Borgal/domili
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Borgal:654157f1749962d4ec5c32cb6915ebf4d90071fc
Branches Tags
Borgal:main
..
compare: Borgal:2a96df938124db4d945c0d04dc248456b37ecb5c
Branches Tags
Borgal:main

2 Commits
654157f174 ... 2a96df9381

Author SHA1 Message Date
Borgal
2a96df9381 v1.3.2 - "Passwort vergessen" Funktion hinzugefügt 2025-11-21 11:45:49 +01:00
Borgal
968bbdec3b v1.3.1 - siehe Release Notes 2025-11-21 11:45:10 +01:00
14 changed files with 484 additions and 225 deletions
Expand all files Collapse all files

27
backup.php
View File

@@ -25,8 +25,31 @@ if ($handle = opendir($backup_dir)) {
} }
} }
closedir($handle); closedir($handle);
// Sortieren: neueste zuerst
usort($files, fn($a, $b) => $b['mtime'] <=> $a['mtime']); // 🔸 Sortieren nach Datum im Dateinamen: DoMiLi_Backup_YYYY-MM[_x].pdf
usort($files, function ($a, $b) {
// Extrahiere YYYY-MM aus dem Dateinamen (ohne .pdf)
$nameA = pathinfo($a['name'], PATHINFO_FILENAME);
$nameB = pathinfo($b['name'], PATHINFO_FILENAME);
// Regex: Suche nach 4 Ziffern, Bindestrich, 2 Ziffern
$dateA = null;
$dateB = null;
if (preg_match('/(\d{4}-\d{2})/', $nameA, $matchesA)) {
$dateA = $matchesA[1];
}
if (preg_match('/(\d{4}-\d{2})/', $nameB, $matchesB)) {
$dateB = $matchesB[1];
}
// Wenn kein Datum gefunden: ans Ende schieben
if ($dateA === null && $dateB === null) return 0;
if ($dateA === null) return 1; // A hinter B
if ($dateB === null) return -1; // B hinter A
// Absteigend sortieren: neuestes zuerst → "2025-07" > "2025-02"
return $dateB <=> $dateA;
});
} }
require_once 'inc/header.php'; require_once 'inc/header.php';

BIN
backups/DoMiLi_Backup_2025-07.pdf Executable file
View File

Binary file not shown.

BIN
backups/DoMiLi_Backup_2025-08.pdf Executable file
View File

Binary file not shown.

BIN
backups/DoMiLi_Backup_2025-09.pdf Executable file
View File

Binary file not shown.

59
colors.php
View File

@@ -1,10 +1,5 @@
<?php <?php
session_start(); include('inc/check_login.php');
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit();
}
require_once 'inc/db.php'; require_once 'inc/db.php';
$is_admin = ($_SESSION['role'] === 'admin'); $is_admin = ($_SESSION['role'] === 'admin');
@@ -80,6 +75,18 @@ if ($is_admin && $_SERVER["REQUEST_METHOD"] == "POST") {
} }
} }
// --- Sortierung mit Richtung (asc/desc) ---
$sort = $_GET['sort'] ?? 'name';
$dir = $_GET['dir'] ?? 'asc';
$sort = in_array($sort, ['name', 'usage']) ? $sort : 'name';
$dir = in_array($dir, ['asc', 'desc']) ? $dir : 'asc';
if ($sort === 'usage') {
$order_by = "usage_count $dir, c.name ASC";
} else {
$order_by = "c.name $dir";
}
// --- Farben mit Nutzungszähler laden --- // --- Farben mit Nutzungszähler laden ---
$colors = []; $colors = [];
$result = mysqli_query($conn, " $result = mysqli_query($conn, "
@@ -92,7 +99,7 @@ $result = mysqli_query($conn, "
FROM colors c FROM colors c
LEFT JOIN meetings m ON c.id = m.color_id LEFT JOIN meetings m ON c.id = m.color_id
GROUP BY c.id, c.name, c.hex_code, c.is_special GROUP BY c.id, c.name, c.hex_code, c.is_special
ORDER BY c.name ORDER BY $order_by
"); ");
while ($row = mysqli_fetch_assoc($result)) { while ($row = mysqli_fetch_assoc($result)) {
$colors[] = $row; $colors[] = $row;
@@ -174,27 +181,49 @@ require_once 'inc/header.php';
<table class="table table-striped table-hover"> <table class="table table-striped table-hover">
<thead> <thead>
<tr> <tr>
<th>Name</th>
<th>Farbe</th> <th>Farbe</th>
<th>Anz</th> <th>
<?php
$name_dir = ($sort === 'name' && $dir === 'asc') ? 'desc' : 'asc';
$name_arrow = '';
if ($sort === 'name') {
$name_arrow = $dir === 'asc' ? 'arrow_upward' : 'arrow_downward';
}
?>
<a href="?sort=name&dir=<?= $name_dir ?>" class="link-secondary text-decoration-none">
Name <?php if ($name_arrow): ?><span class="material-symbols-outlined" style="font-size:1em;"><?= $name_arrow ?></span><?php endif; ?>
</a>
</th>
<th>
<?php
$usage_dir = ($sort === 'usage' && $dir === 'asc') ? 'desc' : 'asc';
$usage_arrow = '';
if ($sort === 'usage') {
$usage_arrow = $dir === 'asc' ? 'arrow_upward' : 'arrow_downward';
}
?>
<a href="?sort=usage&dir=<?= $usage_dir ?>" class="link-secondary text-decoration-none">
Anzahl <?php if ($usage_arrow): ?><span class="material-symbols-outlined" style="font-size:1em;"><?= $usage_arrow ?></span><?php endif; ?>
</a>
</th>
<?php if ($is_admin): ?> <?php if ($is_admin): ?>
<th>Aktionen</th> <th></th>
<?php endif; ?> <?php endif; ?>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<?php foreach ($colors as $color): ?> <?php foreach ($colors as $color): ?>
<tr> <tr>
<td> <td class="align-middle">
<div style="background-color: <?= htmlspecialchars($color['hex_code']); ?>; width: 40px; height: 20px; border: 1px solid #ccc;"></div>
</td>
<td class="align-middle">
<?= htmlspecialchars($color['name']); ?> <?= htmlspecialchars($color['name']); ?>
<?php if ($color['is_special']): ?> <?php if ($color['is_special']): ?>
<span class="badge bg-info ms-1" title="Sonderfarbe nicht im Zufallsmodus">★</span> <span class="badge bg-info ms-1" title="Sonderfarbe nicht im Zufallsmodus">★</span>
<?php endif; ?> <?php endif; ?>
</td> </td>
<td> <td class="align-middle">
<div style="background-color: <?= htmlspecialchars($color['hex_code']); ?>; width: 40px; height: 20px; border: 1px solid #ccc;"></div>
</td>
<td>
<?= (int)$color['usage_count']; ?> <?= (int)$color['usage_count']; ?>
</td> </td>
<?php if ($is_admin): ?> <?php if ($is_admin): ?>

16
export.php
View File

@@ -14,11 +14,17 @@ use Dompdf\Options;
date_default_timezone_set('Europe/Berlin'); date_default_timezone_set('Europe/Berlin');
// === 1. Berichtsmonat === // === 1. Berichtsmonat ===
$berichtsMonatEnde = new DateTime('last day of last month');
$berichtsMonatBeginn = new DateTime('first day of last month'); $berichtsMonatBeginn = new DateTime('first day of last month');
$berichtsMonatEnde = new DateTime('last day of last month');
$berichtsMonatEnde->setTime(23, 59, 59);
// Backup für manuelles erzeugen eines PDF in einem anderen Zeitabschnitt
//$berichtsMonatBeginn = new DateTime('2025-09-01 00:00:00');
//$berichtsMonatEnde = new DateTime('2025-09-30 23:59:59');
// === 2. Letzter Jahresabschluss === // === 2. Letzter Jahresabschluss ===
$last_closing = '2020-01-01'; $last_closing = '2025-01-01';
$res = mysqli_query($conn, "SELECT MAX(closing_date) AS last_date FROM penalty_closings"); $res = mysqli_query($conn, "SELECT MAX(closing_date) AS last_date FROM penalty_closings");
if ($res && ($row = mysqli_fetch_assoc($res)) && !is_null($row['last_date'])) { if ($res && ($row = mysqli_fetch_assoc($res)) && !is_null($row['last_date'])) {
$last_closing = $row['last_date']; $last_closing = $row['last_date'];
@@ -33,7 +39,7 @@ while ($row = mysqli_fetch_assoc($resUsers)) {
$userIds = array_keys($alleBenutzer); $userIds = array_keys($alleBenutzer);
// === 4. Alle relevanten Daten (nur completed + attended=1) === // === 4. Alle relevanten Daten (nur completed + attended=1) ===
$bisDatum = $berichtsMonatEnde->format('Y-m-d'); $bisDatum = $berichtsMonatEnde->format('Y-m-d H:i:s');
$stmt = mysqli_prepare($conn, " $stmt = mysqli_prepare($conn, "
SELECT m.id AS meeting_id, m.meeting_date, SELECT m.id AS meeting_id, m.meeting_date,
mt.user_id, mt.wore_color, mt.paid, mt.birthday_pay mt.user_id, mt.wore_color, mt.paid, mt.birthday_pay
@@ -59,8 +65,8 @@ $stmtMeta = mysqli_prepare($conn, "
WHERE meeting_date >= ? AND meeting_date <= ? AND is_completed = 1 WHERE meeting_date >= ? AND meeting_date <= ? AND is_completed = 1
ORDER BY meeting_date ORDER BY meeting_date
"); ");
$startDate = $berichtsMonatBeginn->format('Y-m-d'); $startDate = $berichtsMonatBeginn->format('Y-m-d H:i:s');
$endDate = $berichtsMonatEnde->format('Y-m-d'); $endDate = $berichtsMonatEnde->format('Y-m-d H:i:s');
mysqli_stmt_bind_param($stmtMeta, 'ss', $startDate, $endDate); mysqli_stmt_bind_param($stmtMeta, 'ss', $startDate, $endDate);
mysqli_stmt_execute($stmtMeta); mysqli_stmt_execute($stmtMeta);
$resultMeta = mysqli_stmt_get_result($stmtMeta); $resultMeta = mysqli_stmt_get_result($stmtMeta);

123
forgot_password.php Executable file
View File

@@ -0,0 +1,123 @@
<?php
session_start();
include('inc/db.php');
// SMTP-Konfiguration wird über die DB-Einbindung bereits bereitgestellt
// (SMTP_HOST, SMTP_USERNAME, etc. müssen in inc/db.php oder einer config.php definiert sein)
$message = '';
$message_type = '';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$identifier = trim($_POST['identifier']);
// Benutzer per Username ODER E-Mail finden
$stmt = mysqli_prepare($conn, "SELECT id, username, email FROM users WHERE username = ? OR email = ?");
mysqli_stmt_bind_param($stmt, "ss", $identifier, $identifier);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$user = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
if ($user && !empty($user['email'])) {
// Sicherer Token (64 Zeichen hex)
$token = bin2hex(random_bytes(32));
$expires_at = date('Y-m-d H:i:s', strtotime('+12 hours'));
// Token in DB speichern
$stmt = mysqli_prepare($conn, "INSERT INTO password_reset_tokens (user_id, token, expires_at) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($stmt, "iss", $user['id'], $token, $expires_at);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
// 🔸 PHPMailer wie in deinem Beispiel
try {
require_once __DIR__ . '/vendor/autoload.php';
$mail = new \PHPMailer\PHPMailer\PHPMailer(true);
$mail->CharSet = 'UTF-8';
$mail->isSMTP();
$mail->Host = SMTP_HOST;
$mail->SMTPAuth = true;
$mail->Username = SMTP_USERNAME;
$mail->Password = SMTP_PASSWORD;
$mail->SMTPSecure = SMTP_ENCRYPTION;
$mail->Port = SMTP_PORT;
$mail->setFrom(MAIL_FROM_ADDRESS, MAIL_FROM_NAME);
$reset_link = "https://domili.borgal.de/reset_password.php?token=" . urlencode($token);
// Text-Version (für E-Mail-Clients ohne HTML)
$text_body = "Hallo {$user['username']},\n\n";
$text_body .= "du hast eine Zurücksetzung deines Passworts angefordert.\n";
$text_body .= "Klicke auf den folgenden Link (gültig 12 Stunden):\n";
$text_body .= "$reset_link\n\n";
$text_body .= "Falls du dies nicht angefordert hast, ignoriere diese E-Mail.\n\n";
$text_body .= "\nDein DoMiLi-Admin";
// HTML-Version (mit lesbarer Formatierung)
$html_body = "
<p>Hallo <strong>{$user['username']}</strong>,</p>
<p>du hast eine Zurücksetzung deines Passworts angefordert.</p>
<p>Bitte klicke auf den folgenden Link, um ein neues Passwort festzulegen (gültig für 12&nbsp;Stunden):</p>
<p>
<a href=\"$reset_link\" style=\"color: #0d6efd; text-decoration: underline;\">Passwort zurücksetzen</a>
</p>
<p style=\"margin-top: 16px; color: #555; font-size: 0.95em; line-height: 1.5;\">
Falls du diese Anfrage nicht gestellt hast, kannst du diese E-Mail ignorieren.
</p>
<p style=\"margin-top: 20px; font-size: 0.9em; color: #777;\">
—<br>
Dein DoMiLi-Admin
</p>
";
$mail->isHTML(true);
$mail->Subject = "DoMiLi: Passwort zurücksetzen";
$mail->Body = $html_body;
$mail->AltBody = $text_body;
$mail->addAddress($user['email'], $user['username']);
$mail->send();
$message = "Ein Link zum Zurücksetzen wurde an deine E-Mail gesendet.";
$message_type = "success";
} catch (Exception $e) {
error_log("PHPMailer Fehler bei Passwort-Zurücksetzung für {$user['email']}: " . $mail->ErrorInfo);
$message = "Fehler beim Senden der E-Mail. Bitte versuche es später erneut.";
$message_type = "danger";
}
} else {
// Vage Antwort Schutz vor Benutzer-Enumeration
$message = "Falls ein Konto mit dieser Angabe existiert, wurde eine E-Mail gesendet.";
$message_type = "info";
}
}
// HTML-Ausgabe
require_once 'inc/public_header.php';
?>
<div class="container d-flex justify-content-center align-items-start py-4 pt-5">
<div class="card bg-light shadow w-100" style="max-width: 400px;">
<div class="card-body">
<h4 class="card-title text-center mb-4 fs-3">Passwort vergessen</h4>
<?php if ($message): ?>
<div class="alert alert-<?= htmlspecialchars($message_type) ?>"><?= htmlspecialchars($message) ?></div>
<?php endif; ?>
<form method="post">
<div class="mb-3">
<label for="identifier" class="form-label">Benutzername oder E-Mail</label>
<input type="text" class="form-control form-control-lg" id="identifier" name="identifier" required autofocus>
</div>
<div class="d-grid">
<button type="submit" class="btn btn-primary btn-lg">Link senden</button>
</div>
</form>
<div class="text-center mt-3">
<a href="login.php" class="text-decoration-none">Zurück zum Login</a>
</div>
</div>
</div>
</div>
<?php include('inc/footer.php'); ?>

30
inc/public_header.php Executable file
View File

@@ -0,0 +1,30 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?php echo htmlspecialchars('DoMiLi Farbe der Woche'); ?></title>
<!-- PWA Meta Tags -->
<meta name="theme-color" content="#212529">
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-title" content="<?php echo htmlspecialchars('DoMiLi'); ?>">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<!-- Bootstrap -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- Material Icons -->
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined" rel="stylesheet">
<!-- Custom styles -->
<link rel="stylesheet" href="/css/style.css">
<!-- PWA Manifest -->
<link rel="manifest" href="./manifest.json?v=1">
<link rel="apple-touch-icon" href="../img/icon-192.png">
</head>
<body>

1
kasse.php
View File

@@ -1,5 +1,4 @@
<?php <?php
// KEIN LEERZEICHEN ODER ZEILENUMBRUCH VOR DIESEM <?php!
include('inc/check_login.php'); include('inc/check_login.php');
require_once('inc/db.php'); require_once('inc/db.php');

26
login.php
View File

@@ -46,25 +46,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$error = "Datenbankfehler."; $error = "Datenbankfehler.";
} }
} }
require_once 'inc/public_header.php';
?> ?>
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>DoMiLi Login</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- Font Google-->
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined" rel="stylesheet">
<!-- Custom styles -->
<link rel="stylesheet" href="css/style.css">
<link rel="manifest" href="manifest.json">
</head>
<body>
<div class="container d-flex justify-content-center align-items-start py-4 pt-5"> <div class="container d-flex justify-content-center align-items-start py-4 pt-5">
<div class="card bg-light shadow w-100" style="max-width: 400px;"> <div class="card bg-light shadow w-100" style="max-width: 400px;">
<div class="card-body"> <div class="card-body">
@@ -86,11 +70,11 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
<div class="d-grid"> <div class="d-grid">
<button type="submit" class="btn btn-primary btn-lg">Einloggen</button> <button type="submit" class="btn btn-primary btn-lg">Einloggen</button>
</div> </div>
<div class="text-center mt-3">
<a href="forgot_password.php" class="text-decoration-none">Passwort vergessen?</a>
</div>
</form> </form>
</div> </div>
</div> </div>
</div> </div>
<?php include('inc/footer.php'); ?> <?php include('inc/footer.php'); ?>
</body>
</html>

2
planning.php
View File

@@ -40,7 +40,7 @@ function get_weighted_random_color($conn)
$color_pool = []; $color_pool = [];
foreach ($colors as $color) { foreach ($colors as $color) {
$weight = $max_usage - $color['usage'] + 1; // Mindestgewicht = 1 $weight = ($max_usage - $color['usage'] + 1) ** 2;
for ($i = 0; $i < $weight; $i++) { for ($i = 0; $i < $weight; $i++) {
$color_pool[] = $color['id']; $color_pool[] = $color['id'];
} }

29
profil.php
View File

@@ -8,7 +8,7 @@ $message_type = '';
$user_id = (int)$_SESSION['user_id']; $user_id = (int)$_SESSION['user_id'];
// Aktuelle Benutzerdaten laden // Aktuelle Benutzerdaten laden
$stmt_fetch = mysqli_prepare($conn, "SELECT username, email, role, birthday, last_birthday_year FROM users WHERE id = ?"); $stmt_fetch = mysqli_prepare($conn, "SELECT username, email, role, birthday FROM users WHERE id = ?");
mysqli_stmt_bind_param($stmt_fetch, "i", $user_id); mysqli_stmt_bind_param($stmt_fetch, "i", $user_id);
mysqli_stmt_execute($stmt_fetch); mysqli_stmt_execute($stmt_fetch);
$result = mysqli_stmt_get_result($stmt_fetch); $result = mysqli_stmt_get_result($stmt_fetch);
@@ -23,7 +23,6 @@ $current_username = $user_data['username'];
$current_email = $user_data['email'] ?? ''; $current_email = $user_data['email'] ?? '';
$current_role = $user_data['role']; $current_role = $user_data['role'];
$current_birthday = $user_data['birthday'] ?? ''; $current_birthday = $user_data['birthday'] ?? '';
$current_last_bday_year = $user_data['last_birthday_year'];
if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_SERVER["REQUEST_METHOD"] == "POST") {
$new_username = trim($_POST['username'] ?? ''); $new_username = trim($_POST['username'] ?? '');
@@ -76,27 +75,13 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$success = false; $success = false;
} }
// 2. Optional: last_birthday_year aktualisieren
if ($success && $update_last_bday_year) {
$stmt2 = mysqli_prepare($conn, "UPDATE users SET last_birthday_year = ? WHERE id = ?");
if ($stmt2) {
mysqli_stmt_bind_param($stmt2, "ii", $new_last_bday_year, $user_id);
if (!mysqli_stmt_execute($stmt2)) {
$success = false;
}
mysqli_stmt_close($stmt2);
} else {
$success = false;
}
}
if ($success) { if ($success) {
mysqli_commit($conn); mysqli_commit($conn);
$_SESSION['username'] = $new_username; $_SESSION['username'] = $new_username;
$_SESSION['email'] = $new_email; $_SESSION['email'] = $new_email;
// Neu laden // Neu laden
$stmt_reload = mysqli_prepare($conn, "SELECT username, email, role, birthday, last_birthday_year FROM users WHERE id = ?"); $stmt_reload = mysqli_prepare($conn, "SELECT username, email, role, birthday FROM users WHERE id = ?");
mysqli_stmt_bind_param($stmt_reload, "i", $user_id); mysqli_stmt_bind_param($stmt_reload, "i", $user_id);
mysqli_stmt_execute($stmt_reload); mysqli_stmt_execute($stmt_reload);
$user_data = mysqli_fetch_assoc(mysqli_stmt_get_result($stmt_reload)); $user_data = mysqli_fetch_assoc(mysqli_stmt_get_result($stmt_reload));
@@ -106,7 +91,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$current_email = $user_data['email'] ?? ''; $current_email = $user_data['email'] ?? '';
$current_role = $user_data['role']; $current_role = $user_data['role'];
$current_birthday = $user_data['birthday'] ?? ''; $current_birthday = $user_data['birthday'] ?? '';
$current_last_bday_year = $user_data['last_birthday_year'];
$message = "Profil erfolgreich aktualisiert!"; $message = "Profil erfolgreich aktualisiert!";
$message_type = 'success'; $message_type = 'success';
@@ -152,15 +136,6 @@ require_once 'inc/header.php';
<div class="mb-3"> <div class="mb-3">
<label for="birthday" class="form-label fw-bold">Geburtstag</label> <label for="birthday" class="form-label fw-bold">Geburtstag</label>
<input type="date" class="form-control" id="birthday" name="birthday" value="<?= htmlspecialchars($current_birthday ?? '') ?>"> <input type="date" class="form-control" id="birthday" name="birthday" value="<?= htmlspecialchars($current_birthday ?? '') ?>">
<small class="form-text text-muted">
<?php if (!empty($current_birthday) && $current_last_bday_year == date('Y')): ?>
<span class="text-success">✓ In diesem Jahr bereits als Geburtstagszahler markiert.</span>
<?php elseif (!empty($current_birthday)): ?>
Geburtstag steht noch an du kannst als Sonderzahler vorgeschlagen werden.
<?php else: ?>
Für automatische Sonderzahlung.
<?php endif; ?>
</small>
</div> </div>
<div class="mb-3"> <div class="mb-3">
<label for="role" class="form-label fw-bold">Rolle</label> <label for="role" class="form-label fw-bold">Rolle</label>

93
reset_password.php Executable file
View File

@@ -0,0 +1,93 @@
<?php
include('inc/db.php');
$token = $_GET['token'] ?? null;
$error = '';
$success = false;
$username = '';
if (!$token) {
die("Ungültiger Zugriff.");
}
// Token prüfen: existiert, nicht abgelaufen, nicht verwendet
$stmt = mysqli_prepare($conn, "
SELECT prt.id, prt.user_id, prt.expires_at, u.username
FROM password_reset_tokens prt
JOIN users u ON prt.user_id = u.id
WHERE prt.token = ? AND prt.used = 0
");
mysqli_stmt_bind_param($stmt, "s", $token);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$token_data = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
if (!$token_data) {
$error = "Ungültiger oder bereits verwendeter Link.";
} else if (strtotime($token_data['expires_at']) < time()) {
$error = "Der Link ist abgelaufen. Bitte fordere einen neuen Link an.";
} else {
$username = htmlspecialchars($token_data['username']);
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$new_password = $_POST['new_password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';
if (strlen($new_password) < 6) {
$error = "Das Passwort muss mindestens 6 Zeichen lang sein.";
} else if ($new_password !== $confirm_password) {
$error = "Die Passwörter stimmen nicht überein.";
} else {
// Neues Passwort hashen und speichern
$hashed = password_hash($new_password, PASSWORD_DEFAULT);
$stmt = mysqli_prepare($conn, "UPDATE users SET password = ? WHERE id = ?");
mysqli_stmt_bind_param($stmt, "si", $hashed, $token_data['user_id']);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
// Token als verwendet markieren
$stmt = mysqli_prepare($conn, "UPDATE password_reset_tokens SET used = 1 WHERE id = ?");
mysqli_stmt_bind_param($stmt, "i", $token_data['id']);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
$success = true;
}
}
}
require_once 'inc/public_header.php';
?>
<div class="container d-flex justify-content-center align-items-start py-4 pt-5">
<div class="card bg-light shadow w-100" style="max-width: 400px;">
<div class="card-body">
<h4 class="card-title text-center mb-4 fs-3">Neues Passwort</h4>
<?php if ($error): ?>
<div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
<?php elseif ($success): ?>
<div class="alert alert-success">
Dein Passwort wurde erfolgreich geändert!<br>
<a href="login.php" class="alert-link">Zum Login</a>
</div>
<?php else: ?>
<p>Neues Passwort für: <strong><?= $username ?></strong></p>
<form method="post">
<div class="mb-3">
<label for="new_password" class="form-label">Neues Passwort</label>
<input type="password" class="form-control" id="new_password" name="new_password" required minlength="6">
</div>
<div class="mb-3">
<label for="confirm_password" class="form-label">Bestätigen</label>
<input type="password" class="form-control" id="confirm_password" name="confirm_password" required>
</div>
<button type="submit" class="btn btn-primary w-100">Passwort speichern</button>
</form>
<?php endif; ?>
</div>
</div>
</div>
<?php include('inc/footer.php'); ?>

5
version.php
View File

@@ -287,6 +287,7 @@ foreach ($releases as $rel) {
require_once('inc/header.php'); require_once('inc/header.php');
?> ?>
<!-- 🔸 ANGEPASST: Kein row/col-Wrapper direkter container wie auf anderen Seiten -->
<div class="container mt-5 mb-4"> <div class="container mt-5 mb-4">
<?php if ($message): ?> <?php if ($message): ?>
<div class="alert alert-<?= htmlspecialchars($message_type) ?> alert-dismissible fade show" role="alert"> <div class="alert alert-<?= htmlspecialchars($message_type) ?> alert-dismissible fade show" role="alert">
@@ -295,8 +296,6 @@ require_once('inc/header.php');
</div> </div>
<?php endif; ?> <?php endif; ?>
<div class="row justify-content-center">
<div class="col-lg-8">
<h2 class="mb-4">📋 Versionsübersicht</h2> <h2 class="mb-4">📋 Versionsübersicht</h2>
<div class="card shadow"> <div class="card shadow">
@@ -430,7 +429,5 @@ require_once('inc/header.php');
</div> </div>
</div> </div>
</div> </div>
</div>
</div>
<?php include('inc/footer.php'); ?> <?php include('inc/footer.php'); ?>