From 8f6b95b7a6f13b8412c72bd4000a8a69aa4a1dee Mon Sep 17 00:00:00 2001
From: Borgal <mueller.lars@online.de>
Date: Sat, 9 Aug 2025 00:52:58 +0200
Subject: [PATCH] =?UTF-8?q?email=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 inc/check_login.php |  3 +-
 index.php           |  4 ++-
 login.php           |  3 +-
 profil.php          | 87 +++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 94 insertions(+), 3 deletions(-)
 create mode 100755 profil.php

diff --git a/inc/check_login.php b/inc/check_login.php
index f6a710a..fd95065 100755
--- a/inc/check_login.php
+++ b/inc/check_login.php
@@ -24,7 +24,7 @@ if (isset($_COOKIE['auth_token']) && isset($_COOKIE['user_id'])) {
     $cookie_user_id = $_COOKIE['user_id'];
 
     // Datenbank-Abfrage, um den Token und die vollständigen Benutzerdaten zu erhalten
-    $stmt = mysqli_prepare($conn, "SELECT id, login_token, username, role FROM users WHERE id = ?");
+    $stmt = mysqli_prepare($conn, "SELECT id, login_token, username, email, role FROM users WHERE id = ?");
 
     if ($stmt) {
         mysqli_stmt_bind_param($stmt, "i", $cookie_user_id);
@@ -39,6 +39,7 @@ if (isset($_COOKIE['auth_token']) && isset($_COOKIE['user_id'])) {
             // Jetzt die Benutzerdaten in die Session laden
             $_SESSION['user_id'] = $user['id'];
             $_SESSION['username'] = $user['username'];
+            $_SESSION['email'] = $user['email'];
             $_SESSION['role'] = $user['role'];
 
             return; // Authentifizierung per Cookie erfolgreich, Skript fortsetzen
diff --git a/index.php b/index.php
index d38e866..968d28b 100755
--- a/index.php
+++ b/index.php
@@ -1,7 +1,6 @@
 <?php
 include('inc/check_login.php');
 include('inc/db.php');
-include('inc/head.php');
 
 // Aktuelle Kalenderwoche berechnen
 $current_week = date('W');
@@ -18,6 +17,9 @@ if (!$result) {
 }
 
 $row = mysqli_fetch_assoc($result);
+
+include('inc/header.php');
+
 ?>
 
 <div class="container py-5">
diff --git a/login.php b/login.php
index 5825d91..7bbb780 100755
--- a/login.php
+++ b/login.php
@@ -8,7 +8,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $password = $_POST['password'];
 
     // 1. Prepared Statement vorbereiten
-    $stmt = mysqli_prepare($conn, "SELECT id, username, password, role FROM users WHERE username = ?");
+    $stmt = mysqli_prepare($conn, "SELECT id, username, password, email, role FROM users WHERE username = ?");
     if ($stmt) {
         mysqli_stmt_bind_param($stmt, "s", $username);
         mysqli_stmt_execute($stmt);
@@ -20,6 +20,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             // Authentifizierung erfolgreich, Session-Variablen setzen
             $_SESSION['user_id'] = $user['id'];
             $_SESSION['username'] = $username;
+            $_SESSION['email'] = $user['email'];
             $_SESSION['role'] = $user['role'];
 
             // Token generieren und in der Datenbank speichern
diff --git a/profil.php b/profil.php
new file mode 100755
index 0000000..4e3cdc1
--- /dev/null
+++ b/profil.php
@@ -0,0 +1,87 @@
+<?php
+require_once 'inc/check_login.php';
+require_once 'inc/db.php';
+
+// Variable zur Statusmeldung
+$message = '';
+$message_type = '';
+
+// Überprüfen, ob das Formular per POST gesendet wurde
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+
+    // Eingaben aus dem Formular holen
+    $new_username = $_POST['username'];
+    $new_email = $_POST['email'];
+    $user_id = $_SESSION['user_id'];
+
+    // Validierung der Eingaben
+    if (empty($new_username) || empty($new_email)) {
+        $message = "Benutzername und E-Mail-Adresse dürfen nicht leer sein.";
+        $message_type = 'danger';
+    } else {
+        // Datenbank-Abfrage vorbereiten
+        $stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, email = ? WHERE id = ?");
+
+        if ($stmt) {
+            // Parameter binden
+            mysqli_stmt_bind_param($stmt, "ssi", $new_username, $new_email, $user_id);
+
+            // Statement ausführen
+            if (mysqli_stmt_execute($stmt)) {
+                // Session-Variablen aktualisieren
+                $_SESSION['username'] = $new_username;
+                $_SESSION['email'] = $new_email;
+                $message = "Profil erfolgreich aktualisiert!";
+                $message_type = 'success';
+            } else {
+                $message = "Fehler beim Speichern der Daten.";
+                $message_type = 'danger';
+            }
+
+            // Statement schließen
+            mysqli_stmt_close($stmt);
+        } else {
+            $message = "Datenbankfehler: Statement konnte nicht vorbereitet werden.";
+            $message_type = 'danger';
+        }
+    }
+}
+// Daten für die Anzeige aus der Session holen
+$current_username = $_SESSION['username'];
+$current_email = $_SESSION['email'] ?? '';
+
+require_once 'inc/header.php'; ?>
+
+<div class="container mt-5">
+    <div class="row justify-content-center">
+        <div class="col-md-8 col-lg-6">
+            <div class="card shadow">
+                <div class="card-body">
+                    <h2 class="card-title text-center mb-4">Profil bearbeiten</h2>
+
+                    <?php if ($message) : ?>
+                        <div id="status-message" class="alert alert-<?php echo $message_type; ?> alert-dismissible fade show" role="alert">
+                            <?php echo htmlspecialchars($message); ?>
+                            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+                        </div>
+                    <?php endif; ?>
+
+                    <form action="" method="post">
+                        <div class="mb-3">
+                            <label for="username" class="form-label">Benutzername</label>
+                            <input type="text" class="form-control" id="username" name="username" value="<?php echo htmlspecialchars($current_username); ?>" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="email" class="form-label">E-Mail-Adresse</label>
+                            <input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($current_email); ?>" required>
+                        </div>
+                        <button type="submit" class="btn btn-primary">Änderungen speichern</button>
+                        <a href="index.php" class="btn btn-secondary">Abbrechen</a>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php require_once 'inc/footer.php'; ?>
\ No newline at end of file