190 lines
5.2 KiB
PHP
190 lines
5.2 KiB
PHP
<?php
|
|
/**
|
|
* Airline Tycoon - Auth API
|
|
* Authentifizierungs-bezogene API-Endpunkte
|
|
*/
|
|
|
|
require_once dirname(__DIR__) . '/src/bootstrap.php';
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
// Nur JSON-Antworten
|
|
if (!isAjax()) {
|
|
jsonResponse(['error' => 'Nur AJAX-Anfragen erlaubt'], 403);
|
|
}
|
|
|
|
$action = $_GET['action'] ?? $_POST['action'] ?? '';
|
|
|
|
switch ($action) {
|
|
case 'login':
|
|
handleLogin();
|
|
break;
|
|
|
|
case 'register':
|
|
handleRegister();
|
|
break;
|
|
|
|
case 'logout':
|
|
handleLogout();
|
|
break;
|
|
|
|
case 'me':
|
|
handleMe();
|
|
break;
|
|
|
|
case 'check':
|
|
handleCheck();
|
|
break;
|
|
|
|
default:
|
|
jsonResponse(['error' => 'Unbekannte Aktion'], 400);
|
|
}
|
|
|
|
function handleLogin() {
|
|
global $db;
|
|
|
|
$username = trim($_POST['username'] ?? '');
|
|
$password = $_POST['password'] ?? '';
|
|
|
|
if (empty($username) || empty($password)) {
|
|
jsonResponse(['error' => 'Bitte fülle alle Felder aus'], 400);
|
|
}
|
|
|
|
$user = $db->getUserByUsername($username);
|
|
|
|
if ($user && password_verify($password, $user['password_hash'])) {
|
|
Session::login($user);
|
|
|
|
jsonResponse([
|
|
'success' => true,
|
|
'message' => 'Anmeldung erfolgreich!',
|
|
'redirect' => BASE_PATH . 'dashboard.php',
|
|
'user' => [
|
|
'id' => $user['id'],
|
|
'username' => $user['username'],
|
|
'airline_name' => $user['airline_name'],
|
|
'balance' => $user['balance'],
|
|
'level' => $user['level']
|
|
]
|
|
]);
|
|
} else {
|
|
jsonResponse(['error' => 'Benutzername oder Passwort falsch'], 401);
|
|
}
|
|
}
|
|
|
|
function handleRegister() {
|
|
global $db, $config;
|
|
|
|
$username = trim($_POST['username'] ?? '');
|
|
$email = trim($_POST['email'] ?? '');
|
|
$password = $_POST['password'] ?? '';
|
|
$airline_name = trim($_POST['airline_name'] ?? '');
|
|
|
|
// Validation
|
|
if (empty($username) || empty($email) || empty($password)) {
|
|
jsonResponse(['error' => 'Bitte fülle alle Pflichtfelder aus'], 400);
|
|
}
|
|
|
|
if (strlen($username) < 3 || strlen($username) > 50) {
|
|
jsonResponse(['error' => 'Benutzername muss zwischen 3 und 50 Zeichen haben'], 400);
|
|
}
|
|
|
|
if (!preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
|
|
jsonResponse(['error' => 'Benutzername darf nur Buchstaben, Zahlen und Unterstriche enthalten'], 400);
|
|
}
|
|
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
jsonResponse(['error' => 'Ungültige E-Mail-Adresse'], 400);
|
|
}
|
|
|
|
if (strlen($password) < 8) {
|
|
jsonResponse(['error' => 'Passwort muss mindestens 8 Zeichen haben'], 400);
|
|
}
|
|
|
|
// Check existing
|
|
if ($db->getUserByUsername($username)) {
|
|
jsonResponse(['error' => 'Benutzername bereits vergeben'], 409);
|
|
}
|
|
|
|
if ($db->getUserByEmail($email)) {
|
|
jsonResponse(['error' => 'E-Mail-Adresse wird bereits verwendet'], 409);
|
|
}
|
|
|
|
// Create user
|
|
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
|
|
$userId = $db->createUser($username, $email, $passwordHash);
|
|
|
|
// Set airline name
|
|
$finalAirlineName = !empty($airline_name) ? $airline_name : $username . "'s Airlines";
|
|
$db->update('users', ['airline_name' => $finalAirlineName], 'id = ?', [$userId]);
|
|
|
|
// Load airports if needed
|
|
$airportCount = $db->select("SELECT COUNT(*) as cnt FROM airports")[0]['cnt'] ?? 0;
|
|
if ($airportCount == 0) {
|
|
$db->loadAirportsFromCsv($config['paths']['data'] . '/airports.csv');
|
|
}
|
|
|
|
// Auto login
|
|
$user = $db->getUserById($userId);
|
|
Session::login($user);
|
|
|
|
jsonResponse([
|
|
'success' => true,
|
|
'message' => 'Registrierung erfolgreich! Willkommen bei ' . $finalAirlineName . '!',
|
|
'redirect' => BASE_PATH . 'dashboard.php',
|
|
'user' => [
|
|
'id' => $user['id'],
|
|
'username' => $user['username'],
|
|
'airline_name' => $user['airline_name'],
|
|
'balance' => $user['balance'],
|
|
'level' => $user['level']
|
|
]
|
|
]);
|
|
}
|
|
|
|
function handleLogout() {
|
|
Session::logout();
|
|
|
|
jsonResponse([
|
|
'success' => true,
|
|
'message' => 'Abmeldung erfolgreich',
|
|
'redirect' => BASE_PATH . 'login.php'
|
|
]);
|
|
}
|
|
|
|
function handleMe() {
|
|
if (!Session::isLoggedIn()) {
|
|
jsonResponse(['error' => 'Nicht angemeldet'], 401);
|
|
}
|
|
|
|
global $db;
|
|
$userId = Session::getUserId();
|
|
$user = $db->getUserById($userId);
|
|
|
|
if (!$user) {
|
|
Session::logout();
|
|
jsonResponse(['error' => 'Benutzer nicht gefunden'], 404);
|
|
}
|
|
|
|
jsonResponse([
|
|
'success' => true,
|
|
'user' => [
|
|
'id' => $user['id'],
|
|
'username' => $user['username'],
|
|
'email' => $user['email'],
|
|
'airline_name' => $user['airline_name'],
|
|
'balance' => $user['balance'],
|
|
'level' => $user['level'],
|
|
'experience' => $user['experience']
|
|
]
|
|
]);
|
|
}
|
|
|
|
function handleCheck() {
|
|
jsonResponse([
|
|
'success' => true,
|
|
'authenticated' => Session::isLoggedIn(),
|
|
'csrf_token' => Session::getCsrfToken()
|
|
]);
|
|
}
|