From 92574a0f767faf42f1b074bc56a2b8ecb9fd1531 Mon Sep 17 00:00:00 2001
From: Caroline Schulte <Caroline.schulte@uni-oldenburg.de>
Date: Tue, 2 Jun 2026 22:42:47 +0200
Subject: [PATCH] Profildaten bearbeiten

---
 content/profile.php                   | 58 ++++++++++++++++++++++-----
 php/controller/profile-controller.php | 54 ++++++++++++++++++++-----
 php/model/LocalUserDAO.php            | 23 +++++++++++
 php/model/UserDAOInterface.php        | 12 ++++++
 4 files changed, 128 insertions(+), 19 deletions(-)

diff --git a/content/profile.php b/content/profile.php
index 81680d4..81f2006 100644
--- a/content/profile.php
+++ b/content/profile.php
@@ -1,36 +1,74 @@
 <?php
 include_once 'php/controller/profile-controller.php';
+
 $user = $user ?? null;
+$isEditMode = isset($_GET["edit"]) && $_GET["edit"] === "1";
 ?>
 
 <main class="form-page">
     <div class="flexbox">
 
         <div class="container">
-            <form>
+
+            <?php if (isset($error) && $error): ?>
+                <p style="color:red;">
+                    <?php echo htmlspecialchars($error); ?>
+                </p>
+            <?php endif; ?>
+
+            <form method="post" action="index.php?pfad=profile">
+
                 <label class="input-label">Vorname</label>
                 <input type="text"
+                       name="vorname"
                        class="login-input"
-                       readonly
-                       value="<?php echo htmlspecialchars($user["vorname"] ?? ""); ?>">
+                       value="<?php echo htmlspecialchars($user["vorname"] ?? ""); ?>"
+                        <?php echo $isEditMode ? "" : "readonly"; ?>
+                       required>
 
                 <label class="input-label">Nachname</label>
                 <input type="text"
+                       name="nachname"
                        class="login-input"
-                       readonly
-                       value="<?php echo htmlspecialchars($user["nachname"] ?? ""); ?>">
+                       value="<?php echo htmlspecialchars($user["nachname"] ?? ""); ?>"
+                        <?php echo $isEditMode ? "" : "readonly"; ?>
+                       required>
 
                 <label class="input-label">Email-Adresse</label>
                 <input type="email"
+                       name="email"
                        class="login-input"
-                       readonly
-                       value="<?php echo htmlspecialchars($user["email"] ?? ""); ?>">
+                       value="<?php echo htmlspecialchars($user["email"] ?? ""); ?>"
+                        <?php echo $isEditMode ? "" : "readonly"; ?>
+                       required>
 
-                <label class="input-label">Passwort</label>
+                <label class="input-label">
+                    <?php echo $isEditMode ? "Neues Passwort" : "Passwort"; ?>
+                </label>
                 <input type="password"
+                       name="password"
                        class="login-input"
-                       readonly
-                       value="********">
+                       placeholder="<?php echo $isEditMode ? "Leer lassen, wenn es gleich bleiben soll" : "********"; ?>"
+                        <?php echo $isEditMode ? "" : "readonly"; ?>>
+
+                <br><br>
+
+                <?php if ($isEditMode): ?>
+                    <button type="submit"
+                            name="saveProfile"
+                            class="button">
+                        Speichern
+                    </button>
+
+                    <a href="index.php?pfad=profile" class="button">
+                        Abbrechen
+                    </a>
+                <?php else: ?>
+                    <a href="index.php?pfad=profile&edit=1" class="button">
+                        Bearbeiten
+                    </a>
+                <?php endif; ?>
+
             </form>
 
             <br>
diff --git a/php/controller/profile-controller.php b/php/controller/profile-controller.php
index 0d0a9b4..c2846eb 100644
--- a/php/controller/profile-controller.php
+++ b/php/controller/profile-controller.php
@@ -9,8 +9,52 @@ if (!isset($_SESSION["user"])) {
     exit();
 }
 
+$dao = new LocalUserDAO();
+$error = null;
+
 try {
-    $dao = new LocalUserDAO();
+    $user = $dao->findUser($_SESSION["user_email"] ?? "");
+
+    if (!$user) {
+        $_SESSION = [];
+        session_destroy();
+
+        header("Location: index.php?pfad=login");
+        exit();
+    }
+
+    if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["saveProfile"])) {
+        $oldEmail = $_SESSION["user_email"];
+        $newEmail = $_POST["email"] ?? "";
+        $vorname = $_POST["vorname"] ?? "";
+        $nachname = $_POST["nachname"] ?? "";
+        $password = $_POST["password"] ?? "";
+
+        $existingUser = $dao->findUser($newEmail);
+
+        if ($existingUser && $newEmail !== $oldEmail) {
+            $error = "Diese E-Mail-Adresse wird bereits verwendet.";
+        } else {
+            $updated = $dao->updateUser(
+                $oldEmail,
+                $newEmail,
+                $vorname,
+                $nachname,
+                $password
+            );
+
+            if ($updated) {
+                $_SESSION["user"] = $vorname . " " . $nachname;
+                $_SESSION["user_email"] = $newEmail;
+
+                header("Location: index.php?pfad=profile");
+                exit();
+            } else {
+                $error = "Die Daten konnten nicht gespeichert werden.";
+            }
+        }
+    }
+
     $user = $dao->findUser($_SESSION["user_email"] ?? "");
 
     $articleManager = ArticleManager::getInstance();
@@ -23,12 +67,4 @@ try {
 } catch (Exception $e) {
     $_SESSION["message"] = "internal_error";
     exit();
-}
-
-if (!$user) {
-    $_SESSION = [];
-    session_destroy();
-
-    header("Location: index.php?pfad=login");
-    exit();
 }
\ No newline at end of file
diff --git a/php/model/LocalUserDAO.php b/php/model/LocalUserDAO.php
index 7663740..e7d46ee 100644
--- a/php/model/LocalUserDAO.php
+++ b/php/model/LocalUserDAO.php
@@ -56,6 +56,29 @@ class LocalUserDAO implements UserDAOInterface {
         $this->saveUsers($users);
     }
 
+    public function updateUser($oldEmail, $newEmail, $vorname, $nachname, $password = null) {
+        $users = $this->loadUsers();
+
+        foreach ($users as $i => $user) {
+            if ($user["email"] === $oldEmail) {
+                $users[$i]["email"] = $newEmail;
+                $users[$i]["vorname"] = $vorname;
+                $users[$i]["nachname"] = $nachname;
+
+                unset($users[$i]["username"]);
+
+                if (!empty($password)) {
+                    $users[$i]["password"] = password_hash($password, PASSWORD_DEFAULT);
+                }
+
+                $this->saveUsers($users);
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     public function deleteUser($email) {
         $users = $this->loadUsers();
 
diff --git a/php/model/UserDAOInterface.php b/php/model/UserDAOInterface.php
index ac9e769..3953459 100644
--- a/php/model/UserDAOInterface.php
+++ b/php/model/UserDAOInterface.php
@@ -27,6 +27,18 @@ interface UserDAOInterface {
      */
     public function addUser($email, $vorname, $nachname, $password);
 
+    /**
+     * Aktualisiert einen bestehenden Benutzer.
+     *
+     * @param string $oldEmail Alte E-Mail-Adresse
+     * @param string $newEmail Neue E-Mail-Adresse
+     * @param string $vorname Neuer Vorname
+     * @param string $nachname Neuer Nachname
+     * @param string|null $password Neues Passwort oder null
+     * @return bool true, wenn der Benutzer aktualisiert wurde, sonst false
+     */
+    public function updateUser($oldEmail, $newEmail, $vorname, $nachname, $password = null);
+
     /**
      * Löscht einen Benutzer anhand seiner E-Mail-Adresse.
      *