'Nur AJAX-Anfragen erlaubt'], 403); } $action = $_GET['action'] ?? $_POST['action'] ?? ''; switch ($action) { case 'login': handleLogin(); break; case 'register': handleRegister(); break; case 'logout': handleLogout(); break; case 'me': handleMe(); break; case 'check': handleCheck(); break; default: jsonResponse(['error' => 'Unbekannte Aktion'], 400); } function handleLogin() { global $db; $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; if (empty($username) || empty($password)) { jsonResponse(['error' => 'Bitte fülle alle Felder aus'], 400); } $user = $db->getUserByUsername($username); if ($user && password_verify($password, $user['password_hash'])) { Session::login($user); jsonResponse([ 'success' => true, 'message' => 'Anmeldung erfolgreich!', 'redirect' => BASE_PATH . 'dashboard.php', 'user' => [ 'id' => $user['id'], 'username' => $user['username'], 'airline_name' => $user['airline_name'], 'balance' => $user['balance'], 'level' => $user['level'] ] ]); } else { jsonResponse(['error' => 'Benutzername oder Passwort falsch'], 401); } } function handleRegister() { global $db, $config; $username = trim($_POST['username'] ?? ''); $email = trim($_POST['email'] ?? ''); $password = $_POST['password'] ?? ''; $airline_name = trim($_POST['airline_name'] ?? ''); // Validation if (empty($username) || empty($email) || empty($password)) { jsonResponse(['error' => 'Bitte fülle alle Pflichtfelder aus'], 400); } if (strlen($username) < 3 || strlen($username) > 50) { jsonResponse(['error' => 'Benutzername muss zwischen 3 und 50 Zeichen haben'], 400); } if (!preg_match('/^[a-zA-Z0-9_]+$/', $username)) { jsonResponse(['error' => 'Benutzername darf nur Buchstaben, Zahlen und Unterstriche enthalten'], 400); } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { jsonResponse(['error' => 'Ungültige E-Mail-Adresse'], 400); } if (strlen($password) < 8) { jsonResponse(['error' => 'Passwort muss mindestens 8 Zeichen haben'], 400); } // Check existing if ($db->getUserByUsername($username)) { jsonResponse(['error' => 'Benutzername bereits vergeben'], 409); } if ($db->getUserByEmail($email)) { jsonResponse(['error' => 'E-Mail-Adresse wird bereits verwendet'], 409); } // Create user $passwordHash = password_hash($password, PASSWORD_DEFAULT); $userId = $db->createUser($username, $email, $passwordHash); // Set airline name $finalAirlineName = !empty($airline_name) ? $airline_name : $username . "'s Airlines"; $db->update('users', ['airline_name' => $finalAirlineName], 'id = ?', [$userId]); // Load airports if needed $airportCount = $db->select("SELECT COUNT(*) as cnt FROM airports")[0]['cnt'] ?? 0; if ($airportCount == 0) { $db->loadAirportsFromCsv($config['paths']['data'] . '/airports.csv'); } // Auto login $user = $db->getUserById($userId); Session::login($user); jsonResponse([ 'success' => true, 'message' => 'Registrierung erfolgreich! Willkommen bei ' . $finalAirlineName . '!', 'redirect' => BASE_PATH . 'dashboard.php', 'user' => [ 'id' => $user['id'], 'username' => $user['username'], 'airline_name' => $user['airline_name'], 'balance' => $user['balance'], 'level' => $user['level'] ] ]); } function handleLogout() { Session::logout(); jsonResponse([ 'success' => true, 'message' => 'Abmeldung erfolgreich', 'redirect' => BASE_PATH . 'login.php' ]); } function handleMe() { if (!Session::isLoggedIn()) { jsonResponse(['error' => 'Nicht angemeldet'], 401); } global $db; $userId = Session::getUserId(); $user = $db->getUserById($userId); if (!$user) { Session::logout(); jsonResponse(['error' => 'Benutzer nicht gefunden'], 404); } jsonResponse([ 'success' => true, 'user' => [ 'id' => $user['id'], 'username' => $user['username'], 'email' => $user['email'], 'airline_name' => $user['airline_name'], 'balance' => $user['balance'], 'level' => $user['level'], 'experience' => $user['experience'] ] ]); } function handleCheck() { jsonResponse([ 'success' => true, 'authenticated' => Session::isLoggedIn(), 'csrf_token' => Session::getCsrfToken() ]); }