Bib-Arts/Model/AuthModel.php
2025-06-23 14:14:25 +02:00

217 lines
7.2 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace Blog\Model;
use Cassandra\Date;
use PDOException;
class AuthModel extends Database
{
public function login($email, $password){
$params = [":email" => $email];
$sql = "SELECT email, password, validUntil FROM user WHERE email = :email";
$pdo = $this->linkDB();
try {
$sth = $pdo->prepare($sql);
$sth->execute($params);
$user = $sth->fetch(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten.", $e);
die;
}
if (!$user) {
return false;
}
if (!password_verify($password, $user['password'])) {
return false;
}
$now = new DateTime();
$validUntil = new DateTime($user['validUntil']);
if ($now > $validUntil) {
return "Ihr Passwort ist abgelaufen. Bitte setzen Sie ein neues über: \"Passwort vergessen\".";
}
return true;
}
public function register($email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone)
{
$rtn = $this->pwRequirementCheck($password);
if($rtn !== true){
return $rtn;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return "Bitte geben Sie eine gültige E-Mail ein.";
}
$requiredFields = [$email, $password, $street, $houseNumber, $city, $postalCode, $country, $firstName, $lastName, $phone];
foreach ($requiredFields as $field) {
if (empty($field)) {
return "Bitte füllen Sie alle Felder aus";
}
}
try {
$pdo = $this->linkDB();
$stmt = $pdo->prepare("SELECT id FROM user WHERE email = :email");
$stmt->execute([':email' => $email]);
if($stmt-> fetch()){
return "Der Account mit der Email, existiert bereits.";
}
}
catch (PDOException $e){
new \Blog\Library\ErrorMsg("Fehler beim Abrufen der Daten", $e);
die;
}
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO user (email, password, straße, hausnr, ort, postleitzahl,land, vorname, nachname, tel)
VALUES (:email, :password, :straße, :hausnr, :ort, :postleitzahl, :land, :vorname, :nachname, :tel)";
try{
$pdo = $this->linkDB();
$stmt = $pdo->prepare($sql);
return $stmt->execute([
':email' => $email,
':password' => $hashedPassword,
':straße' => $street,
':hausnr' => $houseNumber,
':ort' => $city,
':postleitzahl' => $postalCode,
':land' => $country,
':vorname' => $firstName,
':nachname' => $lastName,
':tel' => $phone
]);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
die;
}
}
private function pwRequirementCheck($password){
$error = [];
if(strlen($password) <= 8)
$error[] = "min 8 Charackter";
if(!preg_match("/[A-Z]/", $password))
$error[] = "min one large Character";
if(!preg_match("/[a-z]/", $password))
$error[] = "min one small charakter";
if(!preg_match("/[0-9]/", $password))
$error[] = "min one number";
if(!preg_match("/[ <>|°^,;·.:…\-_#'+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ ]/", $password));
$error[] = "min one of these: <>|°^,;·.:…\-_#'+*~!¹\"²§³\$¼%½&¬/{([)]=}?ß\\\`¸´¡⅛£¤⅜⅝⅞™±¿˛¯˘—÷×»«¢„“”µþø→↓←ŧ¶€ſ@æſðđŋħ.ĸłµ”“„¢«»›‹©‚‘’ºÆẞЪŊĦ˙&ŁΩ§€®Ŧ¥↑ıØÞ";
if(empty($error))
return true;
else
return $error;
}
public function pwForgot($email){
$randomPw = bin2hex(random_bytes(12 / 2));
$hashedPassword = password_hash($randomPw, PASSWORD_DEFAULT);
$this->forgottenPwUpdate($email, $hashedPassword);
$betreff = "Passwort zurücksetzen bei bibArts";
$nachricht = "Hallo,\n\nhier ihr temporäres Passwort:\n\n $randomPw \n\n Bitte beachten Sie, dass das Passwort nur 2 stunden Gülltig ist. \nViele Grüße,\nbibArts Team";
$header = "From: noreply@edu.bib.de\r\n";
$header .= "Content-Type: text/plain; charset=UTF-8\r\n";
$maxTries = 5;
$try = 0;
$success = false;
while ($try < $maxTries && !$success) {
$erfolg = mail($email, $betreff, $nachricht, $header);
$try++;
if (!$erfolg) {
error_log("Mailversuch $try an $email fehlgeschlagen.");
sleep(1);
}
}
}
private function forgottenPwUpdate($email, $hashedPassword)
{
try{
$pdo = $this->linkDB();
$sqlCheck = "SELECT COUNT(*) FROM user WHERE email = :email";
$stmt = $pdo->prepare($sqlCheck);
$stmt->execute([':email' => $email]);
if ($stmt->fetchColumn() == 0) {
return false;
}
$validUntil = (new DateTime())->add(new DateInterval('PT2H'))->format('Y-m-d H:i:s');
$sql = "UPDATE user
SET password = :password AND validUntil = :validUntil
WHERE email = :email";
$stmt = $pdo->prepare($sql);
return $stmt->execute([
':email' => $email,
':password' => $hashedPassword,
':validUntil' => $validUntil
]);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);
die;
return false;
}
}
public function updatePassword($email, $oldpw, $newpw){
if(!$this->login($email, $oldpw)) {
return false;
}
$requiredFields = [$email, $oldpw, $newpw];
foreach ($requiredFields as $field) {
if (empty($field)) {
return "Bitte füllen Sie alle Felder aus";
}
}
$hashedPassword = password_hash($newpw, PASSWORD_DEFAULT);
$sql = "INSERT INTO user (email, password)
VALUES (:email, :password)";
try{
$pdo = $this->linkDB();
$stmt = $pdo->prepare($sql);
return $stmt->execute([
':email' => $email,
':password' => $hashedPassword,
]);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
die;
}
}
public function checkDoublePw($password1, $password2){
if($password1 === $password2){
return true;
}
else
return false;
}
}