diff --git a/app/flask-postgres/app/app.py b/app/flask-postgres/app/app.py index 5e675eb..0ffb353 100644 --- a/app/flask-postgres/app/app.py +++ b/app/flask-postgres/app/app.py @@ -539,4 +539,63 @@ def forbidden(_error): page_title="Kein Zugriff", active_page="", **get_current_user() - ), 403 \ No newline at end of file + ), 403 + +@app.route("/pwdchange", methods=["GET", "POST"]) +@login_required +def pwdchange(): + error_message = "" + success_message = "" + + if request.method == "POST": + current_password = request.form.get("current_password", "") + new_password = request.form.get("new_password", "") + confirm_password = request.form.get("confirm_password", "") + + if not current_password or not new_password or not confirm_password: + error_message = "Bitte alle Felder ausfüllen." + elif new_password != confirm_password: + error_message = "Die neuen Passwörter stimmen nicht überein." + elif len(new_password) < 8: + error_message = "Das neue Passwort muss mindestens 8 Zeichen lang sein." + else: + conn = get_connection() + cur = conn.cursor() + + cur.execute(""" + SELECT password_hash + FROM app_user + WHERE id = %s + """, (session["user_id"],)) + row = cur.fetchone() + + if row is None: + error_message = "Benutzer nicht gefunden." + else: + stored_hash = row[0] + + if not check_password_hash(stored_hash, current_password): + error_message = "Das aktuelle Passwort ist falsch." + else: + new_hash = generate_password_hash(new_password) + + cur.execute(""" + UPDATE app_user + SET password_hash = %s + WHERE id = %s + """, (new_hash, session["user_id"])) + conn.commit() + + success_message = "Passwort wurde erfolgreich geändert." + + cur.close() + conn.close() + + return render_template( + "pwdchange.html", + page_title="Passwort ändern", + active_page="profil", + error_message=error_message, + success_message=success_message, + **get_current_user() + ) \ No newline at end of file diff --git a/app/flask-postgres/app/templates/profil.html b/app/flask-postgres/app/templates/profil.html index 5c86bb1..5eb6c51 100644 --- a/app/flask-postgres/app/templates/profil.html +++ b/app/flask-postgres/app/templates/profil.html @@ -50,8 +50,7 @@ Status{{ profile.status }} Letzter Login{{ profile.last_login }} - Mandant{{ profile.mandant_name }} ({{ profile.mandant_kuerzel }}) - + Mandant E-Mail {{ profile.mandant_email }} @@ -62,6 +61,11 @@ {{ profile.mandant_level }} + +
+ Passwort ändern +
+ diff --git a/app/flask-postgres/app/templates/pwdchange.html b/app/flask-postgres/app/templates/pwdchange.html new file mode 100644 index 0000000..dc3a3c6 --- /dev/null +++ b/app/flask-postgres/app/templates/pwdchange.html @@ -0,0 +1,78 @@ + + + + + + {{ page_title }} + + + +
+
+
+ + + +
+ + +
+
+ +
+
+

Passwort ändern

+

Ändern Sie hier Ihr Passwort.

+ + {% if error_message %} +
{{ error_message }}
+ {% endif %} + + {% if success_message %} +
{{ success_message }}
+ {% endif %} + + +
+
+ + \ No newline at end of file diff --git a/app/flask-postgres/styles/site.css b/app/flask-postgres/styles/site.css index 4c7eb21..06d2570 100644 --- a/app/flask-postgres/styles/site.css +++ b/app/flask-postgres/styles/site.css @@ -418,4 +418,23 @@ p { .admin-table th { width: 220px; color: #0d2f57; +} +.success-box { + margin-bottom: 18px; + padding: 14px 16px; + background: #e8f7e8; + color: #1f6b1f; + border: 1px solid #b9e0b9; + border-radius: 10px; +} + +.btn-secondary { + display: inline-block; + padding: 12px 18px; + border-radius: 10px; + background: #eef4fb; + color: #0d2f57; + font-weight: 700; + text-decoration: none; + border: 1px solid #dce3ea; } \ No newline at end of file