DasPoschi/dasposchi-de
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3c97192386ccab1324deb85f7a5d53e5f359cd1a
dasposchi-de/admin/profile.php
Claude 3c97192386 Initiales CMS: Deutschsprachiges Blog-System mit Admin-Bereich 
Vollständiges, schlankes PHP/SQLite-CMS für IT-, KI- und Gaming-Inhalte:

- Core: DB-Singleton, Auth mit Passwort-Hashing, Session-Cookies,
  CSRF-Schutz, Login-Rate-Limit, Bild-Upload mit serverseitiger Validierung
- Admin: Dashboard, Artikel/Seiten-Verwaltung mit Quill WYSIWYG-Editor,
  Kategorien, Navigation (Drag & Drop), Medienbibliothek, Profil
- Frontend: Responsive Dark-Theme, Artikel-Grid, Kategorie-Filter,
  Archiv, Paginierung, SEO-Meta-Tags
- Sicherheit: Prepared Statements, HTML-Sanitizer, .htaccess-Schutz
  für sensible Verzeichnisse, PHP-Ausführungsschutz im Upload-Ordner
- Installation: install.php erstellt DB-Schema und Admin-Account

https://claude.ai/code/session_01Xsg4j2t4S9goMuWVpF3ezG
2026-04-05 20:59:52 +00:00

96 lines
3.4 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/../core/auth.php';
auth_start_session();
auth_require_login();
$pdo = db();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
csrf_verify();
$currentPassword = $_POST['current_password'] ?? '';
$newPassword = $_POST['new_password'] ?? '';
$confirmPassword = $_POST['confirm_password'] ?? '';
$displayName = trim($_POST['display_name'] ?? '');
$stmt = $pdo->prepare('SELECT password_hash FROM users WHERE id = ?');
$stmt->execute([auth_user_id()]);
$user = $stmt->fetch();
$errors = [];
// Anzeigename aktualisieren
if ($displayName !== '' && $displayName !== auth_display_name()) {
$stmt = $pdo->prepare("UPDATE users SET display_name = ?, updated_at = datetime('now') WHERE id = ?");
$stmt->execute([$displayName, auth_user_id()]);
$_SESSION['display_name'] = $displayName;
flash('success', 'Anzeigename aktualisiert.');
}
// Passwort ändern (nur wenn ausgefüllt)
if ($newPassword !== '') {
if (!password_verify($currentPassword, $user['password_hash'])) {
$errors[] = 'Aktuelles Passwort ist falsch.';
}
if (strlen($newPassword) < 10) {
$errors[] = 'Neues Passwort muss mindestens 10 Zeichen lang sein.';
}
if ($newPassword !== $confirmPassword) {
$errors[] = 'Passwörter stimmen nicht überein.';
}
if (empty($errors)) {
$hash = password_hash($newPassword, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE users SET password_hash = ?, updated_at = datetime('now') WHERE id = ?");
$stmt->execute([$hash, auth_user_id()]);
flash('success', 'Passwort geändert.');
}
}
foreach ($errors as $err) {
flash('error', $err);
}
redirect('/admin/profile.php');
}
$stmt = $pdo->prepare('SELECT display_name, username FROM users WHERE id = ?');
$stmt->execute([auth_user_id()]);
$user = $stmt->fetch();
$pageTitle = 'Profil';
$currentPage = 'profile';
ob_start();
?>
<div class="card" style="max-width:500px">
<h3>Profil bearbeiten</h3>
<form method="post">
<?= csrf_field() ?>
<div class="form-group">
<label for="username">Benutzername</label>
<input type="text" id="username" value="<?= e($user['username']) ?>" disabled>
</div>
<div class="form-group">
<label for="display_name">Anzeigename</label>
<input type="text" id="display_name" name="display_name"
value="<?= e($user['display_name']) ?>">
</div>
<hr>
<h4>Passwort ändern</h4>
<div class="form-group">
<label for="current_password">Aktuelles Passwort</label>
<input type="password" id="current_password" name="current_password">
</div>
<div class="form-group">
<label for="new_password">Neues Passwort (mind. 10 Zeichen)</label>
<input type="password" id="new_password" name="new_password" minlength="10">
</div>
<div class="form-group">
<label for="confirm_password">Passwort bestätigen</label>
<input type="password" id="confirm_password" name="confirm_password">
</div>
<button type="submit" class="btn btn-primary">Speichern</button>
</form>
</div>
<?php
$content = ob_get_clean();
include __DIR__ . '/templates/layout.php';
Reference in New Issue View Git Blame Copy Permalink