linkDB(); $sql = "SELECT email, password, valid_until, is_admin FROM user WHERE email = :email"; $params = [":email" => $email]; try { $sth = $pdo->prepare($sql); $sth->execute($params); $user = $sth->fetch(PDO::FETCH_ASSOC); } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Benutzerdaten.", $e); return ['success' => false, 'error' => "Interner Datenbankfehler."]; } if (!$user) { return ['success' => false, 'error' => "Benutzer mit dieser E-Mail wurde nicht gefunden."]; } if (!password_verify($password, $user['password'])) { return ['success' => false, 'error' => "Das eingegebene Passwort ist falsch."]; } try { $now = new DateTime(); $validUntil = new DateTime($user['valid_until']); if ($now > $validUntil) { return ['success' => false, 'error' => "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über \"Passwort vergessen\"."]; } } catch (\Exception $e) { new \Blog\Library\ErrorMsg("Fehler beim Verarbeiten des Gültigkeitsdatums.", $e); return ['success' => false, 'error' => "Fehler bei der Passwortprüfung."]; } return ['success' => true, 'user' => $user]; } public function register($data) { if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) { return "Bitte geben Sie eine gültige E-Mail ein."; } $requiredFields = [ 'email', 'password', 'password_repeat', 'street', 'house_number', 'city', 'postal_code', 'country', 'first_name', 'last_name', 'phone' ]; foreach ($requiredFields as $field) { if (empty($data[$field])) { return "Bitte füllen Sie alle Felder aus."; } } if ($this->userExistsByEmail($data['email'])) { return "Ein Account mit dieser E-Mail existiert bereits."; } // Passwort-Validierung if (!$this->checkDoublePw($data['password'], $data['password_repeat'])) { return "Passwörter stimmen nicht überein."; } $pwCheck = $this->pwRequirementCheck($data['password']); if ($pwCheck !== true) { return $pwCheck; // Array mit spezifischen Fehlern zurückgeben } $hashedPassword = password_hash($data['password'], PASSWORD_DEFAULT); $sql = "INSERT INTO user (email, password, street, house_number, city, postal_code, country, first_name, last_name, phone, is_admin) VALUES (:email, :password, :street, :house_number, :city, :postal_code, :country, :first_name, :last_name, :phone, :is_admin)"; $params = [ ':email' => $data['email'], ':password' => $hashedPassword, ':street' => $data['street'], ':house_number' => $data['house_number'], ':city' => $data['city'], ':postal_code'=> $data['postal_code'], ':country'=> $data['country'], ':first_name' => $data['first_name'], ':last_name'=> $data['last_name'], ':phone' => $data['phone'], ':is_admin' => $data['is_admin'] ? 1 : 0, ]; try { $pdo = $this->linkDB(); $stmt = $pdo->prepare($sql); $stmt->execute($params); return true; } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); return false; } } private function userExistsByEmail($email) { try { $pdo = $this->linkDB(); $sql = "SELECT user_id FROM user WHERE email = :email"; $params = [':email' => $email]; $stmt = $pdo->prepare($sql); $stmt->execute($params); return (bool) $stmt->fetch(); } catch (\PDOException $e) { new \Blog\Library\ErrorMsg("Fehler bei der E-Mail-Prüfung", $e); return false; } } public function pwForgot($email){ $randomPw = bin2hex(random_bytes(12 / 2)); $hashedPassword = password_hash($randomPw, PASSWORD_DEFAULT); $this->forgottenPwUpdate($email, $hashedPassword); $betreff = "Passwort zurücksetzen bei bibArts"; $nachricht = "Hallo,\n\nhier ihr temporäres Passwort:\n\n $randomPw \n\n Bitte beachten Sie, dass das Passwort nur 2 stunden Gülltig ist. \nViele Grüße,\nbibArts Team"; $header = "From: noreply@edu.bib.de\r\n"; $header .= "Content-Type: text/plain; charset=UTF-8\r\n"; $maxTries = 5; $try = 0; $success = false; while ($try < $maxTries && !$success) { $erfolg = mail($email, $betreff, $nachricht, $header); $try++; if (!$erfolg) { error_log("Mailversuch $try an $email fehlgeschlagen."); sleep(1); } } } private function forgottenPwUpdate($email, $hashedPassword) { try{ $pdo = $this->linkDB(); $sqlCheck = "SELECT COUNT(*) FROM user WHERE email = :email"; $stmt = $pdo->prepare($sqlCheck); $stmt->execute([':email' => $email]); if ($stmt->fetchColumn() == 0) { return false; } $validUntil = (new DateTime())->add(new DateInterval('PT2H'))->format('Y-m-d H:i:s'); $sql = "UPDATE user SET password = :password, valid_until = :valid_until WHERE email = :email"; $stmt = $pdo->prepare($sql); $params = [ ':email' => $email, ':password' => $hashedPassword, ':valid_until' => $validUntil ]; return $stmt->execute($params); } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e); die; return false; } } public function updatePassword($email, $oldpw, $newpw){ if(!$this->login($email, $oldpw)) { return false; } $requiredFields = [$email, $oldpw, $newpw]; foreach ($requiredFields as $field) { if (empty($field)) { return "Bitte füllen Sie alle Felder aus"; } } $hashedPassword = password_hash($newpw, PASSWORD_DEFAULT); $sql = "UPDATE user SET password = :password WHERE email = :email"; try{ $pdo = $this->linkDB(); $stmt = $pdo->prepare($sql); $params = [ ':email' => $email, ':password' => $hashedPassword, ]; return $stmt->execute($params); } catch (PDOException $e) { new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e); die; } } public function checkDoublePw($password1, $password2){ if($password1 === $password2){ return true; } else return false; } public function pwRequirementCheck($password){ $error = []; if(strlen($password) < 8) $error[] = "Passwort: mindestens 8 Zeichen"; if(!preg_match("/[A-Z]/", $password)) $error[] = "Passwort: mindestens ein Großbuchstabe"; if(!preg_match("/[a-z]/", $password)) $error[] = "Passwort: mindestens ein Kleinbuchstabe"; if(!preg_match("/[0-9]/", $password)) $error[] = "Passwort: mindestens eine Zahl"; if(!preg_match("/[^a-zA-Z0-9\s]/", $password)) $error[] = "Passwort: mindestens ein Sonderzeichen"; if(empty($error)) return true; else return $error; } }