Passwort Ändern hinzugefügt

change_password.php

@@ -0,0 +1,123 @@
+<?php
+require_once 'inc/check_login.php';
+require_once 'inc/db.php';
+
+$message = '';
+$message_type = '';
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    $old_password = $_POST['old_password'];
+    $new_password = $_POST['new_password'];
+    $confirm_password = $_POST['confirm_password'];
+    $user_id = $_SESSION['user_id'];
+
+    // 1. Altes Passwort überprüfen
+    $stmt = mysqli_prepare($conn, "SELECT password FROM users WHERE id = ?");
+    mysqli_stmt_bind_param($stmt, "i", $user_id);
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+    $user = mysqli_fetch_assoc($result);
+    mysqli_stmt_close($stmt);
+
+    if (!password_verify($old_password, $user['password'])) {
+        $message = "Das alte Passwort ist nicht korrekt.";
+        $message_type = 'danger';
+    }
+    // 2. Neue Passwörter vergleichen
+    else if ($new_password !== $confirm_password) {
+        $message = "Die neuen Passwörter stimmen nicht überein.";
+        $message_type = 'danger';
+    }
+    // 3. Passwort-Richtlinien prüfen (optional, aber empfohlen)
+    else if (strlen($new_password) < 6) {
+        $message = "Das neue Passwort muss mindestens 6 Zeichen lang sein.";
+        $message_type = 'danger';
+    }
+    // 4. Passwort in der Datenbank aktualisieren
+    else {
+        $hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
+        $update_stmt = mysqli_prepare($conn, "UPDATE users SET password = ? WHERE id = ?");
+
+        if ($update_stmt) {
+            mysqli_stmt_bind_param($update_stmt, "si", $hashed_password, $user_id);
+            if (mysqli_stmt_execute($update_stmt)) {
+                $message = "Passwort erfolgreich geändert!";
+                $message_type = 'success';
+            } else {
+                $message = "Fehler beim Speichern des neuen Passworts.";
+                $message_type = 'danger';
+            }
+            mysqli_stmt_close($update_stmt);
+        } else {
+            $message = "Datenbankfehler: Statement konnte nicht vorbereitet werden.";
+            $message_type = 'danger';
+        }
+    }
+}
+
+require_once 'inc/header.php';
+
+?>
+
+<div class="container mt-5">
+    <div class="row justify-content-center">
+        <div class="col-md-8 col-lg-6">
+            <div class="card shadow">
+                <div class="card-body">
+                    <h2 class="card-title text-center mb-4">Passwort ändern</h2>
+                    <?php if ($message) : ?>
+                        <div id="status-message" class="alert alert-<?php echo $message_type; ?> alert-dismissible fade show" role="alert">
+                            <?php echo htmlspecialchars($message); ?>
+                            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+                        </div>
+                    <?php endif; ?>
+                    <form action="" method="post">
+                        <div class="mb-3">
+                            <label for="old_password" class="form-label">Altes Passwort</label>
+                            <input type="password" class="form-control" id="old_password" name="old_password" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="new_password" class="form-label">Neues Passwort</label>
+                            <input type="password" class="form-control" id="new_password" name="new_password" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="confirm_password" class="form-label">Neues Passwort bestätigen</label>
+                            <input type="password" class="form-control" id="confirm_password" name="confirm_password" required>
+                        </div>
+                        <div class="form-check mb-3">
+                            <input class="form-check-input" type="checkbox" id="show_password_checkbox">
+                            <label class="form-check-label" for="show_password_checkbox">
+                                Passwörter anzeigen
+                            </label>
+                        </div>
+                        <button type="submit" class="btn btn-primary">Passwort ändern</button>
+                        <a href="index.php" class="btn btn-secondary">Abbrechen</a>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<script>
+    document.addEventListener('DOMContentLoaded', function() {
+        const oldPasswordInput = document.getElementById('old_password');
+        const newPasswordInput = document.getElementById('new_password');
+        const confirmPasswordInput = document.getElementById('confirm_password');
+        const showPasswordCheckbox = document.getElementById('show_password_checkbox');
+
+        showPasswordCheckbox.addEventListener('change', function() {
+            if (this.checked) {
+                oldPasswordInput.type = 'text';
+                newPasswordInput.type = 'text';
+                confirmPasswordInput.type = 'text';
+            } else {
+                oldPasswordInput.type = 'password';
+                newPasswordInput.type = 'password';
+                confirmPasswordInput.type = 'password';
+            }
+        });
+    });
+</script>
+
+<?php require_once 'inc/footer.php'; ?>