Refactor account, login, and register pages for improved readability and maintainability
This commit is contained in:
parent
26fbb03698
commit
00291ac12e
33
account.php
33
account.php
@ -6,12 +6,13 @@ error_reporting(E_ALL);
|
|||||||
|
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
if (empty($_SESSION['user_id'])) {
|
if (empty($_SESSION['user_id']))
|
||||||
|
{
|
||||||
header('Location: login.php');
|
header('Location: login.php');
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
$userId = (int) $_SESSION['user_id'];
|
$userId = (int)$_SESSION['user_id'];
|
||||||
|
|
||||||
$servername = "localhost";
|
$servername = "localhost";
|
||||||
$port = 3306;
|
$port = 3306;
|
||||||
@ -20,13 +21,15 @@ $password = "L9wUNZZ9Qkbt";
|
|||||||
$db = "FSST";
|
$db = "FSST";
|
||||||
|
|
||||||
$conn = mysqli_connect($servername, $username, $password, $db, $port);
|
$conn = mysqli_connect($servername, $username, $password, $db, $port);
|
||||||
if (!$conn) {
|
if (!$conn)
|
||||||
|
{
|
||||||
http_response_code(500);
|
http_response_code(500);
|
||||||
die("Datenbankfehler");
|
die("Datenbankfehler");
|
||||||
}
|
}
|
||||||
|
|
||||||
$stmt = mysqli_prepare($conn, "SELECT userID, displayName FROM users WHERE userID = ? LIMIT 1");
|
$stmt = mysqli_prepare($conn, "SELECT userID, displayName, email FROM users WHERE userID = ? LIMIT 1");
|
||||||
if (!$stmt) {
|
if (!$stmt)
|
||||||
|
{
|
||||||
http_response_code(500);
|
http_response_code(500);
|
||||||
die("Datenbankfehler");
|
die("Datenbankfehler");
|
||||||
}
|
}
|
||||||
@ -35,12 +38,21 @@ mysqli_stmt_bind_param($stmt, "i", $userId);
|
|||||||
mysqli_stmt_execute($stmt);
|
mysqli_stmt_execute($stmt);
|
||||||
|
|
||||||
$result = mysqli_stmt_get_result($stmt);
|
$result = mysqli_stmt_get_result($stmt);
|
||||||
$user = $result ? mysqli_fetch_assoc($result) : null;
|
|
||||||
|
if ($result)
|
||||||
|
{
|
||||||
|
$user = mysqli_fetch_assoc($result);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$user = null;
|
||||||
|
}
|
||||||
|
|
||||||
mysqli_stmt_close($stmt);
|
mysqli_stmt_close($stmt);
|
||||||
mysqli_close($conn);
|
mysqli_close($conn);
|
||||||
|
|
||||||
if (!$user) {
|
if (!$user)
|
||||||
|
{
|
||||||
session_unset();
|
session_unset();
|
||||||
session_destroy();
|
session_destroy();
|
||||||
header('Location: login.php');
|
header('Location: login.php');
|
||||||
@ -49,14 +61,17 @@ if (!$user) {
|
|||||||
|
|
||||||
include 'header.php';
|
include 'header.php';
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<link rel="stylesheet" href="assets/css/login.css">
|
<link rel="stylesheet" href="assets/css/login.css">
|
||||||
|
|
||||||
<main class="auth" role="main">
|
<main class="auth" role="main">
|
||||||
<section class="auth__grid" aria-label="Account Bereich">
|
<section class="auth__grid" aria-label="Account Bereich">
|
||||||
<div class="auth__card">
|
<div class="auth__card">
|
||||||
<header class="auth__header">
|
<header class="auth__header">
|
||||||
<p class="auth__title">Username: <?php echo htmlspecialchars($user['displayName'], ENT_QUOTES, 'UTF-8'); ?></p> <br>
|
<p class="auth__title">
|
||||||
<p class="auth__title">UserID: <?php echo (int) $user['userID']; ?></p>
|
Username: <?php echo htmlspecialchars($user['displayName'], ENT_QUOTES, 'UTF-8'); ?></p> <br>
|
||||||
|
<p class="auth__title">UserID: <?php echo (int)$user['userID']; ?></p> <br>
|
||||||
|
<p class="auth__title">Email: <?php echo htmlspecialchars($user['email']); ?></p>
|
||||||
</header>
|
</header>
|
||||||
</div>
|
</div>
|
||||||
</section>
|
</section>
|
||||||
|
|||||||
62
login.php
62
login.php
@ -15,7 +15,8 @@ $password = "L9wUNZZ9Qkbt";
|
|||||||
$db = "FSST";
|
$db = "FSST";
|
||||||
|
|
||||||
$conn = mysqli_connect($servername, $username, $password, $db, $port);
|
$conn = mysqli_connect($servername, $username, $password, $db, $port);
|
||||||
if (!$conn) {
|
if (!$conn)
|
||||||
|
{
|
||||||
http_response_code(500);
|
http_response_code(500);
|
||||||
die("Datenbankfehler");
|
die("Datenbankfehler");
|
||||||
}
|
}
|
||||||
@ -24,40 +25,63 @@ if (!$conn) {
|
|||||||
$loginError = null;
|
$loginError = null;
|
||||||
$loginInfo = null;
|
$loginInfo = null;
|
||||||
|
|
||||||
if (isset($_GET['registered']) && $_GET['registered'] === '1') {
|
if (isset($_GET['registered']) && $_GET['registered'] === '1')
|
||||||
|
{
|
||||||
$loginInfo = 'Registrierung erfolgreich. Du kannst dich jetzt einloggen.';
|
$loginInfo = 'Registrierung erfolgreich. Du kannst dich jetzt einloggen.';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] === 'POST')
|
||||||
$uname = trim(isset($_POST['uname']) ? $_POST['uname'] : '');
|
{
|
||||||
$pw = isset($_POST['pw']) ? $_POST['pw'] : '';
|
$uname = '';
|
||||||
|
|
||||||
|
if (isset($_POST['uname']))
|
||||||
|
{
|
||||||
|
$uname = trim($_POST['uname']);
|
||||||
|
}
|
||||||
|
|
||||||
|
$pw = isset($_POST['pw']) ? $_POST['pw'] : '';
|
||||||
|
|
||||||
// Basic Validierung
|
// Basic Validierung
|
||||||
if ($uname === '' || $pw === '') {
|
if ($uname === '' || $pw === '')
|
||||||
|
{
|
||||||
$loginError = "Bitte Username und Passwort eingeben.";
|
$loginError = "Bitte Username und Passwort eingeben.";
|
||||||
} else {
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
// Login ist SELECT, mit Prepared Statement (sicher) und ?-Platzhalter
|
// Login ist SELECT, mit Prepared Statement (sicher) und ?-Platzhalter
|
||||||
$stmt = mysqli_prepare(
|
$stmt = mysqli_prepare(
|
||||||
$conn,
|
$conn,
|
||||||
"SELECT userID, displayName, passwordHash FROM users WHERE displayName = ? LIMIT 1"
|
"SELECT userID, displayName, passwordHash FROM users WHERE displayName = ? LIMIT 1"
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!$stmt) {
|
if (!$stmt)
|
||||||
|
{
|
||||||
$loginError = "Datenbankfehler.";
|
$loginError = "Datenbankfehler.";
|
||||||
} else {
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
mysqli_stmt_bind_param($stmt, "s", $uname);
|
mysqli_stmt_bind_param($stmt, "s", $uname);
|
||||||
mysqli_stmt_execute($stmt);
|
mysqli_stmt_execute($stmt);
|
||||||
|
|
||||||
$result = mysqli_stmt_get_result($stmt);
|
$result = mysqli_stmt_get_result($stmt);
|
||||||
$user = $result ? mysqli_fetch_assoc($result) : null;
|
|
||||||
|
$user = null;
|
||||||
|
|
||||||
|
if ($result)
|
||||||
|
{
|
||||||
|
$user = mysqli_fetch_assoc($result);
|
||||||
|
}
|
||||||
|
|
||||||
// Passwort prüfen: Eingabe gegen gespeicherten Hash (password_hash/password_verify)
|
// Passwort prüfen: Eingabe gegen gespeicherten Hash (password_hash/password_verify)
|
||||||
if ($user && password_verify($pw, $user['passwordHash'])) {
|
if ($user && password_verify($pw, $user['passwordHash']))
|
||||||
|
{
|
||||||
// Optional: Rehash, falls Algorithmus/Cost geändert wurde
|
// Optional: Rehash, falls Algorithmus/Cost geändert wurde
|
||||||
if (password_needs_rehash($user['passwordHash'], PASSWORD_DEFAULT)) {
|
if (password_needs_rehash($user['passwordHash'], PASSWORD_DEFAULT))
|
||||||
|
{
|
||||||
$newHash = password_hash($pw, PASSWORD_DEFAULT);
|
$newHash = password_hash($pw, PASSWORD_DEFAULT);
|
||||||
$upd = mysqli_prepare($conn, "UPDATE users SET passwordHash = ? WHERE userID = ?");
|
$upd = mysqli_prepare($conn, "UPDATE users SET passwordHash = ? WHERE userID = ?");
|
||||||
if ($upd) {
|
if ($upd)
|
||||||
|
{
|
||||||
$userID = (int)$user['userID'];
|
$userID = (int)$user['userID'];
|
||||||
mysqli_stmt_bind_param($upd, "si", $newHash, $userID);
|
mysqli_stmt_bind_param($upd, "si", $newHash, $userID);
|
||||||
mysqli_stmt_execute($upd);
|
mysqli_stmt_execute($upd);
|
||||||
@ -65,7 +89,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$_SESSION['user_id'] = (int)$user['userID'];
|
$_SESSION['user_id'] = (int)$user['userID'];
|
||||||
$_SESSION['displayName'] = $user['displayName'];
|
$_SESSION['displayName'] = $user['displayName'];
|
||||||
|
|
||||||
mysqli_stmt_close($stmt);
|
mysqli_stmt_close($stmt);
|
||||||
@ -93,11 +117,13 @@ include 'header.php';
|
|||||||
</header>
|
</header>
|
||||||
|
|
||||||
<?php if ($loginInfo): ?>
|
<?php if ($loginInfo): ?>
|
||||||
<p class="auth__alert" role="status"><?php echo htmlspecialchars($loginInfo, ENT_QUOTES, 'UTF-8'); ?></p>
|
<p class="auth__alert"
|
||||||
|
role="status"><?php echo htmlspecialchars($loginInfo, ENT_QUOTES, 'UTF-8'); ?></p>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
||||||
<?php if ($loginError): ?>
|
<?php if ($loginError): ?>
|
||||||
<p class="auth__alert" role="alert"><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
|
<p class="auth__alert"
|
||||||
|
role="alert"><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
||||||
<form class="auth__form" action="login.php" method="POST" autocomplete="on">
|
<form class="auth__form" action="login.php" method="POST" autocomplete="on">
|
||||||
|
|||||||
99
register.php
99
register.php
@ -15,68 +15,103 @@ $password = "L9wUNZZ9Qkbt";
|
|||||||
$db = "FSST";
|
$db = "FSST";
|
||||||
|
|
||||||
$conn = mysqli_connect($servername, $username, $password, $db, $port);
|
$conn = mysqli_connect($servername, $username, $password, $db, $port);
|
||||||
if (!$conn) {
|
if (!$conn)
|
||||||
|
{
|
||||||
http_response_code(500);
|
http_response_code(500);
|
||||||
die("Datenbankfehler");
|
die("Datenbankfehler");
|
||||||
}
|
}
|
||||||
|
|
||||||
$errors = [];
|
$errors = [];
|
||||||
$values = [
|
$values = [
|
||||||
'email' => '',
|
'email' => '',
|
||||||
'displayName' => ''
|
'displayName' => ''
|
||||||
];
|
];
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] === 'POST')
|
||||||
$email = trim((string)(isset($_POST['email']) ? $_POST['email'] : ''));
|
{
|
||||||
$displayName = trim((string)(isset($_POST['displayName']) ? $_POST['displayName'] : ''));
|
$email = '';
|
||||||
$pw = (string)(isset($_POST['pw']) ? $_POST['pw'] : '');
|
if (isset($_POST['email']))
|
||||||
$pw2 = (string)(isset($_POST['pw2']) ? $_POST['pw2'] : '');
|
{
|
||||||
|
$email = trim((string)$_POST['email']);
|
||||||
|
}
|
||||||
|
|
||||||
|
$displayName = '';
|
||||||
|
if (isset($_POST['displayName']))
|
||||||
|
{
|
||||||
|
$displayName = trim((string)$_POST['displayName']);
|
||||||
|
}
|
||||||
|
|
||||||
|
$pw = '';
|
||||||
|
if (isset($_POST['pw']))
|
||||||
|
{
|
||||||
|
$pw = (string)$_POST['pw'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$pw2 = '';
|
||||||
|
if (isset($_POST['pw2']))
|
||||||
|
{
|
||||||
|
$pw2 = (string)$_POST['pw2'];
|
||||||
|
}
|
||||||
|
|
||||||
$values['email'] = $email;
|
$values['email'] = $email;
|
||||||
$values['displayName'] = $displayName;
|
$values['displayName'] = $displayName;
|
||||||
|
|
||||||
// Validierung
|
// Validierung
|
||||||
if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL))
|
||||||
|
{
|
||||||
$errors[] = 'Bitte eine gültige E-Mail-Adresse eingeben.';
|
$errors[] = 'Bitte eine gültige E-Mail-Adresse eingeben.';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($displayName === '' || mb_strlen($displayName) < 3 || mb_strlen($displayName) > 50) {
|
if ($displayName === '' || mb_strlen($displayName) < 3 || mb_strlen($displayName) > 50)
|
||||||
|
{
|
||||||
$errors[] = 'Bitte einen Benutzernamen mit 3–50 Zeichen eingeben.';
|
$errors[] = 'Bitte einen Benutzernamen mit 3–50 Zeichen eingeben.';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($pw === '' || mb_strlen($pw) < 8) {
|
if ($pw === '' || mb_strlen($pw) < 8)
|
||||||
|
{
|
||||||
$errors[] = 'Bitte ein Passwort mit mindestens 8 Zeichen wählen.';
|
$errors[] = 'Bitte ein Passwort mit mindestens 8 Zeichen wählen.';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($pw !== $pw2) {
|
if ($pw !== $pw2)
|
||||||
|
{
|
||||||
$errors[] = 'Die Passwörter stimmen nicht überein.';
|
$errors[] = 'Die Passwörter stimmen nicht überein.';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Duplicate-Checks
|
// Duplicate-Checks
|
||||||
if (!$errors) {
|
if (!$errors)
|
||||||
|
{
|
||||||
$stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE email = ? LIMIT 1');
|
$stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE email = ? LIMIT 1');
|
||||||
if (!$stmt) {
|
if (!$stmt)
|
||||||
|
{
|
||||||
$errors[] = 'Datenbankfehler.';
|
$errors[] = 'Datenbankfehler.';
|
||||||
} else {
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
mysqli_stmt_bind_param($stmt, 's', $email);
|
mysqli_stmt_bind_param($stmt, 's', $email);
|
||||||
mysqli_stmt_execute($stmt);
|
mysqli_stmt_execute($stmt);
|
||||||
$result = mysqli_stmt_get_result($stmt);
|
$result = mysqli_stmt_get_result($stmt);
|
||||||
if ($result && mysqli_fetch_assoc($result)) {
|
if ($result && mysqli_fetch_assoc($result))
|
||||||
|
{
|
||||||
$errors[] = 'Diese E-Mail ist bereits registriert.';
|
$errors[] = 'Diese E-Mail ist bereits registriert.';
|
||||||
}
|
}
|
||||||
mysqli_stmt_close($stmt);
|
mysqli_stmt_close($stmt);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$errors) {
|
if (!$errors)
|
||||||
|
{
|
||||||
$stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE displayName = ? LIMIT 1');
|
$stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE displayName = ? LIMIT 1');
|
||||||
if (!$stmt) {
|
if (!$stmt)
|
||||||
|
{
|
||||||
$errors[] = 'Datenbankfehler.';
|
$errors[] = 'Datenbankfehler.';
|
||||||
} else {
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
mysqli_stmt_bind_param($stmt, 's', $displayName);
|
mysqli_stmt_bind_param($stmt, 's', $displayName);
|
||||||
mysqli_stmt_execute($stmt);
|
mysqli_stmt_execute($stmt);
|
||||||
$result = mysqli_stmt_get_result($stmt);
|
$result = mysqli_stmt_get_result($stmt);
|
||||||
if ($result && mysqli_fetch_assoc($result)) {
|
if ($result && mysqli_fetch_assoc($result))
|
||||||
|
{
|
||||||
$errors[] = 'Dieser Benutzername ist bereits vergeben.';
|
$errors[] = 'Dieser Benutzername ist bereits vergeben.';
|
||||||
}
|
}
|
||||||
mysqli_stmt_close($stmt);
|
mysqli_stmt_close($stmt);
|
||||||
@ -84,21 +119,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Insert
|
// Insert
|
||||||
if (!$errors) {
|
if (!$errors)
|
||||||
|
{
|
||||||
$hash = password_hash($pw, PASSWORD_DEFAULT);
|
$hash = password_hash($pw, PASSWORD_DEFAULT);
|
||||||
$stmt = mysqli_prepare(
|
$stmt = mysqli_prepare(
|
||||||
$conn,
|
$conn,
|
||||||
'INSERT INTO users (email, passwordHash, displayName, isActive, createdAt) VALUES (?, ?, ?, 1, NOW())'
|
'INSERT INTO users (email, passwordHash, displayName, isActive, createdAt) VALUES (?, ?, ?, 1, NOW())'
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!$stmt) {
|
if (!$stmt)
|
||||||
|
{
|
||||||
$errors[] = 'Datenbankfehler.';
|
$errors[] = 'Datenbankfehler.';
|
||||||
} else {
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
mysqli_stmt_bind_param($stmt, 'sss', $email, $hash, $displayName);
|
mysqli_stmt_bind_param($stmt, 'sss', $email, $hash, $displayName);
|
||||||
$ok = mysqli_stmt_execute($stmt);
|
$ok = mysqli_stmt_execute($stmt);
|
||||||
mysqli_stmt_close($stmt);
|
mysqli_stmt_close($stmt);
|
||||||
|
|
||||||
if ($ok) {
|
if ($ok)
|
||||||
|
{
|
||||||
mysqli_close($conn);
|
mysqli_close($conn);
|
||||||
header('Location: login.php?registered=1');
|
header('Location: login.php?registered=1');
|
||||||
exit;
|
exit;
|
||||||
@ -133,12 +173,15 @@ include 'header.php';
|
|||||||
<form class="auth__form" action="register.php" method="POST" autocomplete="on">
|
<form class="auth__form" action="register.php" method="POST" autocomplete="on">
|
||||||
<div class="auth__field">
|
<div class="auth__field">
|
||||||
<label for="email">E-Mail</label>
|
<label for="email">E-Mail</label>
|
||||||
<input type="text" id="email" name="email" autocomplete="email" required value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES, 'UTF-8'); ?>">
|
<input type="text" id="email" name="email" autocomplete="email" required
|
||||||
|
value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES, 'UTF-8'); ?>">
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="auth__field">
|
<div class="auth__field">
|
||||||
<label for="displayName">Username</label>
|
<label for="displayName">Username</label>
|
||||||
<input type="text" id="displayName" name="displayName" inputmode="text" autocomplete="username" required value="<?php echo htmlspecialchars($values['displayName'], ENT_QUOTES, 'UTF-8'); ?>">
|
<input type="text" id="displayName" name="displayName" inputmode="text" autocomplete="username"
|
||||||
|
required
|
||||||
|
value="<?php echo htmlspecialchars($values['displayName'], ENT_QUOTES, 'UTF-8'); ?>">
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="auth__field">
|
<div class="auth__field">
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user