login change

src/auth/register.php

@@ -0,0 +1,124 @@
+<?php
+// public/auth/register.php
+
+require __DIR__ . '/../../config/fileload.php';  // Pfad ggf. anpassen
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    $lang = $_GET['lang'] ?? 'de';
+    header('Location: /login/?lang=' . urlencode($lang) . '&view=register#auth');
+    exit;
+}
+
+$lang     = $_POST['lang'] ?? 'de';
+$name     = trim((string)($_POST['name'] ?? ''));
+$email    = trim((string)($_POST['email'] ?? ''));
+$password = (string)($_POST['password'] ?? '');
+$redirect = $_POST['redirect'] ?? '/';
+
+if ($name === '' || $email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
+    flash_set('error', 'Bitte einen gültigen Namen und eine gültige E-Mail-Adresse eingeben.', 'register');
+    header('Location: /login/?lang=' . urlencode($lang) . '&view=register#auth');
+    exit;
+}
+
+if (strlen($password) < 8) {
+    flash_set('error', 'Das Passwort muss mindestens 8 Zeichen lang sein.', 'register');
+    header('Location: /login/?lang=' . urlencode($lang) . '&view=register#auth');
+    exit;
+}
+
+// Prüfen, ob E-Mail bereits existiert
+try {
+    $stmt = $pdo->prepare('SELECT id FROM users WHERE email = :email LIMIT 1');
+    $stmt->execute([':email' => $email]);
+    $existing = $stmt->fetch(PDO::FETCH_ASSOC);
+} catch (Throwable $e) {
+    flash_set('error', 'Es ist ein Fehler bei der Registrierung aufgetreten. Bitte versuche es später erneut.', 'register');
+    header('Location: /login/?lang=' . urlencode($lang) . '&view=register#auth');
+    exit;
+}
+
+if ($existing) {
+    flash_set('error', 'Diese E-Mail-Adresse ist bereits registriert.', 'register');
+    header('Location: /login/?lang=' . urlencode($lang) . '&view=register#auth');
+    exit;
+}
+
+// Username aus E-Mail ableiten (oder einfach die komplette E-Mail nutzen)
+$username = $email;
+
+// Vor- und Nachname grob aus dem „Name“-Feld splitten
+$firstName = $name;
+$lastName  = null;
+
+$parts = preg_split('/\s+/', $name);
+if (count($parts) >= 2) {
+    $firstName = array_shift($parts);
+    $lastName  = implode(' ', $parts);
+}
+
+$passwordHash = password_hash($password, PASSWORD_DEFAULT);
+
+try {
+    $stmt = $pdo->prepare('
+        INSERT INTO users
+            (username, email, password_hash, first_name, last_name, plan)
+        VALUES
+            (:username, :email, :password_hash, :first_name, :last_name, :plan)
+    ');
+    $stmt->execute([
+        ':username'      => $username,
+        ':email'         => $email,
+        ':password_hash' => $passwordHash,
+        ':first_name'    => $firstName,
+        ':last_name'     => $lastName,
+        ':plan'          => 'free',
+    ]);
+
+    $userId = (int)$pdo->lastInsertId();
+} catch (Throwable $e) {
+    flash_set('error', 'Die Registrierung ist fehlgeschlagen. Bitte versuche es später erneut.', 'register');
+    header('Location: /login/?lang=' . urlencode($lang) . '&view=register#auth');
+    exit;
+}
+
+// Direkt einloggen
+if (session_status() !== PHP_SESSION_ACTIVE) {
+    @session_start();
+}
+
+$initials = '';
+if ($firstName !== '') {
+    $initials .= mb_substr($firstName, 0, 1);
+}
+if ($lastName !== null && $lastName !== '') {
+    $initials .= mb_substr($lastName, 0, 1);
+}
+if ($initials === '') {
+    $initials = mb_substr($username, 0, 2);
+}
+$initials = mb_strtoupper($initials);
+
+$_SESSION['user'] = [
+    'id'         => $userId,
+    'email'      => $email,
+    'username'   => $username,
+    'first_name' => $firstName,
+    'last_name'  => $lastName,
+    'plan'       => 'free',
+    'initials'   => $initials,
+];
+
+flash_set('success', 'Konto erfolgreich erstellt. Willkommen bei USBCheck!', 'login');
+
+// Redirect-Ziel prüfen (nur interne Pfade)
+$target = is_string($redirect) ? trim($redirect) : '/';
+if ($target === '' || $target[0] !== '/') {
+    $target = '/';
+}
+
+$sep    = (strpos($target, '?') === false) ? '?' : '&';
+$target = $target . $sep . 'lang=' . urlencode($lang);
+
+header('Location: ' . $target);
+exit;