From dbb2151bf1b5bb7b9ccc9ba53100b4a5ca7d024a Mon Sep 17 00:00:00 2001
From: Borgal <mueller.lars@online.de>
Date: Fri, 24 Oct 2025 14:55:05 +0200
Subject: [PATCH] =?UTF-8?q?Geburtstag=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 profil.php | 102 +++++++++++++++++++++++++++++++++--------------------
 1 file changed, 63 insertions(+), 39 deletions(-)

diff --git a/profil.php b/profil.php
index 51bfc2c..a818158 100755
--- a/profil.php
+++ b/profil.php
@@ -2,59 +2,78 @@
 require_once 'inc/check_login.php';
 require_once 'inc/db.php';
 
-// Variable zur Statusmeldung
 $message = '';
 $message_type = '';
 
-// Überprüfen, ob das Formular per POST gesendet wurde
+$user_id = (int)$_SESSION['user_id']; // Sicherheitshalber als Integer
+
+// Aktuelle Benutzerdaten laden
+$stmt_fetch = mysqli_prepare($conn, "SELECT username, email, role, birthday FROM users WHERE id = ?");
+mysqli_stmt_bind_param($stmt_fetch, "i", $user_id);
+mysqli_stmt_execute($stmt_fetch);
+$result = mysqli_stmt_get_result($stmt_fetch);
+$user_data = mysqli_fetch_assoc($result);
+mysqli_stmt_close($stmt_fetch);
+
+if (!$user_data) {
+    die("Benutzer nicht gefunden.");
+}
+
+$current_username = $user_data['username'];
+$current_email = $user_data['email'];
+$current_role = $user_data['role'];
+$current_birthday = $user_data['birthday'] ?? '';
+
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    $new_username = trim($_POST['username'] ?? '');
+    $new_email = trim($_POST['email'] ?? '');
+    $new_birthday = trim($_POST['birthday'] ?? '');
 
-    // Eingaben aus dem Formular holen
-    $new_username = $_POST['username'];
-    $new_email = $_POST['email'];
-    $user_id = $_SESSION['user_id'];
-
-    // Validierung der Eingaben
     if (empty($new_username)) {
         $message = "Benutzername darf nicht leer sein.";
         $message_type = 'danger';
     } else {
-        // Datenbank-Abfrage vorbereiten
-        $stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, email = ? WHERE id = ?");
+        if (!empty($new_email) && !filter_var($new_email, FILTER_VALIDATE_EMAIL)) {
+            $message = "Ungültige E-Mail-Adresse.";
+            $message_type = 'danger';
+        } else {
+            $stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, email = ?, birthday = ? WHERE id = ?");
+            if ($stmt) {
+                $db_email = (!empty($new_email)) ? $new_email : null;
+                $db_birthday = (!empty($new_birthday)) ? $new_birthday : null;
+                mysqli_stmt_bind_param($stmt, "sssi", $new_username, $db_email, $db_birthday, $user_id);
+                if (mysqli_stmt_execute($stmt)) {
+                    $_SESSION['username'] = $new_username;
+                    $_SESSION['email'] = $new_email;
 
-        if ($stmt) {
-            // Parameter binden
-            mysqli_stmt_bind_param($stmt, "ssi", $new_username, $new_email, $user_id);
+                    $result_reload = mysqli_query($conn, "SELECT username, email, role, birthday FROM users WHERE id = " . (int)$user_id);
+                    if ($result_reload) {
+                        $user_data = mysqli_fetch_assoc($result_reload);
+                        $current_username = $user_data['username'];
+                        $current_email = $user_data['email'];
+                        $current_role = $user_data['role'];
+                        $current_birthday = $user_data['birthday'] ?? '';
+                    }
 
-            // Statement ausführen
-            if (mysqli_stmt_execute($stmt)) {
-                // Session-Variablen aktualisieren
-                $_SESSION['username'] = $new_username;
-                $_SESSION['email'] = $new_email;
-                $message = "Profil erfolgreich aktualisiert!";
-                $message_type = 'success';
+                    $message = "Profil erfolgreich aktualisiert!";
+                    $message_type = 'success';
+                } else {
+                    $message = "Fehler beim Speichern der Daten.";
+                    $message_type = 'danger';
+                }
+                mysqli_stmt_close($stmt);
             } else {
-                $message = "Fehler beim Speichern der Daten.";
+                $message = "Datenbankfehler: Statement konnte nicht vorbereitet werden.";
                 $message_type = 'danger';
             }
-
-            // Statement schließen
-            mysqli_stmt_close($stmt);
-        } else {
-            $message = "Datenbankfehler: Statement konnte nicht vorbereitet werden.";
-            $message_type = 'danger';
         }
     }
 }
-// Daten für die Anzeige aus der Session holen
-$current_username = $_SESSION['username'];
-$current_email = $_SESSION['email'];
-$current_role = $_SESSION['role'];
 
-require_once 'inc/header.php'; ?>
+require_once 'inc/header.php';
+?>
 
 <div class="container mt-5">
-
     <div class="row justify-content-center">
         <div class="col-md-8 col-lg-6">
             <h2 class="mb-4">Benutzerverwaltung</h2>
@@ -63,9 +82,9 @@ require_once 'inc/header.php'; ?>
                     <h4 class="mb-0">Profil bearbeiten</h4>
                 </div>
                 <div class="card-body">
-                    <?php if ($message) : ?>
-                        <div id="status-message" class="alert alert-<?php echo $message_type; ?> alert-dismissible fade show" role="alert">
-                            <?php echo htmlspecialchars($message); ?>
+                    <?php if ($message): ?>
+                        <div id="status-message" class="alert alert-<?= htmlspecialchars($message_type) ?> alert-dismissible fade show" role="alert">
+                            <?= htmlspecialchars($message) ?>
                             <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
                         </div>
                     <?php endif; ?>
@@ -73,15 +92,20 @@ require_once 'inc/header.php'; ?>
                     <form action="" method="post">
                         <div class="mb-3">
                             <label for="username" class="form-label fw-bold">Benutzername</label>
-                            <input type="text" class="form-control" id="username" name="username" value="<?php echo htmlspecialchars($current_username); ?>" required>
+                            <input type="text" class="form-control" id="username" name="username" value="<?= htmlspecialchars($current_username) ?>" required>
                         </div>
                         <div class="mb-3">
                             <label for="email" class="form-label fw-bold">E-Mail-Adresse</label>
-                            <input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($current_email); ?>">
+                            <input type="email" class="form-control" id="email" name="email" value="<?= htmlspecialchars($current_email) ?>">
+                        </div>
+                        <div class="mb-3">
+                            <label for="birthday" class="form-label fw-bold">Geburtstag</label>
+                            <input type="date" class="form-control" id="birthday" name="birthday" value="<?= htmlspecialchars($current_birthday) ?>">
+                            <small class="form-text text-muted">Für automatische Sonderzahlung.</small>
                         </div>
                         <div class="mb-3">
                             <label for="role" class="form-label fw-bold">Rolle</label>
-                            <input type="text" class="form-control" id="role" name="role" value="<?php echo htmlspecialchars($current_role); ?>" disabled readonly>
+                            <input type="text" class="form-control" id="role" name="role" value="<?= htmlspecialchars($current_role) ?>" disabled readonly>
                         </div>
 
                         <div class="d-flex justify-content-between align-items-center mt-3">