FSST/Geizkragen
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases Wiki Activity

Add registration functionality and improve login logic

Browse Source
This commit is contained in:
Fabian Schieder 2026-01-23 09:58:35 +01:00
parent f3d171c59c
commit 0bf685049c
4 changed files with 188 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/images/logo.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 85 KiB

After

Width:  |  Height:  |  Size: 278 KiB

22
login.php
View File

@ -22,6 +22,11 @@ if (!$conn) {
// 2) POST-Verarbeitung VOR jeglicher Ausgabe
$loginError = null;
$loginInfo = null;
if (isset($_GET['registered']) && $_GET['registered'] === '1') {
$loginInfo = 'Registrierung erfolgreich. Du kannst dich jetzt einloggen.';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$uname = trim(isset($_POST['uname']) ? $_POST['uname'] : '');
@ -34,7 +39,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Login ist SELECT, mit Prepared Statement (sicher) und ?-Platzhalter
$stmt = mysqli_prepare(
$conn,
"SELECT displayName, passwordHash FROM users WHERE displayName = ? LIMIT 1"
"SELECT userID, displayName, passwordHash FROM users WHERE displayName = ? LIMIT 1"
);
if (!$stmt) {
@ -51,17 +56,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Optional: Rehash, falls Algorithmus/Cost geändert wurde
if (password_needs_rehash($user['passwordHash'], PASSWORD_DEFAULT)) {
$newHash = password_hash($pw, PASSWORD_DEFAULT);
$upd = mysqli_prepare($conn, "UPDATE user SET passwordHash = ? WHERE id = ?");
$upd = mysqli_prepare($conn, "UPDATE users SET passwordHash = ? WHERE userID = ?");
if ($upd) {
$id = (int)$user['id'];
mysqli_stmt_bind_param($upd, "si", $newHash, $id);
$userID = (int)$user['userID'];
mysqli_stmt_bind_param($upd, "si", $newHash, $userID);
mysqli_stmt_execute($upd);
mysqli_stmt_close($upd);
}
}
$_SESSION['user_id'] = (int)$user['id'];
$_SESSION['username'] = $user['un'];
$_SESSION['user_id'] = (int)$user['userID'];
$_SESSION['displayName'] = $user['displayName'];
mysqli_stmt_close($stmt);
@ -89,6 +93,10 @@ include 'header.php';
<p class="auth__subtitle">Melde dich an, um deine Wunschliste zu verwalten und Deals schneller zu speichern.</p>
</header>
<?php if ($loginInfo): ?>
<p class="auth__alert" role="status"><?php echo htmlspecialchars($loginInfo, ENT_QUOTES, 'UTF-8'); ?></p>
<?php endif; ?>
<?php if ($loginError): ?>
<p class="auth__alert" role="alert"><?php echo htmlspecialchars($loginError, ENT_QUOTES, 'UTF-8'); ?></p>
<?php endif; ?>
@ -110,7 +118,7 @@ include 'header.php';
</form>
<div class="auth__links">
<p class="auth__muted">Neu hier? <a href="other/login.html">Account erstellen</a></p>
<p class="auth__muted">Neu hier? <a href="register.php">Account erstellen</a></p>
<p class="auth__muted"><a href="index.php">Zurück zur Startseite</a></p>
</div>
</div>

1
productpage.php Normal file
View File

@ -0,0 +1 @@
<?php

171
register.php Normal file
View File

@ -0,0 +1,171 @@
<?php
// register.php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();
// 1) DB-Verbindung (einmal)
$servername = "localhost";
$port = 3306;
$username = "FSST";
$password = "L9wUNZZ9Qkbt";
$db = "FSST";
$conn = mysqli_connect($servername, $username, $password, $db, $port);
if (!$conn) {
http_response_code(500);
die("Datenbankfehler");
}
$errors = [];
$values = [
'email' => '',
'displayName' => ''
];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = trim((string)(isset($_POST['email']) ? $_POST['email'] : ''));
$displayName = trim((string)(isset($_POST['displayName']) ? $_POST['displayName'] : ''));
$pw = (string)(isset($_POST['pw']) ? $_POST['pw'] : '');
$pw2 = (string)(isset($_POST['pw2']) ? $_POST['pw2'] : '');
$values['email'] = $email;
$values['displayName'] = $displayName;
// Validierung
if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Bitte eine gültige E-Mail-Adresse eingeben.';
}
if ($displayName === '' || mb_strlen($displayName) < 3 || mb_strlen($displayName) > 50) {
$errors[] = 'Bitte einen Benutzernamen mit 350 Zeichen eingeben.';
}
if ($pw === '' || mb_strlen($pw) < 8) {
$errors[] = 'Bitte ein Passwort mit mindestens 8 Zeichen wählen.';
}
if ($pw !== $pw2) {
$errors[] = 'Die Passwörter stimmen nicht überein.';
}
// Duplicate-Checks
if (!$errors) {
$stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE email = ? LIMIT 1');
if (!$stmt) {
$errors[] = 'Datenbankfehler.';
} else {
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($result && mysqli_fetch_assoc($result)) {
$errors[] = 'Diese E-Mail ist bereits registriert.';
}
mysqli_stmt_close($stmt);
}
}
if (!$errors) {
$stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE displayName = ? LIMIT 1');
if (!$stmt) {
$errors[] = 'Datenbankfehler.';
} else {
mysqli_stmt_bind_param($stmt, 's', $displayName);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($result && mysqli_fetch_assoc($result)) {
$errors[] = 'Dieser Benutzername ist bereits vergeben.';
}
mysqli_stmt_close($stmt);
}
}
// Insert
if (!$errors) {
$hash = password_hash($pw, PASSWORD_DEFAULT);
$stmt = mysqli_prepare(
$conn,
'INSERT INTO users (email, passwordHash, displayName, isActive, createdAt) VALUES (?, ?, ?, 1, NOW())'
);
if (!$stmt) {
$errors[] = 'Datenbankfehler.';
} else {
mysqli_stmt_bind_param($stmt, 'sss', $email, $hash, $displayName);
$ok = mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
if ($ok) {
mysqli_close($conn);
header('Location: login.php?registered=1');
exit;
}
$errors[] = 'Registrierung fehlgeschlagen.';
}
}
}
include 'header.php';
?>
<link rel="stylesheet" href="assets/css/login.css">
<main class="auth" role="main">
<section class="auth__grid" aria-label="Registrierung Bereich">
<div class="auth__card">
<header class="auth__header">
<h2 class="auth__title">Registrierung</h2>
<p class="auth__subtitle">Erstelle einen Account, um deine Wunschliste zu verwalten und Deals schneller zu speichern.</p>
</header>
<?php if ($errors): ?>
<div class="auth__alert" role="alert">
<ul>
<?php foreach ($errors as $e): ?>
<li><?php echo htmlspecialchars($e, ENT_QUOTES, 'UTF-8'); ?></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
<form class="auth__form" action="register.php" method="POST" autocomplete="on">
<div class="auth__field">
<label for="email">E-Mail</label>
<input type="email" id="email" name="email" autocomplete="email" required value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES, 'UTF-8'); ?>">
</div>
<div class="auth__field">
<label for="displayName">Username</label>
<input type="text" id="displayName" name="displayName" inputmode="text" autocomplete="username" required value="<?php echo htmlspecialchars($values['displayName'], ENT_QUOTES, 'UTF-8'); ?>">
</div>
<div class="auth__field">
<label for="pw">Passwort</label>
<input type="password" id="pw" name="pw" autocomplete="new-password" required>
</div>
<div class="auth__field">
<label for="pw2">Passwort wiederholen</label>
<input type="password" id="pw2" name="pw2" autocomplete="new-password" required>
</div>
<div class="auth__actions">
<input class="auth__submit" type="submit" value="Registrieren">
</div>
</form>
<div class="auth__links">
<p class="auth__muted">Schon registriert? <a href="login.php">Einloggen</a></p>
<p class="auth__muted"><a href="index.php">Zurück zur Startseite</a></p>
</div>
</div>
</section>
</main>
<?php
mysqli_close($conn);
include 'footer.php';
?>