AuthController hinzugefügt

AuthController und methoden hinzugefügt.
2025-07-07 10:35:49 +02:00 · 2025-07-07 10:34:37 +02:00
6 changed files with 390 additions and 18 deletions
--- a/.idea/sqldialects.xml
+++ b/.idea/sqldialects.xml
@ -1,6 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="SqlDialectMappings">
    <file url="file://$PROJECT_DIR$/contact.sql" dialect="GenericSQL" />
  </component>
 </project>
--- a/Controller/AuthController.php
+++ b/Controller/AuthController.php
@ -0,0 +1,151 @@
 <?php
 namespace Blog\Controller;
 use Blog\Model\AuthModel;
 class AuthController
 {
    private $model;
    private $view;
    public function __construct($view) {
        $this->model = new AuthModel();
        $this->view = $view;
    }
    public function showLoginForm() {
        $this->view->setVars([
            'labels' => [
                "email" => "E-Mail-Adresse",
                "password" => "Passwort",
                "password_repeat" => "Passwort wiederholen",
                "old_password" => "Altes Passwort"
            ],
            'errors' => $_SESSION['auth_errors'] ?? [],
            'validData' => $_SESSION['auth_validData'] ?? []
        ]);
        unset($_SESSION['auth_errors'], $_SESSION['auth_validData']);
    }
    public function showRegistrationForm() {
        $this->view->setVars([
            'labels' => [
                "email" => "E-Mail-Adresse",
                "password" => "Passwort",
                "password_repeat" => "Passwort wiederholen",
                "old_password" => "Altes Passwort"
            ],
            'errors' => $_SESSION['auth_errors'] ?? [],
            'validData' => $_SESSION['auth_validData'] ?? []
        ]);
        unset($_SESSION['auth_errors'], $_SESSION['auth_validData']);
    }
    public function login() {
        $email = $_POST['email'];
        $password = $_POST['password'];
        $result = $this->model->login($email, $password);
        if ($result === true) {
            $_SESSION['user'] = $email; 
            header('Location: /bibarts/?controller=News&do=showNews');
            exit();
        } else {
            $this->view->setVars([
                'errors' => ['login' => is_string($result) ? $result : "Login fehlgeschlagen."],
                'validData' => ['email' => $email],
                'loginSuccess' => false
            ]);
        }
    }
    public function register() {
        $data = [
            'first_name' => $_POST['vorname'] ?? '',
            'last_name' => $_POST['nachname'] ?? '',
            'street' => $_POST['strasse'] ?? '',
            'house_number' => $_POST['hausnr'] ?? '',
            'postal_code' => $_POST['plz'] ?? '',
            'city' => $_POST['ort'] ?? '',
            'country' => $_POST['land'] ?? '',
            'phone' => $_POST['tel'] ?? '',
            'email' => $_POST['email'] ?? '',
            'password' => $_POST['password'] ?? '',
            'password_repeat' => $_POST['password_repeat'] ?? '',
            'is_admin' => $_POST['isAdmin'] ?? false,
        ];
        $result = $this->model->register($data);
        if ($result === true) {
            $this->view->setVars(['success' => 'Registrierung erfolgreich!']);
            $this->view->render('Auth/showLoginForm');
            exit;
        } else {
            $errors['register'] = is_string($result) ? $result : "Registrierung fehlgeschlagen.";
            $this->view->setVars(['errors' => $errors, 'validData' => $data]);
            $this->view->render('Auth/showRegistrationForm');
            exit;
        }
    }
    public function forgotPassword() {
        $email = $_POST['email'] ?? '';
        if (empty($email)) {
            $_SESSION['auth_errors']['email'] = "Bitte E-Mail-Adresse angeben.";
            header("Location: /?controller=Auth&do=showAuthForm");
            exit;
        }
        $this->model->pwForgot($email);
        header("Location: /?controller=Auth&do=showConfirmation&msg=pwforgot");
        exit;
    }
    public function changePassword()
    {
        $email = $_POST['email'] ?? '';
        $oldpw = $_POST['old_password'] ?? '';
        $newpw = $_POST['password'] ?? '';
        $repeat = $_POST['password_repeat'] ?? '';
        if (!$this->model->checkDoublePw($newpw, $repeat)) {
            $_SESSION['auth_errors']['password'] = "Neue Passwörter stimmen nicht überein.";
            header("Location: /?controller=Auth&do=showAuthForm");
            exit;
        }
        $result = $this->model->updatePassword($email, $oldpw, $newpw);
        if ($result === true) {
            header("Location: /?controller=Auth&do=showConfirmation&msg=pwchange");
            exit;
        } else {
            $_SESSION['auth_errors']['password'] = is_string($result) ? $result : "Fehler beim Aktualisieren des Passworts.";
            header("Location: /?controller=Auth&do=showAuthForm");
            exit;
        }
    }
    public function showConfirmation()
    {
        $messages = [
            'login' => "Login erfolgreich.",
            'register' => "Registrierung erfolgreich.",
            'pwforgot' => "Ein temporäres Passwort wurde an Ihre E-Mail gesendet.",
            'pwchange' => "Passwort erfolgreich geändert."
        ];
        $msgKey = $_GET['msg'] ?? '';
        $message = $messages[$msgKey] ?? "Aktion erfolgreich.";
        $this->view->setVars(['message' => $message]);
        $this->view->render('auth/confirmation');
    }
    public function logout() {
        unset($_SESSION['user']);
        session_destroy();
        header('Location: /bibarts/?controller=Auth&do=showLoginForm');
        exit();
    }
 }
--- a/Controller/LoginController.php
+++ b/Controller/LoginController.php
@ -1,12 +0,0 @@
 <?php
 namespace Blog\Controller;
 class LoginController {
    function showLoginPage(){
    }
    function showPasswortVergessen(){
    }
 }
--- a/Model/AuthModel.php
+++ b/Model/AuthModel.php
@ -0,0 +1,239 @@
 <?php
 namespace Blog\Model;
 use DateTime;
 use PDO;
 use PDOException;
 class AuthModel extends Database
 {
    public function login(string $email, string $password)
    {
        $pdo = $this->linkDB();
        $sql = "SELECT email, password, valid_until FROM user WHERE email = :email";
        $params = [":email" => $email];
        try {
            $sth = $pdo->prepare($sql);
            $sth->execute($params);
            $user = $sth->fetch(PDO::FETCH_ASSOC);
        } catch (PDOException $e) {
            new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Benutzerdaten.", $e);
            return "Interner Datenbankfehler."; // Nur für Debug sichtbar machen, sonst besser allgemein halten
        }
        if (!$user) {
            return "Benutzer mit dieser E-Mail wurde nicht gefunden.";
        }
        if (!password_verify($password, $user['password'])) {
            return "Das eingegebene Passwort ist falsch.";
        }
        try {
            $now = new DateTime();
            $validUntil = new DateTime($user['valid_until']);
            if ($now > $validUntil) {
                return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über \"Passwort vergessen\".";
            }
        } catch (\Exception $e) {
            new \Blog\Library\ErrorMsg("Fehler beim Verarbeiten des Gültigkeitsdatums.", $e);
            return "Fehler bei der Passwortprüfung.";
        }
        return true;
    }
    public function register($data) {
        if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
            return "Bitte geben Sie eine gültige E-Mail ein.";
        }
        $requiredFields = [
            'email', 'password', 'street', 'house_number', 'city', 'postal_code',
            'country', 'first_name', 'last_name', 'phone'
        ];
        foreach ($requiredFields as $field) {
            if (empty($data[$field])) {
                return "Bitte füllen Sie alle Felder aus.";
            }
        }
        if ($this->userExistsByEmail($data['email'])) {
            return "Ein Account mit dieser E-Mail existiert bereits.";
        }
        // Passwort-Validierung
        if (!$this->checkDoublePw($data['password'], $data['password_repeat'])) {
            return "Passwörter stimmen nicht überein.";
        }
        if ($this->pwRequirementCheck($data['password']) !== true) {
            return "Passwort muss mindestens 8 Zeichen lang sein und mindestens ein Großbuchstabe, ein Kleinbuchstabe, eine Zahl und ein Sonderzeichen enthalten.";
        }
        $hashedPassword = password_hash($data['password'], PASSWORD_DEFAULT);
        $sql = "INSERT INTO user (email, password, street, house_number, city, postal_code, country, first_name, last_name, phone, is_admin) 
                VALUES (:email, :password, :street, :house_number, :city, :postal_code, :country, :first_name, :last_name, :phone, :is_admin)";
        $params = [
            ':email' => $data['email'],
            ':password' => $hashedPassword,
            ':street' => $data['street'],
            ':house_number' => $data['house_number'],
            ':city' => $data['city'],
            ':postal_code'=> $data['postal_code'],
            ':country'=> $data['country'],
            ':first_name' => $data['first_name'],
            ':last_name'=> $data['last_name'],
            ':phone' => $data['phone'],
            ':is_admin' => $data['is_admin'] ? 1 : 0,
        ];
        try {
            $pdo = $this->linkDB();
            $stmt = $pdo->prepare($sql);
            $stmt->execute($params);
            return true;
        } catch (PDOException $e) {
            new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
            return false;
        }
    }
    private function userExistsByEmail($email) {
        try {
            $pdo = $this->linkDB();
            $sql = "SELECT user_id FROM user WHERE email = :email";
            $params = [':email' => $email];
            $stmt = $pdo->prepare($sql);
            $stmt->execute($params);
            return (bool) $stmt->fetch();
        } catch (\PDOException $e) {
            new \Blog\Library\ErrorMsg("Fehler bei der E-Mail-Prüfung", $e);
            return false;
        }
    }
    public function pwForgot($email){
        $randomPw = bin2hex(random_bytes(12 / 2));
        $hashedPassword = password_hash($randomPw, PASSWORD_DEFAULT);
        $this->forgottenPwUpdate($email, $hashedPassword);
        $betreff = "Passwort zurücksetzen bei bibArts";
        $nachricht = "Hallo,\n\nhier ihr temporäres Passwort:\n\n $randomPw \n\n Bitte beachten Sie, dass das Passwort nur 2 stunden Gülltig ist. \nViele Grüße,\nbibArts Team";
        $header = "From: noreply@edu.bib.de\r\n";
        $header .= "Content-Type: text/plain; charset=UTF-8\r\n";
        $maxTries = 5;
        $try = 0;
        $success = false;
        while ($try < $maxTries && !$success) {
            $erfolg = mail($email, $betreff, $nachricht, $header);
            $try++;
            if (!$erfolg) {
                error_log("Mailversuch $try an $email fehlgeschlagen.");
                sleep(1);
            }
        }
    }
    private function forgottenPwUpdate($email, $hashedPassword) {
        try{
            $pdo = $this->linkDB();
            $sqlCheck = "SELECT COUNT(*) FROM user WHERE email = :email";
            $stmt = $pdo->prepare($sqlCheck);
            $stmt->execute([':email' => $email]);
            if ($stmt->fetchColumn() == 0) {
                return false;
            }
            $validUntil = (new DateTime())->add(new DateInterval('PT2H'))->format('Y-m-d H:i:s');
            $sql = "UPDATE user 
                    SET password = :password, valid_until = :valid_until
                    WHERE email = :email";
            $stmt = $pdo->prepare($sql);
            $params = [
                ':email' => $email,
                ':password' => $hashedPassword,
                ':valid_until' => $validUntil
            ];
            return $stmt->execute($params);
        } catch (PDOException $e) {
            new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);
            die;
            return false;
        }
    }
    public function updatePassword($email, $oldpw, $newpw){
        if(!$this->login($email, $oldpw)) {
            return false;
        }
        $requiredFields = [$email, $oldpw, $newpw];
        foreach ($requiredFields as $field) {
            if (empty($field)) {
                return "Bitte füllen Sie alle Felder aus";
            }
        }
        $hashedPassword = password_hash($newpw, PASSWORD_DEFAULT);
        $sql = "UPDATE user SET password = :password WHERE email = :email";
        try{
            $pdo = $this->linkDB();
            $stmt = $pdo->prepare($sql);
            $params = [
                ':email' => $email,
                ':password' => $hashedPassword,
            ];
            return $stmt->execute($params);
        } catch (PDOException $e) {
            new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
            die;
        }
    }
    public function checkDoublePw($password1, $password2){
        if($password1 === $password2){
            return true;
        }
        else
            return false;
    }
    public function pwRequirementCheck($password){
        $error = [];
        if(strlen($password) <= 8)
            $error[] = "min 8 Charackter";
        if(!preg_match("/[A-Z]/", $password))
            $error[] = "min one large Character";
        if(!preg_match("/[a-z]/", $password))
            $error[] = "min one small charakter";
        if(!preg_match("/[0-9]/", $password))
            $error[] = "min one number";
        if(!preg_match("[^a-zA-Z0-9\s]", $password));
        $error[] = "min one special character";
        if(empty($error))
            return true;
        else
            return $error;
    }
 }
--- a/Views/Login/showLoginPage.phtml
+++ b/Views/Login/showLoginPage.phtml
--- a/Views/Login/showPasswortVergessen.phtml
+++ b/Views/Login/showPasswortVergessen.phtml
Author	SHA1	Message	Date
Karsten Tlotzek	415d8120e5	AuthController hinzugefügt	2025-07-07 10:35:49 +02:00
Karsten Tlotzek	a4eef4e4e3	AuthController und methoden hinzugefügt.	2025-07-07 10:34:37 +02:00