FSST/Geizkragen
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor account, login, and register pages for improved readability and maintainability

Browse Source
This commit is contained in:
Fabian Schieder 2026-01-25 01:07:00 +01:00
parent 26fbb03698
commit 00291ac12e
3 changed files with 139 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
account.php
View File

@ -6,12 +6,13 @@ error_reporting(E_ALL);
session_start();
if (empty($_SESSION['user_id'])) {
if (empty($_SESSION['user_id']))
{
header('Location: login.php');
exit();
}
$userId = (int) $_SESSION['user_id'];
$userId = (int)$_SESSION['user_id'];
$servername = "localhost";
$port = 3306;
@ -20,13 +21,15 @@ $password = "L9wUNZZ9Qkbt";
$db = "FSST";
$conn = mysqli_connect($servername, $username, $password, $db, $port);
if (!$conn) {
if (!$conn)
{
http_response_code(500);
die("Datenbankfehler");
}
$stmt = mysqli_prepare($conn, "SELECT userID, displayName FROM users WHERE userID = ? LIMIT 1");
if (!$stmt) {
$stmt = mysqli_prepare($conn, "SELECT userID, displayName, email FROM users WHERE userID = ? LIMIT 1");
if (!$stmt)
{
http_response_code(500);
die("Datenbankfehler");
}
@ -35,12 +38,21 @@ mysqli_stmt_bind_param($stmt, "i", $userId);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$user = $result ? mysqli_fetch_assoc($result) : null;
if ($result)
{
$user = mysqli_fetch_assoc($result);
}
else
{
$user = null;
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
if (!$user) {
if (!$user)
{
session_unset();
session_destroy();
header('Location: login.php');
@ -49,14 +61,17 @@ if (!$user) {
include 'header.php';
?>
<link rel="stylesheet" href="assets/css/login.css">
<main class="auth" role="main">
<section class="auth__grid" aria-label="Account Bereich">
<div class="auth__card">
<header class="auth__header">
<p class="auth__title">Username: <?php echo htmlspecialchars($user['displayName'], ENT_QUOTES, 'UTF-8'); ?></p> <br>
<p class="auth__title">UserID: <?php echo (int) $user['userID']; ?></p>
<p class="auth__title">
Username: <?php echo htmlspecialchars($user['displayName'], ENT_QUOTES, 'UTF-8'); ?></p> <br>
<p class="auth__title">UserID: <?php echo (int)$user['userID']; ?></p> <br>
<p class="auth__title">Email: <?php echo htmlspecialchars($user['email']); ?></p>
</header>
</div>
</section>

54
login.php
View File

@ -15,7 +15,8 @@ $password = "L9wUNZZ9Qkbt";
$db = "FSST";
$conn = mysqli_connect($servername, $username, $password, $db, $port);
if (!$conn) {
if (!$conn)
{
http_response_code(500);
die("Datenbankfehler");
}
@ -24,40 +25,63 @@ if (!$conn) {
$loginError = null;
$loginInfo = null;
if (isset($_GET['registered']) && $_GET['registered'] === '1') {
if (isset($_GET['registered']) && $_GET['registered'] === '1')
{
$loginInfo = 'Registrierung erfolgreich. Du kannst dich jetzt einloggen.';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$uname = trim(isset($_POST['uname']) ? $_POST['uname'] : '');
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
$uname = '';
if (isset($_POST['uname']))
{
$uname = trim($_POST['uname']);
}
$pw = isset($_POST['pw']) ? $_POST['pw'] : '';
// Basic Validierung
if ($uname === '' || $pw === '') {
if ($uname === '' || $pw === '')
{
$loginError = "Bitte Username und Passwort eingeben.";
} else {
}
else
{
// Login ist SELECT, mit Prepared Statement (sicher) und ?-Platzhalter
$stmt = mysqli_prepare(
$conn,
"SELECT userID, displayName, passwordHash FROM users WHERE displayName = ? LIMIT 1"
);
if (!$stmt) {
if (!$stmt)
{
$loginError = "Datenbankfehler.";
} else {
}
else
{
mysqli_stmt_bind_param($stmt, "s", $uname);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$user = $result ? mysqli_fetch_assoc($result) : null;
$user = null;
if ($result)
{
$user = mysqli_fetch_assoc($result);
}
// Passwort prüfen: Eingabe gegen gespeicherten Hash (password_hash/password_verify)
if ($user && password_verify($pw, $user['passwordHash'])) {
if ($user && password_verify($pw, $user['passwordHash']))
{
// Optional: Rehash, falls Algorithmus/Cost geändert wurde
if (password_needs_rehash($user['passwordHash'], PASSWORD_DEFAULT)) {
if (password_needs_rehash($user['passwordHash'], PASSWORD_DEFAULT))
{
$newHash = password_hash($pw, PASSWORD_DEFAULT);
$upd = mysqli_prepare($conn, "UPDATE users SET passwordHash = ? WHERE userID = ?");
if ($upd) {
if ($upd)
{
$userID = (int)$user['userID'];
mysqli_stmt_bind_param($upd, "si", $newHash, $userID);
mysqli_stmt_execute($upd);
@ -93,11 +117,13 @@ include 'header.php';
</header>
<?php if ($loginInfo): ?>
<p class="auth__alert" role="status"><?php echo htmlspecialchars($loginInfo, ENT_QUOTES, 'UTF-8'); ?></p>
<p class="auth__alert"
role="status"><?php echo htmlspecialchars($loginInfo, ENT_QUOTES, 'UTF-8'); ?></p>
<?php endif; ?>
<?php if ($loginError): ?>
<p class="auth__alert" role="alert"><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
<p class="auth__alert"
role="alert"><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
<?php endif; ?>
<form class="auth__form" action="login.php" method="POST" autocomplete="on">

91
register.php
View File

@ -15,7 +15,8 @@ $password = "L9wUNZZ9Qkbt";
$db = "FSST";
$conn = mysqli_connect($servername, $username, $password, $db, $port);
if (!$conn) {
if (!$conn)
{
http_response_code(500);
die("Datenbankfehler");
}
@ -26,57 +27,91 @@ $values = [
'displayName' => ''
];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = trim((string)(isset($_POST['email']) ? $_POST['email'] : ''));
$displayName = trim((string)(isset($_POST['displayName']) ? $_POST['displayName'] : ''));
$pw = (string)(isset($_POST['pw']) ? $_POST['pw'] : '');
$pw2 = (string)(isset($_POST['pw2']) ? $_POST['pw2'] : '');
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
$email = '';
if (isset($_POST['email']))
{
$email = trim((string)$_POST['email']);
}
$displayName = '';
if (isset($_POST['displayName']))
{
$displayName = trim((string)$_POST['displayName']);
}
$pw = '';
if (isset($_POST['pw']))
{
$pw = (string)$_POST['pw'];
}
$pw2 = '';
if (isset($_POST['pw2']))
{
$pw2 = (string)$_POST['pw2'];
}
$values['email'] = $email;
$values['displayName'] = $displayName;
// Validierung
if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL))
{
$errors[] = 'Bitte eine gültige E-Mail-Adresse eingeben.';
}
if ($displayName === '' || mb_strlen($displayName) < 3 || mb_strlen($displayName) > 50) {
if ($displayName === '' || mb_strlen($displayName) < 3 || mb_strlen($displayName) > 50)
{
$errors[] = 'Bitte einen Benutzernamen mit 350 Zeichen eingeben.';
}
if ($pw === '' || mb_strlen($pw) < 8) {
if ($pw === '' || mb_strlen($pw) < 8)
{
$errors[] = 'Bitte ein Passwort mit mindestens 8 Zeichen wählen.';
}
if ($pw !== $pw2) {
if ($pw !== $pw2)
{
$errors[] = 'Die Passwörter stimmen nicht überein.';
}
// Duplicate-Checks
if (!$errors) {
if (!$errors)
{
$stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE email = ? LIMIT 1');
if (!$stmt) {
if (!$stmt)
{
$errors[] = 'Datenbankfehler.';
} else {
}
else
{
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($result && mysqli_fetch_assoc($result)) {
if ($result && mysqli_fetch_assoc($result))
{
$errors[] = 'Diese E-Mail ist bereits registriert.';
}
mysqli_stmt_close($stmt);
}
}
if (!$errors) {
if (!$errors)
{
$stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE displayName = ? LIMIT 1');
if (!$stmt) {
if (!$stmt)
{
$errors[] = 'Datenbankfehler.';
} else {
}
else
{
mysqli_stmt_bind_param($stmt, 's', $displayName);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($result && mysqli_fetch_assoc($result)) {
if ($result && mysqli_fetch_assoc($result))
{
$errors[] = 'Dieser Benutzername ist bereits vergeben.';
}
mysqli_stmt_close($stmt);
@ -84,21 +119,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
// Insert
if (!$errors) {
if (!$errors)
{
$hash = password_hash($pw, PASSWORD_DEFAULT);
$stmt = mysqli_prepare(
$conn,
'INSERT INTO users (email, passwordHash, displayName, isActive, createdAt) VALUES (?, ?, ?, 1, NOW())'
);
if (!$stmt) {
if (!$stmt)
{
$errors[] = 'Datenbankfehler.';
} else {
}
else
{
mysqli_stmt_bind_param($stmt, 'sss', $email, $hash, $displayName);
$ok = mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
if ($ok) {
if ($ok)
{
mysqli_close($conn);
header('Location: login.php?registered=1');
exit;
@ -133,12 +173,15 @@ include 'header.php';
<form class="auth__form" action="register.php" method="POST" autocomplete="on">
<div class="auth__field">
<label for="email">E-Mail</label>
<input type="text" id="email" name="email" autocomplete="email" required value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES, 'UTF-8'); ?>">
<input type="text" id="email" name="email" autocomplete="email" required
value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES, 'UTF-8'); ?>">
</div>
<div class="auth__field">
<label for="displayName">Username</label>
<input type="text" id="displayName" name="displayName" inputmode="text" autocomplete="username" required value="<?php echo htmlspecialchars($values['displayName'], ENT_QUOTES, 'UTF-8'); ?>">
<input type="text" id="displayName" name="displayName" inputmode="text" autocomplete="username"
required
value="<?php echo htmlspecialchars($values['displayName'], ENT_QUOTES, 'UTF-8'); ?>">
</div>
<div class="auth__field">