merging

content/createArticle.php

@@ -1,5 +1,5 @@
 <?php
-session_start();
+$user = $user ?? null;
 ?>
 <!--
     Seite: Beitrag erstellen

php/controller/createArticle-controller.php

@@ -3,6 +3,29 @@ session_start();
 require_once '../model/LocalArticleManager.php';
 require_once '../model/ArticleManager.php';
 require_once '../validator/article-validator.php';
+require_once "../model/LocalUserDAO.php";
+
+$dao = new LocalUserDAO();
+
+if (!isset($_SESSION["user"])) {
+    header("Location: index.php?pfad=login");
+    exit();
+}
+
+try {
+    $user = $dao->findUser($_SESSION["user_email"] ?? "");
+} catch (Exception $e) {
+    $_SESSION["message"] = "internal_error";
+    exit();
+}
+
+if (!$user) {
+    $_SESSION = [];
+    session_destroy();
+
+    header("Location: index.php?pfad=login");
+    exit();
+}
 
 if ($_SERVER["REQUEST_METHOD"] === "POST") {
     $_SESSION["old_title"]    = $_POST["title"] ?? '';
@@ -17,7 +40,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
     } else {
         $title = $_POST["title"];
         $content = $_POST["content"];
-        $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen.
+        $author = $user;
         $category = $_POST["category"];
         $tags = $_POST['tags'] ?? '';