Add registration functionality and improve login logic

2026-01-23 09:58:35 +01:00 · 2026-01-23 09:58:35 +01:00 · 0bf685049c
commit 0bf685049c
parent f3d171c59c
4 changed files with 188 additions and 8 deletions
--- a/assets/images/logo.png
+++ b/assets/images/logo.png
--- a/login.php
+++ b/login.php
@ -22,6 +22,11 @@ if (!$conn) {
 // 2) POST-Verarbeitung VOR jeglicher Ausgabe
 $loginError = null;
 $loginInfo = null;
 if (isset($_GET['registered']) && $_GET['registered'] === '1') {
    $loginInfo = 'Registrierung erfolgreich. Du kannst dich jetzt einloggen.';
 }
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $uname = trim(isset($_POST['uname']) ? $_POST['uname'] : '');
@ -33,8 +38,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    } else {
        // Login ist SELECT, mit Prepared Statement (sicher) und ?-Platzhalter
        $stmt = mysqli_prepare(
-                $conn,
+            $conn,
-                "SELECT displayName, passwordHash FROM users WHERE displayName = ? LIMIT 1"
+            "SELECT userID, displayName, passwordHash FROM users WHERE displayName = ? LIMIT 1"
        );
        if (!$stmt) {
@ -51,17 +56,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                // Optional: Rehash, falls Algorithmus/Cost geändert wurde
                if (password_needs_rehash($user['passwordHash'], PASSWORD_DEFAULT)) {
                    $newHash = password_hash($pw, PASSWORD_DEFAULT);
-                    $upd = mysqli_prepare($conn, "UPDATE user SET passwordHash = ? WHERE id = ?");
+                    $upd = mysqli_prepare($conn, "UPDATE users SET passwordHash = ? WHERE userID = ?");
                    if ($upd) {
-                        $id = (int)$user['id'];
+                        $userID = (int)$user['userID'];
-                        mysqli_stmt_bind_param($upd, "si", $newHash, $id);
+                        mysqli_stmt_bind_param($upd, "si", $newHash, $userID);
                        mysqli_stmt_execute($upd);
                        mysqli_stmt_close($upd);
                    }
                }
-                $_SESSION['user_id']     = (int)$user['id'];
+                $_SESSION['user_id']     = (int)$user['userID'];
                $_SESSION['username']    = $user['un'];
                $_SESSION['displayName'] = $user['displayName'];
                mysqli_stmt_close($stmt);
@ -89,6 +93,10 @@ include 'header.php';
                <p class="auth__subtitle">Melde dich an, um deine Wunschliste zu verwalten und Deals schneller zu speichern.</p>
            </header>
            <?php if ($loginInfo): ?>
                <p class="auth__alert" role="status"><?php echo htmlspecialchars($loginInfo, ENT_QUOTES, 'UTF-8'); ?></p>
            <?php endif; ?>
            <?php if ($loginError): ?>
                <p class="auth__alert" role="alert"><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
            <?php endif; ?>
@ -110,7 +118,7 @@ include 'header.php';
            </form>
            <div class="auth__links">
-                <p class="auth__muted">Neu hier? <a href="other/login.html">Account erstellen</a></p>
+                <p class="auth__muted">Neu hier? <a href="register.php">Account erstellen</a></p>
                <p class="auth__muted"><a href="index.php">Zurück zur Startseite</a></p>
            </div>
        </div>
--- a/productpage.php
+++ b/productpage.php
@ -0,0 +1 @@
 <?php
--- a/register.php
+++ b/register.php
@ -0,0 +1,171 @@
 <?php
 // register.php
 ini_set('display_errors', 1);
 ini_set('display_startup_errors', 1);
 error_reporting(E_ALL);
 session_start();
 // 1) DB-Verbindung (einmal)
 $servername = "localhost";
 $port = 3306;
 $username = "FSST";
 $password = "L9wUNZZ9Qkbt";
 $db = "FSST";
 $conn = mysqli_connect($servername, $username, $password, $db, $port);
 if (!$conn) {
    http_response_code(500);
    die("Datenbankfehler");
 }
 $errors = [];
 $values = [
    'email' => '',
    'displayName' => ''
 ];
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = trim((string)(isset($_POST['email']) ? $_POST['email'] : ''));
    $displayName = trim((string)(isset($_POST['displayName']) ? $_POST['displayName'] : ''));
    $pw = (string)(isset($_POST['pw']) ? $_POST['pw'] : '');
    $pw2 = (string)(isset($_POST['pw2']) ? $_POST['pw2'] : '');
    $values['email'] = $email;
    $values['displayName'] = $displayName;
    // Validierung
    if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors[] = 'Bitte eine gültige E-Mail-Adresse eingeben.';
    }
    if ($displayName === '' || mb_strlen($displayName) < 3 || mb_strlen($displayName) > 50) {
        $errors[] = 'Bitte einen Benutzernamen mit 3–50 Zeichen eingeben.';
    }
    if ($pw === '' || mb_strlen($pw) < 8) {
        $errors[] = 'Bitte ein Passwort mit mindestens 8 Zeichen wählen.';
    }
    if ($pw !== $pw2) {
        $errors[] = 'Die Passwörter stimmen nicht überein.';
    }
    // Duplicate-Checks
    if (!$errors) {
        $stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE email = ? LIMIT 1');
        if (!$stmt) {
            $errors[] = 'Datenbankfehler.';
        } else {
            mysqli_stmt_bind_param($stmt, 's', $email);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);
            if ($result && mysqli_fetch_assoc($result)) {
                $errors[] = 'Diese E-Mail ist bereits registriert.';
            }
            mysqli_stmt_close($stmt);
        }
    }
    if (!$errors) {
        $stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE displayName = ? LIMIT 1');
        if (!$stmt) {
            $errors[] = 'Datenbankfehler.';
        } else {
            mysqli_stmt_bind_param($stmt, 's', $displayName);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);
            if ($result && mysqli_fetch_assoc($result)) {
                $errors[] = 'Dieser Benutzername ist bereits vergeben.';
            }
            mysqli_stmt_close($stmt);
        }
    }
    // Insert
    if (!$errors) {
        $hash = password_hash($pw, PASSWORD_DEFAULT);
        $stmt = mysqli_prepare(
            $conn,
            'INSERT INTO users (email, passwordHash, displayName, isActive, createdAt) VALUES (?, ?, ?, 1, NOW())'
        );
        if (!$stmt) {
            $errors[] = 'Datenbankfehler.';
        } else {
            mysqli_stmt_bind_param($stmt, 'sss', $email, $hash, $displayName);
            $ok = mysqli_stmt_execute($stmt);
            mysqli_stmt_close($stmt);
            if ($ok) {
                mysqli_close($conn);
                header('Location: login.php?registered=1');
                exit;
            }
            $errors[] = 'Registrierung fehlgeschlagen.';
        }
    }
 }
 include 'header.php';
 ?>
 <link rel="stylesheet" href="assets/css/login.css">
 <main class="auth" role="main">
    <section class="auth__grid" aria-label="Registrierung Bereich">
        <div class="auth__card">
            <header class="auth__header">
                <h2 class="auth__title">Registrierung</h2>
                <p class="auth__subtitle">Erstelle einen Account, um deine Wunschliste zu verwalten und Deals schneller zu speichern.</p>
            </header>
            <?php if ($errors): ?>
                <div class="auth__alert" role="alert">
                    <ul>
                        <?php foreach ($errors as $e): ?>
                            <li><?php echo htmlspecialchars($e, ENT_QUOTES, 'UTF-8'); ?></li>
                        <?php endforeach; ?>
                    </ul>
                </div>
            <?php endif; ?>
            <form class="auth__form" action="register.php" method="POST" autocomplete="on">
                <div class="auth__field">
                    <label for="email">E-Mail</label>
                    <input type="email" id="email" name="email" autocomplete="email" required value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES, 'UTF-8'); ?>">
                </div>
                <div class="auth__field">
                    <label for="displayName">Username</label>
                    <input type="text" id="displayName" name="displayName" inputmode="text" autocomplete="username" required value="<?php echo htmlspecialchars($values['displayName'], ENT_QUOTES, 'UTF-8'); ?>">
                </div>
                <div class="auth__field">
                    <label for="pw">Passwort</label>
                    <input type="password" id="pw" name="pw" autocomplete="new-password" required>
                </div>
                <div class="auth__field">
                    <label for="pw2">Passwort wiederholen</label>
                    <input type="password" id="pw2" name="pw2" autocomplete="new-password" required>
                </div>
                <div class="auth__actions">
                    <input class="auth__submit" type="submit" value="Registrieren">
                </div>
            </form>
            <div class="auth__links">
                <p class="auth__muted">Schon registriert? <a href="login.php">Einloggen</a></p>
                <p class="auth__muted"><a href="index.php">Zurück zur Startseite</a></p>
            </div>
        </div>
    </section>
 </main>
 <?php
 mysqli_close($conn);
 include 'footer.php';
 ?>