pwd change

app/flask-postgres/app/app.py

@@ -540,3 +540,62 @@ def forbidden(_error):
         active_page="",
         **get_current_user()
     ), 403
+
+@app.route("/pwdchange", methods=["GET", "POST"])
+@login_required
+def pwdchange():
+    error_message = ""
+    success_message = ""
+
+    if request.method == "POST":
+        current_password = request.form.get("current_password", "")
+        new_password = request.form.get("new_password", "")
+        confirm_password = request.form.get("confirm_password", "")
+
+        if not current_password or not new_password or not confirm_password:
+            error_message = "Bitte alle Felder ausfüllen."
+        elif new_password != confirm_password:
+            error_message = "Die neuen Passwörter stimmen nicht überein."
+        elif len(new_password) < 8:
+            error_message = "Das neue Passwort muss mindestens 8 Zeichen lang sein."
+        else:
+            conn = get_connection()
+            cur = conn.cursor()
+
+            cur.execute("""
+                SELECT password_hash
+                FROM app_user
+                WHERE id = %s
+            """, (session["user_id"],))
+            row = cur.fetchone()
+
+            if row is None:
+                error_message = "Benutzer nicht gefunden."
+            else:
+                stored_hash = row[0]
+
+                if not check_password_hash(stored_hash, current_password):
+                    error_message = "Das aktuelle Passwort ist falsch."
+                else:
+                    new_hash = generate_password_hash(new_password)
+
+                    cur.execute("""
+                        UPDATE app_user
+                        SET password_hash = %s
+                        WHERE id = %s
+                    """, (new_hash, session["user_id"]))
+                    conn.commit()
+
+                    success_message = "Passwort wurde erfolgreich geändert."
+
+            cur.close()
+            conn.close()
+
+    return render_template(
+        "pwdchange.html",
+        page_title="Passwort ändern",
+        active_page="profil",
+        error_message=error_message,
+        success_message=success_message,
+        **get_current_user()
+    )

app/flask-postgres/app/templates/profil.html

@@ -50,7 +50,6 @@
         <tr><th>Status</th><td>{{ profile.status }}</td></tr>
         <tr><th>Letzter Login</th><td>{{ profile.last_login }}</td></tr>
 
-        <tr><th>Mandant</th><td>{{ profile.mandant_name }} ({{ profile.mandant_kuerzel }})</td></tr>
       
 <tr>
   <th>Mandant E-Mail</th>
@@ -62,6 +61,11 @@
   <td>{{ profile.mandant_level }}</td>
 </tr>
       </table>
+
+        <div class="admin-actions">
+            <a href="/pwdchange" class="btn-primary">Passwort ändern</a>
+        </div>
+
     </section>
   </main>
 </body>

app/flask-postgres/app/templates/pwdchange.html

@@ -0,0 +1,78 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>{{ page_title }}</title>
+  <link rel="stylesheet" href="/styles/site.css">
+</head>
+<body>
+  <header class="site-header">
+    <div class="header-inner">
+      <div class="logo-area">
+        <a href="/home">
+          <img src="/images/Logo-Compliance-Verification-bg-1.png" alt="Logo" class="site-logo">
+        </a>
+      </div>
+
+      <nav class="top-nav">
+        <a href="/home">Home</a>
+        <a href="/preise">Preise</a>
+        <a href="/allgemein">Allgemein</a>
+
+        {% if is_logged_in %}
+          <div class="user-menu">
+            <button class="user-menu-toggle" type="button">{{ user_name }} ▾</button>
+            <div class="user-menu-dropdown">
+              <a href="/profil">Profil</a>
+              {% if is_admin %}
+                <a href="/admin/mandanten">Admin</a>
+              {% endif %}
+              <a href="/logout">Logout</a>
+            </div>
+          </div>
+        {% else %}
+          <a href="/login">Login</a>
+        {% endif %}
+      </nav>
+    </div>
+  </header>
+
+  <main class="content-area">
+    <section class="content-box login-box">
+      <h1>Passwort ändern</h1>
+      <p class="intro-text">Ändern Sie hier Ihr Passwort.</p>
+
+      {% if error_message %}
+        <div class="error-box">{{ error_message }}</div>
+      {% endif %}
+
+      {% if success_message %}
+        <div class="success-box">{{ success_message }}</div>
+      {% endif %}
+
+      <form method="post" action="/pwdchange" class="login-form">
+        <div class="form-row">
+          <label for="current_password">Aktuelles Passwort</label>
+          <input type="password" id="current_password" name="current_password" required>
+        </div>
+
+        <div class="form-row">
+          <label for="new_password">Neues Passwort</label>
+          <input type="password" id="new_password" name="new_password" required>
+        </div>
+
+        <div class="form-row">
+          <label for="confirm_password">Neues Passwort bestätigen</label>
+          <input type="password" id="confirm_password" name="confirm_password" required>
+        </div>
+
+        <div class="admin-actions">
+          <button type="submit" class="btn-primary">Passwort speichern</button>
+          <a href="/profil" class="btn-secondary">Zurück zum Profil</a>
+        </div>
+      </form>
+    </section>
+  </main>
+</body>
+</html>

app/flask-postgres/styles/site.css

@@ -419,3 +419,22 @@ p {
   width: 220px;
   color: #0d2f57;
 }
+.success-box {
+  margin-bottom: 18px;
+  padding: 14px 16px;
+  background: #e8f7e8;
+  color: #1f6b1f;
+  border: 1px solid #b9e0b9;
+  border-radius: 10px;
+}
+
+.btn-secondary {
+  display: inline-block;
+  padding: 12px 18px;
+  border-radius: 10px;
+  background: #eef4fb;
+  color: #0d2f57;
+  font-weight: 700;
+  text-decoration: none;
+  border: 1px solid #dce3ea;
+}