DAO Pattern angepasst & Passwörter gehashed

content/login.php

@@ -19,7 +19,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
     $user = $dao->findUser($email);
 
     // Prüfung der Zugangsdaten
-    if ($user && $user["password"] === $password) {
+    if ($user && password_verify($password, $user["password"])){
 
         // Session setzen = User ist eingeloggt
         $_SESSION["user"] = $user["username"];

content/register.php

@@ -15,7 +15,10 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
     $email = $_POST["email"];
     $vorname = $_POST["vorname"];
     $nachname = $_POST["nachname"];
-    $password = $_POST["password"];
+    $password = password_hash(
+            $_POST["password"],
+            PASSWORD_DEFAULT
+    );
 
     // Prüfen, ob die E-Mail bereits registriert ist
     if ($dao->findUser($email)) {

includes/UserDAO.php

@@ -1,6 +1,7 @@
 <?php
+require_once "UserDAOInterface.php";
 
-class UserDAO {
+class UserDAO implements UserDAOInterface {
 
     private string $file = "data/users.json";
 

includes/UserDAOInterface.php

@@ -0,0 +1,7 @@
+<?php
+
+interface UserDAOInterface {
+    public function findUser($email);
+    public function addUser($email, $username, $password);
+    public function deleteUser($email);
+}