adding encryption to form and addid form checks

2026-01-30 17:00:32 +01:00
parent 5942fe7e18
commit 440956320d
3 changed files with 79 additions and 4 deletions
--- a/assets/frontend-form.js
+++ b/assets/frontend-form.js
@@ -0,0 +1,60 @@
+// Client-side validation for Workshopwahl frontend form
+// This script validates required fields and email format before submission
+
+document.addEventListener('DOMContentLoaded', function () {
+    var form = document.querySelector('.kc-workshopwahl-form');
+    if (!form) return;
+
+    form.addEventListener('submit', function (e) {
+        var valid = true;
+        var errorMessages = [];
+
+        // Example: Validate required text fields
+        var requiredFields = form.querySelectorAll('[required]');
+        requiredFields.forEach(function (field) {
+            if (!field.value.trim()) {
+                valid = false;
+                errorMessages.push(field.getAttribute('data-label') || field.name + ' ist erforderlich.');
+                field.classList.add('kc-field-error');
+            } else {
+                field.classList.remove('kc-field-error');
+            }
+        });
+
+        // Example: Validate email format
+        var emailField = form.querySelector('input[type="email"]');
+        if (emailField && emailField.value) {
+            var emailPattern = /^[^@\s]+@[^@\s]+\.[^@\s]+$/;
+            if (!emailPattern.test(emailField.value)) {
+                valid = false;
+                errorMessages.push('Bitte eine gültige E-Mail-Adresse eingeben.');
+                emailField.classList.add('kc-field-error');
+            } else {
+                emailField.classList.remove('kc-field-error');
+            }
+        }
+
+        // Example: Validate max workshop selections (if relevant)
+        var maxWorkshops = parseInt(form.getAttribute('data-max-workshops'), 10);
+        if (maxWorkshops) {
+            var checked = form.querySelectorAll('input[type="checkbox"][name^="workshop_"]:checked');
+            if (checked.length > maxWorkshops) {
+                valid = false;
+                errorMessages.push('Es dürfen maximal ' + maxWorkshops + ' Workshops gewählt werden.');
+            }
+        }
+
+        // Show error messages
+        var errorBox = form.querySelector('.kc-form-errors');
+        if (!errorBox) {
+            errorBox = document.createElement('div');
+            errorBox.className = 'kc-form-errors';
+            form.prepend(errorBox);
+        }
+        errorBox.innerHTML = errorMessages.length ? '<ul><li>' + errorMessages.join('</li><li>') + '</li></ul>' : '';
+
+        if (!valid) {
+            e.preventDefault();
+        }
+    });
+});
--- a/includes/admin-teamer.php
+++ b/includes/admin-teamer.php
@@ -14,8 +14,10 @@ function kc_teamer_page() {
                delete_option('kc_teamer_password_hash');
                echo '<div class="notice notice-success">Teamer-Passwort entfernt.</div>';
            } else {
-                update_option('kc_teamer_password_hash', wp_hash_password($pw));
-                echo '<div class="notice notice-success">Teamer-Passwort gespeichert.</div>';
+                 // Sichere Speicherung mit password_hash
+                 $hash = password_hash($pw, PASSWORD_DEFAULT);
+                 update_option('kc_teamer_password_hash', $hash);
+                 echo '<div class="notice notice-success">Teamer-Passwort gespeichert.</div>';
            }
        }
    }
--- a/includes/frontend-form.php
+++ b/includes/frontend-form.php
@@ -4,6 +4,10 @@ add_shortcode('konficastle_workshopwahl', function($atts) {
    $wahl_id = intval($atts['wahl']);

    global $wpdb;
+  // Enqueue client-side validation JS
+  add_action('wp_footer', function() {
+    echo '<script src="' . esc_url(plugins_url('../assets/frontend-form.js', __FILE__)) . '"></script>';
+  });
    
    // KRITISCHER TEST: Ausgabe ganz am Anfang
    //$debug_output = '<div style="background:yellow;padding:20px;margin:20px 0;border:3px solid red;">';
@@ -278,8 +282,17 @@ add_shortcode('konficastle_teamer_create', function($atts) {
    } else {
      $pw = trim($_POST['kc_teamer_pw'] ?? '');
      $saved_hash = get_option('kc_teamer_password_hash', '');
-      if (empty($saved_hash) || !wp_check_password($pw, $saved_hash)) {
-        $msg = '<div class="kc-error-msg">Falsches Passwort.</div>';
+        $valid_pw = false;
+        if (!empty($saved_hash)) {
+          if (password_verify($pw, $saved_hash)) {
+            $valid_pw = true;
+          } else if (function_exists('wp_check_password') && wp_check_password($pw, $saved_hash)) {
+            // Rückwärtskompatibilität: alter Hash
+            $valid_pw = true;
+          }
+        }
+        if (!$valid_pw) {
+          $msg = '<div class="kc-error-msg">Falsches Passwort.</div>';
      } else {
        $vorname = sanitize_text_field($_POST['vorname'] ?? '');
        $nachname = sanitize_text_field($_POST['nachname'] ?? '');