From c23a10eb6e8ac17a090b9b3587469ce6b4183a7c Mon Sep 17 00:00:00 2001
From: Caroline Schulte <Caroline.schulte@uni-oldenburg.de>
Date: Fri, 5 Jun 2026 22:34:12 +0200
Subject: [PATCH] Implement database-based user management

---
 php/controller/register-controller.php |   4 +-
 php/model/DatabaseUserManager.php      | 243 ++++++++++++++++++++++++-
 php/model/UserManager.php              |  32 +++-
 3 files changed, 266 insertions(+), 13 deletions(-)

diff --git a/php/controller/register-controller.php b/php/controller/register-controller.php
index 5a0de05..db3dce0 100644
--- a/php/controller/register-controller.php
+++ b/php/controller/register-controller.php
@@ -1,6 +1,6 @@
 <?php
 
-require_once "php/model/LocalUserManager.php";
+require_once "php/model/UserManager.php";
 require_once "php/validator/user-validator.php";
 
 $error = null;
@@ -22,7 +22,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
         $error = "Das Passwort muss 8 bis 72 Zeichen lang sein.";
     } else {
         try {
-            $dao = new LocalUserManager();
+            $dao = UserManager::getInstance();
 
             $password = password_hash($plainPassword, PASSWORD_DEFAULT);
 
diff --git a/php/model/DatabaseUserManager.php b/php/model/DatabaseUserManager.php
index cd27d99..1c08500 100644
--- a/php/model/DatabaseUserManager.php
+++ b/php/model/DatabaseUserManager.php
@@ -1,26 +1,257 @@
 <?php
+
 require_once "UserManagerDAO.php";
 
 class DatabaseUserManager implements UserManagerDAO {
 
+    private static $instance = null;
+    public function __construct()
+    {
+        if (!file_exists(__DIR__ . '/../../db/users.db')) {
+            try {
+                $user = 'root';
+                $pw = null;
+                $dsn = 'sqlite:' . __DIR__ . '/../../db/users.db';
+
+                $db = new PDO($dsn, $user, $pw);
+
+                $db->exec("
+                    CREATE TABLE users (
+                        email TEXT PRIMARY KEY,
+                        vorname TEXT,
+                        nachname TEXT,
+                        password TEXT
+                    );
+                ");
+
+                unset($db);
+
+            } catch (PDOException $e) {
+                throw new RuntimeException($e->getMessage());
+            }
+        }
+    }
+    /**
+     * Baut die Verbindung zur Datenbank auf.
+     */
+    private function getConnection()
+    {
+        try {
+            $user = 'root';
+            $pw = null;
+            $dsn = 'sqlite:' . __DIR__ . '/../../db/users.db';
+
+            return new PDO($dsn, $user, $pw);
+
+        } catch (PDOException $e) {
+            throw new RuntimeException($e->getMessage());
+        }
+    }
+
+    /**
+     * Singleton-Instanz zurückgeben.
+     */
+    public static function getInstance()
+    {
+        if (self::$instance == null) {
+            self::$instance = new DatabaseUserManager();
+        }
+
+        return self::$instance;
+    }
+
+
     public function findUser($email)
     {
-        // TODO: Implement findUser() method.
+        try {
+            $db = $this->getConnection();
+
+            $sql = "SELECT * FROM users WHERE email = :email";
+
+            $command = $db->prepare($sql);
+
+            if (!$command) {
+                throw new RuntimeException("Benutzer konnte nicht geladen werden.");
+            }
+
+            $command->execute([
+                ":email" => $email
+            ]);
+
+            $user = $command->fetch(PDO::FETCH_ASSOC);
+
+            return $user ?: null;
+
+        } catch (PDOException $e) {
+            throw new RuntimeException($e->getMessage());
+        }
     }
 
     public function addUser($email, $vorname, $nachname, $password)
     {
-        // TODO: Implement addUser() method.
+        try {
+            $db = $this->getConnection();
+
+            $db->beginTransaction();
+
+            $existingUser = $this->findUser($email);
+
+            if ($existingUser !== null) {
+                $db->rollBack();
+                throw new InvalidArgumentException(
+                    "Diese E-Mail-Adresse wird bereits verwendet."
+                );
+            }
+
+            $sql = "
+                INSERT INTO users (
+                    email,
+                    vorname,
+                    nachname,
+                    password
+                )
+                VALUES (
+                    :email,
+                    :vorname,
+                    :nachname,
+                    :password
+                )
+            ";
+
+            $command = $db->prepare($sql);
+
+            if (!$command) {
+                $db->rollBack();
+                throw new RuntimeException(
+                    "Benutzer konnte nicht gespeichert werden."
+                );
+            }
+
+            $success = $command->execute([
+                ":email" => $email,
+                ":vorname" => $vorname,
+                ":nachname" => $nachname,
+                ":password" => $password
+            ]);
+
+            if (!$success) {
+                $db->rollBack();
+                throw new RuntimeException(
+                    "Benutzer konnte nicht gespeichert werden."
+                );
+            }
+
+            $db->commit();
+
+        } catch (PDOException $e) {
+            throw new RuntimeException($e->getMessage());
+        }
     }
 
-    public function updateUser($oldEmail, $newEmail, $vorname, $nachname, $password = null)
-    {
-        // TODO: Implement updateUser() method.
+    public function updateUser(
+        $oldEmail,
+        $newEmail,
+        $vorname,
+        $nachname,
+        $password = null
+    ) {
+        try {
+            $db = $this->getConnection();
+
+            if ($oldEmail !== $newEmail) {
+
+                $existingUser = $this->findUser($newEmail);
+
+                if ($existingUser !== null) {
+                    throw new InvalidArgumentException(
+                        "Diese E-Mail-Adresse wird bereits verwendet."
+                    );
+                }
+            }
+
+            if (!empty($password)) {
+
+                $sql = "
+                    UPDATE users
+                    SET
+                        email = :newEmail,
+                        vorname = :vorname,
+                        nachname = :nachname,
+                        password = :password
+                    WHERE email = :oldEmail
+                ";
+
+                $params = [
+                    ":newEmail" => $newEmail,
+                    ":vorname" => $vorname,
+                    ":nachname" => $nachname,
+                    ":password" => password_hash(
+                        $password,
+                        PASSWORD_DEFAULT
+                    ),
+                    ":oldEmail" => $oldEmail
+                ];
+
+            } else {
+
+                $sql = "
+                    UPDATE users
+                    SET
+                        email = :newEmail,
+                        vorname = :vorname,
+                        nachname = :nachname
+                    WHERE email = :oldEmail
+                ";
+
+                $params = [
+                    ":newEmail" => $newEmail,
+                    ":vorname" => $vorname,
+                    ":nachname" => $nachname,
+                    ":oldEmail" => $oldEmail
+                ];
+            }
+
+            $command = $db->prepare($sql);
+
+            if (!$command) {
+                throw new RuntimeException(
+                    "Benutzer konnte nicht aktualisiert werden."
+                );
+            }
+
+            $command->execute($params);
+
+            return $command->rowCount() > 0;
+
+        } catch (PDOException $e) {
+            throw new RuntimeException($e->getMessage());
+        }
     }
 
     public function deleteUser($email)
     {
-        // TODO: Implement deleteUser() method.
+        try {
+            $db = $this->getConnection();
+
+            $sql = "DELETE FROM users WHERE email = :email";
+
+            $command = $db->prepare($sql);
+
+            if (!$command) {
+                throw new RuntimeException(
+                    "Benutzer konnte nicht gelöscht werden."
+                );
+            }
+
+            $command->execute([
+                ":email" => $email
+            ]);
+
+            return $command->rowCount() > 0;
+
+        } catch (PDOException $e) {
+            throw new RuntimeException($e->getMessage());
+        }
     }
 
 }
\ No newline at end of file
diff --git a/php/model/UserManager.php b/php/model/UserManager.php
index 1ff7b28..0cca25d 100644
--- a/php/model/UserManager.php
+++ b/php/model/UserManager.php
@@ -1,10 +1,32 @@
 <?php
-require_once "UserManagerDAO.php";
 
-class UserManager extends LocalUserManager{
+require_once "LocalUserManager.php";
+require_once "DatabaseUserManager.php";
 
-    public static function getInstance(){
-        // TODO: implement this.
-        // TODO: dummy-user anlegen: - `max.mustermann, test123, mustermann@web.de` (analog zu ArticleManager)
+/**
+ * Zentrale Klasse für den Zugriff auf Benutzerdaten.
+ *
+ * Hier kann zwischen lokaler Speicherung und Datenbankspeicherung
+ * gewechselt werden.
+ */
+class UserManager {
+
+    public static function getInstance() {
+        $userManager = DatabaseUserManager::getInstance();
+
+        /*
+         * Dummy-User anlegen, falls er noch nicht existiert.
+         * Passwort: test123
+         */
+        if ($userManager->findUser("mustermann@web.de") == null) {
+            $userManager->addUser(
+                "mustermann@web.de",
+                "Max",
+                "Mustermann",
+                password_hash("test123", PASSWORD_DEFAULT)
+            );
+        }
+
+        return $userManager;
     }
 }
\ No newline at end of file