217 lines
7.2 KiB
PHP
217 lines
7.2 KiB
PHP
<?php
|
||
|
||
namespace Blog\Model;
|
||
|
||
use Cassandra\Date;
|
||
use PDOException;
|
||
|
||
class AuthModel extends Database
|
||
{
|
||
public function login($email, $password){
|
||
$params = [":email" => $email];
|
||
$sql = "SELECT email, password, validUntil FROM user WHERE email = :email";
|
||
|
||
$pdo = $this->linkDB();
|
||
|
||
try {
|
||
$sth = $pdo->prepare($sql);
|
||
$sth->execute($params);
|
||
$user = $sth->fetch(PDO::FETCH_ASSOC);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e);
|
||
die;
|
||
}
|
||
|
||
|
||
if (!$user) {
|
||
return false;
|
||
}
|
||
|
||
if (!password_verify($password, $user['password'])) {
|
||
return false;
|
||
}
|
||
|
||
$now = new DateTime();
|
||
$validUntil = new DateTime($user['validUntil']);
|
||
|
||
if ($now > $validUntil) {
|
||
return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\".";
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone)
|
||
{
|
||
$rtn = $this->pwRequirementCheck($password);
|
||
if($rtn !== true){
|
||
return $rtn;
|
||
}
|
||
|
||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||
return "Bitte geben Sie eine gültige E-Mail ein.";
|
||
}
|
||
|
||
$requiredFields = [$email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone];
|
||
foreach ($requiredFields as $field) {
|
||
if (empty($field)) {
|
||
return "Bitte füllen Sie alle Felder aus";
|
||
}
|
||
}
|
||
|
||
try {
|
||
$pdo = $this->linkDB();
|
||
$stmt = $pdo->prepare("SELECT id FROM user WHERE email = :email");
|
||
$stmt->execute([':email' => $email]);
|
||
if($stmt-> fetch()){
|
||
return "Der Account mit der Email, existiert bereits.";
|
||
}
|
||
}
|
||
catch (PDOException $e){
|
||
new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e);
|
||
die;
|
||
}
|
||
|
||
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
||
|
||
$sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel)
|
||
VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)";
|
||
|
||
try{
|
||
$pdo = $this->linkDB();
|
||
$stmt = $pdo->prepare($sql);
|
||
return $stmt->execute([
|
||
':email' => $email,
|
||
':password' => $hashedPassword,
|
||
':straße' => $street,
|
||
':hausnr' => $houseNumber,
|
||
':ort' => $city,
|
||
':postleitzahl' => $postalCode,
|
||
':land' => $country,
|
||
':vorname' => $firstName,
|
||
':nachname' => $lastName,
|
||
':tel' => $phone
|
||
]);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
|
||
die;
|
||
}
|
||
|
||
}
|
||
|
||
private function pwRequirementCheck($password){
|
||
$error = [];
|
||
|
||
if(strlen($password) <= 8)
|
||
$error[] = "min 8 Charackter";
|
||
if(!preg_match("/[A-Z]/", $password))
|
||
$error[] = "min one large Character";
|
||
if(!preg_match("/[a-z]/", $password))
|
||
$error[] = "min one small charakter";
|
||
if(!preg_match("/[0-9]/", $password))
|
||
$error[] = "min one number";
|
||
if(!preg_match("/[ <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ ]/", $password));
|
||
$error[] = "min one of these: <>|°^,;·.:…\-_–#'’+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ";
|
||
|
||
if(empty($error))
|
||
return true;
|
||
else
|
||
return $error;
|
||
}
|
||
|
||
public function pwForgot($email){
|
||
$randomPw = bin2hex(random_bytes(12 / 2));
|
||
$hashedPassword = password_hash($randomPw, PASSWORD_DEFAULT);
|
||
|
||
$this->forgottenPwUpdate($email, $hashedPassword);
|
||
|
||
$betreff = "Passwort zurücksetzen bei bibArts";
|
||
$nachricht = "Hallo,\n\nhier ihr temporäres Passwort:\n\n $randomPw \n\n Bitte beachten Sie, dass das Passwort nur 2 stunden Gülltig ist. \nViele Grüße,\nbibArts Team";
|
||
|
||
$header = "From: noreply@edu.bib.de\r\n";
|
||
$header .= "Content-Type: text/plain; charset=UTF-8\r\n";
|
||
|
||
$maxTries = 5;
|
||
$try = 0;
|
||
$success = false;
|
||
|
||
while ($try < $maxTries && !$success) {
|
||
$erfolg = mail($email, $betreff, $nachricht, $header);
|
||
$try++;
|
||
if (!$erfolg) {
|
||
error_log("Mailversuch $try an $email fehlgeschlagen.");
|
||
sleep(1);
|
||
}
|
||
}
|
||
}
|
||
|
||
private function forgottenPwUpdate($email, $hashedPassword)
|
||
{
|
||
try{
|
||
$pdo = $this->linkDB();
|
||
|
||
$sqlCheck = "SELECT COUNT(*) FROM user WHERE email = :email";
|
||
$stmt = $pdo->prepare($sqlCheck);
|
||
$stmt->execute([':email' => $email]);
|
||
if ($stmt->fetchColumn() == 0) {
|
||
return false;
|
||
}
|
||
|
||
$validUntil = (new DateTime())->add(new DateInterval('PT2H'))->format('Y-m-d H:i:s');
|
||
|
||
|
||
$sql = "UPDATE user
|
||
SET password = :password AND validUntil = :validUntil
|
||
WHERE email = :email";
|
||
|
||
$stmt = $pdo->prepare($sql);
|
||
return $stmt->execute([
|
||
':email' => $email,
|
||
':password' => $hashedPassword,
|
||
':validUntil' => $validUntil
|
||
]);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);
|
||
die;
|
||
return false;
|
||
}
|
||
}
|
||
|
||
public function updatePassword($email, $oldpw, $newpw){
|
||
if(!$this->login($email, $oldpw)) {
|
||
return false;
|
||
}
|
||
|
||
$requiredFields = [$email, $oldpw, $newpw];
|
||
foreach ($requiredFields as $field) {
|
||
if (empty($field)) {
|
||
return "Bitte füllen Sie alle Felder aus";
|
||
}
|
||
}
|
||
$hashedPassword = password_hash($newpw, PASSWORD_DEFAULT);
|
||
|
||
$sql = "INSERT INTO user (email, password)
|
||
VALUES (:email, :password)";
|
||
|
||
try{
|
||
$pdo = $this->linkDB();
|
||
$stmt = $pdo->prepare($sql);
|
||
return $stmt->execute([
|
||
':email' => $email,
|
||
':password' => $hashedPassword,
|
||
]);
|
||
} catch (PDOException $e) {
|
||
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
|
||
die;
|
||
}
|
||
}
|
||
|
||
public function checkDoublePw($password1, $password2){
|
||
if($password1 === $password2){
|
||
return true;
|
||
}
|
||
else
|
||
return false;
|
||
}
|
||
}
|