From 00291ac12e0324a59b2d572b515202698745ed24 Mon Sep 17 00:00:00 2001
From: Fabian Schieder <fabian.schieder.1010@gmail.com>
Date: Sun, 25 Jan 2026 01:07:00 +0100
Subject: [PATCH] Refactor account, login, and register pages for improved
 readability and maintainability

---
 account.php  | 33 +++++++++++++-----
 login.php    | 62 ++++++++++++++++++++++----------
 register.php | 99 +++++++++++++++++++++++++++++++++++++---------------
 3 files changed, 139 insertions(+), 55 deletions(-)

diff --git a/account.php b/account.php
index 6587a04..4c855f9 100644
--- a/account.php
+++ b/account.php
@@ -6,12 +6,13 @@ error_reporting(E_ALL);
 
 session_start();
 
-if (empty($_SESSION['user_id'])) {
+if (empty($_SESSION['user_id']))
+{
     header('Location: login.php');
     exit();
 }
 
-$userId = (int) $_SESSION['user_id'];
+$userId = (int)$_SESSION['user_id'];
 
 $servername = "localhost";
 $port = 3306;
@@ -20,13 +21,15 @@ $password = "L9wUNZZ9Qkbt";
 $db = "FSST";
 
 $conn = mysqli_connect($servername, $username, $password, $db, $port);
-if (!$conn) {
+if (!$conn)
+{
     http_response_code(500);
     die("Datenbankfehler");
 }
 
-$stmt = mysqli_prepare($conn, "SELECT userID, displayName FROM users WHERE userID = ? LIMIT 1");
-if (!$stmt) {
+$stmt = mysqli_prepare($conn, "SELECT userID, displayName, email FROM users WHERE userID = ? LIMIT 1");
+if (!$stmt)
+{
     http_response_code(500);
     die("Datenbankfehler");
 }
@@ -35,12 +38,21 @@ mysqli_stmt_bind_param($stmt, "i", $userId);
 mysqli_stmt_execute($stmt);
 
 $result = mysqli_stmt_get_result($stmt);
-$user = $result ? mysqli_fetch_assoc($result) : null;
+
+if ($result)
+{
+    $user = mysqli_fetch_assoc($result);
+}
+else
+{
+    $user = null;
+}
 
 mysqli_stmt_close($stmt);
 mysqli_close($conn);
 
-if (!$user) {
+if (!$user)
+{
     session_unset();
     session_destroy();
     header('Location: login.php');
@@ -49,14 +61,17 @@ if (!$user) {
 
 include 'header.php';
 ?>
+
     <link rel="stylesheet" href="assets/css/login.css">
 
     <main class="auth" role="main">
         <section class="auth__grid" aria-label="Account Bereich">
             <div class="auth__card">
                 <header class="auth__header">
-                    <p class="auth__title">Username: <?php echo htmlspecialchars($user['displayName'], ENT_QUOTES, 'UTF-8'); ?></p> <br>
-                    <p class="auth__title">UserID: <?php echo (int) $user['userID']; ?></p>
+                    <p class="auth__title">
+                        Username: <?php echo htmlspecialchars($user['displayName'], ENT_QUOTES, 'UTF-8'); ?></p> <br>
+                    <p class="auth__title">UserID: <?php echo (int)$user['userID']; ?></p> <br>
+                    <p class="auth__title">Email: <?php echo htmlspecialchars($user['email']); ?></p>
                 </header>
             </div>
         </section>
diff --git a/login.php b/login.php
index 5ca62c0..51cf64f 100644
--- a/login.php
+++ b/login.php
@@ -15,7 +15,8 @@ $password = "L9wUNZZ9Qkbt";
 $db = "FSST";
 
 $conn = mysqli_connect($servername, $username, $password, $db, $port);
-if (!$conn) {
+if (!$conn)
+{
     http_response_code(500);
     die("Datenbankfehler");
 }
@@ -24,40 +25,63 @@ if (!$conn) {
 $loginError = null;
 $loginInfo = null;
 
-if (isset($_GET['registered']) && $_GET['registered'] === '1') {
+if (isset($_GET['registered']) && $_GET['registered'] === '1')
+{
     $loginInfo = 'Registrierung erfolgreich. Du kannst dich jetzt einloggen.';
 }
 
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $uname = trim(isset($_POST['uname']) ? $_POST['uname'] : '');
-    $pw    = isset($_POST['pw']) ? $_POST['pw'] : '';
+if ($_SERVER['REQUEST_METHOD'] === 'POST')
+{
+    $uname = '';
+
+    if (isset($_POST['uname']))
+    {
+        $uname = trim($_POST['uname']);
+    }
+
+    $pw = isset($_POST['pw']) ? $_POST['pw'] : '';
 
     // Basic Validierung
-    if ($uname === '' || $pw === '') {
+    if ($uname === '' || $pw === '')
+    {
         $loginError = "Bitte Username und Passwort eingeben.";
-    } else {
+    }
+    else
+    {
         // Login ist SELECT, mit Prepared Statement (sicher) und ?-Platzhalter
         $stmt = mysqli_prepare(
-            $conn,
-            "SELECT userID, displayName, passwordHash FROM users WHERE displayName = ? LIMIT 1"
+                $conn,
+                "SELECT userID, displayName, passwordHash FROM users WHERE displayName = ? LIMIT 1"
         );
 
-        if (!$stmt) {
+        if (!$stmt)
+        {
             $loginError = "Datenbankfehler.";
-        } else {
+        }
+        else
+        {
             mysqli_stmt_bind_param($stmt, "s", $uname);
             mysqli_stmt_execute($stmt);
 
             $result = mysqli_stmt_get_result($stmt);
-            $user = $result ? mysqli_fetch_assoc($result) : null;
+
+            $user = null;
+
+            if ($result)
+            {
+                $user = mysqli_fetch_assoc($result);
+            }
 
             // Passwort prüfen: Eingabe gegen gespeicherten Hash (password_hash/password_verify)
-            if ($user && password_verify($pw, $user['passwordHash'])) {
+            if ($user && password_verify($pw, $user['passwordHash']))
+            {
                 // Optional: Rehash, falls Algorithmus/Cost geändert wurde
-                if (password_needs_rehash($user['passwordHash'], PASSWORD_DEFAULT)) {
+                if (password_needs_rehash($user['passwordHash'], PASSWORD_DEFAULT))
+                {
                     $newHash = password_hash($pw, PASSWORD_DEFAULT);
                     $upd = mysqli_prepare($conn, "UPDATE users SET passwordHash = ? WHERE userID = ?");
-                    if ($upd) {
+                    if ($upd)
+                    {
                         $userID = (int)$user['userID'];
                         mysqli_stmt_bind_param($upd, "si", $newHash, $userID);
                         mysqli_stmt_execute($upd);
@@ -65,7 +89,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     }
                 }
 
-                $_SESSION['user_id']     = (int)$user['userID'];
+                $_SESSION['user_id'] = (int)$user['userID'];
                 $_SESSION['displayName'] = $user['displayName'];
 
                 mysqli_stmt_close($stmt);
@@ -93,11 +117,13 @@ include 'header.php';
             </header>
 
             <?php if ($loginInfo): ?>
-                <p class="auth__alert" role="status"><?php echo htmlspecialchars($loginInfo, ENT_QUOTES, 'UTF-8'); ?></p>
+                <p class="auth__alert"
+                   role="status"><?php echo htmlspecialchars($loginInfo, ENT_QUOTES, 'UTF-8'); ?></p>
             <?php endif; ?>
 
             <?php if ($loginError): ?>
-                <p class="auth__alert" role="alert"><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
+                <p class="auth__alert"
+                   role="alert"><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
             <?php endif; ?>
 
             <form class="auth__form" action="login.php" method="POST" autocomplete="on">
diff --git a/register.php b/register.php
index a66daf0..494b3bf 100644
--- a/register.php
+++ b/register.php
@@ -15,68 +15,103 @@ $password = "L9wUNZZ9Qkbt";
 $db = "FSST";
 
 $conn = mysqli_connect($servername, $username, $password, $db, $port);
-if (!$conn) {
+if (!$conn)
+{
     http_response_code(500);
     die("Datenbankfehler");
 }
 
 $errors = [];
 $values = [
-    'email' => '',
-    'displayName' => ''
+        'email' => '',
+        'displayName' => ''
 ];
 
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $email = trim((string)(isset($_POST['email']) ? $_POST['email'] : ''));
-    $displayName = trim((string)(isset($_POST['displayName']) ? $_POST['displayName'] : ''));
-    $pw = (string)(isset($_POST['pw']) ? $_POST['pw'] : '');
-    $pw2 = (string)(isset($_POST['pw2']) ? $_POST['pw2'] : '');
+if ($_SERVER['REQUEST_METHOD'] === 'POST')
+{
+    $email = '';
+    if (isset($_POST['email']))
+    {
+        $email = trim((string)$_POST['email']);
+    }
+
+    $displayName = '';
+    if (isset($_POST['displayName']))
+    {
+        $displayName = trim((string)$_POST['displayName']);
+    }
+
+    $pw = '';
+    if (isset($_POST['pw']))
+    {
+        $pw = (string)$_POST['pw'];
+    }
+
+    $pw2 = '';
+    if (isset($_POST['pw2']))
+    {
+        $pw2 = (string)$_POST['pw2'];
+    }
 
     $values['email'] = $email;
     $values['displayName'] = $displayName;
 
     // Validierung
-    if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
+    if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL))
+    {
         $errors[] = 'Bitte eine gültige E-Mail-Adresse eingeben.';
     }
 
-    if ($displayName === '' || mb_strlen($displayName) < 3 || mb_strlen($displayName) > 50) {
+    if ($displayName === '' || mb_strlen($displayName) < 3 || mb_strlen($displayName) > 50)
+    {
         $errors[] = 'Bitte einen Benutzernamen mit 3–50 Zeichen eingeben.';
     }
 
-    if ($pw === '' || mb_strlen($pw) < 8) {
+    if ($pw === '' || mb_strlen($pw) < 8)
+    {
         $errors[] = 'Bitte ein Passwort mit mindestens 8 Zeichen wählen.';
     }
 
-    if ($pw !== $pw2) {
+    if ($pw !== $pw2)
+    {
         $errors[] = 'Die Passwörter stimmen nicht überein.';
     }
 
     // Duplicate-Checks
-    if (!$errors) {
+    if (!$errors)
+    {
         $stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE email = ? LIMIT 1');
-        if (!$stmt) {
+        if (!$stmt)
+        {
             $errors[] = 'Datenbankfehler.';
-        } else {
+        }
+        else
+        {
             mysqli_stmt_bind_param($stmt, 's', $email);
             mysqli_stmt_execute($stmt);
             $result = mysqli_stmt_get_result($stmt);
-            if ($result && mysqli_fetch_assoc($result)) {
+            if ($result && mysqli_fetch_assoc($result))
+            {
                 $errors[] = 'Diese E-Mail ist bereits registriert.';
             }
             mysqli_stmt_close($stmt);
         }
     }
 
-    if (!$errors) {
+    if (!$errors)
+    {
         $stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE displayName = ? LIMIT 1');
-        if (!$stmt) {
+        if (!$stmt)
+        {
             $errors[] = 'Datenbankfehler.';
-        } else {
+        }
+        else
+        {
             mysqli_stmt_bind_param($stmt, 's', $displayName);
             mysqli_stmt_execute($stmt);
             $result = mysqli_stmt_get_result($stmt);
-            if ($result && mysqli_fetch_assoc($result)) {
+            if ($result && mysqli_fetch_assoc($result))
+            {
                 $errors[] = 'Dieser Benutzername ist bereits vergeben.';
             }
             mysqli_stmt_close($stmt);
@@ -84,21 +119,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     }
 
     // Insert
-    if (!$errors) {
+    if (!$errors)
+    {
         $hash = password_hash($pw, PASSWORD_DEFAULT);
         $stmt = mysqli_prepare(
-            $conn,
-            'INSERT INTO users (email, passwordHash, displayName, isActive, createdAt) VALUES (?, ?, ?, 1, NOW())'
+                $conn,
+                'INSERT INTO users (email, passwordHash, displayName, isActive, createdAt) VALUES (?, ?, ?, 1, NOW())'
         );
 
-        if (!$stmt) {
+        if (!$stmt)
+        {
             $errors[] = 'Datenbankfehler.';
-        } else {
+        }
+        else
+        {
             mysqli_stmt_bind_param($stmt, 'sss', $email, $hash, $displayName);
             $ok = mysqli_stmt_execute($stmt);
             mysqli_stmt_close($stmt);
 
-            if ($ok) {
+            if ($ok)
+            {
                 mysqli_close($conn);
                 header('Location: login.php?registered=1');
                 exit;
@@ -133,12 +173,15 @@ include 'header.php';
             <form class="auth__form" action="register.php" method="POST" autocomplete="on">
                 <div class="auth__field">
                     <label for="email">E-Mail</label>
-                    <input type="text" id="email" name="email" autocomplete="email" required value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES, 'UTF-8'); ?>">
+                    <input type="text" id="email" name="email" autocomplete="email" required
+                           value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES, 'UTF-8'); ?>">
                 </div>
 
                 <div class="auth__field">
                     <label for="displayName">Username</label>
-                    <input type="text" id="displayName" name="displayName" inputmode="text" autocomplete="username" required value="<?php echo htmlspecialchars($values['displayName'], ENT_QUOTES, 'UTF-8'); ?>">
+                    <input type="text" id="displayName" name="displayName" inputmode="text" autocomplete="username"
+                           required
+                           value="<?php echo htmlspecialchars($values['displayName'], ENT_QUOTES, 'UTF-8'); ?>">
                 </div>
 
                 <div class="auth__field">