From 4d8f338649145e031beee7726e63ecfd0fc410a3 Mon Sep 17 00:00:00 2001 From: Caroline Schulte Date: Wed, 27 May 2026 19:25:58 +0200 Subject: [PATCH] =?UTF-8?q?DAO=20Pattern=20angepasst=20&=20Passw=C3=B6rter?= =?UTF-8?q?=20gehashed?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- content/login.php | 2 +- content/register.php | 5 ++++- includes/UserDAO.php | 3 ++- includes/UserDAOInterface.php | 7 +++++++ 4 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 includes/UserDAOInterface.php diff --git a/content/login.php b/content/login.php index af502c0..6e2c70b 100644 --- a/content/login.php +++ b/content/login.php @@ -19,7 +19,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { $user = $dao->findUser($email); // Prüfung der Zugangsdaten - if ($user && $user["password"] === $password) { + if ($user && password_verify($password, $user["password"])){ // Session setzen = User ist eingeloggt $_SESSION["user"] = $user["username"]; diff --git a/content/register.php b/content/register.php index 3f954eb..6f8c88a 100644 --- a/content/register.php +++ b/content/register.php @@ -15,7 +15,10 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { $email = $_POST["email"]; $vorname = $_POST["vorname"]; $nachname = $_POST["nachname"]; - $password = $_POST["password"]; + $password = password_hash( + $_POST["password"], + PASSWORD_DEFAULT + ); // Prüfen, ob die E-Mail bereits registriert ist if ($dao->findUser($email)) { diff --git a/includes/UserDAO.php b/includes/UserDAO.php index a0d60ce..6ceb6c4 100644 --- a/includes/UserDAO.php +++ b/includes/UserDAO.php @@ -1,6 +1,7 @@