linus/Workshop-Wahlen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Activity

adding encryption to form and addid form checks

Browse Source
This commit is contained in:
ProgrammGamer
2026-01-30 17:00:32 +01:00
parent 5942fe7e18
commit 440956320d
3 changed files with 79 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
includes/admin-teamer.php
View File

@@ -14,8 +14,10 @@ function kc_teamer_page() {
delete_option('kc_teamer_password_hash');
echo '<div class="notice notice-success">Teamer-Passwort entfernt.</div>';
} else {
update_option('kc_teamer_password_hash', wp_hash_password($pw));
echo '<div class="notice notice-success">Teamer-Passwort gespeichert.</div>';
// Sichere Speicherung mit password_hash
$hash = password_hash($pw, PASSWORD_DEFAULT);
update_option('kc_teamer_password_hash', $hash);
echo '<div class="notice notice-success">Teamer-Passwort gespeichert.</div>';
}
}
}

17
includes/frontend-form.php
View File

@@ -4,6 +4,10 @@ add_shortcode('konficastle_workshopwahl', function($atts) {
$wahl_id = intval($atts['wahl']);
global $wpdb;
// Enqueue client-side validation JS
add_action('wp_footer', function() {
echo '<script src="' . esc_url(plugins_url('../assets/frontend-form.js', __FILE__)) . '"></script>';
});
// KRITISCHER TEST: Ausgabe ganz am Anfang
//$debug_output = '<div style="background:yellow;padding:20px;margin:20px 0;border:3px solid red;">';
@@ -278,8 +282,17 @@ add_shortcode('konficastle_teamer_create', function($atts) {
} else {
$pw = trim($_POST['kc_teamer_pw'] ?? '');
$saved_hash = get_option('kc_teamer_password_hash', '');
if (empty($saved_hash) || !wp_check_password($pw, $saved_hash)) {
$msg = '<div class="kc-error-msg">Falsches Passwort.</div>';
$valid_pw = false;
if (!empty($saved_hash)) {
if (password_verify($pw, $saved_hash)) {
$valid_pw = true;
} else if (function_exists('wp_check_password') && wp_check_password($pw, $saved_hash)) {
// Rückwärtskompatibilität: alter Hash
$valid_pw = true;
}
}
if (!$valid_pw) {
$msg = '<div class="kc-error-msg">Falsches Passwort.</div>';
} else {
$vorname = sanitize_text_field($_POST['vorname'] ?? '');
$nachname = sanitize_text_field($_POST['nachname'] ?? '');