usbcheck.it/public/account.php

<?php
// public/account.php

require_once __DIR__ . '/../src/auth.php';

$lang = auth_get_lang();
auth_require_login();

$user  = auth_current_user();
$csrfToken = auth_csrf_token();

$profileErrors = [];
$profileSuccess = false;

// --- Profil-Update (Name + Sprache) ---
if ($_SERVER['REQUEST_METHOD'] === 'POST' && ($_POST['action'] ?? '') === 'update_profile') {
    if (!auth_verify_csrf($_POST['csrf_token'] ?? null)) {
        $profileErrors['csrf'] = 'Deine Sitzung ist abgelaufen. Bitte Seite neu laden.';
    } else {
        $fullName      = $_POST['full_name'] ?? '';
        $preferredLang = $_POST['preferred_lang'] ?? $lang;

        $result = auth_update_profile((int)$user['id'], $fullName, $preferredLang);
        if ($result['success']) {
            $profileSuccess = true;
            $user = auth_current_user(); // neu laden
            $lang = auth_get_lang();     // kann sich geändert haben
        } else {
            $profileErrors = $result['errors'];
        }
    }
}

// --- Avatar-Initialen ---
$initials = auth_user_initials($user);
$avatarUrl = auth_user_avatar_url($user);

?>
<!DOCTYPE html>
<html lang="<?php echo htmlspecialchars($lang, ENT_QUOTES); ?>">
<head>
    <meta charset="UTF-8">
    <title>Mein Konto – USBCheck</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <!-- Fonts -->
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500&family=Montserrat:wght@600;700&display=swap" rel="stylesheet">

    <!-- Main CSS -->
    <link rel="stylesheet" href="/assets/css/main.css?v=1">
</head>
<body>
<?php
    $langVar = $lang;
    include __DIR__ . '/partials/header.php';
?>

<main class="page-main">
    <section class="section">
        <div class="container">
            <h1 class="section-title" data-i18n="account_title">Mein Konto</h1>
            <p class="section-lead" data-i18n="account_intro">
                Verwalte deine Profildaten und behalte deine USB-Tests im Überblick.
            </p>

            <div class="account-layout">
                <!-- Sidebar: Avatar + Basisinfos -->
                <aside class="account-sidebar">
                    <div class="account-avatar">
                        <?php if ($avatarUrl): ?>
                            <img src="<?php echo htmlspecialchars($avatarUrl, ENT_QUOTES); ?>" alt="Avatar">
                        <?php else: ?>
                            <div class="avatar-circle">
                                <span><?php echo htmlspecialchars($initials, ENT_QUOTES); ?></span>
                            </div>
                        <?php endif; ?>
                    </div>
                    <div class="account-basic-info">
                        <h2><?php echo htmlspecialchars($user['full_name'] ?? $user['username'], ENT_QUOTES); ?></h2>
                        <p class="muted">
                            <?php echo htmlspecialchars($user['email'], ENT_QUOTES); ?>
                        </p>
                        <p class="muted">
                            Username: <?php echo htmlspecialchars($user['username'], ENT_QUOTES); ?>
                        </p>
                    </div>

                    <div class="account-links">
                        <a class="btn btn-outline" href="/fakecheck/?lang=<?php echo urlencode($lang); ?>" data-i18n="account_start_test">
                            USB-Test starten
                        </a>
                        <a class="btn btn-ghost" href="/logout.php?lang=<?php echo urlencode($lang); ?>" data-i18n="account_logout">
                            Abmelden
                        </a>
                    </div>
                </aside>

                <!-- Main: Profilformular + Platzhalter für später -->
                <section class="account-main">
                    <div class="card">
                        <h2 data-i18n="account_profile_heading">Profil</h2>

                        <?php if (!empty($profileErrors['csrf'])): ?>
                            <div class="alert alert-error">
                                <?php echo htmlspecialchars($profileErrors['csrf'], ENT_QUOTES); ?>
                            </div>
                        <?php endif; ?>

                        <?php if ($profileSuccess): ?>
                            <div class="alert alert-success" data-i18n="account_profile_updated">
                                Profil wurde aktualisiert.
                            </div>
                        <?php endif; ?>

                        <form method="post" action="/account.php?lang=<?php echo urlencode($lang); ?>">
                            <input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrfToken, ENT_QUOTES); ?>">
                            <input type="hidden" name="action" value="update_profile">

                            <div class="form-row">
                                <label for="full_name" data-i18n="account_full_name_label">Vollständiger Name</label>
                                <input
                                    type="text"
                                    id="full_name"
                                    name="full_name"
                                    required
                                    value="<?php echo htmlspecialchars($user['full_name'] ?? '', ENT_QUOTES); ?>"
                                >
                                <?php if (!empty($profileErrors['full_name'])): ?>
                                    <p class="form-error"><?php echo htmlspecialchars($profileErrors['full_name'], ENT_QUOTES); ?></p>
                                <?php endif; ?>
                            </div>

                            <div class="form-row">
                                <label for="preferred_lang" data-i18n="account_lang_label">Bevorzugte Sprache</label>
                                <select id="preferred_lang" name="preferred_lang">
                                    <?php
                                    $pl = $user['preferred_lang'] ?? $lang;
                                    ?>
                                    <option value="de" <?php echo $pl === 'de' ? 'selected' : ''; ?>>Deutsch</option>
                                    <option value="en" <?php echo $pl === 'en' ? 'selected' : ''; ?>>English</option>
                                    <option value="it" <?php echo $pl === 'it' ? 'selected' : ''; ?>>Italiano</option>
                                    <option value="fr" <?php echo $pl === 'fr' ? 'selected' : ''; ?>>Français</option>
                                </select>
                            </div>

                            <div class="form-actions">
                                <button type="submit" class="btn btn-primary" data-i18n="account_profile_save">
                                    Änderungen speichern
                                </button>
                            </div>
                        </form>
                    </div>

                    <div class="card card-muted">
                        <h2 data-i18n="account_usb_heading">Deine USB-Sticks & Testergebnisse</h2>
                        <p class="muted" data-i18n="account_usb_placeholder">
                            Hier wirst du später eine Übersicht deiner registrierten USB-Sticks und Testergebnisse sehen.
                        </p>
                    </div>

                    <div class="card card-muted">
                        <h2 data-i18n="account_avatar_heading">Avatar</h2>
                        <p class="muted" data-i18n="account_avatar_placeholder">
                            Standardmäßig verwenden wir deine Initialen. Später kannst du hier ein eigenes Profilbild hochladen.
                        </p>
                    </div>
                </section>
            </div>
        </div>
    </section>
</main>

<script src="/assets/js/lang.js?v=1"></script>
</body>
</html>