Files
game1.shadow-land.de/www/public/api/auth.php

190 lines
5.2 KiB
PHP

<?php
/**
* Airline Tycoon - Auth API
* Authentifizierungs-bezogene API-Endpunkte
*/
require_once dirname(__DIR__) . '/src/bootstrap.php';
header('Content-Type: application/json; charset=utf-8');
// Nur JSON-Antworten
if (!isAjax()) {
jsonResponse(['error' => 'Nur AJAX-Anfragen erlaubt'], 403);
}
$action = $_GET['action'] ?? $_POST['action'] ?? '';
switch ($action) {
case 'login':
handleLogin();
break;
case 'register':
handleRegister();
break;
case 'logout':
handleLogout();
break;
case 'me':
handleMe();
break;
case 'check':
handleCheck();
break;
default:
jsonResponse(['error' => 'Unbekannte Aktion'], 400);
}
function handleLogin() {
global $db;
$username = trim($_POST['username'] ?? '');
$password = $_POST['password'] ?? '';
if (empty($username) || empty($password)) {
jsonResponse(['error' => 'Bitte fülle alle Felder aus'], 400);
}
$user = $db->getUserByUsername($username);
if ($user && password_verify($password, $user['password_hash'])) {
Session::login($user);
jsonResponse([
'success' => true,
'message' => 'Anmeldung erfolgreich!',
'redirect' => BASE_PATH . 'dashboard.php',
'user' => [
'id' => $user['id'],
'username' => $user['username'],
'airline_name' => $user['airline_name'],
'balance' => $user['balance'],
'level' => $user['level']
]
]);
} else {
jsonResponse(['error' => 'Benutzername oder Passwort falsch'], 401);
}
}
function handleRegister() {
global $db, $config;
$username = trim($_POST['username'] ?? '');
$email = trim($_POST['email'] ?? '');
$password = $_POST['password'] ?? '';
$airline_name = trim($_POST['airline_name'] ?? '');
// Validation
if (empty($username) || empty($email) || empty($password)) {
jsonResponse(['error' => 'Bitte fülle alle Pflichtfelder aus'], 400);
}
if (strlen($username) < 3 || strlen($username) > 50) {
jsonResponse(['error' => 'Benutzername muss zwischen 3 und 50 Zeichen haben'], 400);
}
if (!preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
jsonResponse(['error' => 'Benutzername darf nur Buchstaben, Zahlen und Unterstriche enthalten'], 400);
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
jsonResponse(['error' => 'Ungültige E-Mail-Adresse'], 400);
}
if (strlen($password) < 8) {
jsonResponse(['error' => 'Passwort muss mindestens 8 Zeichen haben'], 400);
}
// Check existing
if ($db->getUserByUsername($username)) {
jsonResponse(['error' => 'Benutzername bereits vergeben'], 409);
}
if ($db->getUserByEmail($email)) {
jsonResponse(['error' => 'E-Mail-Adresse wird bereits verwendet'], 409);
}
// Create user
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$userId = $db->createUser($username, $email, $passwordHash);
// Set airline name
$finalAirlineName = !empty($airline_name) ? $airline_name : $username . "'s Airlines";
$db->update('users', ['airline_name' => $finalAirlineName], 'id = ?', [$userId]);
// Load airports if needed
$airportCount = $db->select("SELECT COUNT(*) as cnt FROM airports")[0]['cnt'] ?? 0;
if ($airportCount == 0) {
$db->loadAirportsFromCsv($config['paths']['data'] . '/airports.csv');
}
// Auto login
$user = $db->getUserById($userId);
Session::login($user);
jsonResponse([
'success' => true,
'message' => 'Registrierung erfolgreich! Willkommen bei ' . $finalAirlineName . '!',
'redirect' => BASE_PATH . 'dashboard.php',
'user' => [
'id' => $user['id'],
'username' => $user['username'],
'airline_name' => $user['airline_name'],
'balance' => $user['balance'],
'level' => $user['level']
]
]);
}
function handleLogout() {
Session::logout();
jsonResponse([
'success' => true,
'message' => 'Abmeldung erfolgreich',
'redirect' => BASE_PATH . 'login.php'
]);
}
function handleMe() {
if (!Session::isLoggedIn()) {
jsonResponse(['error' => 'Nicht angemeldet'], 401);
}
global $db;
$userId = Session::getUserId();
$user = $db->getUserById($userId);
if (!$user) {
Session::logout();
jsonResponse(['error' => 'Benutzer nicht gefunden'], 404);
}
jsonResponse([
'success' => true,
'user' => [
'id' => $user['id'],
'username' => $user['username'],
'email' => $user['email'],
'airline_name' => $user['airline_name'],
'balance' => $user['balance'],
'level' => $user['level'],
'experience' => $user['experience']
]
]);
}
function handleCheck() {
jsonResponse([
'success' => true,
'authenticated' => Session::isLoggedIn(),
'csrf_token' => Session::getCsrfToken()
]);
}