feat(phase1): complete base structure - landing page, auth, dashboard, airports, API, DB schema, 60 airports CSV
This commit is contained in:
189
www/public/api/auth.php
Normal file
189
www/public/api/auth.php
Normal file
@@ -0,0 +1,189 @@
|
||||
<?php
|
||||
/**
|
||||
* Airline Tycoon - Auth API
|
||||
* Authentifizierungs-bezogene API-Endpunkte
|
||||
*/
|
||||
|
||||
require_once dirname(__DIR__) . '/src/bootstrap.php';
|
||||
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
|
||||
// Nur JSON-Antworten
|
||||
if (!isAjax()) {
|
||||
jsonResponse(['error' => 'Nur AJAX-Anfragen erlaubt'], 403);
|
||||
}
|
||||
|
||||
$action = $_GET['action'] ?? $_POST['action'] ?? '';
|
||||
|
||||
switch ($action) {
|
||||
case 'login':
|
||||
handleLogin();
|
||||
break;
|
||||
|
||||
case 'register':
|
||||
handleRegister();
|
||||
break;
|
||||
|
||||
case 'logout':
|
||||
handleLogout();
|
||||
break;
|
||||
|
||||
case 'me':
|
||||
handleMe();
|
||||
break;
|
||||
|
||||
case 'check':
|
||||
handleCheck();
|
||||
break;
|
||||
|
||||
default:
|
||||
jsonResponse(['error' => 'Unbekannte Aktion'], 400);
|
||||
}
|
||||
|
||||
function handleLogin() {
|
||||
global $db;
|
||||
|
||||
$username = trim($_POST['username'] ?? '');
|
||||
$password = $_POST['password'] ?? '';
|
||||
|
||||
if (empty($username) || empty($password)) {
|
||||
jsonResponse(['error' => 'Bitte fülle alle Felder aus'], 400);
|
||||
}
|
||||
|
||||
$user = $db->getUserByUsername($username);
|
||||
|
||||
if ($user && password_verify($password, $user['password_hash'])) {
|
||||
Session::login($user);
|
||||
|
||||
jsonResponse([
|
||||
'success' => true,
|
||||
'message' => 'Anmeldung erfolgreich!',
|
||||
'redirect' => BASE_PATH . 'dashboard.php',
|
||||
'user' => [
|
||||
'id' => $user['id'],
|
||||
'username' => $user['username'],
|
||||
'airline_name' => $user['airline_name'],
|
||||
'balance' => $user['balance'],
|
||||
'level' => $user['level']
|
||||
]
|
||||
]);
|
||||
} else {
|
||||
jsonResponse(['error' => 'Benutzername oder Passwort falsch'], 401);
|
||||
}
|
||||
}
|
||||
|
||||
function handleRegister() {
|
||||
global $db, $config;
|
||||
|
||||
$username = trim($_POST['username'] ?? '');
|
||||
$email = trim($_POST['email'] ?? '');
|
||||
$password = $_POST['password'] ?? '';
|
||||
$airline_name = trim($_POST['airline_name'] ?? '');
|
||||
|
||||
// Validation
|
||||
if (empty($username) || empty($email) || empty($password)) {
|
||||
jsonResponse(['error' => 'Bitte fülle alle Pflichtfelder aus'], 400);
|
||||
}
|
||||
|
||||
if (strlen($username) < 3 || strlen($username) > 50) {
|
||||
jsonResponse(['error' => 'Benutzername muss zwischen 3 und 50 Zeichen haben'], 400);
|
||||
}
|
||||
|
||||
if (!preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
|
||||
jsonResponse(['error' => 'Benutzername darf nur Buchstaben, Zahlen und Unterstriche enthalten'], 400);
|
||||
}
|
||||
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
jsonResponse(['error' => 'Ungültige E-Mail-Adresse'], 400);
|
||||
}
|
||||
|
||||
if (strlen($password) < 8) {
|
||||
jsonResponse(['error' => 'Passwort muss mindestens 8 Zeichen haben'], 400);
|
||||
}
|
||||
|
||||
// Check existing
|
||||
if ($db->getUserByUsername($username)) {
|
||||
jsonResponse(['error' => 'Benutzername bereits vergeben'], 409);
|
||||
}
|
||||
|
||||
if ($db->getUserByEmail($email)) {
|
||||
jsonResponse(['error' => 'E-Mail-Adresse wird bereits verwendet'], 409);
|
||||
}
|
||||
|
||||
// Create user
|
||||
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
|
||||
$userId = $db->createUser($username, $email, $passwordHash);
|
||||
|
||||
// Set airline name
|
||||
$finalAirlineName = !empty($airline_name) ? $airline_name : $username . "'s Airlines";
|
||||
$db->update('users', ['airline_name' => $finalAirlineName], 'id = ?', [$userId]);
|
||||
|
||||
// Load airports if needed
|
||||
$airportCount = $db->select("SELECT COUNT(*) as cnt FROM airports")[0]['cnt'] ?? 0;
|
||||
if ($airportCount == 0) {
|
||||
$db->loadAirportsFromCsv($config['paths']['data'] . '/airports.csv');
|
||||
}
|
||||
|
||||
// Auto login
|
||||
$user = $db->getUserById($userId);
|
||||
Session::login($user);
|
||||
|
||||
jsonResponse([
|
||||
'success' => true,
|
||||
'message' => 'Registrierung erfolgreich! Willkommen bei ' . $finalAirlineName . '!',
|
||||
'redirect' => BASE_PATH . 'dashboard.php',
|
||||
'user' => [
|
||||
'id' => $user['id'],
|
||||
'username' => $user['username'],
|
||||
'airline_name' => $user['airline_name'],
|
||||
'balance' => $user['balance'],
|
||||
'level' => $user['level']
|
||||
]
|
||||
]);
|
||||
}
|
||||
|
||||
function handleLogout() {
|
||||
Session::logout();
|
||||
|
||||
jsonResponse([
|
||||
'success' => true,
|
||||
'message' => 'Abmeldung erfolgreich',
|
||||
'redirect' => BASE_PATH . 'login.php'
|
||||
]);
|
||||
}
|
||||
|
||||
function handleMe() {
|
||||
if (!Session::isLoggedIn()) {
|
||||
jsonResponse(['error' => 'Nicht angemeldet'], 401);
|
||||
}
|
||||
|
||||
global $db;
|
||||
$userId = Session::getUserId();
|
||||
$user = $db->getUserById($userId);
|
||||
|
||||
if (!$user) {
|
||||
Session::logout();
|
||||
jsonResponse(['error' => 'Benutzer nicht gefunden'], 404);
|
||||
}
|
||||
|
||||
jsonResponse([
|
||||
'success' => true,
|
||||
'user' => [
|
||||
'id' => $user['id'],
|
||||
'username' => $user['username'],
|
||||
'email' => $user['email'],
|
||||
'airline_name' => $user['airline_name'],
|
||||
'balance' => $user['balance'],
|
||||
'level' => $user['level'],
|
||||
'experience' => $user['experience']
|
||||
]
|
||||
]);
|
||||
}
|
||||
|
||||
function handleCheck() {
|
||||
jsonResponse([
|
||||
'success' => true,
|
||||
'authenticated' => Session::isLoggedIn(),
|
||||
'csrf_token' => Session::getCsrfToken()
|
||||
]);
|
||||
}
|
||||
Reference in New Issue
Block a user