthForm" class="login-link">Bereits registriert? Hier einloggen</a>
</div>
</div>
</div>
<?php
include dirname(__DIR__) . '/footer.phtml';
?>

View File

@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="de">
<head>
<title>VR Contact</title>
<title>Bib Arts</title>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="/bibarts/CSS/style.css" rel="stylesheet" type="text/css" />
@ -11,8 +11,9 @@
<nav id="navigation">
<div class="link-container">
<div id="logo" ><a class="link-logo" href="#"></a></div>
<a id="link-ausstellungen" class="links" href="?controller=Event&do=showEvents">Ausstellungen</a>
<a id="link-tickets" class="links" href="#">Tickets</a>
<a id="link-infos" class="links" href="?controller=Welcome&do=showWelcome">Infos</a>
<a id="link-news" class="links" href="?controller=News&do=showNews">Startseite</a>
<a id="link-profil" class="links" href="?controller=Contact&do=showContactForm">Profil</a>
<div id="profile-picture"></div>
</div>

View File

@ -9,12 +9,13 @@ CREATE TABLE User (
nachname VARCHAR(50),
strasse VARCHAR(100),
hausnr VARCHAR(10),
postleitzahl VARCHAR(10),
plz VARCHAR(10),
ort VARCHAR(50),
land VARCHAR(50),
tel VARCHAR(20),
email VARCHAR(100) UNIQUE,
isAdmin BOOLEAN DEFAULT FALSE,
validUntil DATETIME NOT NULL DEFAULT '3025-01-01 00:00:00',
password VARCHAR(255)
);
@ -39,6 +40,7 @@ CREATE TABLE Ausstellung (
name VARCHAR(100),
beschreibung TEXT,
max_tickets INT,
eintrittspreis DECIMAL(5,2),
FOREIGN KEY (standortid) REFERENCES Standort(standortid)
);
@ -49,7 +51,6 @@ CREATE TABLE Ticket (
ausstellungid INT,
kaufdatum DATE,
gueltigkeit DATE,
preis DECIMAL(10,2),
FOREIGN KEY (userid) REFERENCES User(userid),
FOREIGN KEY (ausstellungid) REFERENCES Ausstellung(austellungid)
);
@ -74,11 +75,12 @@ CREATE TABLE News (
-- User-Daten
INSERT INTO User (vorname, nachname, strasse, hausnr, postleitzahl, ort, land, tel, email, isAdmin, password)
-- User-Daten (Passwort: passwort123)
INSERT INTO User (vorname, nachname, strasse, hausnr, plz, ort, land, tel, email, isAdmin, password)
VALUES
('Max', 'Muster', 'Musterstraße', '1', '12345', 'Musterstadt', 'Deutschland', '0123456789', 'max@muster.de', FALSE, 'passwort123'),
('Anna', 'Beispiel', 'Beispielweg', '5a', '54321', 'Beispielstadt', 'Deutschland', '0987654321', 'anna@beispiel.de', TRUE, 'adminpass');
('Max', 'Muster', 'Musterstraße', '1', '12345', 'Musterstadt', 'Deutschland', '0123456789', 'max@muster.de', FALSE, '$2y$10$VAj.C0XHPUxV4oXS6b79aumlg5fBMPPx5FPqgkQSIQeBLh0WtYmKy'),
('Anna', 'Beispiel', 'Beispielweg', '5a', '54321', 'Beispielstadt', 'Deutschland', '0987654321', 'anna@beispiel.de', TRUE, '$2y$10$cnPBpkvLbdpDxzYvxlQg9uVp5y8ggr2SWL8NAMg9zk.3QnnEl.MGq');
-- Standort-Daten
INSERT INTO Standort (strasse, hausnr, plz, ort, land, tel, email)
@ -87,10 +89,10 @@ VALUES
('Kunstallee', '22b', '50667', 'Köln', 'Deutschland', '0221123456', 'info@kunst-koeln.de');
-- Ausstellung-Daten
INSERT INTO Ausstellung (standortid, datum_von, datum_bis, name, beschreibung, max_tickets)
INSERT INTO Ausstellung (standortid, datum_von, datum_bis, name, beschreibung, max_tickets, eintrittspreis)
VALUES
(1, '2025-07-01', '2025-08-31', 'Moderne Meisterwerke', 'Eine Sammlung moderner Kunstwerke aus Europa.', 200),
(2, '2025-09-10', '2025-10-20', 'Kunst der Antike', 'Ausstellung antiker Skulpturen und Gemälde.', 150);
(1, '2025-07-01', '2025-08-31', 'Moderne Meisterwerke', 'Eine Sammlung moderner Kunstwerke aus Europa.', 200, 19.99),
(2, '2025-09-10', '2025-10-20', 'Kunst der Antike', 'Ausstellung antiker Skulpturen und Gemälde.', 150, 39.99);
-- Gutschein-Daten (Spaltennamen korrigiert)
INSERT INTO Gutschein (code, rabatt, ausstellungid, gueltigkeit)
@ -99,46 +101,13 @@ VALUES
('HERBST25', 25, 2, '2025-10-15');
-- Ticket-Daten (Spaltennamen korrigiert)
INSERT INTO Ticket (userid, ausstellungid, kaufdatum, gueltigkeit, preis)
INSERT INTO Ticket (userid, ausstellungid, kaufdatum, gueltigkeit)
VALUES
(1, 1, '2025-06-01', '2025-07-15', 12.50),
(2, 2, '2025-06-05', '2025-09-15', 10.00);
(1, 1, '2025-06-01', '2025-07-15'),
(2, 2, '2025-06-05', '2025-09-15');
-- News-Daten
INSERT INTO News (name, beschreibung, datum)
VALUES
('Neuer Standort eröffnet', 'Unsere Galerie in Köln ist jetzt geöffnet!', '2025-06-01'),
('Frühbucher-Rabatt', 'Sichern Sie sich jetzt 15% Rabatt auf unsere Sommerausstellung.', '2025-05-20');
--Änderungen:
ALTER TABLE austellung
ADD preis decimal NOT NULL
ALTER TABLE ticket
DROP COLUMN preis
ALTER TABLE user
MODIFY COLUMN userid INT NOT NULL AUTO_INCREMENT;
ALTER TABLE ticket
MODIFY COLUMN ticketid INT NOT NULL AUTO_INCREMENT;
ALTER TABLE standort
MODIFY COLUMN standortid INT NOT NULL AUTO_INCREMENT;
ALTER TABLE news
MODIFY COLUMN newsid INT NOT NULL AUTO_INCREMENT;
ALTER TABLE gutschein
MODIFY COLUMN gutscheinid INT NOT NULL AUTO_INCREMENT;
ALTER TABLE ausstellung
MODIFY COLUMN austellungid INT NOT NULL AUTO_INCREMENT;
ALTER TABLE user
MODIFY COLUMN isAdmin BOOLEAN DEFAULT FALSE;
ALTER TABLE user
ADD validUntil DATETIME NOT NULL DEFAULT '3025-01-01 00:00:00';

View File

@ -19,11 +19,11 @@ spl_autoload_register(function ($className) {
$controllerName = "";
$doMethodName = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$controllerName = isset($_POST['controller']) && $_POST['controller'] ? $_POST['controller'] : "Welcome";
$doMethodName = isset($_POST['do']) && $_POST['do'] ? $_POST['do'] : "showWelcome";
$controllerName = isset($_POST['controller']) && $_POST['controller'] ? $_POST['controller'] : "Auth";
$doMethodName = isset($_POST['do']) && $_POST['do'] ? $_POST['do'] : "showAuthForm";
} else {
$controllerName = isset($_GET['controller']) && $_GET['controller'] ? $_GET['controller'] : "Welcome";
$doMethodName = isset($_GET['do']) && $_GET['do'] ? $_GET['do'] : "showWelcome";
$controllerName = isset($_GET['controller']) && $_GET['controller'] ? $_GET['controller'] : "Auth";
$doMethodName = isset($_GET['do']) && $_GET['do'] ? $_GET['do'] : "showAuthForm";
}
$controllerClassName = 'Blog\\Controller\\'.ucfirst($controllerName).'Controller';