12IT_Lernfeld12_2026/Abgabe_Mohr/model/BenutzerModel.php

<?php

class BenutzerModel extends Model {

    protected $vorname;
    protected $nachname;
    protected $password;
    protected $passwordWid;
    protected $email;
    protected $errorArray = [];

    // --- Getter / Setter ---
    public function getVorname() { return $this->vorname; }
    public function setVorname($vorname) { $this->vorname = trim($vorname); }

    public function getNachname() { return $this->nachname; }
    public function setNachname($nachname) { $this->nachname = trim($nachname); }

    public function getPassword() { return $this->password; }
    public function setPassword($password) { $this->password = trim($password); }

    public function getPasswordWid() { return $this->passwordWid; }
    public function setPasswordWid($passwordWid) { $this->passwordWid = trim($passwordWid); }

    public function getEmail() { return $this->email; }
    public function setEmail($email) { $this->email = trim($email); }

    public function getErrors() { return $this->errorArray; }

public function getAllUsersExcept($id)
    {
        $db = Database::getInstance()->getConnection();

        $stmt = $db->prepare("SELECT id, vorname, nachname FROM user WHERE id != ?");
        $stmt->bind_param("i", $id);
        $stmt->execute();

        return $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
    }


    // --- Registrierung ---
    public function insert() {
        $this->validate();

        if (!empty($this->errorArray)) return false;

        $db = Database::getInstance()->getConnection();

        // Passwort hashen (kein extra Salt nötig)
        $hashedPassword = password_hash($this->password, PASSWORD_DEFAULT);

        $stmt = $db->prepare("INSERT INTO user (vorname, nachname, email, passwort) VALUES (?, ?, ?, ?)");
        if (!$stmt) {
            $this->errorArray['db'] = "Fehler beim Vorbereiten der DB-Anfrage: " . $db->error;
            return false;
        }

        $stmt->bind_param(
            "ssss",
            $this->vorname,
            $this->nachname,
            $this->email,
            $hashedPassword
        );

        if (!$stmt->execute()) {
            $this->errorArray['db'] = "Fehler beim Einfügen in die DB: " . $stmt->error;
            return false;
        }

        return true;
    }

    // --- Validierung ---
    protected function validate() {
        $errors = [];

        if (empty($this->vorname) || strlen($this->vorname) < 2) {
            $errors['vorname'] = "Bitte gib einen gültigen Vornamen ein (mind. 2 Zeichen).";
        }

        if (empty($this->nachname) || strlen($this->nachname) < 2) {
            $errors['nachname'] = "Bitte gib einen gültigen Nachnamen ein (mind. 2 Zeichen).";
        }

        if (empty($this->email) || !filter_var($this->email, FILTER_VALIDATE_EMAIL)) {
            $errors['email'] = "Bitte gib eine gültige E-Mail-Adresse ein.";
        }

        if (empty($this->password) || strlen($this->password) < 6) {
            $errors['password'] = "Das Passwort muss mindestens 6 Zeichen haben.";
        }

        if ($this->password !== $this->passwordWid) {
            $errors['passwordWid'] = "Die Passwörter stimmen nicht überein.";
        }

        $this->errorArray = $errors;
        return empty($errors);
    }

    // --- Nutzer laden ---
    public function getUserById($id) {
        $db = Database::getInstance()->getConnection();
        $stmt = $db->prepare("SELECT id, vorname, nachname, email FROM user WHERE id = ?");
        $stmt->bind_param("i", $id);
        $stmt->execute();
        return $stmt->get_result()->fetch_assoc();
    }

    public function getAllUsers() {
        $db = Database::getInstance()->getConnection();
        $stmt = $db->prepare("SELECT id, vorname, nachname FROM user");
        $stmt->execute();
        return $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
    }
}