$email]; $sql = "SELECT email, password, validUntil FROM user WHERE email = :email"; $pdo = $this->linkDB(); try { $sth = $pdo->prepare($sql); $sth->execute($params); $user = $sth->fetch(PDO::FETCH_ASSOC); } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e); die; } if (!$user) { return false; } if (!password_verify($password, $user['password'])) { return false; } $now = new DateTime(); $validUntil = new DateTime($user['validUntil']); if ($now > $validUntil) { return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\"."; } return true; } public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone, $isAdmin) { $rtn = $this->pwRequirementCheck($password); if($rtn !== true){ return $rtn; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { return "Bitte geben Sie eine gültige E-Mail ein."; } $requiredFields = [$email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone]; foreach ($requiredFields as $field) { if (empty($field)) { return "Bitte füllen Sie alle Felder aus"; } } try { $pdo = $this->linkDB(); $stmt = $pdo->prepare("SELECT userid FROM user WHERE email = :email"); $stmt->execute([':email' => $email]); if($stmt-> fetch()){ return "Der Account mit der Email, existiert bereits."; } } catch (PDOException $e){ new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e); die; } $hashedPassword = password_hash($password, PASSWORD_DEFAULT); $sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel, isAdmin) VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel, :isAdmin)"; try{ $pdo = $this->linkDB(); $stmt = $pdo->prepare($sql); $stmt->execute([ ':email' => $email, ':password' => $hashedPassword, ':straße' => $street, ':hausnr' => $houseNumber, ':ort' => $city, ':postleitzahl' => $postalCode, ':land' => $country, ':vorname' => $firstName, ':nachname' => $lastName, ':tel' => $phone, ':isAdmin' => $isAdmin ]); } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); die; } } private function pwRequirementCheck($password){ $error = []; if(strlen($password) <= 8) $error[] = "min 8 Charackter"; if(!preg_match("/[A-Z]/", $password)) $error[] = "min one large Character"; if(!preg_match("/[a-z]/", $password)) $error[] = "min one small charakter"; if(!preg_match("/[0-9]/", $password)) $error[] = "min one number"; if(!preg_match("[^a-zA-Z0-9\s]", $password)); $error[] = "min one special character"; if(empty($error)) return true; else return $error; } public function pwForgot($email){ $randomPw = bin2hex(random_bytes(12 / 2)); $hashedPassword = password_hash($randomPw, PASSWORD_DEFAULT); $this->forgottenPwUpdate($email, $hashedPassword); $betreff = "Passwort zurücksetzen bei bibArts"; $nachricht = "Hallo,\n\nhier ihr temporäres Passwort:\n\n $randomPw \n\n Bitte beachten Sie, dass das Passwort nur 2 stunden Gülltig ist. \nViele Grüße,\nbibArts Team"; $header = "From: noreply@edu.bib.de\r\n"; $header .= "Content-Type: text/plain; charset=UTF-8\r\n"; $maxTries = 5; $try = 0; $success = false; while ($try < $maxTries && !$success) { $erfolg = mail($email, $betreff, $nachricht, $header); $try++; if (!$erfolg) { error_log("Mailversuch $try an $email fehlgeschlagen."); sleep(1); } } } private function forgottenPwUpdate($email, $hashedPassword) { try{ $pdo = $this->linkDB(); $sqlCheck = "SELECT COUNT(*) FROM user WHERE email = :email"; $stmt = $pdo->prepare($sqlCheck); $stmt->execute([':email' => $email]); if ($stmt->fetchColumn() == 0) { return false; } $validUntil = (new DateTime())->add(new DateInterval('PT2H'))->format('Y-m-d H:i:s'); $sql = "UPDATE user SET password = :password, validUntil = :validUntil WHERE email = :email"; $stmt = $pdo->prepare($sql); return $stmt->execute([ ':email' => $email, ':password' => $hashedPassword, ':validUntil' => $validUntil ]); } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e); die; return false; } } public function updatePassword($email, $oldpw, $newpw){ if(!$this->login($email, $oldpw)) { return false; } $requiredFields = [$email, $oldpw, $newpw]; foreach ($requiredFields as $field) { if (empty($field)) { return "Bitte füllen Sie alle Felder aus"; } } $hashedPassword = password_hash($newpw, PASSWORD_DEFAULT); $sql = "INSERT INTO user (email, password) VALUES (:email, :password)"; try{ $pdo = $this->linkDB(); $stmt = $pdo->prepare($sql); return $stmt->execute([ ':email' => $email, ':password' => $hashedPassword, ]); } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); die; } } public function checkDoublePw($password1, $password2){ if($password1 === $password2){ return true; } else return false; } }